diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 63876623e8..e6f31774fd 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -6503,7 +6503,7 @@ { "source_path": "store-for-business/app-inventory-management-windows-store-for-business.md", "redirect_url": "/microsoft-store/app-inventory-management-microsoft-store-for-business", -"redirect_document_id": true +"redirect_document_id": false }, { "source_path": "windows/manage/application-development-for-windows-as-a-service.md", diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md index 5d0635344e..d50c95d74f 100644 --- a/devices/hololens/TOC.md +++ b/devices/hololens/TOC.md @@ -10,15 +10,25 @@ ## [Enroll HoloLens in MDM](hololens-enroll-mdm.md) ## [Manage updates to HoloLens](hololens-updates.md) ## [Restore HoloLens 2 using Advanced Recovery Companion](hololens-recovery.md) +## [Use the HoloLens Clicker](hololens-clicker.md) +## [Restart, reset, or recover the HoloLens](hololens-restart-recover.md) +## [Restart or recover the HoloLens clicker](hololens-clicker-restart-recover.md) # Application Management ## [Install apps on HoloLens](hololens-install-apps.md) ## [Share HoloLens with multiple people](hololens-multiple-users.md) +## [Cortana on HoloLens](hololens-cortana.md) +## [Get apps for HoloLens](hololens-get-apps.md) +## [Use apps on HoloLens](hololens-use-apps.md) +## [Use HoloLens offline](hololens-offline.md) +## [Spaces on HoloLens](hololens-spaces-on-hololens.md) # User/Access Management ## [Set up single application access](hololens-kiosk.md) ## [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) ## [How HoloLens stores data for spaces](hololens-spaces.md) +## [Find and save files](hololens-find-and-save-files.md) # [Insider preview for Microsoft HoloLens](hololens-insider.md) -# [Change history for Microsoft HoloLens documentation](change-history-hololens.md) \ No newline at end of file +# [Change history for Microsoft HoloLens documentation](change-history-hololens.md) + diff --git a/devices/hololens/hololens-clicker-restart-recover.md b/devices/hololens/hololens-clicker-restart-recover.md new file mode 100644 index 0000000000..81c7ffc704 --- /dev/null +++ b/devices/hololens/hololens-clicker-restart-recover.md @@ -0,0 +1,47 @@ +--- +title: Restart or recover the HoloLens clicker +description: Things to try if the HoloLens clicker is unresponsive or isn’t working well. +ms.assetid: 13406eca-e2c6-4cfc-8ace-426ff8f837f4 +ms.reviewer: jarrettrenshaw +ms.date: 07/01/2019 +manager: v-miegge +keywords: hololens +ms.prod: hololens +ms.sitesec: library +author: v-miegge +ms.author: v-miegge +ms.topic: article +ms.localizationpriority: medium +--- + +# Restart or recover the HoloLens clicker + +Here are some things to try if the HoloLens clicker is unresponsive or isn’t working well. + +## Restart the clicker + +Use the tip of a pen to press and hold the [pairing button](https://support.microsoft.com/en-us/help/12646). + +![Hold the pairing button](images/recover-clicker-1.png) + +At the same time, click and hold the clicker for 15 seconds. If the clicker was already paired with your HoloLens, it will stay paired after it restarts. + +![Hold the clicker](images/recover-clicker-2.png) + +If the clicker won't turn on or restart, try charging it using the HoloLens charger. If the battery is very low, it might take a few minutes for the white indicator light to turn on. + +## Re-pair the clicker + +Go to Settings > Devices and select the clicker. Select Remove, wait a few seconds, then pair the clicker again. + +## Recover the clicker + +If restarting and re-pairing the clicker don’t fix the problem, the Windows Device Recovery Tool can help you recover it. The recovery process may take some time, and the latest version of the clicker software will be installed. To use the tool, you’ll need a computer running Windows 10 or later with at least 4 GB of free storage space. + +To recover the clicker: + +1. Download and install the [Windows Device Recovery Tool](https://dev.azure.com/ContentIdea/ContentIdea/_queries/query/8a004dbe-73f8-4a32-94bc-368fc2f2a895/) on your computer. +1. Connect the clicker to your computer using the Micro USB cable that came with your HoloLens. +1. Run the Windows Device Recovery Tool and follow the instructions. + +If the clicker isn’t automatically detected, select **My device was not detected** and follow the instructions to put your device into recovery mode. diff --git a/devices/hololens/hololens-clicker.md b/devices/hololens/hololens-clicker.md new file mode 100644 index 0000000000..8ec7e8077b --- /dev/null +++ b/devices/hololens/hololens-clicker.md @@ -0,0 +1,65 @@ +--- +title: Use the HoloLens Clicker +description: +ms.assetid: 7d4a30fd-cf1d-4c9a-8eb1-1968ccecbe59 +ms.reviewer: jarrettrenshaw +ms.date: 07/01/2019 +manager: v-miegge +keywords: hololens +ms.prod: hololens +ms.sitesec: library +author: v-miegge +ms.author: v-miegge +ms.topic: article +ms.localizationpriority: medium +--- + +# Use the HoloLens Clicker + +The clicker was designed specifically for HoloLens and gives you another way to interact with holograms. It comes with HoloLens, in a separate box. Use it in place of hand gestures to select, scroll, move, and resize. + +![The HoloLens Clicker](images/use-hololens-clicker-1.png) + +## Hold the clicker + +To put on the clicker, slide the loop over your ring or middle finger with the Micro USB port toward your wrist. Rest your thumb in the indentation. + +![How to hold the Clicker](images/use-hololens-clicker-2.png) + +## Clicker gestures + +Clicker gestures are small wrist rotations, not the larger movements used for HoloLens hand gestures. And HoloLens will recognize your gestures and clicks even if the clicker is outside the [gesture frame](https://support.microsoft.com/help/12644), so you can hold the clicker in the position that's most comfortable for you​. + +- **Select**. To select a hologram, button, or other element, gaze at it, then click. + +- **Click and hold**. Click and hold your thumb down on the button to do some of the same things you would with tap and hold, like move or resize a hologram. + +- **Scroll**. On the app bar, select **Scroll Tool**. Click and hold, then rotate the clicker up, down, left, or right. To scroll faster, move your hand farther from the center of the scroll tool. + +- **Zoom**. On the app bar, select **Zoom Tool**. Click and hold, then rotate the clicker up to zoom in, or down to zoom out. + +>[!TIP] +>In Microsoft Edge, gaze at a page and double-click to zoom in or out. + +## Pair and charge the clicker + +To pair the clicker with your HoloLens, see [Pair Bluetooth devices](https://support.microsoft.com/help/12636). + +When the clicker battery is low, the battery indicator will blink amber. Plug the Micro USB cable into a USB power supply to charge the device. + +## Indicator lights + +Here's what the lights on the clicker mean. + +- **Blinking white**. The clicker is in pairing mode. + +- **Fast-blinking white**. Pairing was successful. + +- **Solid white**. The clicker is charging. + +- **Blinking amber**. The battery is low. + +- **Solid amber**. The clicker ran into an error and you'll need to restart it. While pressing the pairing button, click and hold for 15 seconds. + +>[!NOTE] +>If the clicker doesn't respond or won't start, see [Restart or recover the HoloLens clicker](https://support.microsoft.com/help/15555/hololens-restart-or-recover-the-hololens-clicker). diff --git a/devices/hololens/hololens-cortana.md b/devices/hololens/hololens-cortana.md new file mode 100644 index 0000000000..8c74b3b97e --- /dev/null +++ b/devices/hololens/hololens-cortana.md @@ -0,0 +1,50 @@ +--- +title: Cortana on HoloLens +description: Cortana can help you do all kinds of things on your HoloLens +ms.assetid: fd96fb0e-6759-4dbe-be1f-58bedad66fed +ms.reviewer: jarrettrenshaw +ms.date: 07/01/2019 +manager: v-miegge +keywords: hololens +ms.prod: hololens +ms.sitesec: library +author: v-miegge +ms.author: v-miegge +ms.topic: article +ms.localizationpriority: medium +--- + +# Cortana on HoloLens + +Cortana can help you do all kinds of things on your HoloLens, from searching the web to shutting down your device. To get her attention, select Cortana on Start or say "Hey Cortana" anytime. + +![Hey Cortana!](images/cortana-on-hololens.png) + +## What do I say to Cortana + +Here are some things you can try saying (remember to say "Hey Cortana" first): + +- What can I say? +- Increase the volume. +- Decrease the brightness. +- Shut down. +- Restart. +- Go to sleep. +- Mute. +- Launch . +- Move here (gaze at the spot you want the app to move to). +- Go to Start. +- Take a picture. +- Start recording. (Starts recording a video.) +- Stop recording. (Stops recording a video.) +- Call . (Requires Skype.) +- What time is it? +- Show me the latest NBA scores. +- How much battery do I have left? +- Tell me a joke. + +>[!NOTE] +>- Some Cortana features you're used to from Windows on your PC or phone (for example, reminders and notifications) aren't supported in Microsoft HoloLens Development Edition. Cortana on HoloLens is English only, and the Cortana experience may vary among regions. +>- Cortana is on the first time you use HoloLens. You can turn her off in Cortana's settings. In the All apps list, select Cortana > Settings. Then turn off Cortana can give you suggestions, ideas, reminders, alerts, and more. +>- If Cortana isn't responding to "Hey Cortana," go to Cortana's settings and check to make sure she's on. +>- If you turn Cortana off, "Hey Cortana" voice commands won't be available, but you'll still be able to use other commands (like "Select" and "Place"). diff --git a/devices/hololens/hololens-find-and-save-files.md b/devices/hololens/hololens-find-and-save-files.md new file mode 100644 index 0000000000..ba459eff13 --- /dev/null +++ b/devices/hololens/hololens-find-and-save-files.md @@ -0,0 +1,44 @@ +--- +title: Find and save files on HoloLens +description: Use File Explorer on HoloLens to view and manage files on your device +ms.assetid: 77d2e357-f65f-43c8-b62f-6cd9bf37070a +ms.reviewer: jarrettrenshaw +ms.date: 07/01/2019 +manager: v-miegge +keywords: hololens +ms.prod: hololens +ms.sitesec: library +author: v-miegge +ms.author: v-miegge +ms.topic: article +ms.localizationpriority: medium +--- + +# Find and save files on HoloLens + +Files you create on HoloLens, including Office documents, photos, and videos, are saved to your HoloLens. To view and manage them, you can use the File Explorer app on HoloLens or File Explorer on your PC. To sync photos and other files to the cloud, use the OneDrive app on HoloLens. + +## View files on HoloLens + +Use File Explorer on HoloLens to view and manage files on your device, including 3D objects, documents, and pictures. Go to Start > All apps > File Explorer on HoloLens to get started. + +>[!TIP] +>If there are no files listed in File Explorer, select **This Device** in the top left pane. + +## View HoloLens files on your PC + +To see your HoloLens files in File Explorer on your PC: + +1. Sign in to HoloLens, then plug it into the PC using the USB cable that came with the HoloLens. + +1. Select **Open Device to view files with File Explorer**, or open File Explorer on the PC and navigate to the device. + +>[!TIP] +>To see info about your HoloLens, right-click the device name in File Explorer on your PC, then select **Properties**. + +## Sync to the cloud + +To sync photos and other files from your HoloLens to the cloud, install and set up OneDrive on HoloLens. To get OneDrive, search for it in the Microsoft Store on your HoloLens. + +>[!TIP] +>HoloLens doesn't back up app files and data, so it's a good idea to save your important stuff to OneDrive. That way, if you reset your device or uninstall an app, your info will be backed up. diff --git a/devices/hololens/hololens-get-apps.md b/devices/hololens/hololens-get-apps.md new file mode 100644 index 0000000000..cd14341075 --- /dev/null +++ b/devices/hololens/hololens-get-apps.md @@ -0,0 +1,37 @@ +--- +title: Get apps for HoloLens +description: The Microsoft Store is your source for apps and games that work with HoloLens. +ms.assetid: cbe9aa3a-884f-4a92-bf54-8d4917bc3435 +ms.reviewer: jarrettrenshaw +ms.date: 07/01/2019 +manager: v-miegge +keywords: hololens +ms.prod: hololens +ms.sitesec: library +author: v-miegge +ms.author: v-miegge +ms.topic: article +ms.localizationpriority: medium +--- + +# Get apps for HoloLens + +The Microsoft Store is your source for apps and games that work with HoloLens. When you go to the Store on your HoloLens, any apps you see there will run on it. + +Apps on HoloLens use either 2D view or holographic view. Apps with 2D view look like windows and can be positioned all around you. Apps that use holographic view surround you and become the only app you see. + +## Get apps + +Open the Microsoft Store from the Start menu. Then browse for apps and games (or use your voice to search​), select the microphone on the HoloLens keyboard, and start talking. + +To download apps, you'll need to be signed in with a Microsoft account. To buy them, you'll need a payment method associated with the Microsoft account you use on your HoloLens. To set up a payment method, go to [account.microsoft.com](http://account.microsoft.com/) and select **Payment & billing** > **Payment options** > **Add a payment option**. + +## Find your apps + +Once you've installed an app, you'll find it in the All apps list​ (Start > All apps ). Keep apps handy by [pinning them to Start](https://support.microsoft.com/help/12638). + +App updates are automatic, and they're free. + +>[!NOTE] +>- To purchase apps in the Store, the billing address for your payment method must match the country or region your HoloLens is set to. +>- Some apps may not be available in all countries and regions. diff --git a/devices/hololens/hololens-insider.md b/devices/hololens/hololens-insider.md index bb56182d56..5eaf9ad296 100644 --- a/devices/hololens/hololens-insider.md +++ b/devices/hololens/hololens-insider.md @@ -16,9 +16,6 @@ manager: dansimp Welcome to the latest Insider Preview builds for HoloLens! It’s simple to get started and provide valuable feedback for our next major operating system update for HoloLens. - - - ## How do I install the Insider builds? On a device running the Windows 10 April 2018 Update, go to Settings -> Update & Security -> Windows Insider Program and select Get started. Link the account you used to register as a Windows Insider. diff --git a/devices/hololens/hololens-kiosk.md b/devices/hololens/hololens-kiosk.md index 01dcda9e51..b648efe898 100644 --- a/devices/hololens/hololens-kiosk.md +++ b/devices/hololens/hololens-kiosk.md @@ -16,7 +16,7 @@ manager: dansimp -In Windows 10, version 1803, you can configure your HoloLens devices to run as multi-app or single-app kiosks. You can also configure guest access for a HoloLens kiosk device by [designating a SpecialGroup account in your XML file.](#guest) +In Windows 10, version 1803, you can configure your HoloLens devices to run as multi-app or single-app kiosks. You can also configure guest access for a HoloLens kiosk device by [designating a SpecialGroup account in your XML file.](#add-guest-access-to-the-kiosk-configuration-optional) When HoloLens is configured as a multi-app kiosk, only the allowed apps are available to the user. The benefit of a multi-app kiosk, or fixed-purpose device, is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they don’t need to access. @@ -40,21 +40,19 @@ The [AssignedAccess Configuration Service Provider (CSP)](https://docs.microsoft >Be aware that voice commands are enabled for kiosk mode configured in Microsoft Intune or provisioning packages, even if the Cortana app is not selected as a kiosk app. For HoloLens devices running Windows 10, version 1803, there are three methods that you can use to configure the device as a kiosk: -- You can use [Microsoft Intune or other mobile device management (MDM) service](#intune-kiosk) to configure single-app and multi-app kiosks. -- You can [use a provisioning package](#ppkg-kiosk) to configure single-app and multi-app kiosks. -- You can [use the Windows Device Portal](#portal-kiosk) to configure single-app kiosks. This method is recommended only for demonstrations, as it requires that developer mode be enabled on the device. +- You can use [Microsoft Intune or other mobile device management (MDM) service](#set-up-kiosk-mode-using-microsoft-intune-or-mdm-windows-10-version-1803) to configure single-app and multi-app kiosks. +- You can [use a provisioning package](#setup-kiosk-mode-using-a-provisioning-package-windows-10-version-1803) to configure single-app and multi-app kiosks. +- You can [use the Windows Device Portal](#set-up-kiosk-mode-using-the-windows-device-portal-windows-10-version-1607-and-version-1803) to configure single-app kiosks. This method is recommended only for demonstrations, as it requires that developer mode be enabled on the device. -For HoloLens devices running Windows 10, version 1607, you can [use the Windows Device Portal](#portal-kiosk) to configure single-app kiosks. +For HoloLens devices running Windows 10, version 1607, you can [use the Windows Device Portal](#set-up-kiosk-mode-using-the-windows-device-portal-windows-10-version-1607-and-version-1803) to configure single-app kiosks. - -## Start layout for HoloLens +## Start layout for HoloLens -If you use [MDM, Microsoft Intune](#intune-kiosk), or a [provisioning package](#ppkg-kiosk) to configure a multi-app kiosk, the procedure requires a Start layout. Start layout customization isn't supported in Holographic for Business, so you'll need to use a placeholder Start layout. +If you use [MDM, Microsoft Intune](#set-up-kiosk-mode-using-microsoft-intune-or-mdm-windows-10-version-1803), or a [provisioning package](#setup-kiosk-mode-using-a-provisioning-package-windows-10-version-1803) to configure a multi-app kiosk, the procedure requires a Start layout. Start layout customization isn't supported in Holographic for Business, so you'll need to use a placeholder Start layout. >[!NOTE] >Because a single-app kiosk launches the kiosk app when a user signs in, there is no Start screen displayed. - ### Start layout file for MDM (Intune and others) Save the following sample as an XML file. You will select this file when you configure the kiosk in Microsoft Intune (or in another MDM service that provides a kiosk profile). @@ -80,7 +78,7 @@ Save the following sample as an XML file. You will select this file when you con ### Start layout for a provisioning package -You will [create an XML file](#ppkg-kiosk) to define the kiosk configuration to be included in a provisioning package. Use the following sample in the `StartLayout` section of your XML file. +You will [create an XML file](#setup-kiosk-mode-using-a-provisioning-package-windows-10-version-1803) to define the kiosk configuration to be included in a provisioning package. Use the following sample in the `StartLayout` section of your XML file. ```xml @@ -100,34 +98,28 @@ You will [create an XML file](#ppkg-kiosk) to define the kiosk configuration to ]]> -``` +``` - ## Set up kiosk mode using Microsoft Intune or MDM (Windows 10, version 1803) For HoloLens devices that are managed by Microsoft Intune, you [create a device profile](https://docs.microsoft.com/intune/device-profile-create) and configure the [Kiosk settings](https://docs.microsoft.com/intune/kiosk-settings). -For other MDM services, check your provider's documentation for instructions. If you need to use a custom setting and full XML configuration to set up a kiosk in your MDM service, [create an XML file that defines the kiosk configuration](#create-xml-file), and make sure to include the [Start layout](#start-layout-for-a-provisioning-package) in the XML file. +For other MDM services, check your provider's documentation for instructions. If you need to use a custom setting and full XML configuration to set up a kiosk in your MDM service, [create an XML file that defines the kiosk configuration](#create-a-kiosk-configuration-xml-file), and make sure to include the [Start layout](#start-layout-for-a-provisioning-package) in the XML file. - - - ## Setup kiosk mode using a provisioning package (Windows 10, version 1803) Process: -1. [Create an XML file that defines the kiosk configuration.](#create-xml-file) -2. [Add the XML file to a provisioning package.](#add-xml) -3. [Apply the provisioning package to HoloLens.](#apply-ppkg) +1. [Create an XML file that defines the kiosk configuration.](#create-a-kiosk-configuration-xml-file) +2. [Add the XML file to a provisioning package.](#add-the-kiosk-configuration-xml-file-to-a-provisioning-package) +3. [Apply the provisioning package to HoloLens.](#apply-the-provisioning-package-to-hololens) - ### Create a kiosk configuration XML file Follow [the instructions for creating a kiosk configuration XML file for desktop](https://docs.microsoft.com/windows/configuration/lock-down-windows-10-to-specific-apps#configure-a-kiosk-using-a-provisioning-package), with the following exceptions: - Do not include Classic Windows applications (Win32) since they aren't supported on HoloLens. -- Use the [placeholder Start XML](#start-kiosk) for HoloLens. +- Use the [placeholder Start XML](#start-layout-for-hololens) for HoloLens. - #### Add guest access to the kiosk configuration (optional) In the [Configs section of the XML file](https://docs.microsoft.com/windows/configuration/lock-down-windows-10-to-specific-apps#configs), you can configure a special group named **Visitor** to allow guests to use the kiosk. When the kiosk is configured with the **Visitor** special group, a "**Guest**" option is added to the sign-in page. The **Guest** account does not require a password, and any data associated with the account is deleted when the account signs out. @@ -143,8 +135,6 @@ Use the following snippet in your kiosk configuration XML to enable the **Guest* ``` - - ### Add the kiosk configuration XML file to a provisioning package 1. Open [Windows Configuration Designer](https://www.microsoft.com/store/apps/9nblggh4tx22). @@ -174,8 +164,6 @@ Use the following snippet in your kiosk configuration XML to enable the **Guest* 16. Click **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status. - - ### Apply the provisioning package to HoloLens 1. Connect HoloLens via USB to a PC and start the device, but do not continue past the **Fit** page of OOBE (the first page with the blue box). @@ -191,7 +179,6 @@ Use the following snippet in your kiosk configuration XML to enable the **Guest* 7. You will see whether the package was applied successfully or not. If it failed, you can fix your package and try again. If it succeeded, proceed with OOBE. - ## Set up kiosk mode using the Windows Device Portal (Windows 10, version 1607 and version 1803) 1. [Set up the HoloLens to use the Windows Device Portal](https://developer.microsoft.com/windows/mixed-reality/using_the_windows_device_portal#setting_up_hololens_to_use_windows_device_portal). The Device Portal is a web server on your HoloLens that you can connect to from a web browser on your PC. diff --git a/devices/hololens/hololens-offline.md b/devices/hololens/hololens-offline.md new file mode 100644 index 0000000000..49190e6907 --- /dev/null +++ b/devices/hololens/hololens-offline.md @@ -0,0 +1,23 @@ +--- +title: Use HoloLens offline +description: To set up HoloLens, you'll need to connect to a Wi-Fi network +ms.assetid: b86f603c-d25f-409b-b055-4bbc6edcd301 +ms.reviewer: jarrettrenshaw +ms.date: 07/01/2019 +manager: v-miegge +keywords: hololens +ms.prod: hololens +ms.sitesec: library +author: v-miegge +ms.author: v-miegge +ms.topic: article +ms.localizationpriority: medium +--- + +# Use HoloLens offline + +To set up HoloLens, you'll need to connect to a Wi-Fi network—the setup tutorial will show you how. + +## HoloLens limitations + +After your HoloLens is set up, you can use it without a Wi-Fi connection, but apps that use Internet connections may have limited capabilities when you use HoloLens offline. diff --git a/devices/hololens/hololens-restart-recover.md b/devices/hololens/hololens-restart-recover.md new file mode 100644 index 0000000000..9bf0cddb37 --- /dev/null +++ b/devices/hololens/hololens-restart-recover.md @@ -0,0 +1,55 @@ +--- +title: Restart, reset, or recover HoloLens +description: Restart, reset, or recover HoloLens +ms.assetid: 9a546416-1648-403c-9e0c-742171b8812e +ms.reviewer: jarrettrenshaw +ms.date: 07/01/2019 +manager: v-miegge +keywords: hololens +ms.prod: hololens +ms.sitesec: library +author: v-miegge +ms.author: v-miegge +ms.topic: article +ms.localizationpriority: medium +--- + +# Restart, reset, or recover HoloLens + +Here are some things to try if your HoloLens is unresponsive, isn’t running well, or is experiencing software or update problems. + +## Restart your HoloLens + +If your HoloLens isn’t running well or is unresponsive, try the following things. + +First, try restarting the device: say, "Hey Cortana, restart the device." + +If you’re still having problems, press the power button for 4 seconds, until all of the battery indicators fade out. Wait 1 minute, then press the power button again to turn on the device. + +If neither of those things works, force restart the device. Hold down the power button for 10 seconds. Release it and wait 30 seconds, then press the power button again to turn on the device. + +## Reset or recover your HoloLens + +If restarting your HoloLens doesn’t help, another option is to reset it. If resetting it doesn’t fix the problem, the Windows Device Recovery Tool can help you recover your device. + +>[!IMPORTANT] +>Resetting or recovering your HoloLens will erase all of your personal data, including apps, games, photos, and settings. You won’t be able to restore a backup once the reset is complete. + +## Reset + +Resetting your HoloLens keeps the version of the Windows Holographic software that’s installed on it and returns everything else to factory settings. + +To reset your HoloLens, go to **Settings** > **Update** > **Reset** and select **Reset device**. The battery will need to have at least a 40 percent charge remaining to reset. + +## Recover using the Windows Device Recovery Tool + +Before you use this tool, determine if restarting or resetting your HoloLens fixes the problem. The recovery process may take some time, and the latest version of the Windows Holographic software approved for your HoloLens will be installed. + +To use the tool, you’ll need a computer running Windows 10 or later, with at least 4 GB of free storage space. Please note that you can’t run this tool on a virtual machine. +To recover your HoloLens + +1. Download and install the [Windows Device Recovery Tool](https://dev.azure.com/ContentIdea/ContentIdea/_queries/query/8a004dbe-73f8-4a32-94bc-368fc2f2a895/) on your computer. +1. Connect the clicker to your computer using the Micro USB cable that came with your HoloLens. +1. Run the Windows Device Recovery Tool and follow the instructions. + +If the clicker isn’t automatically detected, select **My device was not detected** and follow the instructions to put your device into recovery mode. diff --git a/devices/hololens/hololens-setup.md b/devices/hololens/hololens-setup.md index c7007d172e..226a0c18ff 100644 --- a/devices/hololens/hololens-setup.md +++ b/devices/hololens/hololens-setup.md @@ -1,46 +1,75 @@ --- -title: Set up HoloLens (HoloLens) -description: The first time you set up HoloLens, you'll need a Wi-Fi network and either a Microsoft or Azure Active Directory account. +title: Set up a new HoloLens +description: This guide walks through first time set up. You'll need a Wi-Fi network and either a Microsoft (MSA) or Azure Active Directory (AAD) account. ms.prod: hololens ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article +author: scooley +ms.author: scooley +ms.topic: quickstart ms.localizationpriority: medium -ms.date: 07/27/2017 -ms.reviewer: -manager: dansimp +ms.date: 07/14/2019 --- -# Set up HoloLens +# Set up HoloLens for the first time -Before you get started setting up your HoloLens, make sure you have a Wi-Fi network and a Microsoft account or an Azure Active Directory (Azure AD) account. +Follow along to set up a HoloLens for the first time. At the end of this quickstart, you'll be able to use HoloLens and navigate HoloLens settings on-device. -## Network connectivity requirements +This is a high level unboxing guide to become familiar with HoloLens. +See [Set up HoloLens in the enterprise](hololens-requirements.md) to configure HoloLens for scale enterprise deployment and ongoing device management. -The first time you use your HoloLens, you'll be guided through connecting to a Wi-Fi network. You need to connect HoloLens to a Wi-Fi network with Internet connectivity so that the user account can be authenticated. +## Prerequisites -- It can be an open Wi-Fi or password-protected Wi-Fi network. -- The Wi-Fi network cannot require certificates to connect. -- The Wi-Fi network does not need to provide access to enterprise resources or intranet sites. +- Internet access. + - Wi-Fi is the easiest way to do first set up on both HoloLens and HoloLens 2. It can be an open Wi-Fi or password-protected Wi-Fi network; the Wi-Fi network does not need to provide access to enterprise resources or intranet sites. + - HoloLens 2 can connect to the internet via ethernet and a USB-C adapter. +- a user account - Microsoft (MSA) or Azure Active Directory (AAD) -## HoloLens setup +## Prepare for first-boot -The HoloLens setup process combines a quick tutorial on using HoloLens with the steps needed to connect to the network and add an account. +Become familiar with the HoloLens hardware and prepare to turn your HoloLens on for the first time. -1. Be sure your HoloLens is [charged](https://support.microsoft.com/help/12627), then [adjust it](https://support.microsoft.com/help/12632) for a comfortable fit. -2. [Turn on HoloLens](https://support.microsoft.com/help/12642). You will be guided through a calibration procedure and how to perform [the gestures](https://support.microsoft.com/help/12644/hololens-use-gestures) that you will use to operate HoloLens. -3. Next, you'll be guided through connecting to a Wi-Fi network. -4. After HoloLens connects to the Wi-Fi network, you select between **My work or school owns it** and **I own it**. +1. Be sure your HoloLens is [charged](https://support.microsoft.com/help/12627) +1. [Adjust fit](https://support.microsoft.com/help/12632) for a comfortable fit. +1. [Turn on HoloLens](https://support.microsoft.com/help/12642). You will be guided through a calibration procedure and how to perform [the gestures](https://support.microsoft.com/help/12644/hololens-use-gestures) that you will use to operate HoloLens. + +## Set up your HoloLens + +Set up your HoloLens and your user account. + +1. Connect to the internet (select Wi-Fi). +1. Sign in to your user account. You'll choose between **My work or school owns it** and **I own it**. - When you choose **My work or school owns it**, you sign in with an Azure AD account. If your organization uses Azure AD Premium and has configured automatic MDM enrollment, HoloLens will be enrolled in MDM. If your organization does not use Azure AD Premium, automatic MDM enrollment isn't available, so you will need to [enroll HoloLens in device management manually](hololens-enroll-mdm.md#enroll-through-settings-app). - 1. Enter your organizational account. + 1. Enter your organizational account. 2. Accept privacy statement. 3. Sign in using your Azure AD credentials. This may redirect to your organization's sign-in page. 4. Continue with device setup. - When you choose **I own it**, you sign in with a Microsoft account. After setup is complete, you can [enroll HoloLens in device management manually](hololens-enroll-mdm.md#enroll-through-settings-app). - 1. Enter your Microsoft account. - 2. Enter your password. If your Microsoft account requires [two-step verification (2FA)](https://blogs.technet.microsoft.com/microsoft_blog/2013/04/17/microsoft-account-gets-more-secure/), complete the verification process. -5. The device sets your time zone based on information obtained from the Wi-Fi network. -6. Next, you learn how to perform the bloom gesture and how to select and place the Start screen. After you place the Start screen, setup is complete and you can begin using HoloLens. + 1. Enter your Microsoft account. + 2. Enter your password. If your Microsoft account requires [two-step verification (2FA)](https://blogs.technet.microsoft.com/microsoft_blog/2013/04/17/microsoft-account-gets-more-secure/), complete the verification process. +1. The device sets your time zone based on information obtained from the Wi-Fi network. +1. Follow the first-start guides to learn how to interact with holograms, control the HoloLens with your voice, and access the start menu. +Congratulations! Setup is complete and you can begin using HoloLens. +## Explore HoloLens + +### Check out on-device settings and desktop + +HoloLens doesn't have an on-device command line. With that in mind, the settings section in HoloLens plays an important role in diagnosing problems on-device. Understanding the information available to HoloLens users will pay dividends when troubleshooting or configuring the device. + +Open settings by opening the start menu and clicking on the **Settings** in the top bar. You can also ask Cortana to open settings. + +Follow [this guide](https://docs.microsoft.com/en-us/windows/mixed-reality/navigating-the-windows-mixed-reality-home) to navigate around the HoloLens home. + +### Connect bluetooth devices + +Connecting a bluetooth keyboard makes typing on HoloLens as efficient as a Windows PC. + +[Connect a bluetooth keyboard or clicker](https://support.microsoft.com/en-us/help/12636). + +## Next steps + +Start planning for HoloLens at scale with HoloLens' enterprise management features. + +> [!div class="nextstepaction"] +> [HoloLens in the enterprise](hololens-requirements.md) \ No newline at end of file diff --git a/devices/hololens/hololens-spaces-on-hololens.md b/devices/hololens/hololens-spaces-on-hololens.md new file mode 100644 index 0000000000..5c04bb7c3e --- /dev/null +++ b/devices/hololens/hololens-spaces-on-hololens.md @@ -0,0 +1,40 @@ +--- +title: Spaces on HoloLens +description: HoloLens blends holograms with your world +ms.assetid: bd55ecd1-697a-4b09-8274-48d1499fcb0b +ms.reviewer: jarrettrenshaw +ms.date: 07/01/2019 +manager: v-miegge +keywords: hololens +ms.prod: hololens +ms.sitesec: library +author: v-miegge +ms.author: v-miegge +ms.topic: article +ms.localizationpriority: medium +--- + +# Spaces on HoloLens + +HoloLens blends holograms with your world, mapping your surroundings to remember where you place your apps and content. + +>[!NOTE] +>For your HoloLens to work properly, HoloLens Wi-Fi needs to be turned on, though it doesn't have to be connected to a network. + +## Tips for setting up your space + +HoloLens works best in certain kinds of environments. Choose a room with adequate light and plenty of space. Avoid dark spaces and rooms with a lot of dark, shiny, or translucent surfaces (for instance, mirrors or gauzy curtains). + +>[!NOTE] +>HoloLens is optimized for indoor use. Use it in a safe place with no tripping hazards. [More on safety](https://support.microsoft.com/help/4023454/safety-information). + +## Mapping your space + +When HoloLens starts mapping your surroundings, you'll see a mesh graphic spreading over the space. + +To help HoloLens learn a space, walk around the space and gaze around you. Air tap in a space to light up the mesh and see what's been mapped. + +If your space changes significantly—for example, if a piece of furniture is moved—you might need to walk around the space and gaze around you so HoloLens can relearn it. + +>[!NOTE] +>If HoloLens is having trouble mapping your space or you're have difficulty placing holograms, see [HoloLens and holograms: FAQ](https://support.microsoft.com/help/13456/hololens-and-holograms-faq). diff --git a/devices/hololens/hololens-use-apps.md b/devices/hololens/hololens-use-apps.md new file mode 100644 index 0000000000..e3d0aba0a9 --- /dev/null +++ b/devices/hololens/hololens-use-apps.md @@ -0,0 +1,40 @@ +--- +title: Use apps on HoloLens +description: Apps on HoloLens use either 2D view or holographic view. +ms.assetid: 6bd124c4-731c-4bcc-86c7-23f9b67ff616 +ms.reviewer: jarrettrenshaw +ms.date: 07/01/2019 +manager: v-miegge +keywords: hololens +ms.prod: hololens +ms.sitesec: library +author: v-miegge +ms.author: v-miegge +ms.topic: article +ms.localizationpriority: medium +--- + +# Use apps on HoloLens + +Apps on HoloLens use either 2D view or holographic view. Apps with 2D view look like windows, and apps with holographic view surround you and become the only app you see. + +## Open apps + +You'll find your apps either pinned to Start or in the All apps list. To get to the All apps list, use the bloom gesture to go to Start, then select **All apps**. + +On Start or in the All apps list, select an app. It will open in a good position for viewing. + +>[!NOTE] +>- Up to three 2D app windows can be active at a time. You can open more, but only three will remain active. +>- Each open app can have one active window at a time, except Microsoft Edge, which can have up to three. +>- If you're having problems with apps, make sure there's enough light in your space, and walk around so HoloLens has a current scan. If you keep having trouble, see [HoloLens and holograms: FAQ](https://support.microsoft.com/help/13456/hololens-and-holograms-faq) for more info. + +## Move, resize, and rotate apps + +After opening an app, you can [change its position and size](https://support.microsoft.com/help/12634). + +## Close apps + +To close an app that uses 2D view, gaze at it, then select **Close**. + +To close an app that uses holographic view, use the bloom gesture to leave holographic view, then select **Close**. diff --git a/devices/hololens/images/cortana-on-hololens.png b/devices/hololens/images/cortana-on-hololens.png new file mode 100644 index 0000000000..6205d3d2fd Binary files /dev/null and b/devices/hololens/images/cortana-on-hololens.png differ diff --git a/devices/hololens/images/hololens2-side-render.png b/devices/hololens/images/hololens2-side-render.png new file mode 100644 index 0000000000..143fb8fc50 Binary files /dev/null and b/devices/hololens/images/hololens2-side-render.png differ diff --git a/devices/hololens/images/recover-clicker-1.png b/devices/hololens/images/recover-clicker-1.png new file mode 100644 index 0000000000..ad54e6ee09 Binary files /dev/null and b/devices/hololens/images/recover-clicker-1.png differ diff --git a/devices/hololens/images/recover-clicker-2.png b/devices/hololens/images/recover-clicker-2.png new file mode 100644 index 0000000000..d7a9d6fd0d Binary files /dev/null and b/devices/hololens/images/recover-clicker-2.png differ diff --git a/devices/hololens/images/use-hololens-clicker-1.png b/devices/hololens/images/use-hololens-clicker-1.png new file mode 100644 index 0000000000..ad54e6ee09 Binary files /dev/null and b/devices/hololens/images/use-hololens-clicker-1.png differ diff --git a/devices/hololens/images/use-hololens-clicker-2.png b/devices/hololens/images/use-hololens-clicker-2.png new file mode 100644 index 0000000000..d7a9d6fd0d Binary files /dev/null and b/devices/hololens/images/use-hololens-clicker-2.png differ diff --git a/devices/hololens/index.md b/devices/hololens/index.md index e3790fbfb5..3320efb458 100644 --- a/devices/hololens/index.md +++ b/devices/hololens/index.md @@ -1,46 +1,51 @@ --- title: Microsoft HoloLens (HoloLens) -description: HoloLens provides extra features designed for business in the Commercial Suite. +description: Landing page for HoloLens commercial and enterprise management. ms.prod: hololens ms.sitesec: library -author: jdeckerms -ms.author: jdecker +author: scooley +ms.author: scooley ms.topic: article ms.localizationpriority: medium -ms.date: 07/27/2018 +ms.date: 07/14/2019 --- # Microsoft HoloLens - - +

Microsoft HoloLens is the first fully self-contained holographic computer running Windows 10.

Microsoft HoloLens is available in the Development Edition, which runs Windows Holographic (an edition of Windows 10 designed for HoloLens), and in the Commercial Suite, which runs Windows Holographic for Business when you apply the Enterprise license file to the device.

Hololens
+

Microsoft HoloLens is the first fully self-contained holographic computer running Windows 10.

+ +

Now, with the introduction of HoloLens 2, every device provides commercial ready management enhanced by the reliability, security, and scalability of cloud and AI services from Microsoft.

+ +		![Hololens](images/hololens2-side-render.png)
-## In this section +## Guides in this section + +| Guide | Description | +| --- | --- | +| [Get started with HoloLens](hololens-setup.md) | Set up HoloLens for the first time. | +| [Set up HoloLens in the enterprise](hololens-requirements.md) | Configure HoloLens for scale enterprise deployment and ongoing device management. | +| [Install and manage applications on HoloLens](hololens-install-apps.md) |Install and manage important applications on HoloLens at scale. | +| [Recover and troubleshoot HoloLens issues](https://support.microsoft.com/products/hololens) | Learn how to gather logs from HoloLens, recover a misbehaving device, or reset HoloLens when necessary. | +| [Get support](https://support.microsoft.com/products/hololens) |Connect with Microsoft support resources for HoloLens in enterprise. | + +## Quick reference by topic | Topic | Description | | --- | --- | -| [What's new in Microsoft HoloLens](hololens-whats-new.md) | Discover the new features in the latest update. | -| [HoloLens in the enterprise: requirements](hololens-requirements.md) | Lists requirements for general use, Wi-Fi, and device management | -| [Set up HoloLens](hololens-setup.md) | How to set up HoloLens for the first time | -[Install localized version of HoloLens](hololens-install-localized.md) | Install the Chinese or Japanese version of HoloLens -| [Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md) | How to upgrade your Development Edition HoloLens to Windows Holographic for Business | -| [Enroll HoloLens in MDM](hololens-enroll-mdm.md) | Manage multiple HoloLens devices simultaneously using solutions like Microsoft Intune | -| [Manage updates to HoloLens](hololens-updates.md) | Use mobile device management (MDM) policies to configure settings for updates. | -| [Set up HoloLens in kiosk mode](hololens-kiosk.md) | Enable kiosk mode for HoloLens, which limits the user's ability to launch new apps or change the running app | -[Share HoloLens with multiple people](hololens-multiple-users.md) | Multiple users can shared a HoloLens device by using their Azure Active Directory accounts. | +| [What's new in Microsoft HoloLens](hololens-whats-new.md) | Discover new features in the latest updates. | | [Configure HoloLens using a provisioning package](hololens-provisioning.md) | Provisioning packages make it easy for IT administrators to configure HoloLens devices without imaging | -| [Install apps on HoloLens](hololens-install-apps.md) | Use Microsoft Store for Business, mobile device management (MDM), or the Windows Device Portal to install apps on HoloLens | -| [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) | Learn how to use Bitlocker device encryption to protect files and information stored on the HoloLens | -| [Change history for Microsoft HoloLens documentation](change-history-hololens.md) | See new and updated topics in the HoloLens documentation library. | +| [HoloLens MDM support](hololens-enroll-mdm.md) | Manage multiple HoloLens devices simultaneously using Mobile Device Management (MDM) solutions like Microsoft Intune. | +| [HoloLens update management](hololens-updates.md) | Use mobile device management (MDM) policies to configure settings for updates. | +| [HoloLens user management](hololens-multiple-users.md) | Multiple users can shared a HoloLens device by using their Azure Active Directory accounts. | +| [HoloLens application access management](hololens-kiosk.md) | Manage application access for different user groups. | +| [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) | Learn how to use Bitlocker device encryption to protect files and information stored on the HoloLens. | +| [Install localized version of HoloLens](hololens-install-localized.md) | Configure HoloLens for different locale. | ## Related resources -- [Help for using HoloLens](https://support.microsoft.com/products/hololens) - -- [Documentation for Holographic app development](https://developer.microsoft.com/windows/mixed-reality/development) - -- [HoloLens Commercial Suite](https://www.microsoft.com/microsoft-hololens/hololens-commercial) - -- [HoloLens release notes](https://developer.microsoft.com/en-us/windows/mixed-reality/release_notes) +* [Documentation for Holographic app development](https://developer.microsoft.com/windows/mixed-reality/development) +* [HoloLens Commercial Suite](https://www.microsoft.com/microsoft-hololens/hololens-commercial) +* [HoloLens release notes](https://developer.microsoft.com/en-us/windows/mixed-reality/release_notes) diff --git a/devices/surface-hub/TOC.md b/devices/surface-hub/TOC.md index 736947ced3..7eac6565e2 100644 --- a/devices/surface-hub/TOC.md +++ b/devices/surface-hub/TOC.md @@ -6,6 +6,7 @@ ### [What's new in Surface Hub 2S for IT admins](surface-hub-2s-whats-new.md) ### [Surface Hub 2S tech specs](surface-hub-2s-techspecs.md) ### [Operating system essentials (Surface Hub) ](differences-between-surface-hub-and-windows-10-enterprise.md) +### [Adjust Surface Hub 2S brightness, volume, and input](surface-hub-2s-onscreen-display.md) ## Plan ### [Surface Hub 2S Site Readiness Guide](surface-hub-2s-site-readiness-guide.md) @@ -20,6 +21,8 @@ ### [Configure Easy Authentication for Surface Hub 2S](surface-hub-2s-phone-authenticate.md) ## Deploy +### [Surface Hub 2S adoption toolkit](surface-hub-2s-adoption-kit.md) +### [First time setup for Surface Hub 2S](surface-hub-2s-setup.md) ### [Surface Hub 2S deployment checklist](surface-hub-2s-deploy-checklist.md) ### [Create Surface Hub 2S device account](surface-hub-2s-account.md) ### [Create provisioning packages for Surface Hub 2S](surface-hub-2s-deploy.md) @@ -75,11 +78,11 @@ ## Manage ### [Manage Microsoft Surface Hub](manage-surface-hub.md) +### [PowerShell for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md) ### [Remote Surface Hub management](remote-surface-hub-management.md) #### [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md) #### [Monitor your Surface Hub](monitor-surface-hub.md) #### [Windows updates](manage-windows-updates-for-surface-hub.md) - ### [Manage Surface Hub settings](manage-surface-hub-settings.md) #### [Local management for Surface Hub settings](local-management-surface-hub-settings.md) #### [Accessibility](accessibility-surface-hub.md) @@ -87,33 +90,37 @@ #### [Device reset](device-reset-surface-hub.md) #### [Use fully qualified domain name with Surface Hub](use-fully-qualified-domain-name-surface-hub.md) #### [Wireless network management](wireless-network-management-for-surface-hub.md) +### [Implement Quality of Service on Surface Hub](surface-hub-qos.md) ### [Install apps on your Surface Hub](install-apps-on-surface-hub.md) ### [Configure Surface Hub Start menu](surface-hub-start-menu.md) ### [Set up and use Microsoft Whiteboard](whiteboard-collaboration.md) ### [End a Surface Hub meeting with End session](i-am-done-finishing-your-surface-hub-meeting.md) -### [Sign in to Surface Hub with Microsoft Authenticator](surface-hub-authenticator-app.md) -### [Save your BitLocker key](save-bitlocker-key-surface-hub.md) ### [Connect other devices and display with Surface Hub](connect-and-display-with-surface-hub.md) ### [Miracast on existing wireless network or LAN](miracast-over-infrastructure.md) ### [Enable 802.1x wired authentication](enable-8021x-wired-authentication.md) ### [Using a room control system](use-room-control-system-with-surface-hub.md) -### [Implement Quality of Service on Surface Hub](surface-hub-qos.md) + +## Secure +### [Sign in to Surface Hub with Microsoft Authenticator](surface-hub-authenticator-app.md) +### [Save your BitLocker key](save-bitlocker-key-surface-hub.md) +### [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md) + +## Support ### [Using the Surface Hub Recovery Tool](surface-hub-recovery-tool.md) ### [Surface Hub SSD replacement](surface-hub-ssd-replacement.md) -## [PowerShell for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md) -## [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md) -## [Top support solutions for Surface Hub](support-solutions-surface-hub.md) -## [Troubleshoot Microsoft Surface Hub](troubleshoot-surface-hub.md) -## [Surface Hub Update History](surface-hub-update-history.md) -## [Known issues and additional information about Microsoft Surface Hub](known-issues-and-additional-info-about-surface-hub.md) -## [How to use cloud recovery for BitLocker on a Surface Hub](use-cloud-recovery-for-bitlocker-on-surfacehub.md) -## [Using the Surface Hub Hardware Diagnostic Tool to test a device account](use-surface-hub-diagnostic-test-device-account.md) -## [Surface Hub Miracast channels 149-165 not supported in Europe, Japan, Israel](surfacehub-miracast-not-supported-europe-japan-israel.md) -## [What to do if the Connect app in Surface Hub exits unexpectedly](connect-app-in-surface-hub-unexpectedly-exits.md) -## [Surface Hub may install updates and restart outside maintenance hours](surface-hub-installs-updates-and-restarts-outside-maintenance-hours.md) -## [General Data Privacy Regulation and Surface Hub](general-data-privacy-regulation-and-surface-hub.md) -## [Troubleshoot Miracast on Surface Hub](miracast-troubleshooting.md) -## [Useful downloads for Surface Hub administrators](surface-hub-downloads.md) -## [Technical information for 55” Microsoft Surface Hub](surface-hub-technical-55.md) -## [Technical information for 84” Microsoft Surface Hub](surface-hub-technical-84.md) -## [Change history for Surface Hub](change-history-surface-hub.md) + +### [Top support solutions for Surface Hub](support-solutions-surface-hub.md) +### [Troubleshoot Microsoft Surface Hub](troubleshoot-surface-hub.md) +### [Surface Hub Update History](surface-hub-update-history.md) +### [Known issues and additional information about Microsoft Surface Hub](known-issues-and-additional-info-about-surface-hub.md) +### [How to use cloud recovery for BitLocker on a Surface Hub](use-cloud-recovery-for-bitlocker-on-surfacehub.md) +### [Using the Surface Hub Hardware Diagnostic Tool to test a device account](use-surface-hub-diagnostic-test-device-account.md) +### [Troubleshoot Miracast on Surface Hub](miracast-troubleshooting.md) +### [Surface Hub Miracast channels 149-165 not supported in Europe, Japan, Israel](surfacehub-miracast-not-supported-europe-japan-israel.md) +### [What to do if the Connect app in Surface Hub exits unexpectedly](connect-app-in-surface-hub-unexpectedly-exits.md) +### [Surface Hub may install updates and restart outside maintenance hours](surface-hub-installs-updates-and-restarts-outside-maintenance-hours.md) +### [General Data Privacy Regulation and Surface Hub](general-data-privacy-regulation-and-surface-hub.md) +### [Useful downloads for Surface Hub administrators](surface-hub-downloads.md) +### [Technical information for 55” Microsoft Surface Hub](surface-hub-technical-55.md) +### [Technical information for 84” Microsoft Surface Hub](surface-hub-technical-84.md) +### [Change history for Surface Hub](change-history-surface-hub.md) diff --git a/devices/surface-hub/docfx.json b/devices/surface-hub/docfx.json index 857f59487f..5f16f8d171 100644 --- a/devices/surface-hub/docfx.json +++ b/devices/surface-hub/docfx.json @@ -14,7 +14,9 @@ "resource": [ { "files": [ - "**/images/**" + "**/images/**", + "**/*.pptx", + "**/*.pdf" ], "exclude": [ "**/obj/**" diff --git a/devices/surface-hub/downloads/Guide-SurfaceHub2S-Navigation.pptx b/devices/surface-hub/downloads/Guide-SurfaceHub2S-Navigation.pptx new file mode 100644 index 0000000000..b06a6e8b44 Binary files /dev/null and b/devices/surface-hub/downloads/Guide-SurfaceHub2S-Navigation.pptx differ diff --git a/devices/surface-hub/downloads/Guide-SurfaceHub2S-Office365.pptx b/devices/surface-hub/downloads/Guide-SurfaceHub2S-Office365.pptx new file mode 100644 index 0000000000..4fa5e3abd9 Binary files /dev/null and b/devices/surface-hub/downloads/Guide-SurfaceHub2S-Office365.pptx differ diff --git a/devices/surface-hub/downloads/Guide-SurfaceHub2S-Teams.pptx b/devices/surface-hub/downloads/Guide-SurfaceHub2S-Teams.pptx new file mode 100644 index 0000000000..210102de52 Binary files /dev/null and b/devices/surface-hub/downloads/Guide-SurfaceHub2S-Teams.pptx differ diff --git a/devices/surface-hub/downloads/Guide-SurfaceHub2S-Whiteboard.pptx b/devices/surface-hub/downloads/Guide-SurfaceHub2S-Whiteboard.pptx new file mode 100644 index 0000000000..6d39d374a7 Binary files /dev/null and b/devices/surface-hub/downloads/Guide-SurfaceHub2S-Whiteboard.pptx differ diff --git a/devices/surface-hub/downloads/Outline-SurfaceHub2S-EndUser.pdf b/devices/surface-hub/downloads/Outline-SurfaceHub2S-EndUser.pdf new file mode 100644 index 0000000000..6c5b52d377 Binary files /dev/null and b/devices/surface-hub/downloads/Outline-SurfaceHub2S-EndUser.pdf differ diff --git a/devices/surface-hub/downloads/Outline-SurfaceHub2S-HelpDesk.pdf b/devices/surface-hub/downloads/Outline-SurfaceHub2S-HelpDesk.pdf new file mode 100644 index 0000000000..ae296c8c08 Binary files /dev/null and b/devices/surface-hub/downloads/Outline-SurfaceHub2S-HelpDesk.pdf differ diff --git a/devices/surface-hub/downloads/Outline-SurfaceHub2S-PowerUser.pdf b/devices/surface-hub/downloads/Outline-SurfaceHub2S-PowerUser.pdf new file mode 100644 index 0000000000..9f64a7c4f2 Binary files /dev/null and b/devices/surface-hub/downloads/Outline-SurfaceHub2S-PowerUser.pdf differ diff --git a/devices/surface-hub/downloads/QRCConnectYourPC.pdf b/devices/surface-hub/downloads/QRCConnectYourPC.pdf new file mode 100644 index 0000000000..fbdb9d9164 Binary files /dev/null and b/devices/surface-hub/downloads/QRCConnectYourPC.pdf differ diff --git a/devices/surface-hub/downloads/QRCJoinTeamsMeeting.pdf b/devices/surface-hub/downloads/QRCJoinTeamsMeeting.pdf new file mode 100644 index 0000000000..62b86d2a00 Binary files /dev/null and b/devices/surface-hub/downloads/QRCJoinTeamsMeeting.pdf differ diff --git a/devices/surface-hub/downloads/QRCManageTeamsMeeting.pdf b/devices/surface-hub/downloads/QRCManageTeamsMeeting.pdf new file mode 100644 index 0000000000..a6af26dcf9 Binary files /dev/null and b/devices/surface-hub/downloads/QRCManageTeamsMeeting.pdf differ diff --git a/devices/surface-hub/downloads/QRCNavigationBasics.pdf b/devices/surface-hub/downloads/QRCNavigationBasics.pdf new file mode 100644 index 0000000000..6d8eb75ad5 Binary files /dev/null and b/devices/surface-hub/downloads/QRCNavigationBasics.pdf differ diff --git a/devices/surface-hub/downloads/QRCScheduleTeamsMeeting.pdf b/devices/surface-hub/downloads/QRCScheduleTeamsMeeting.pdf new file mode 100644 index 0000000000..a33cf1b1e1 Binary files /dev/null and b/devices/surface-hub/downloads/QRCScheduleTeamsMeeting.pdf differ diff --git a/devices/surface-hub/downloads/QRCShareSendFile.pdf b/devices/surface-hub/downloads/QRCShareSendFile.pdf new file mode 100644 index 0000000000..56d5c9f8c2 Binary files /dev/null and b/devices/surface-hub/downloads/QRCShareSendFile.pdf differ diff --git a/devices/surface-hub/downloads/QRCSignInToViewMeetingsFiles.pdf b/devices/surface-hub/downloads/QRCSignInToViewMeetingsFiles.pdf new file mode 100644 index 0000000000..61caa64f94 Binary files /dev/null and b/devices/surface-hub/downloads/QRCSignInToViewMeetingsFiles.pdf differ diff --git a/devices/surface-hub/downloads/QRCStartNewTeamsMeeting.pdf b/devices/surface-hub/downloads/QRCStartNewTeamsMeeting.pdf new file mode 100644 index 0000000000..d7a7c89268 Binary files /dev/null and b/devices/surface-hub/downloads/QRCStartNewTeamsMeeting.pdf differ diff --git a/devices/surface-hub/downloads/QRCWhiteboardAdvanced.pdf b/devices/surface-hub/downloads/QRCWhiteboardAdvanced.pdf new file mode 100644 index 0000000000..aed2f55671 Binary files /dev/null and b/devices/surface-hub/downloads/QRCWhiteboardAdvanced.pdf differ diff --git a/devices/surface-hub/downloads/QRCWhiteboardTools.pdf b/devices/surface-hub/downloads/QRCWhiteboardTools.pdf new file mode 100644 index 0000000000..c6dfcc3523 Binary files /dev/null and b/devices/surface-hub/downloads/QRCWhiteboardTools.pdf differ diff --git a/devices/surface-hub/downloads/SurfaceHubAdoptionToolKit.pdf b/devices/surface-hub/downloads/SurfaceHubAdoptionToolKit.pdf new file mode 100644 index 0000000000..79675aaaaa Binary files /dev/null and b/devices/surface-hub/downloads/SurfaceHubAdoptionToolKit.pdf differ diff --git a/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-EndUser.pdf b/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-EndUser.pdf new file mode 100644 index 0000000000..b8b6d804a9 Binary files /dev/null and b/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-EndUser.pdf differ diff --git a/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-HelpDesk.pdf b/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-HelpDesk.pdf new file mode 100644 index 0000000000..9e3ac0aa01 Binary files /dev/null and b/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-HelpDesk.pdf differ diff --git a/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-PowerUser.pdf b/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-PowerUser.pdf new file mode 100644 index 0000000000..a40bdf33d6 Binary files /dev/null and b/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-PowerUser.pdf differ diff --git a/devices/surface-hub/images/sh2-onscreen-display.png b/devices/surface-hub/images/sh2-onscreen-display.png new file mode 100644 index 0000000000..4605f50734 Binary files /dev/null and b/devices/surface-hub/images/sh2-onscreen-display.png differ diff --git a/devices/surface-hub/images/sh2-run1.png b/devices/surface-hub/images/sh2-run1.png new file mode 100644 index 0000000000..15aa540166 Binary files /dev/null and b/devices/surface-hub/images/sh2-run1.png differ diff --git a/devices/surface-hub/images/sh2-run10.png b/devices/surface-hub/images/sh2-run10.png new file mode 100644 index 0000000000..5e980fa334 Binary files /dev/null and b/devices/surface-hub/images/sh2-run10.png differ diff --git a/devices/surface-hub/images/sh2-run11.png b/devices/surface-hub/images/sh2-run11.png new file mode 100644 index 0000000000..02362bc5da Binary files /dev/null and b/devices/surface-hub/images/sh2-run11.png differ diff --git a/devices/surface-hub/images/sh2-run12.png b/devices/surface-hub/images/sh2-run12.png new file mode 100644 index 0000000000..f619ac4c42 Binary files /dev/null and b/devices/surface-hub/images/sh2-run12.png differ diff --git a/devices/surface-hub/images/sh2-run13.png b/devices/surface-hub/images/sh2-run13.png new file mode 100644 index 0000000000..77b9e3e2a6 Binary files /dev/null and b/devices/surface-hub/images/sh2-run13.png differ diff --git a/devices/surface-hub/images/sh2-run14.png b/devices/surface-hub/images/sh2-run14.png new file mode 100644 index 0000000000..d88ca872ca Binary files /dev/null and b/devices/surface-hub/images/sh2-run14.png differ diff --git a/devices/surface-hub/images/sh2-run2.png b/devices/surface-hub/images/sh2-run2.png new file mode 100644 index 0000000000..fd379b2b05 Binary files /dev/null and b/devices/surface-hub/images/sh2-run2.png differ diff --git a/devices/surface-hub/images/sh2-run3.png b/devices/surface-hub/images/sh2-run3.png new file mode 100644 index 0000000000..8171beecbf Binary files /dev/null and b/devices/surface-hub/images/sh2-run3.png differ diff --git a/devices/surface-hub/images/sh2-run4.png b/devices/surface-hub/images/sh2-run4.png new file mode 100644 index 0000000000..1a132dfebb Binary files /dev/null and b/devices/surface-hub/images/sh2-run4.png differ diff --git a/devices/surface-hub/images/sh2-run5.png b/devices/surface-hub/images/sh2-run5.png new file mode 100644 index 0000000000..ebfe53f3cb Binary files /dev/null and b/devices/surface-hub/images/sh2-run5.png differ diff --git a/devices/surface-hub/images/sh2-run6.png b/devices/surface-hub/images/sh2-run6.png new file mode 100644 index 0000000000..896531f4ec Binary files /dev/null and b/devices/surface-hub/images/sh2-run6.png differ diff --git a/devices/surface-hub/images/sh2-run7.png b/devices/surface-hub/images/sh2-run7.png new file mode 100644 index 0000000000..59e60d84de Binary files /dev/null and b/devices/surface-hub/images/sh2-run7.png differ diff --git a/devices/surface-hub/images/sh2-run8.png b/devices/surface-hub/images/sh2-run8.png new file mode 100644 index 0000000000..ec2daf8e4f Binary files /dev/null and b/devices/surface-hub/images/sh2-run8.png differ diff --git a/devices/surface-hub/images/sh2-run9.png b/devices/surface-hub/images/sh2-run9.png new file mode 100644 index 0000000000..5bd3abea88 Binary files /dev/null and b/devices/surface-hub/images/sh2-run9.png differ diff --git a/devices/surface-hub/install-apps-on-surface-hub.md b/devices/surface-hub/install-apps-on-surface-hub.md index 917cd53509..4f1de2f5cf 100644 --- a/devices/surface-hub/install-apps-on-surface-hub.md +++ b/devices/surface-hub/install-apps-on-surface-hub.md @@ -21,7 +21,7 @@ You can install additional apps on your Surface Hub to fit your team or organiza A few things to know about apps on Surface Hub: - Surface Hub only runs [Universal Windows Platform (UWP) apps](https://msdn.microsoft.com/windows/uwp/get-started/whats-a-uwp). Apps created using the [Desktop App Converter](https://docs.microsoft.com/windows/uwp/porting/desktop-to-uwp-run-desktop-app-converter) will not run on Surface Hub. - Apps must be targeted for the [Universal device family](https://msdn.microsoft.com/library/windows/apps/dn894631) or Windows Team device family. -- Surface Hub only supports [offline-licensed apps](https://docs.microsoft.com/microsoft-store/distribute-offline-apps) from Microsoft Store for Business. +- Surface Hub only supports [offline-licensed apps](https://docs.microsoft.com/microsoft-store/distribute-offline-apps) from [Microsoft Store for Business](https://businessstore.microsoft.com/store). - By default, apps must be Store-signed to be installed. During testing and development, you can also choose to run developer-signed UWP apps by placing the device in developer mode. - When submitting an app to the Microsoft Store, developers need to set Device family availability and Organizational licensing options to make sure an app will be available to run on Surface Hub. - You need admin credentials to install apps on your Surface Hub. Since the device is designed to be used in communal spaces like meeting rooms, people can't access the Microsoft Store to download and install apps. diff --git a/devices/surface-hub/local-management-surface-hub-settings.md b/devices/surface-hub/local-management-surface-hub-settings.md index 4d09394933..810691dfe8 100644 --- a/devices/surface-hub/local-management-surface-hub-settings.md +++ b/devices/surface-hub/local-management-surface-hub-settings.md @@ -7,7 +7,7 @@ ms.sitesec: library author: dansimp ms.author: dansimp ms.topic: article -ms.date: 06/20/2019 +ms.date: 07/08/2019 ms.reviewer: manager: dansimp ms.localizationpriority: medium @@ -29,7 +29,6 @@ Surface Hubs have many settings that are common to other Windows devices, but al | Change admin account password | Surface Hub > Accounts | Change the password for the local admin account. This is only available if you configured the device to use a local admin during first run. | | Device Management | Surface Hub > Device management | Manage policies and business applications using mobile device management (MDM). | | Provisioning packages | Surface Hub > Device management | Set or change provisioning packages installed on the Surface Hub. | -| Configure Operations Management Suite (OMS) | Surface Hub > Device management | Set up monitoring for your Surface Hub using OMS. | | Open the Microsoft Store app | Surface Hub > Apps & features | The Microsoft Store app is only available to admins through the Settings app. | | Skype for Business domain name | Surface Hub > Calling & Audio | Configure a domain name for your Skype for Business server. | | Default Speaker volume | Surface Hub > Calling & Audio | Configure the default speaker volume for the Surface Hub when it starts a session. | diff --git a/devices/surface-hub/save-bitlocker-key-surface-hub.md b/devices/surface-hub/save-bitlocker-key-surface-hub.md index aeff0b3763..acd4207515 100644 --- a/devices/surface-hub/save-bitlocker-key-surface-hub.md +++ b/devices/surface-hub/save-bitlocker-key-surface-hub.md @@ -10,7 +10,7 @@ ms.sitesec: library author: levinec ms.author: ellevin ms.topic: article -ms.date: 06/20/2019 +ms.date: 07/08/2019 ms.localizationpriority: medium --- @@ -27,7 +27,7 @@ There are several ways to manage your BitLocker key on the Surface Hub. 2. If you’ve joined the Surface Hub to Azure Active Directory (Azure AD), the BitLocker key will be stored under the account that was used to join the device. -3. If you’re using an admin account to manage the device, you can save the BitLocker key by going to the **Settings** app and navigating to **Update & security** > **Recovery**. Insert a USB drive and select the option to save the BitLocker key. The key will be saved to a text file on the USB drive. +3. If you’re using a local admin account to manage the device, you can save the BitLocker key by going to the **Settings** app and navigating to **Update & security** > **Recovery**. Insert a USB drive and select the option to save the BitLocker key. The key will be saved to a text file on the USB drive. ## Related topics diff --git a/devices/surface-hub/surface-hub-2s-adoption-kit.md b/devices/surface-hub/surface-hub-2s-adoption-kit.md new file mode 100644 index 0000000000..dc4ea1a959 --- /dev/null +++ b/devices/surface-hub/surface-hub-2s-adoption-kit.md @@ -0,0 +1,50 @@ +--- +title: "Surface Hub 2S adoption toolkit" +description: "Microsoft has developed downloadable materials that you can make available for your users to aid in adoption of Surface Hub 2S." +keywords: separate values with commas +ms.prod: surface-hub +ms.sitesec: library +author: robmazz +ms.author: robmazz +manager: laurawi +audience: Admin +ms.topic: article +ms.date: 07/08/2019 +ms.localizationpriority: Normal +--- + +# Surface Hub 2S adoption toolkit + +Microsoft has developed downloadable materials that you can make available for your users to aid in adoption of Surface Hub 2S. + +## Training guides + +- [Surface Hub adoption toolkit](downloads/SurfaceHubAdoptionToolKit.pdf) +- [Training guide – end user](downloads/TrainingGuide-SurfaceHub2S-EndUser.pdf) +- [Training guide – power user](downloads/TrainingGuide-SurfaceHub2S-PowerUser.pdf) +- [Training guide – help desk](downloads/TrainingGuide-SurfaceHub2S-HelpDesk.pdf) +- [Training guide – Microsoft Teams desktop](downloads/Guide-SurfaceHub2S-Teams.pptx) + +[Download all training guides](http://download.microsoft.com/download/2/2/3/2234F70E-E65A-4790-93DF-F4C373A75B8E/SurfaceHub2S-TrainerGuides-July2019.zip) + +## End user guides + +- [Guide to Navigation on Surface Hub](downloads/Guide-SurfaceHub2S-Navigation.pptx) +- [Guide to Office 365 on Surface Hub](downloads/Guide-SurfaceHub2S-Office365.pptx) +- [Guide to Microsoft Whiteboard on Surface Hub](downloads/Guide-SurfaceHub2S-Whiteboard.pptx) +- [Guide to Microsoft Teams on Surface Hub](downloads/Guide-SurfaceHub2S-Teams.pptx) + +## Quick reference cards + +- [Connect your PC](downloads/QRCConnectYourPC.pdf) +- [Join a Teams Meeting](downloads/QRCJoinTeamsMeeting.pdf) +- [Manage a Teams meeting](downloads/QRCManageTeamsMeeting.pdf) +- [Navigation basics](downloads/QRCNavigationBasics.pdf) +- [Schedule a Teams meeting](downloads/QRCScheduleTeamsMeeting.pdf) +- [Start a new Teams meeting](downloads/QRCStartNewTeamsMeeting.pdf) +- [Share or send a file](downloads/QRCShareSendFile.pdf) +- [Sign in to view meetings and files](downloads/QRCSignInToViewMeetingsFiles.pdf) +- [Whiteboard advanced](downloads/QRCWhiteboardAdvanced.pdf) +- [Whiteboard tools](downloads/QRCWhiteboardTools.pdf) + +[Download all user guides and quick reference cards](http://download.microsoft.com/download/E/7/F/E7FC6611-BB55-43E1-AF36-7BD5CE6E0FE0/SurfaceHub2S-EndUserGuides-July2019.zip) \ No newline at end of file diff --git a/devices/surface-hub/surface-hub-2s-deploy-apps-intune.md b/devices/surface-hub/surface-hub-2s-deploy-apps-intune.md index 502df5cbb0..8251f94a15 100644 --- a/devices/surface-hub/surface-hub-2s-deploy-apps-intune.md +++ b/devices/surface-hub/surface-hub-2s-deploy-apps-intune.md @@ -20,7 +20,7 @@ You can install additional apps to fit your team or organization's needs. - Surface Hub only runs [Universal Windows Platform (UWP) apps](https://msdn.microsoft.com/windows/uwp/get-started/whats-a-uwp). Apps created using the [Desktop App Converter](https://docs.microsoft.com/windows/uwp/porting/desktop-to-uwp-run-desktop-app-converter) will not run on Surface Hub. - Apps must be targeted for the [Universal device family](https://msdn.microsoft.com/library/windows/apps/dn894631) or Windows Team device family. -- Surface Hub only supports [offline-licensed apps](https://docs.microsoft.com/microsoft-store/distribute-offline-apps) from Microsoft Store for Business. +- Surface Hub only supports [offline-licensed apps](https://docs.microsoft.com/microsoft-store/distribute-offline-apps) from [Microsoft Store for Business](https://businessstore.microsoft.com/store). - By default, apps must be Store-signed to be installed. During testing and development, you can also choose to run developer-signed UWP apps by placing the device in developer mode. - When developing and submitting apps to the Microsoft Store, set Device family availability and Organizational licensing options to ensure that apps are available to run on Surface Hub. - You need admin credentials to install apps on Surface Hub. Designed for use in meeting rooms and other shared spaces, Surface Hub prevents regular users from accessing the Microsoft Store to download and install apps. diff --git a/devices/surface-hub/surface-hub-2s-onscreen-display.md b/devices/surface-hub/surface-hub-2s-onscreen-display.md new file mode 100644 index 0000000000..3ce023df33 --- /dev/null +++ b/devices/surface-hub/surface-hub-2s-onscreen-display.md @@ -0,0 +1,37 @@ +--- +title: "Adjust Surface Hub 2S brightness, volume, and input" +description: "Learn how to use the onscreen display to adjust brightness and other settings in Surface Hub 2S." +keywords: separate values with commas +ms.prod: surface-hub +ms.sitesec: library +author: robmazz +ms.author: robmazz +audience: Admin +ms.topic: article +ms.date: 07/09/2019 +ms.localizationpriority: Normal +--- +# Adjust Surface Hub 2S brightness, volume, and input +Surface Hub 2S provides an on-screen display for volume, brightness, and input control. The Source button functions as a toggle key to switch between the volume, brightness, and input control menus. + +**To show the on-screen display:** + +- Press and hold the **Source** button for 4 seconds. + + ![Surface Hub 2S on-screen display](images/sh2-onscreen-display.png)
+ + When the on-screen display is visible, use one or more buttons to reach desired settings. + +**To adjust volume:** + +- Use the **Volume up/down** button to increase or decrease volume. + +**To adjust brightness:** + +1. Press the **Source** button again to switch to the brightness menu. +2. Use the **Volume up/down** button to increase or decrease brightness. + +**To adjust input:** + +1. Press the **Source** button twice to switch to the Source menu. +2. Use the **Volume up/down** button to switch between PC, HDMI, and USB-C inputs. diff --git a/devices/surface-hub/surface-hub-2s-pack-components.md b/devices/surface-hub/surface-hub-2s-pack-components.md index b052993bf1..3f5365d0fe 100644 --- a/devices/surface-hub/surface-hub-2s-pack-components.md +++ b/devices/surface-hub/surface-hub-2s-pack-components.md @@ -19,15 +19,9 @@ If you replace your Surface Hub 2S, one of its components, or a related accessor >[!IMPORTANT] >When packing your device for shipment, make sure that you use the packaging in which your replacement device arrived. -This article contains the following procedures: +## How to pack your Surface Hub 2S 50” -- [How to pack your Surface Hub 2S 55”](#how-to-pack-your-surface-hub-2s-55) -- [How to replace and pack your Surface Hub 2S Compute Cartridge](#how-to-replace-and-pack-your-surface-hub-2s-compute-cartridge) -- [How to replace your Surface Hub 2S Camera](#how-to-replace-your-surface-hub-2s-camera) - -## How to pack your Surface Hub 2S 55” - -Use the following steps to pack your Surface Hub 2S 55" for shipment. +Use the following steps to pack your Surface Hub 2S 50" for shipment. ![The Surface Hub unit and mobile stand.](images/surface-hub-2s-repack-1.png) diff --git a/devices/surface-hub/surface-hub-2s-setup.md b/devices/surface-hub/surface-hub-2s-setup.md new file mode 100644 index 0000000000..610cdcc697 --- /dev/null +++ b/devices/surface-hub/surface-hub-2s-setup.md @@ -0,0 +1,100 @@ +--- +title: "First time Setup for Surface Hub 2S" +description: "Learn how to complete first time Setup for Surface Hub 2S." +keywords: separate values with commas +ms.prod: surface-hub +ms.sitesec: library +author: robmazz +ms.author: robmazz +audience: Admin +ms.topic: article +ms.date: 07/03/2019 +ms.localizationpriority: Normal +--- + +# First time Setup for Surface Hub 2S + +When you first start Surface Hub 2S, the device automatically enters first time Setup mode to guide you through account configuration and related settings. + +## Configuring Surface Hub 2S account + +1. **Configure your locale.** Enter region, language, keyboard layout and time zone information. Select **Next**. + + ![* Configure your locale *](images/sh2-run1.png)
+1. **Connect to a wireless network.** Choose your preferred wireless network and select **Next.** + +- This option is not shown if connected using an Ethernet cable. +- You cannot connect to a wireless network in hotspots (captive portals) that redirect sign-in requests to a provider’s website. + +3. **Enter device account info.** Use **domain\user** for on-premises and hybrid environments and **user@example.com** for online environments. Select **Next.** + + ![* Enter device account info *](images/sh2-run2.png)
+1. **Enter additional info.** If requested, provide your Exchange server address and then select **Next.** + + ![* Enter more info; for example, Exchange server name*](images/sh2-run3.png)
+ +1. **Name this device.** Enter a name for your device or use the suggested one based on your account’s display name and user principle name [UPN]. **Select Next**. + +- The **Friendly name** is visible on the bottom left corner of Surface Hub 2S and is shown when projecting to the device. + +- The **Device name** identifies the device when affiliated with Active Directory or Azure Active Directory, and when enrolling the device with Intune. + + ![* Name this device*](images/sh2-run4.png)
+ +## Configuring device admin accounts + +You can only set up device admins during first time Setup. For more information, refer to [Surface Hub 2S device affiliation](https://docs.microsoft.com/en-us/surface-hub/surface-hub-2s-prepare-environment#device-affiliation). + + In the **Setup admins for this device** window, select one of the following options: Active Directory Domain Services, Azure Active Directory, or Local admin. + + ![* Setup admins for this device *](images/sh2-run5.png)
+ +### Active Directory Domain Services + +1. Enter the credentials of a user who has permissions to join the device to Active Directory. + + ![* Setup admins using domain join *](images/sh2-run6.png)
+ +2. Select the Active Directory Security Group containing members allowed to log on to the Settings app on Surface Hub 2S. + + ![* Enter a security group *](images/sh2-run7.png)
+1. Select **Finish**. The device will restart. + +### Azure Active Directory + +When choosing to affiliate your device with Azure Active Directory, the device will immediately restart and display the following page. Select **Next**. + +![* If your organization uses Office 365 or other business services from Microsoft, we’ll enrolll this device with your organization*](images/sh2-run8.png)
+ +1. Enter the email address or UPN of an account **with Intune Plan 1** or greater and then select **Next.** + + ![* Enter work or school account*](images/sh2-run9.png)
+ +2. If redirected, authenticate using your organization’s sign-in page and provide additional logon information if requested. The device will restart. + +## Local Administrator account + +- Enter a username and password for your local admin. The device will restart. + + ![* Set up an admin account*](images/sh2-run10.png)
+ +## Using provisioning packages + +If you insert a USB thumb drive with a provisioning package into one of the USB ports when you start Surface Hub 2S, the device displays the following page. + +1. Enter the requested settings and select **Set up**. + + ![* Enter regional settings for provisioning package*](images/sh2-run11.png)
+ + ![* Provision this device from removable media*](images/sh2-run12.png)
+2. Choose the provisioning package you’d like to use. + + ![* Choose provisioning package to use*](images/sh2-run13.png)
+ +3. If you created a multiple devices CSV file, you will be able to choose a device configuration. For more information, refer to [Create provisioning packages for Surface Hub 2S](https://docs.microsoft.com/en-us/surface-hub/surface-hub-2s-deploy#provisioning-multiple-devices-csv-file). + + + ![* Select a device account and friendly name from your configuration file*](images/sh2-run14.png)
+ + 4. Follow the instructions to complete first time Setup. + diff --git a/devices/surface-hub/surface-hub-2s-startup.md b/devices/surface-hub/surface-hub-2s-startup.md deleted file mode 100644 index bef171d8ad..0000000000 --- a/devices/surface-hub/surface-hub-2s-startup.md +++ /dev/null @@ -1,15 +0,0 @@ ---- -title: "Out-of-box startup for Surface Hub 2S" -description: "Learn about starting Surface Hub 2S for the first time." -keywords: separate values with commas -ms.prod: surface-hub -ms.sitesec: library -author: robmazz -ms.author: robmazz -audience: Admin -ms.topic: article -ms.localizationpriority: Normal -ROBOTS: NOINDEX, NOFOLLOW ---- - -# Out-of-box startup for Surface Hub 2S diff --git a/devices/surface/TOC.md b/devices/surface/TOC.md index 6cdd5c13fd..15a51ed349 100644 --- a/devices/surface/TOC.md +++ b/devices/surface/TOC.md @@ -30,7 +30,7 @@ ### [Surface System SKU reference](surface-system-sku-reference.md) ## Manage -### [Maintain optimal power settings on Surface devices](maintain-optimal-power-settings-on-Surface-devices.md) +### [Best practice power settings for Surface devices](maintain-optimal-power-settings-on-Surface-devices.md) ### [Battery Limit setting](battery-limit.md) ### [Surface Brightness Control](microsoft-surface-brightness-control.md) ### [Surface Asset Tag](assettag.md) @@ -48,7 +48,8 @@ ### [Unenroll Surface devices from SEMM](unenroll-surface-devices-from-semm.md) ## Support -### [Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md) +### [Fix common Surface problems using the Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-for-business-intro.md) +### [Deploy Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md) ### [Use Surface Diagnostic Toolkit for Business in desktop mode](surface-diagnostic-toolkit-desktop-mode.md) ### [Run Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md) ### [Surface Data Eraser](microsoft-surface-data-eraser.md) diff --git a/devices/surface/change-history-for-surface.md b/devices/surface/change-history-for-surface.md index 312c8a39b2..14eea5c91d 100644 --- a/devices/surface/change-history-for-surface.md +++ b/devices/surface/change-history-for-surface.md @@ -15,19 +15,27 @@ ms.topic: article This topic lists new and updated topics in the Surface documentation library. +## July 2019 + +| **New or changed topic** | **Description** | +| ------------------------ | --------------- | +| [Deploy Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md) | Renamed to reflect focus on deployment guidance for IT professionals. Covers minor changes in Version 2.41.139.0. | + + + ## June 2019 -New or changed topic | Description ---- | --- +| **New or changed topic** | **Description** | +| ------------------------ | --------------- | +|[Fix common Surface problems using the Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-for-business-intro.md) | New introductory page for the Surface Diagnostic Toolkit for Business. | +| [Best practice power settings for Surface devices](maintain-optimal-power-settings-on-Surface-devices.md) |Updated with summary of recommendations for managing power settings and optimizing battery life. | -[Fix common Surface problems using the Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-for-business-intro.md) | New ## March 2019 -New or changed topic | Description ---- | --- - -[Surface System SKU reference](surface-system-sku-reference.md) | New +| **New or changed topic** | **Description** | +| ------------------------ | --------------- | +| [Surface System SKU reference](surface-system-sku-reference.md) | New | ## February 2019 diff --git a/devices/surface/images/Surface-Devices-400x140.svg b/devices/surface/images/Surface-Devices-400x140.svg index 9121e93531..4414de0f16 100644 --- a/devices/surface/images/Surface-Devices-400x140.svg +++ b/devices/surface/images/Surface-Devices-400x140.svg @@ -1 +1,25 @@ -Surface-Devices-400x140 \ No newline at end of file + + + + +Surface-Devices-400x140 + + + + + + + + + + + diff --git a/devices/surface/images/Surface-Hub-400x140.svg b/devices/surface/images/Surface-Hub-400x140.svg index 473fba1604..f5a5c12a56 100644 --- a/devices/surface/images/Surface-Hub-400x140.svg +++ b/devices/surface/images/Surface-Hub-400x140.svg @@ -1,59 +1,51 @@ - - - - - - win_it-pro-6 - - - - - - - - - - - - - - - DevicesLaptopTablet-blue - - - - - - - - - - - - - - - +win_it-pro-6 + + + + + + + + + + + + + DevicesLaptopTablet-blue + + + + + + + + + + + + + + diff --git a/devices/surface/surface-diagnostic-toolkit-business.md b/devices/surface/surface-diagnostic-toolkit-business.md index 71461687d7..8b78717d6c 100644 --- a/devices/surface/surface-diagnostic-toolkit-business.md +++ b/devices/surface/surface-diagnostic-toolkit-business.md @@ -33,7 +33,7 @@ To run SDT for Business, download the components listed in the following table. Mode | Primary scenarios | Download | Learn more --- | --- | --- | --- Desktop mode | Assist users in running SDT on their Surface devices to troubleshoot issues.
Create a custom package to deploy on one or more Surface devices allowing users to select specific logs to collect and analyze. | SDT distributable MSI package:
Microsoft Surface Diagnostic Toolkit for Business Installer
[Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) | [Use Surface Diagnostic Toolkit in desktop mode](surface-diagnostic-toolkit-desktop-mode.md) -Command line | Directly troubleshoot Surface devices remotely without user interaction, using standard tools such as Configuration Manager. It includes the following commands:
`-DataCollector` collects all log files
`-bpa` runs health diagnostics using Best Practice Analyzer.
`-windowsupdate` checks Windows update for missing firmware or driver updates.
`-warranty` checks warranty information.

| SDT console app:
Microsoft Surface Diagnostics App Console
[Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) | [Run Surface Diagnostic Toolkit using commands](surface-diagnostic-toolkit-command-line.md) +Command line | Directly troubleshoot Surface devices remotely without user interaction, using standard tools such as Configuration Manager. It includes the following commands:
`-DataCollector` collects all log files
`-bpa` runs health diagnostics using Best Practice Analyzer.
`-windowsupdate` checks Windows Update for missing firmware or driver updates.
`-warranty` checks warranty information.

| SDT console app:
Microsoft Surface Diagnostics App Console
[Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) | [Run Surface Diagnostic Toolkit using commands](surface-diagnostic-toolkit-command-line.md) ## Supported devices @@ -123,21 +123,22 @@ Creating a custom package allows you to target the tool to specific known issues *Figure 3. Create custom package* -### Language and telemetry page +### Language and telemetry settings - -When you start creating the custom package, you’re asked whether you agree to send data to Microsoft to help improve the application. For more information,see the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement). Sharing is on by default, so uncheck the box if you wish to decline. + When creating a package, you can select language settings or opt out of sending telemetry information to Microsoft. By default, SDT sends telemetry to Microsoft that is used to improve the application in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement). If you wish to decline, clear the check box when creating a custom package, as shown below. Or clear the **Send telemetry to Microsoft** check box on the **Install Options** page during SDT Setup. >[!NOTE] ->This setting is limited to only sharing data generated while running packages. +>This setting does not affect the minimal telemetry automatically stored on Microsoft servers when running tests and repairs that require an Internet connection, such as Windows Update and Software repair, or providing feedback using the Smile or Frown buttons in the app toolbar. + ![Select language and telemetry settings](images/sdt-4.png) *Figure 4. Select language and telemetry settings* + ### Windows Update page -Select the option appropriate for your organization. Most organizations with multiple users will typically select to receive updates via Windows Server Update Services (WSUS), as shown in figure 5. If using local Windows update packages or WSUS, enter the path as appropriate. +Select the option appropriate for your organization. Most organizations with multiple users will typically select to receive updates via Windows Server Update Services (WSUS), as shown in figure 5. If using local Windows Update packages or WSUS, enter the path as appropriate. ![Select Windows Update option](images/sdt-5.png) @@ -170,8 +171,8 @@ You can select to run a wide range of logs across applications, drivers, hardwar *Release date: June 24, 2019*
This version of Surface Diagnostic Toolkit for Business adds support for the following: - Driver version information included in logs and report. -- Ability to provide feedback about the app
-Please note that even though you turn off telemtry, windows update and feedback still connect to the internet. +- Ability to provide feedback about the app.
+ ### Version 2.36.139.0 *Release date: April 26, 2019*
@@ -180,11 +181,3 @@ This version of Surface Diagnostic Toolkit for Business adds support for the fol - Accessibility improvements. - Surface brightness control settings included in logs. - External monitor compatibility support link in report generator. - - - - - - - - diff --git a/devices/surface/surface-diagnostic-toolkit-for-business-intro.md b/devices/surface/surface-diagnostic-toolkit-for-business-intro.md index 26bac290b4..83613f4a36 100644 --- a/devices/surface/surface-diagnostic-toolkit-for-business-intro.md +++ b/devices/surface/surface-diagnostic-toolkit-for-business-intro.md @@ -28,7 +28,7 @@ Before you run the diagnostic tool, make sure you have the latest Windows update **To run the Surface Diagnostic Toolkit for Business:** -1. Download the [Surface Diagnostic Toolkit for Business](https://aka.ms/checkmysurface). +1. Download the [Surface Diagnostic Toolkit for Business](https://aka.ms/SDT4B). 2. Select Run and follow the on-screen instructions. The diagnosis and repair time averages 15 minutes but could take an hour or longer, depending on internet connection speed and the number of updates or repairs required. For more detailed information on Surface Diagnostic Toolkit for Business, refer to [Deploy Surface Diagnostic Toolkit for Business](https://docs.microsoft.com/surface/surface-diagnostic-toolkit-business). diff --git a/education/index.md b/education/index.md index b1cce0eedf..6c696d9f4b 100644 --- a/education/index.md +++ b/education/index.md @@ -55,8 +55,8 @@ ms.prod: w10
-

Deployment Overview

-

Learn how to deploy our suite of education offerings. Set up a cloud infrastructure for your school, acquire apps, and configure and manage Windows 10 devices.

+

Deployment Guidance

+

Dive right into the step-by-step process for the easiest deployment path to M365 EDU. We walk you through setting up cloud infrastructure, configuring and managing devices, and migrating on-premise servers for Sharepoint and Exchange to the cloud.

@@ -76,7 +76,7 @@ ms.prod: w10
-

1. Cloud deployment

+

1. M365 EDU deployment

Get started by creating your Office 365 tenant, setting up a cloud infrastructure for your school, and creating, managing, and syncing user accounts.

@@ -104,7 +104,7 @@ ms.prod: w10
  • - +
    @@ -114,8 +114,8 @@ ms.prod: w10
    -

    3. Tools for Teachers

    -

    The latest classroom resources at teachers’ fingertips when you deploy Learning Tools, OneNote Class Notebooks, Teams, and more.

    +

    3. Post Deployment Next Steps

    +

    Migrate to Sharepoint Server Hybrid or Sharepoint Online, and Exchange Server Hybrid or Exchange Online. Configure settings in your Admin portals.

    diff --git a/mdop/appv-v5/app-v-51-supported-configurations.md b/mdop/appv-v5/app-v-51-supported-configurations.md index 8b83ac6fad..63e4f12d3c 100644 --- a/mdop/appv-v5/app-v-51-supported-configurations.md +++ b/mdop/appv-v5/app-v-51-supported-configurations.md @@ -118,11 +118,21 @@ The following table lists the SQL Server versions that are supported for the App -

    Microsoft SQL Server 2014

    +

    Microsoft SQL Server 2017

    32-bit or 64-bit

    +

    Microsoft SQL Server 2016

    +

    SP2

    +

    32-bit or 64-bit

    + + +

    Microsoft SQL Server 2014

    +

    SP2

    +

    32-bit or 64-bit

    + +

    Microsoft SQL Server 2012

    SP2

    32-bit or 64-bit

    @@ -262,11 +272,21 @@ The following table lists the SQL Server versions that are supported for the App -

    Microsoft SQL Server 2014

    +

    Microsoft SQL Server 2017

    32-bit or 64-bit

    +

    Microsoft SQL Server 2016

    +

    SP2

    +

    32-bit or 64-bit

    + + +

    Microsoft SQL Server 2014

    +

    SP2

    +

    32-bit or 64-bit

    + +

    Microsoft SQL Server 2012

    SP2

    32-bit or 64-bit

    diff --git a/mdop/mbam-v25/about-mbam-25.md b/mdop/mbam-v25/about-mbam-25.md index e379ef1ec5..7afb0c3d9f 100644 --- a/mdop/mbam-v25/about-mbam-25.md +++ b/mdop/mbam-v25/about-mbam-25.md @@ -358,7 +358,7 @@ MBAM is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part o For more information and late-breaking news that is not included in this documentation, see [Release Notes for MBAM 2.5](release-notes-for-mbam-25.md). ## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). +- Send your feedback [here](https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub). - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). ## Related topics diff --git a/windows/application-management/app-v/appv-supported-configurations.md b/windows/application-management/app-v/appv-supported-configurations.md index 1618dde95c..cdf2a4782e 100644 --- a/windows/application-management/app-v/appv-supported-configurations.md +++ b/windows/application-management/app-v/appv-supported-configurations.md @@ -51,11 +51,12 @@ The following table lists the SQL Server versions that the App-V Management data |SQL Server version|Service pack|System architecture| |---|---|---| +|Microsoft SQL Server 2017||32-bit or 64-bit| +|Microsoft SQL Server 2016|SP2|32-bit or 64-bit| |Microsoft SQL Server 2014||32-bit or 64-bit| |Microsoft SQL Server 2012|SP2|32-bit or 64-bit| |Microsoft SQL Server 2008 R2|SP3|32-bit or 64-bit| - ### Publishing server operating system requirements The App-V Publishing server can be installed on a server that runs Windows Server 2008 R2 with SP1 or later. @@ -86,6 +87,8 @@ The following table lists the SQL Server versions that are supported for the App |SQL Server version|Service pack|System architecture| |---|---|---| +|Microsoft SQL Server 2017||32-bit or 64-bit| +|Microsoft SQL Server 2016|SP2|32-bit or 64-bit| |Microsoft SQL Server 2014||32-bit or 64-bit| |Microsoft SQL Server 2012|SP2|32-bit or 64-bit| |Microsoft SQL Server 2008 R2|SP3|32-bit or 64-bit| diff --git a/windows/application-management/manage-windows-mixed-reality.md b/windows/application-management/manage-windows-mixed-reality.md index 5c0ec34d50..56d7147923 100644 --- a/windows/application-management/manage-windows-mixed-reality.md +++ b/windows/application-management/manage-windows-mixed-reality.md @@ -22,10 +22,8 @@ ms.topic: article [Windows Mixed Reality](https://blogs.windows.com/windowsexperience/2017/10/03/the-era-of-windows-mixed-reality-begins-october-17/) was introduced in Windows 10, version 1709 (also known as the Fall Creators Update), as a [Windows 10 Feature on Demand (FOD)](https://docs.microsoft.com/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities). Features on Demand are Windows feature packages that can be added at any time. When a Windows 10 PC needs a new feature, it can request the feature package from Windows Update. -Organizations that use Windows Server Update Services (WSUS) must take action to [enable Windows Mixed Reality](#enable). Any organization that wants to prohibit use of Windows Mixed Reality can [block the installation of the Mixed Reality Portal](#block). +Organizations that use Windows Server Update Services (WSUS) must take action to [enable Windows Mixed Reality](#enable-windows-mixed-reality-in-wsus). Any organization that wants to prohibit use of Windows Mixed Reality can [block the installation of the Mixed Reality Portal](#block-the-mixed-reality-portal). - - ## Enable Windows Mixed Reality in WSUS 1. [Check your version of Windows 10.](https://support.microsoft.com/help/13443/windows-which-operating-system) @@ -52,8 +50,6 @@ Organizations that use Windows Server Update Services (WSUS) must take action to IT admins can also create [Side by side feature store (shared folder)](https://technet.microsoft.com/library/jj127275.aspx) to allow access to the Windows Mixed Reality FOD. - - ## Block the Mixed Reality Portal You can use the [AppLocker configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/applocker-csp) to block the Mixed Reality software. diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md index 1ac82401a1..9197370e84 100644 --- a/windows/client-management/mandatory-user-profile.md +++ b/windows/client-management/mandatory-user-profile.md @@ -42,7 +42,7 @@ The name of the folder in which you store the mandatory profile must use the cor | Windows 8 | Windows Server 2012 | v3 | | Windows 8.1 | Windows Server 2012 R2 | v4 | | Windows 10, versions 1507 and 1511 | N/A | v5 | -| Windows 10, versions 1607, 1703, 1709, 1803, and 1809 | Windows Server 2016 | v6 | +| Windows 10, versions 1607, 1703, 1709, 1803, 1809 and 1903 | Windows Server 2016 and Windows Server 2019 | v6 | For more information, see [Deploy Roaming User Profiles, Appendix B](https://technet.microsoft.com/library/jj649079.aspx) and [Roaming user profiles versioning in Windows 10 and Windows Server Technical Preview](https://support.microsoft.com/kb/3056198). @@ -150,6 +150,8 @@ When a user is configured with a mandatory profile, Windows 10 starts as though | Computer Configuration > Administrative Templates > Windows Components > Search > **Allow Cortana** = Disabled | ![supported](images/checkmark.png) | ![supported](images/checkmark.png) | ![not supported](images/crossmark.png) | ![not supported](images/crossmark.png) | | Computer Configuration > Administrative Templates > Windows Components > Cloud Content > **Turn off Microsoft consumer experience** = Enabled | ![supported](images/checkmark.png) | ![not supported](images/crossmark.png) | ![not supported](images/crossmark.png) | ![not supported](images/crossmark.png) | +> [!Note] +> The Group Policy settings above can be applied in Windows 10 Professional edition. diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 4ec8751db6..d77896805e 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -45,28 +45,6 @@ ## [DMProcessConfigXMLFiltered](dmprocessconfigxmlfiltered.md) ## [Using PowerShell scripting with the WMI Bridge Provider](using-powershell-scripting-with-the-wmi-bridge-provider.md) ## [WMI providers supported in Windows 10](wmi-providers-supported-in-windows.md) -## [Create a custom configuration service provider](create-a-custom-configuration-service-provider.md) -### [Design a custom configuration service provider](design-a-custom-windows-csp.md) -### [IConfigServiceProvider2](iconfigserviceprovider2.md) -#### [IConfigServiceProvider2::ConfigManagerNotification](iconfigserviceprovider2configmanagernotification.md) -#### [IConfigServiceProvider2::GetNode](iconfigserviceprovider2getnode.md) -### [ICSPNode](icspnode.md) -#### [ICSPNode::Add](icspnodeadd.md) -#### [ICSPNode::Clear](icspnodeclear.md) -#### [ICSPNode::Copy](icspnodecopy.md) -#### [ICSPNode::DeleteChild](icspnodedeletechild.md) -#### [ICSPNode::DeleteProperty](icspnodedeleteproperty.md) -#### [ICSPNode::Execute](icspnodeexecute.md) -#### [ICSPNode::GetChildNodeNames](icspnodegetchildnodenames.md) -#### [ICSPNode::GetProperty](icspnodegetproperty.md) -#### [ICSPNode::GetPropertyIdentifiers](icspnodegetpropertyidentifiers.md) -#### [ICSPNode::GetValue](icspnodegetvalue.md) -#### [ICSPNode::Move](icspnodemove.md) -#### [ICSPNode::SetProperty](icspnodesetproperty.md) -#### [ICSPNode::SetValue](icspnodesetvalue.md) -### [ICSPNodeTransactioning](icspnodetransactioning.md) -### [ICSPValidate](icspvalidate.md) -### [Samples for writing a custom configuration service provider](samples-for-writing-a-custom-configuration-service-provider.md) ## [Configuration service provider reference](configuration-service-provider-reference.md) ### [AccountManagement CSP](accountmanagement-csp.md) #### [AccountManagement DDF file](accountmanagement-ddf.md) @@ -77,6 +55,8 @@ ### [AllJoynManagement CSP](alljoynmanagement-csp.md) #### [AllJoynManagement DDF](alljoynmanagement-ddf.md) ### [APPLICATION CSP](application-csp.md) +### [ApplicationControl CSP](applicationcontrol-csp.md) +#### [ApplicationControl DDF file](applicationcontrol-csp-ddf.md) ### [AppLocker CSP](applocker-csp.md) #### [AppLocker DDF file](applocker-ddf-file.md) #### [AppLocker XSD](applocker-xsd.md) diff --git a/windows/client-management/mdm/applicationcontrol-csp-ddf.md b/windows/client-management/mdm/applicationcontrol-csp-ddf.md new file mode 100644 index 0000000000..fa0bee9334 --- /dev/null +++ b/windows/client-management/mdm/applicationcontrol-csp-ddf.md @@ -0,0 +1,274 @@ +--- +title: ApplicationControl CSP +description: ApplicationControl CSP +ms.author: dansimp@microsoft.com +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: ManikaDhiman +ms.date: 07/10/2019 +--- + +# ApplicationControl CSP DDF + + +This topic shows the OMA DM device description framework (DDF) for the **ApplicationControl** configuration service provider. DDF files are used only with OMA DM provisioning XML. + +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). + +### ApplicationControl CSP + +```xml + +]> + + 1.2 + + ApplicationControl + ./Vendor/MSFT + + + + + Root Node of the ApplicationControl CSP + + + + + + + + + + + + + + + Policies + + + + + Beginning of a Subtree that contains all policies. + + + + + + + + + + Policies + + + + + + + + + + + The GUID of the Policy + + + + + + + + + + Policy GUID + + + + + + Policy + + + + + + + + The policy binary encoded as base64 + + + + + + + + + + Policy + + + + + + + PolicyInfo + + + + + Information Describing the Policy indicated by the GUID + + + + + + + + + + PolicyInfo + + + + + + Version + + + + + Version of the Policy indicated by the GUID, as a string. When parsing use a uint64 as the containing data type + + + + + + + + + + Version + + text/plain + + + + + IsEffective + + + + + Whether the Policy indicated by the GUID is Effective on the system (loaded by the enforcement engine and in effect) + + + + + + + + + + IsEffective + + text/plain + + + + + IsDeployed + + + + + Whether the Policy indicated by the GUID is deployed on the system (on the physical machine) + + + + + + + + + + IsDeployed + + text/plain + + + + + IsAuthorized + + + + + Whether the Policy indicated by the GUID is authorized to be loaded by the enforcement engine on the system + + + + + + + + + + IsAuthorized + + text/plain + + + + + Status + + + + + The Current Status of the Policy Indicated by the Policy GUID + + + + + + + + + + Status + + text/plain + + + + + FriendlyName + + + + + The FriendlyName of the Policy Indicated by the Policy GUID + + + + + + + + + + FriendlyName + + text/plain + + + + + + + + +``` \ No newline at end of file diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md new file mode 100644 index 0000000000..4f5c622cc0 --- /dev/null +++ b/windows/client-management/mdm/applicationcontrol-csp.md @@ -0,0 +1,236 @@ +--- +title: ApplicationControl CSP +description: ApplicationControl CSP +ms.author: dansimp@microsoft.com +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: ManikaDhiman +ms.date: 05/21/2019 +--- + +# ApplicationControl CSP + +Windows Defender Application Control (WDAC) policies can be managed from an MDM server through ApplicationControl configuration service provider (CSP). This CSP provides expanded diagnostic capabilities and support for [multiple policies](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) (introduced in Windows 10, version 1903). It also provides support for rebootless policy deployment (introduced in Windows 10, version 1709). Unlike [AppLocker CSP](applocker-csp.md), ApplicationControl CSP correctly detects the presence of no-reboot option and consequently does not schedule a reboot. +Existing WDAC policies deployed using AppLocker CSP’s CodeIntegrity node can now be deployed using ApplicationControl CSP URI. Although WDAC policy deployment via AppLocker CSP will continue to be supported, all new feature work will be done in ApplicationControl CSP only. + +ApplicationControl CSP was added in Windows 10, version 1903. + +The following diagram shows ApplicationControl CSP in tree format. + +![tree diagram for applicationcontrol csp](images/provisioning-csp-applicationcontrol.png) + +    **./Vendor/MSFT/ApplicationControl** +Defines the root node for ApplicationControl CSP. + +Scope is permanent. Supported operation is Get. + +**ApplicationControl/Policies** +An interior node that contains all the policies, each identified by their globally unique identifier (GUID). + +Scope is permanent. Supported operation is Get. + +**ApplicationControl/Policies/_Policy GUID_** +ApplicationControl CSP enforces that the “ID” segment of a given policy URI is the same GUID as the policy ID in the policy blob. Each *Policy GUID* node contains a Policy node and a corresponding PolicyInfo node. + +Scope is dynamic. Supported operation is Get. + +**ApplicationControl/Policies/_Policy GUID_/Policy** +This node is the policy binary itself, which is encoded as base64. + +Scope is dynamic. Supported operations are Get, Add, Delete, and Replace. + +Value type is b64. Supported value is any well-formed WDAC policy, i.e. the base64-encoded content output by the ConvertFrom-CIPolicy cmdlet. + +Default value is empty. + +**ApplicationControl/Policies/_Policy GUID_/PolicyInfo** +An interior node that contains the nodes that describe the policy indicated by the GUID. + +Scope is dynamic. Supported operation is Get. + +**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/Version** +This node provides the version of the policy indicated by the GUID. Stored as a string, but when parsing use a uint64 as the containing data type. + +Scope is dynamic. Supported operation is Get. + +Value type is char. + +**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsEffective** +This node specifies whether a policy is actually loaded by the enforcement engine and is in effect on a system. + +Scope is dynamic. Supported operation is Get. + +Value type is bool. Supported values are as follows: +- True — Indicates that the policy is actually loaded by the enforcement engine and is in effect on a system. +- False — Indicates that the policy is not loaded by the enforcement engine and is not in effect on a system. This is the default. + +**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsDeployed** +This node specifies whether a policy is deployed on the system and is present on the physical machine. + +Scope is dynamic. Supported operation is Get. + +Value type is bool. Supported values are as follows: +- True — Indicates that the policy is deployed on the system and is present on the physical machine. +- False — Indicates that the policy is not deployed on the system and is not present on the physical machine. This is the default. + +**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsAuthorized** +This node specifies whether the policy is authorized to be loaded by the enforcement engine on the system. If not authorized, a policy cannot take effect on the system. + +Scope is dynamic. Supported operation is Get. + +Value type is bool. Supported values are as follows: +- True — Indicates that the policy is authorized to be loaded by the enforcement engine on the system. +- False — Indicates that the policy is not authorized to be loaded by the enforcement engine on the system. This is the default. + +The following table provides the result of this policy based on different values of IsAuthorized, IsDeployed, and IsEffective nodes: + +|IsAuthorized | IsDeployed | IsEffective | Resultant | +|------------ | ---------- | ----------- | --------- | +|True|True|True|Policy is currently running and in effect.| +|True|True|False|Policy requires a reboot to take effect.| +|True|False|True|Policy requires a reboot to unload from CI.| +|False|True|True|Not Reachable.| +|True|False|False|*Not Reachable.| +|False|True|False|*Not Reachable.| +|False|False|True|Not Reachable.| +|False|False|False|*Not Reachable.| + +`*` denotes a valid intermediary state; however, if an MDM transaction results in this state configuration, the END_COMMAND_PROCESSING will result in a fail. + +**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/Status** +This node specifies whether the deployment of the policy indicated by the GUID was successful. + +Scope is dynamic. Supported operation is Get. + +Value type is integer. Default value is 0 == OK. + +**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/FriendlyName** +This node provides the friendly name of the policy indicated by the policy GUID. + +Scope is dynamic. Supported operation is Get. + +Value type is char. + +## Usage guidance + +To use ApplicationControl CSP, you must: +- Know a generated policy’s GUID, which can be found in the policy xml as ``. +- Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned. +- Create a policy node (a Base64-encoded blob of the binary policy representation) using the [certutil -encode](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc732443(v=ws.11)#BKMK_encode) command line tool. + +Here is a sample certutil invocation: +``` +certutil -encode WinSiPolicy.p7b WinSiPolicy.cer +``` +An alternative to using certutil would be to use the following PowerShell invocation: +``` +[Convert]::ToBase64String($(Get-Content -Encoding Byte -ReadCount 0 -Path )) +``` +If you are using hybrid MDM management with System Center Configuration Manager or using Intune, ensure that you are using Base64 as the Data type when using Custom OMA-URI +functionality to apply the Code Integrity policy. + +### Deploy policies +To deploy a new base policy using the CSP, perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data}. Refer to the the Format section in the Example 1 below. + +To deploy base policy and supplemental policies: +- Perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data} with the GUID and policy data for the base policy. +- Repeat for each base or supplemental policy (with its own GUID and data). + +The following example shows the deployment of two base policies and a supplemental policy (which already specifies the base policy it supplements and does not need that reflected in the ADD). + +**Example 1: Add first base policy** +```xml + + 1 + + + ./Vendor/MSFT/ApplicationControl/Policies/{Base1GUID}/Policy + + + b64 + + {Base1Data} + + +``` +**Example 2: Add second base policy** +```xml + + 1 + + + ./Vendor/MSFT/ApplicationControl/Policies/{Base2GUID}/Policy + + + b64 + + {Base2Data} + + +``` +**Example 3: Add supplemental policy** +```xml + + 1 + + + ./Vendor/MSFT/ApplicationControl/Policies/{Supplemental1GUID}/Policy + + + b64 + + {Supplemental1Data} + + +``` +### Get policies + +Perform a GET using a deployed policy’s GUID to interrogate/inspect the policy itself or information about it. + +The following table displays the result of Get operation on different nodes: + +|Nodes | Get Results| +|------------- | ------| +|./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy|raw p7b| +|./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/PolicyInfo/Version|Policy version| +|./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsEffective|Is the policy in effect| +|./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsDeployed|Is the policy on the system| +|./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsAuthorized|Is the policy authorized on the system| +|./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/PolicyInfo/Status|Was the deployment successful| +|./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/PolicyInfo/FriendlyName|Friendly name per the policy| + +The following is an example of Get command: +```xml + + 1 + + + ./Vendor/MSFT/ApplicationControl/Policies/{PolicyGUID}/Policy + + + +``` + +### Delete policies +To delete an unsigned policy, perform a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy**. + +> [!Note] +> Only signed things should be able to update signed policies. Hence, performing a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** is not sufficient to delete a signed policy. + +To delete a signed policy: +1. Replace it with a signed update allowing unsigned policy. +2. Deploy another update with unsigned policy. +3. Perform delete. + +The following is an example of Delete command: +```xml + + 1 + + + ./Vendor/MSFT/ApplicationControl/Policies/{PolicyGUID}/Policy + + + +``` \ No newline at end of file diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md index 201e78e425..8cc9291360 100644 --- a/windows/client-management/mdm/configuration-service-provider-reference.md +++ b/windows/client-management/mdm/configuration-service-provider-reference.md @@ -172,6 +172,34 @@ Additional lists: + +[ApplicationControl CSP](applicationcontrol-csp.md) + + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    check mark6check mark6check mark6check mark6check mark6check mark6check mark6
    + + + + [AppLocker CSP](applocker-csp.md) diff --git a/windows/client-management/mdm/create-a-custom-configuration-service-provider.md b/windows/client-management/mdm/create-a-custom-configuration-service-provider.md deleted file mode 100644 index cb8579e827..0000000000 --- a/windows/client-management/mdm/create-a-custom-configuration-service-provider.md +++ /dev/null @@ -1,97 +0,0 @@ ---- -title: Create a custom configuration service provider -description: Create a custom configuration service provider -ms.assetid: 0cb37f03-5bf2-4451-8276-23f4a1dee33f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: manikadhiman -ms.date: 06/26/2017 ---- - -# Create a custom configuration service provider - -Mobile device OEMs can create custom configuration service providers to manage their devices. A configuration service provider includes an interface for creating, editing, and deleting nodes, and the nodes themselves. Each node contains data for one registry value and can optionally support get, set, and delete operations. - -To design a custom configuration service provider, the OEM must perform the following steps: - -1. Establish node semantics -2. Shape the configuration service provider's subtree -3. Choose a transactioning scheme for each node -4. Determine node operations - -For more information, see [Designing a custom configuration service provider](design-a-custom-windows-csp.md). - -To write a custom configuration service provider, the OEM must implement the following interfaces: - -- [IConfigServiceProvider2](iconfigserviceprovider2.md) (one per configuration service provider) - -- [ICSPNode](icspnode.md) (one per node) - -- [ICSPNodeTransactioning](icspnodetransactioning.md) (optional, for internally transactioned nodes only) - -- [ICSPValidate](icspvalidate.md) (optional, for UI only) - -This code must be compiled into a single .dll file and added to a package by using the instructions found in "Adding content to a package" in [Creating packages](https://msdn.microsoft.com/library/windows/hardware/dn756642). While writing this code, OEMs can store registry settings and files in the following locations. - - ---- - - - - - - - - - - -

    File location

    %DataDrive%\SharedData\OEM\CSP</p>

    Registry location

    $(HKLM.SOFTWARE)\OEM\CSP</p>

    - - -For examples of how to perform common tasks such as adding a node, replacing a node's value, querying a node's value, or enumerating a node's children, see [Samples for writing a custom configuration service provider](samples-for-writing-a-custom-configuration-service-provider.md). - -To register the configuration service provider as a COM object, you must add the following registry setting to your package. This step is required. In the following sample, replace *uniqueCSPguid* with a new, unique CLSID generated for this purpose. Replace *dllName* with the name of the .dll file that contains the code for your configuration service provider. - -``` syntax - - - - - -``` - -To register the configuration service provider with ConfigManager2, you must add the following registry setting to your package. This step is required. In the following sample, replace *dllName* with the name of the configuration service provider (the name of the root node). Replace *uniqueCSPguid* with the same *uniqueCSPguid* value as in the preceding example. - -``` syntax - - - - - -``` - -To make the configuration service provider accessible from WAP XML, you must register it with the WAP data processing unit by setting the following registry key in your package. Replace *Name* with the name of the configuration service provider. Leave the GUID value exactly as written here. - -``` syntax - - - - - -``` - - - - - - - - diff --git a/windows/client-management/mdm/design-a-custom-windows-csp.md b/windows/client-management/mdm/design-a-custom-windows-csp.md deleted file mode 100644 index 583e098cdc..0000000000 --- a/windows/client-management/mdm/design-a-custom-windows-csp.md +++ /dev/null @@ -1,169 +0,0 @@ ---- -title: Design a custom configuration service provider -description: Design a custom configuration service provider -MS-HAID: -- 'p\_phDeviceMgmt.designing\_a\_custom\_configuration\_service\_provider' -- 'p\_phDeviceMgmt.design\_a\_custom\_windows\_csp' -ms.assetid: 0fff9516-a71a-4036-a57b-503ef1a81a37 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: manikadhiman -ms.date: 06/26/2017 ---- - -# Design a custom configuration service provider - -To design a custom configuration service provider, the OEM must perform the following steps: - -1. Establish node semantics -2. Shape the configuration service provider's subtree -3. Choose a transactioning scheme for each node -4. Determine node operations - -For more information about the larger process of writing a new configuration service provider, see [Create a custom configuration service provider](create-a-custom-configuration-service-provider.md). - -## Establish node semantics - -First, determine the nodes you need based on the kind of data to be stored in the registry. - -Nodes can represent anything from abstract concepts or collections (such as email accounts or connection settings) to more concrete objects (such as registry keys and values, directories, and files). - -### Example - -For example, a hypothetical Email configuration service provider might have these nodes: - -- Account: The name of the email account (such as "Hotmail") - -- Username: The user name or email address ("exampleAccount@hotmail.com") - -- Password: The user's password - -- Server: The DNS address of the server ("mail-serv1-example.mail.hotmail.com") - -The `Account`, `Username`, and `Server` nodes would hold text-based information about the email account, the user's email address, and the server address associated with that account. The `Password` node, however, might hold a binary hash of the user's password. - -## Shape the configuration service provider's subtree - -After determining what the nodes represent, decide where each node fits in the settings hierarchy. - -The root node of a configuration service provider's subtree must be the name of the configuration service provider. In this example, the root node is `Email`. - -All of the nodes defined in the previous step must reside under the configuration service provider's root node. Leaf nodes should be used to store data, and interior nodes should be used to group the data into logical collections. Node URIs must be unique. In other words, no two nodes can have both the same parent and the same name. - -There are three typical scenarios for grouping and structuring the nodes: - -- If all of the data belongs to the same component and no further categorizing or grouping is required, you can build a flat tree in which all values are stored directly under the root node. For examples of this design, see [DevInfo configuration service provider](devinfo-csp.md), [HotSpot configuration service provider](hotspot-csp.md), and [w4 APPLICATION configuration service provider](w4-application-csp.md). - -- If the configuration service provider's nodes represent a preexisting set of entities whose structure is well-defined (such as directories and files), the configuration service provider's nodes can simply mirror the existing structure. - -- If the data must be grouped by type or component, a more complex structure is required. This is especially true when there can be multiple instances of the dataset on the device, and each set is indexed by an ID, account name, or account type. In this case, you must build a more complex tree structure. For examples, see [ActiveSync configuration service provider](activesync-csp.md), [CertificateStore configuration service provider](certificatestore-csp.md), and [CMPolicy configuration service provider](cmpolicy-csp.md). - -### Example - -The following image shows an incorrect way to structure the hypothetical `Email` configuration service provider. The interior `Account` nodes group the account data (server name, user name, and user password). - -![provisioning\-customcsp\-example1](images/provisioning-customcsp-example1.png) - -However, the account nodes in this design are not unique. Even though the nodes are grouped sensibly, the path for each of the leaf nodes is ambiguous. There is no way to disambiguate the two `Username` nodes, for example, or to reliably access the same node by using the same path. This structure will not work. The easiest solution to this problem is usually to replace an interior node (the grouping node) by: - -1. Promoting a child node. - -2. Using the node value as the name of the new interior node. - -The following design conveys the same amount of information as the first design, but all nodes have a unique path, and therefore it will work. - -![provisioning\-customcsp\-example2](images/provisioning-customcsp-example2.png) - -In this case, the `Server` nodes have been promoted up one level to replace the `Account` nodes, and their values are now used as the node names. For example, you could have two different email accounts on the phone, with server names "www.hotmail.com" and "exchange.microsoft.com", each of which stores a user name and a password. - -Note that the process of shaping the configuration service provider’s subtree influences the choice of transactioning schemes for each node. If possible, peer nodes should not have dependencies on each other. Internode dependencies other than parent/child relationships create mandatory groups of settings, which makes configuration service provider development more difficult. - -## Choose a transactioning scheme for each node - -For each node, decide whether to use *external transactioning* or *internal transactioning* to manage the transaction phases (rollback persistence, rollback, and commitment) for the node. - -External transactioning is the simplest option because it allows ConfigManager2 to automatically handle the node's transactioning. - -However, you must use internal transactioning for the following types of nodes: - -- A node that supports the **Execute** method. - -- A node that contains sensitive information (such as a password) that must not be saved in plain text in the ConfigManager2 rollback document. - -- A node that has a dependency on another node that is not a parent. For example, if a parent node has two children that are both required, the configuration service provider could use internal transactioning to defer provisioning the account until both values are set. - -You can choose to mix transactioning modes in your configuration service provider, using internal transactioning for some operations but external transactioning for others. For more information about writing an internally transactioned node, see the [ICSPNodeTransactioning](icspnodetransactioning.md) interface. - -## Determine node operations - -The operations available for each node can vary depending on the purpose of the configuration service provider. The configuration service provider will be easier to use if the operations are consistent. For more information about the supported operations, see the [ICSPNode](icspnode.md) interface. - -For externally transactioned nodes, an operation implementation must include the contrary operations shown in the following table to allow rollback of the operation. - -For internally transactioned nodes, the practice of implementing the contrary commands for each command is recommended, but not required. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Node operationContrary node operation

    Add

    Clear and DeleteChild

    Copy

    To copy to a new node: Clear and DeleteChild

    -

    To copy to an existing node: Add and SetValue

    Clear

    To restore the state of the deleted node: SetValue and SetProperty

    DeleteChild

    To restore the old node: Add

    DeleteProperty

    To restore the deleted property: SetProperty

    Execute

    Externally transactioned nodes do not support the Execute command.

    GetValue

    None

    Move

    To restore a source node: Move

    -

    To restore an overwritten target node: Add and SetValue

    SetValue

    To restore the previous value: SetValue

    - - - - - - - - - diff --git a/windows/client-management/mdm/iconfigserviceprovider2.md b/windows/client-management/mdm/iconfigserviceprovider2.md deleted file mode 100644 index c73e0ce0b4..0000000000 --- a/windows/client-management/mdm/iconfigserviceprovider2.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: IConfigServiceProvider2 -description: IConfigServiceProvider2 -ms.assetid: 8deec0fb-59a6-4d08-8ddb-6d0d3d868a10 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: manikadhiman -ms.date: 06/26/2017 ---- - -# IConfigServiceProvider2 - - -OEMs are required to implement this interface once per configuration service provider. ConfigManager2 clients use this interface to instantiate the configuration service provider, to communicate general state information to the configuration service provider, and often to access or create nodes. - -The following table shows the methods defined by this interface that OEMs must implement. - - ---- - - - - - - - - - - - - - - - - -
    MethodDescription

    IConfigServiceProvider2::ConfigManagerNotification

    Enables ConfigManager2 to send notifications to a configuration service provider of events such as when the configuration service provider is loaded or unloaded, when rollbacks are performed, and when actions are called on nodes.

    IConfigServiceProvider2::GetNode

    Returns a node from the configuration service provider based on the path relative to the root node.

    - - - -## Related topics - -[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md) - - - - - - - - diff --git a/windows/client-management/mdm/iconfigserviceprovider2configmanagernotification.md b/windows/client-management/mdm/iconfigserviceprovider2configmanagernotification.md deleted file mode 100644 index 67ed91ca36..0000000000 --- a/windows/client-management/mdm/iconfigserviceprovider2configmanagernotification.md +++ /dev/null @@ -1,146 +0,0 @@ ---- -title: IConfigServiceProvider2 ConfigManagerNotification -description: IConfigServiceProvider2 ConfigManagerNotification -ms.assetid: b1f0fe0f-afbe-4b36-a75d-34239a86a75c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: manikadhiman -ms.date: 06/26/2017 ---- - -# IConfigServiceProvider2::ConfigManagerNotification - - -This method enables ConfigManager2 to send notifications of events to a configuration service provider, such as when the configuration service provider is loaded or unloaded, when rollbacks are performed, and when actions are called on nodes. - -## Syntax - - -``` syntax -HRESULT ConfigManagerNotification([in] CFGMGR_NOTIFICATION cmnfyState, - [in] LPARAM lpParam); -``` - -## Parameters - - -*cmnfyState* -
      -
    • -The following events are supported by all configuration service providers. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      EventDescription

      CFGMGR_NOTIFICATION_LOAD

      First time the configuration service provider is loaded/instantiated.

      CFGMGR_NOTIFICATION_BEGINCOMMANDPROCESSING

      About to run the first command of a transaction.

      CFGMGR_NOTIFICATION_ENDCOMMANDPROCESSING

      Last command of transaction has executed. This event is always raised if BEGINCOMMANDPROCESSING was raised, even if the handling of BEGINCOMMANDPROCESSING failed.

      CFGMGR_NOTIFICATION_BEGINCOMMIT

      About to commit the first command of a transaction.

      CFGMGR_NOTIFICATION_ENDCOMMIT

      Last command of a transaction has been committed. This event is always raised if BEGINCOMMIT was raised, even if the handling of BEGINCOMMIT failed.

      CFGMGR_NOTIFICATION_BEGINROLLBACK

      About to roll back the first command of the transaction.

      CFGMGR_NOTIFICATION_ENDROLLBACK

      Last command of the transaction has been rolled back. This event is always raised if BEGINROLLBACK was raised, even if the handling of BEGINROLLBACK failed.

      CFGMGR_NOTIFICATION_UNLOAD

      The configuration service provider is about to be unloaded/deleted.

      CFGMGR_NOTIFICATION_SETSESSIONOBJ

      Session object is available for use; lpParam can be cast to an IConfigSession2 pointer.

      CFGMGR_NOTIFICATION_BEGINTRANSACTIONING

      Primarily used for compatibility with v1 configuration service providers. Signals the beginning of a transactioning sequence.

      CFGMGR_NOTIFICATION_ENDTRANSACTIONING

      Primarily used for compatibility with v1 configuration service providers. Signals the end of a transactioning sequence.

      -
      • -
    -
    - - -*lpParam* -
      -
    • -Normally NULL, but contains a pointer to an IConfigSession2 instance if cmnfState is CFGMGR_NOTIFICATION_SETSESSIONOBJ. -
      • -
    -
    - -## Return Value - -A value of S\_OK indicates success. - -## Remarks - -ConfigManager2 guarantees that if it raised one of the BEGIN events - -- CFGMGR\_NOTIFICATION\_BEGINCOMMANDPROCESSING -- CFGMGR\_NOTIFICATION\_BEGINCOMMIT -- CFGMGR\_NOTIFICATION\_BEGINROLLBACK - -then the corresponding END event will be raised, even if the handling of the BEGIN notification failed. -For each transaction, the sequence of notifications is: - -1. BEGINCOMMANDPROCESSING - -2. BEGINTRANSACTIONING - -3. ENDTRANSACTIONING - -4. ENDCOMMANDPROCESSING - -5. Either BEGINCOMMIT or BEGINROLLBACK, depending on whether the transaction succeeded or failed. - -6. Either ENDCOMMIT or ENDROLLBACK, depending on whether the transaction succeeded or failed. - -Each configuration service provider will receive the relevant BEGIN/END notifications exactly once per each transaction that ConfigManager2 executes. - -## Requirements - -**Header:** None - - - - - - - - diff --git a/windows/client-management/mdm/iconfigserviceprovider2getnode.md b/windows/client-management/mdm/iconfigserviceprovider2getnode.md deleted file mode 100644 index b1ed4618c7..0000000000 --- a/windows/client-management/mdm/iconfigserviceprovider2getnode.md +++ /dev/null @@ -1,106 +0,0 @@ ---- -title: IConfigServiceProvider2 GetNode -description: IConfigServiceProvider2 GetNode -ms.assetid: 4dc10a59-f6a2-45c0-927c-d594afc9bb91 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: manikadhiman -ms.date: 06/26/2017 ---- - -# IConfigServiceProvider2::GetNode - - -This method returns a node from the configuration service provider based on the path that was passed in. The returned node is a descendent of the root node. - -## Syntax - - -``` syntax -HRESULT GetNode([in] IConfigManager2URI* pURI, - [out] ICSPNode** ppNode, - [in, out] DWORD* pgrfNodeOptions); -``` - -## Parameters - -*pUri* -
      -
    • -URI of the child node, relative to the root node. For example, to access the "./Vendor/Contoso/SampleCSP/ContainerA/UserName" node, ConfigManager2 calls the configuration service provider's GetNode method and passes in an IConfigManager2URI instance representing the URI “SampleCSP/ContainerA/UserName”. -
      • -
    -
    -ppNode -
      -
    • -If the query is successful, this returns the ICSPNode instance at the pUri location in the configuration service provider's tree. -
      • -
    -
    -pgrfNodeOptions -
      -
    • -Nodes support the following features. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      Feature nameBit value (in hex)Notes

      CSPNODE_OPTION_NATIVESECURITY

      0x01

      The native security option signifies that the node handles its own security checking, and that ConfigManager2 does not have to manage security for this node.

      CSPNODE_OPTION_INTERNALTRANSACTION

      0x02

      The internal transactioning option tells ConfigManager2 that the configuration service provider handles the transactioning (rollback and commitment) for the node. To handle internal transactioning, the node must implement the ICSPNodeTransactioning.

      CSPNODE_OPTION_HANDLEALLPROPERTIES

      0x04

      Unused.

      CSPNODE_OPTION_SECRETDATA

      0x08

      Unused.

      -
      • -
    -
    - -## Return Value - -This method returns an ICSPNode. If the function returns null, call GetLastError to get the error value. - -A value of S\_OK indicates that a node was successfully found. CFGMGR\_E\_NODENOTFOUND indicates that the node does not exist. Note that this may be normal, as in the case of optional nodes. - -## Requirements - -**Header:** None - - - - - - - - diff --git a/windows/client-management/mdm/icspnode.md b/windows/client-management/mdm/icspnode.md deleted file mode 100644 index bb66997ee8..0000000000 --- a/windows/client-management/mdm/icspnode.md +++ /dev/null @@ -1,104 +0,0 @@ ---- -title: ICSPNode -description: ICSPNode -ms.assetid: 023466e6-a8ab-48ad-8548-291409686ac2 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: manikadhiman -ms.date: 06/26/2017 ---- - -# ICSPNode - -This interface does most of the work in a configuration service provider. Each individual node in a configuration service provider tree is represented by a separate implementation of this interface. The actions of a ConfigManager2 client are typically translated into calls to an instance of an ICSPNode. - -These methods must be implemented so that, if they fail, the node's state at the end of the method matches the state before the method was called. - -Some nodes will not be able to perform certain actions, and can return CFGMGR\_E\_COMMANDNOTALLOWED for those methods. For each method that is implemented for externally–transactioned nodes, the contrary method must also be implemented, as defined by "Determine node operations" in [Designing a custom configuration service provider](design-a-custom-windows-csp.md). - -The following table shows the methods defined by this interface that OEMs must implement. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    MethodDescription

    ICSPNode::Add

    Adds an immediate child to a configuration service provider node and returns a pointer to the new child node.

    ICSPNode::Clear

    Deletes the contents and children of the current configuration service provider node. Called before ICSPNode::DeleteChild.

    ICSPNode::Copy

    Makes a copy of the current node at the specified path within the configuration service provider. If the target node exists, it should be overwritten.

    ICSPNode::DeleteChild

    Deletes the specified child node from the configuration service provider node.

    ICSPNode::DeleteProperty

    Deletes a property from a configuration service provider node.

    ICSPNode::Execute

    Runs a task on an internally-transactioned configuration service provider node by passing in the specified user data and returning a result.

    ICSPNode::GetChildNodeNames

    Returns the list of children for a configuration service provider node.

    ICSPNode::GetProperty

    Returns a property value from a configuration service provider node.

    ICSPNode::GetPropertyIdentifiers

    Returns a list of non-standard properties supported by the node. The returned array must be allocated with CoTaskMemAlloc.

    ICSPNode::GetValue

    Gets the value and data type for the node. Interior (non-leaf) nodes may not have a value.

    ICSPNode::Move

    Moves this node to a new location within the configuration service provider. If the target node already exists, it should be overwritten.

    ICSPNode::SetProperty

    Sets a property value for a configuration service provider node.

    ICSPNode::SetValue

    Sets the value for the configuration service provider node. It is an error to attempt to set the value of an interior node.

    - - - -## Related topics - -[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md) - - - - - - - - diff --git a/windows/client-management/mdm/icspnodeadd.md b/windows/client-management/mdm/icspnodeadd.md deleted file mode 100644 index 81f5b2cce5..0000000000 --- a/windows/client-management/mdm/icspnodeadd.md +++ /dev/null @@ -1,118 +0,0 @@ ---- -title: ICSPNode Add -description: ICSPNode Add -ms.assetid: 5f03d350-c82b-4747-975f-385fd8b5b3a8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: manikadhiman -ms.date: 06/26/2017 ---- - -# ICSPNode::Add - -This method adds an immediate child node to a configuration service provider node and returns a pointer to the new node. - -## Syntax - -``` syntax -HRESULT Add([in] IConfigManager2URI* pChildName, - [in] CFG_DATATYPE DataType, - [in] VARIANT varValue, - [in, out] ICSPNode** ppNewNode, - [in, out] DWORD* pgrfNodeOptions); -``` - -## Parameters - -*pChildName* -      Name of child node to add. - -*DataType* -      Data type of the child node to add. Supported types include: -- CFG\_DATATYPE\_NODE - -- CFG\_DATATYPE\_NULL - -- CFG\_DATATYPE\_BINARY - -- CFG\_DATATYPE\_INTEGER - -- CFG\_DATATYPE\_STRING - -- CFG\_DATATYPE\_MULTIPLE\_STRING - -*varValue* -      Value of the child node to add. - -*ppNewNode* -      New child node to return. - -*pgrfNodeOptions* -      Features supported on the new child node. - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Feature nameBit value (in hex)Notes

    CSPNODE_OPTION_NATIVESECURITY

    0x01

    The native security option signifies that the node handles its own security checking, and that ConfigManager2 does not have to manage security for this node.

    CSPNODE_OPTION_INTERNALTRANSACTION

    0x02

    The internal transactioning option tells ConfigManager2 that the configuration service provider handles the transactioning (rollback and commitment) for the node. To handle internal transactioning, the node must implement the ICSPNodeTransactioning.

    CSPNODE_OPTION_HANDLEALLPROPERTIES

    0x04

    Unused.

    CSPNODE_OPTION_SECRETDATA

    0x08

    Unused.

    - - -## Return Value - -This method returns an ICSPNode and the feature options supported on that child node. If the method returns null, call GetLastError to get the error value. - -A value of S\_OK indicates that a node was successfully found. CMN\_E\_ALREADY\_EXISTS indicates that a child node with the same name already exists. CFGMGR\_E\_COMMANDNOTALLOWED indicates that this node does not support the **Add** method. - -## Remarks - -For externally–transactioned nodes, if this method is implemented, then [ICSPNode::Clear](icspnodeclear.md) and [ICSPNode::DeleteChild](icspnodedeletechild.md) must also be implemented or rollback will fail. - -## Requirements - -**Header:** None - -## Related topics - -[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md) - - - - - - - - diff --git a/windows/client-management/mdm/icspnodeclear.md b/windows/client-management/mdm/icspnodeclear.md deleted file mode 100644 index 89db169b0f..0000000000 --- a/windows/client-management/mdm/icspnodeclear.md +++ /dev/null @@ -1,53 +0,0 @@ ---- -title: ICSPNode Clear -description: ICSPNode Clear -ms.assetid: b414498b-110a-472d-95c0-2d5b38cd78a6 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: manikadhiman -ms.date: 06/26/2017 ---- - - -# ICSPNode::Clear - -This method deletes the contents and child nodes of the current configuration service provider node. This method is always called on the child node before [ICSPNode::DeleteChild](icspnodedeletechild.md) is called on the parent node. - - -## Syntax - -``` syntax -HRESULT Clear(); -``` - - -## Return Value - -A value of S\_OK indicates that the node was successfully cleared. CFGMGR\_E\_COMMANDNOTALLOWED indicates that this node does not support the **Clear** method. - - -## Remarks - -For externally–transactioned nodes, if this method is implemented, then [ICSPNode::SetValue](icspnodesetvalue.md) and [ICSPNode::SetProperty](icspnodesetproperty.md) must also be implemented or rollback will fail. - -Before calling **Clear** on the target node, ConfigManager2 attempts to gather the current state of the node; the parent node does not have to preserve the state of its child nodes if they are externally-transactioned. - -## Requirements - -**Header:** None - - -## Related topics - -[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md) - -  - - - - - diff --git a/windows/client-management/mdm/icspnodecopy.md b/windows/client-management/mdm/icspnodecopy.md deleted file mode 100644 index 1771aad0fa..0000000000 --- a/windows/client-management/mdm/icspnodecopy.md +++ /dev/null @@ -1,96 +0,0 @@ ---- -title: ICSPNode Copy -description: ICSPNode Copy -ms.assetid: cd5ce0bc-a08b-4f82-802d-c7ff8701b41f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: manikadhiman -ms.date: 06/26/2017 ---- - -# ICSPNode::Copy - -This method makes a copy of the current node at the specified path within the configuration service provider. If the target node exists, it should be overwritten. - -## Syntax - -``` syntax -HRESULT Copy([in] IConfigManager2URI* puriDestination, - [in, out] ICSPNode** ppNewNode, - [in, out] DWORD* pgrfNodeOptions); -``` - -## Parameters - -*puriDestination* -      Path and name of new node's location, relative to the configuration service provider's root node. - -*ppNewNode* -      New node created by the copy operation. - -*pgrfNodeOptions* -      Features supported on the new node. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Feature nameBit value (in hex)Notes

    CSPNODE_OPTION_NATIVESECURITY

    0x01

    The native security option signifies that the node handles its own security checking, and that ConfigManager2 does not have to manage security for this node.

    CSPNODE_OPTION_INTERNALTRANSACTION

    0x02

    The internal transactioning option tells ConfigManager2 that the configuration service provider handles the transactioning (rollback and commitment) for the node. To handle internal transactioning, the node must implement the ICSPNodeTransactioning.

    CSPNODE_OPTION_HANDLEALLPROPERTIES

    0x04

    Unused.

    CSPNODE_OPTION_SECRETDATA

    0x08

    Unused.

    - - -## Return Value - -A value of S\_OK indicates that the node was successfully copied to the new location. CFGMGR\_E\_COMMANDNOTALLOWED indicates that this node does not support the **Copy** method. - -## Remarks - -For externally–transactioned nodes, if this method is implemented, then [ICSPNode::Add](icspnodeadd.md), [ICSPNode::SetValue](icspnodesetvalue.md), [ICSPNode::Clear](icspnodeclear.md), and [ICSPNode::DeleteChild](icspnodedeletechild.md) must also be implemented or rollback will fail. - -## Requirements - -**Header:** None - -## Related topics - -[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md) - - - - - - diff --git a/windows/client-management/mdm/icspnodedeletechild.md b/windows/client-management/mdm/icspnodedeletechild.md deleted file mode 100644 index e08d2b025d..0000000000 --- a/windows/client-management/mdm/icspnodedeletechild.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: ICSPNode DeleteChild -description: ICSPNode DeleteChild -ms.assetid: 8cf3663d-a4cf-4d11-b03a-f1d096ad7f9c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: manikadhiman -ms.date: 06/26/2017 ---- - -# ICSPNode::DeleteChild - -Deletes the specified child node from the configuration service provider node. [ICSPNode::Clear](icspnodeclear.md) must always be called first on the child node that is to be deleted. - -## Syntax - -``` syntax -HRESULT DeleteChild([in] IConfigManager2URI* puriChildToDelete); -``` - -## Parameters - -*puriChildToDelete* -      The name of the child node to delete. - -## Return Values - -| Return Value | Description | -|------------------------------|--------------------------------------------------| -| CFGMGR\_E\_NODENOTFOUND | The child node does not exist | -| CFGMGR\_E\_COMMANDNOTALLOWED | The child node to be deleted is a read-only node | -| S\_OK | Success. | - -  -A value of S\_OK indicates that a node was successfully deleted. CFGMGR\_E\_NODENOTFOUND indicates that the child node does not exist. CFGMGR\_E\_COMMANDNOTALLOWED indicates that this node does not support the **ICSP::DeleteChild** method, or that the child node to be deleted is a read-only node. - -## Remarks - -For externally–transactioned nodes, if this method is implemented, then [ICSPNode::Add](icspnodeadd.md) must also be implemented or rollback will fail. - -## Requirements - -**Header:** None - -## Related topics - -[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md) - -  - - - - - - diff --git a/windows/client-management/mdm/icspnodedeleteproperty.md b/windows/client-management/mdm/icspnodedeleteproperty.md deleted file mode 100644 index 6bcd73cc62..0000000000 --- a/windows/client-management/mdm/icspnodedeleteproperty.md +++ /dev/null @@ -1,52 +0,0 @@ ---- -title: ICSPNode DeleteProperty -description: ICSPNode DeleteProperty -ms.assetid: 7e21851f-d663-4558-b3e8-590d24b4f6c4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: manikadhiman -ms.date: 06/26/2017 ---- - -# ICSPNode::DeleteProperty - -This method deletes a property from a configuration service provider node. - -## Syntax - -``` syntax -HRESULT DeleteProperty([in] REFGUID guidProperty); -``` - -## Parameters - -*guidProperty* -      The GUID of the property to delete. - -## Return Value - -A value of S\_OK indicates that a node was successfully found. CFGMGR\_E\_PROPERTYNOTSUPPORTED indicates that this node does not manage or implement the property itself, but delegates it to ConfigManager2. E\_NOTIMPL indicates this method is not supported by this node. - -## Remarks - -For externally–transactioned nodes, if this method is implemented, then [ICSPNode::SetProperty](icspnodesetproperty.md) must also be implemented or rollback will fail. - -## Requirements - -**Header:** None - -## Related topics - -[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md) - -  - - - - - - diff --git a/windows/client-management/mdm/icspnodeexecute.md b/windows/client-management/mdm/icspnodeexecute.md deleted file mode 100644 index b5008f4972..0000000000 --- a/windows/client-management/mdm/icspnodeexecute.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: ICSPNode Execute -description: ICSPNode Execute -ms.assetid: 5916e7b7-256d-49fd-82b6-db0547a215ec -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: manikadhiman -ms.date: 06/26/2017 ---- - -# ICSPNode::Execute - -This method runs a task on an internally-transactioned configuration service provider node by passing in the specified user data and returning a result. The exact meaning of **Execute** and whether it is even supported depends on the purpose of the node. For example, **Execute** called on a node that represents a file should probably **ShellExecute** the file, whereas calling **Execute** on a registry node generally does not make sense. - -## Syntax - -``` syntax -HRESULT Execute([in] VARIANT varUserData); -``` - -## Parameters - -*varUserData* -    Data to pass into the execution. - -## Return Value - -A value of S\_OK indicates that the operation was performed successfully on the node. E\_NOTIMPL should be returned if this method is not implemented. - -## Remarks - -Externally–transactioned nodes do not support this method. - -## Requirements - -**Header:** None - -## Related topics - -[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md) - -  - - - - diff --git a/windows/client-management/mdm/icspnodegetchildnodenames.md b/windows/client-management/mdm/icspnodegetchildnodenames.md deleted file mode 100644 index 176e294eb1..0000000000 --- a/windows/client-management/mdm/icspnodegetchildnodenames.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: ICSPNode GetChildNodeNames -description: ICSPNode GetChildNodeNames -ms.assetid: dc057f2b-282b-49ac-91c4-bb83bd3ca4dc -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: manikadhiman -ms.date: 06/26/2017 ---- - -# ICSPNode::GetChildNodeNames - -This method returns the list of child nodes for a configuration service provider node. - -## Syntax - -``` syntax -HRESULT GetChildNodeNames([out] ULONG* pulCount, - [out,size_is(,*pulCount)] BSTR** pbstrNodeNames); -``` - -## Parameters - -*pulCount* -

    The number of child nodes to return.

    - -*pbstrNodeNames* -

    The array of child node names. The returned array must be allocated with CoTaskMemAlloc. Each element of the array must be a valid, non-NULL BSTR, allocated by SysAllocString or SysAllocStringLen. The names returned must not be encoded in any way, including URI-encoding, for canonicalization reasons.

    - -## Return Value - -A value of S\_OK indicates that a node was successfully found. CFGMGR\_E\_COMMANDNOTALLOWED indicates that this was called on a leaf node (no children will be returned). - -## Remarks - -For externally–transactioned nodes, no additional methods are required for successful rollback. - -## Requirements - -**Header:** None - -## Related topics - -[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md) - - - - - - - - diff --git a/windows/client-management/mdm/icspnodegetproperty.md b/windows/client-management/mdm/icspnodegetproperty.md deleted file mode 100644 index e617650c97..0000000000 --- a/windows/client-management/mdm/icspnodegetproperty.md +++ /dev/null @@ -1,58 +0,0 @@ ---- -title: ICSPNode GetProperty -description: ICSPNode GetProperty -ms.assetid: a2bdc158-72e0-4cdb-97ce-f5cf1a44b7db -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: manikadhiman -ms.date: 06/26/2017 ---- - -# ICSPNode::GetProperty - -This method returns a property value from a configuration service provider node. - -## Syntax - -``` syntax -HRESULT GetProperty([in] REFGUID guidProperty, - [in,out] VARIANT* pvarValue); -``` - -## Parameters - -*guidProperty* -

    GUID that specifies the property to return.

    - -*pvarValue* -

    Value to return.

    - -## Return Value - -A value of S\_OK indicates that the value was successfully returned. CFGMGR\_E\_COMMANDNOTSUPPORTED indicates that the node does not implement the property itself, but delegates the management of the property to ConfigManager2. - -## Remarks - -Every node must handle the CFGMGR\_PROPERTY\_DATATYPE property. - -For externally–transactioned nodes, no additional methods are required for successful rollback. - -## Requirements - -**Header:** None - -## Related topics - -[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md) - - - - - - - - diff --git a/windows/client-management/mdm/icspnodegetpropertyidentifiers.md b/windows/client-management/mdm/icspnodegetpropertyidentifiers.md deleted file mode 100644 index 479913e683..0000000000 --- a/windows/client-management/mdm/icspnodegetpropertyidentifiers.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: ICSPNode GetPropertyIdentifiers -description: ICSPNode GetPropertyIdentifiers -ms.assetid: 8a052cd3-d74c-40c4-845f-f804b920deb4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: manikadhiman -ms.date: 06/26/2017 ---- - -# ICSPNode::GetPropertyIdentifiers - -This method returns a list of non-standard properties supported by the node. The returned array must be allocated with `CoTaskMemAlloc`. - -## Syntax - -``` syntax -HRESULT GetPropertyIdentifiers([out] ULONG* pulCount, - [out,size_is(,*pulCount)] GUID** pguidProperties); -``` - -## Parameters - -*pulCount* -

    The number of non-standard properties to return.

    - -*pguidProperties* -

    The array of property GUIDs to return. This array must be allocated with CoTaskMemAlloc.

    - -## Return Value - -A value of S\_OK indicates that the properties were successfully returned. E\_NOTIMPL indicates that this method is not supported by the node. - -## Remarks - -For externally–transactioned nodes, no additional methods are required for successful rollback. - -## Requirements - -**Header:** None - -## Related topics - -[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md) - - - - - - - diff --git a/windows/client-management/mdm/icspnodegetvalue.md b/windows/client-management/mdm/icspnodegetvalue.md deleted file mode 100644 index 0e8d591f35..0000000000 --- a/windows/client-management/mdm/icspnodegetvalue.md +++ /dev/null @@ -1,53 +0,0 @@ ---- -title: ICSPNode GetValue -description: ICSPNode GetValue -ms.assetid: c684036d-98be-4659-8ce8-f72436a39b90 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: manikadhiman -ms.date: 06/26/2017 ---- - -# ICSPNode::GetValue - -This method gets the value and data type for the node. Interior (non-leaf) nodes may not have a value. - -## Syntax - -``` syntax -HRESULT GetValue([in,out] VARIANT* pvarValue); -``` - -## Parameters - -*pvarValue* -

    Data value to return. A node containing a password value returns 16 asterisks (‘*’) for this method. A leaf node whose value has not been set returns a variant whose type is VT_NULL. -

    - -## Return Value - -A value of S\_OK indicates that a node was successfully found. CFGMGR\_E\_COMMANDNOTALLOWED indicates that this node does not support the **ICSP::GetValue** methods, or that this is an interior node. - -## Remarks - -For externally–transactioned nodes, this node is not required to implement any other methods for a successful rollback. - -## Requirements - -**Header:** None - -## Related topics - -[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md) - - - - - - - - diff --git a/windows/client-management/mdm/icspnodemove.md b/windows/client-management/mdm/icspnodemove.md deleted file mode 100644 index 40d917ca2f..0000000000 --- a/windows/client-management/mdm/icspnodemove.md +++ /dev/null @@ -1,52 +0,0 @@ ---- -title: ICSPNode Move -description: ICSPNode Move -ms.assetid: efb359c3-5c86-4975-bf6f-a1c33922442a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: manikadhiman -ms.date: 06/26/2017 ---- - -# ICSPNode::Move - -This method moves the node to a new location within the configuration service provider. If the target node already exists, it should be overwritten. - -## Syntax - -``` syntax -HRESULT Move([in] IConfigManager2URI* puriDestination); -``` - -## Parameters - -*puriDestination* -

    Path and name of the node's new location, relative to the configuration service provider's root node.

    - -## Return Value - -A value of S\_OK indicates that the node was successfully moved. CFGMGR\_E\_COMMANDNOTALLOWED indicates that this node does not support the **ICSP::Move** method. - -## Remarks - -For externally–transactioned nodes, if this method is implemented, then [ICSPNode::Add](icspnodeadd.md) and [ICSPNode::SetValue](icspnodesetvalue.md) must also be implemented or rollback will fail. - -## Requirements - -**Header:** None - -## Related topics - -[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md) - - - - - - - - diff --git a/windows/client-management/mdm/icspnodesetproperty.md b/windows/client-management/mdm/icspnodesetproperty.md deleted file mode 100644 index 8052bf2d5d..0000000000 --- a/windows/client-management/mdm/icspnodesetproperty.md +++ /dev/null @@ -1,58 +0,0 @@ ---- -title: ICSPNode SetProperty -description: ICSPNode SetProperty -ms.assetid: e235c38f-ea04-4cd8-adec-3c6c0ce7172d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: manikadhiman -ms.date: 06/26/2017 ---- - -# ICSPNode::SetProperty - -This method sets a property value for a configuration service provider node. - -## Syntax - -``` syntax -HRESULT SetProperty([in] REFGUID guidProperty, - [in] VARIANT varValue); -``` - -## Parameters - -*guidProperty* -

    The GUID of the property.

    - -*varValue* -

    The value to return.

    - -## Return Value - -A value of S\_OK indicates that a node was successfully found. CFGMGR\_E\_COMMANDNOTSUPPORTED indicates that this node delegates the management of the property to ConfigManager2. - -## Remarks - -Every node must properly handle the CFGMGR\_PROPERTY\_DATATYPE property. - -For externally–transactioned nodes, no additional methods are required for successful rollback. - -## Requirements - -**Header:** None - -## Related topics - -[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md) - - - - - - - - diff --git a/windows/client-management/mdm/icspnodesetvalue.md b/windows/client-management/mdm/icspnodesetvalue.md deleted file mode 100644 index afcbc3b99d..0000000000 --- a/windows/client-management/mdm/icspnodesetvalue.md +++ /dev/null @@ -1,52 +0,0 @@ ---- -title: ICSPNode SetValue -description: ICSPNode SetValue -ms.assetid: b218636d-fe8b-4a0f-b4e8-a621f65619d3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: manikadhiman -ms.date: 06/26/2017 ---- - -# ICSPNode::SetValue - -This method sets the value for the configuration service provider node. It is an error to attempt to set the value of an interior node. - -## Syntax - -``` syntax -HRESULT SetValue([in] VARIANT varValue); -``` - -## Parameters - -*varValue* -

    Value to set. To clear a leaf node’s value, set varValue’s type to VT_NULL.

    - -## Return Value - -A value of S\_OK indicates that the value was set successfully. CFGMGR\_E\_COMMANDNOTALLOWED indicates that this node does not support the **ICSP::SetValue** method, or that it's an internal node. - -## Remarks - -For externally–transactioned nodes, no additional methods must be implemented to support rollback. - -## Requirements - -**Header:** None - -## Related topics - -[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md) - - - - - - - - diff --git a/windows/client-management/mdm/icspnodetransactioning.md b/windows/client-management/mdm/icspnodetransactioning.md deleted file mode 100644 index 93b4a35b7b..0000000000 --- a/windows/client-management/mdm/icspnodetransactioning.md +++ /dev/null @@ -1,83 +0,0 @@ ---- -title: ICSPNodeTransactioning -description: ICSPNodeTransactioning -ms.assetid: 24dc518a-4a8d-41fe-9bc6-217bbbdf6a3f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: manikadhiman -ms.date: 06/26/2017 ---- - -# ICSPNodeTransactioning - -This is an optional interface that enables a configuration service provider to define its own transactioning scheme (internal transactioning) for an individual node. Transactioning supports the ability to roll back previous actions on a node. The majority of nodes use external transactioning, which is handled automatically, and do not need to implement this interface. For more information about internal and external transactioning, including how to handle the `RollbackAction` functions, see "Determine node operations" in [Designing a custom configuration service provider](design-a-custom-windows-csp.md). - -``` syntax -interface ICSPNodeTransactioning : IUnknown -{ - HRESULT PersistRollbackAddState([in] IConfigManager2URI* puriChild, - [in] CFG_DATATYPE DataType, - [in] VARIANT varValue, - [in] ISequentialStream* pRollbackStream, - [in] ISequentialStream* pUninstallStream); - HRESULT PersistRollbackCopyState([in] IConfigManager2URI* puriDestination, - [in] ISequentialStream* pRollbackStream, - [in] ISequentialStream* pUninstallStream); - HRESULT PersistRollbackDeleteChildState([in] IConfigManager2URI* puriChild, - [in] ISequentialStream* pRollbackStream, - [in] ISequentialStream* pUninstallStream); - HRESULT PersistRollbackClearState([in] ISequentialStream* pRollbackStream, - [in] ISequentialStream* pUninstallStream); - HRESULT PersistRollbackExecuteState([in] VARIANT varUserData, - [in] ISequentialStream* pRollbackStream, - [in] ISequentialStream* pUninstallStream); - HRESULT PersistRollbackMoveState([in] IConfigManager2URI* puriDestination, - [in] ISequentialStream* pRollbackStream, - [in] ISequentialStream* pUninstallStream); - HRESULT PersistRollbackSetValueState([in] VARIANT varValue, - [in] ISequentialStream* pRollbackStream, - [in] ISequentialStream* pUninstallStream); - HRESULT PersistRollbackSetPropertyState([in] REFGUID guidProperty, - [in] VARIANT varValue, - [in] ISequentialStream* pRollbackStream, - [in] ISequentialStream* pUninstallStream); - HRESULT PersistRollbackDeletePropertyState([in] REFGUID guidProperty, - [in] ISequentialStream* pRollbackStream, - [in] ISequentialStream* pUninstallStream); - HRESULT RollbackAdd([in] ISequentialStream* pUndoStream, - [in] BOOL fRecoveryRollback); - HRESULT RollbackCopy([in] ISequentialStream* pUndoStream, - [in] BOOL fRecoveryRollback); - HRESULT RollbackDeleteChild([in] ISequentialStream* pUndoStream, - [in] BOOL fRecoveryRollback); - HRESULT RollbackClear([in] ISequentialStream* pUndoStream, - [in] BOOL fRecoveryRollback); - HRESULT RollbackExecute([in] ISequentialStream* pUndoStream, - [in] BOOL fRecoveryRollback); - HRESULT RollbackMove([in] ISequentialStream* pUndoStream, - [in] BOOL fRecoveryRollback); - HRESULT RollbackSetValue([in] ISequentialStream* pUndoStream, - [in] BOOL fRecoveryRollback); - HRESULT RollbackSetProperty([in] ISequentialStream* pUndoStream, - [in] BOOL fRecoveryRollback); - HRESULT RollbackDeleteProperty([in] ISequentialStream* pUndoStream, - [in] BOOL fRecoveryRollback); - - HRESULT Commit(); -}; -``` - -## Related topics - -[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md) - -  - - - - - diff --git a/windows/client-management/mdm/icspvalidate.md b/windows/client-management/mdm/icspvalidate.md deleted file mode 100644 index 3d59448e68..0000000000 --- a/windows/client-management/mdm/icspvalidate.md +++ /dev/null @@ -1,54 +0,0 @@ ---- -title: ICSPValidate -description: ICSPValidate -ms.assetid: b0993f2d-6269-412f-a329-af25fff34ca2 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: manikadhiman -ms.date: 06/26/2017 ---- - -# ICSPValidate - -This interface is optional. It is called by ConfigManager2 as it batches commands before transactioning begins. This allows the configuration service provider to validate the node before performing specific actions. It is generally only used for configuration service providers that need to expose UI. - -``` syntax -interface ICSPValidate : IUnknown -{ - HRESULT ValidateAdd([in] IConfigNodeState* pNodeState, - [in] IConfigManager2URI* puriChild, - [in] CFG_DATATYPE DataType, - [in] VARIANT varValue); - HRESULT ValidateCopy([in] IConfigNodeState* pNodeState, - [in] IConfigManager2URI* puriDestination); - HRESULT ValidateDeleteChild([in] IConfigNodeState* pNodeState, - [in] IConfigManager2URI* puriChild); - HRESULT ValidateClear([in] IConfigNodeState* pNodeState); - HRESULT ValidateExecute([in] IConfigNodeState* pNodeState, - [in] VARIANT varUserData); - HRESULT ValidateMove([in] IConfigNodeState* pNodeState, - [in] IConfigManager2URI* puriDestination); - HRESULT ValidateSetValue([in] IConfigNodeState* pNodeState, - [in] VARIANT varValue); - HRESULT ValidateSetProperty([in] IConfigNodeState* pNodeState, - [in] REFGUID guidProperty, - [in] VARIANT varValue); - HRESULT ValidateDeleteProperty([in] IConfigNodeState* pNodeState, - [in] REFGUID guidProperty); -``` - -## Related topics - -[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md) - -  - - - - - - diff --git a/windows/client-management/mdm/images/provisioning-csp-applicationcontrol.png b/windows/client-management/mdm/images/provisioning-csp-applicationcontrol.png new file mode 100644 index 0000000000..012b0b392b Binary files /dev/null and b/windows/client-management/mdm/images/provisioning-csp-applicationcontrol.png differ diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index edab03c5d1..562a0b3853 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -12,7 +12,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman -ms.date: 05/15/2019 +ms.date: 07/01/2019 --- # What's new in mobile device enrollment and management @@ -121,6 +121,8 @@ For details about Microsoft mobile device management protocols for Windows 10 s
  • Power/TurnOffHybridSleepPluggedIn
  • Power/UnattendedSleepTimeoutOnBattery
  • Power/UnattendedSleepTimeoutPluggedIn
    • +
  • Privacy/LetAppsActivateWithVoice
    • +
  • Privacy/LetAppsActivateWithVoiceAboveLock
  • Search/AllowFindMyFiles
  • ServiceControlManager/SvchostProcessMitigation
  • System/AllowCommercialDataPipeline
    • @@ -140,6 +142,10 @@ For details about Microsoft mobile device management protocols for Windows 10 s EnrollmentStatusTracking CSP

    Added new CSP in Windows 10, version 1903.

    + +ApplicationControl CSP +

    Added new CSP in Windows 10, version 1903.

    + @@ -1885,7 +1891,14 @@ How do I turn if off? | The service can be stopped from the "Services" console o |New or updated topic | Description| |--- | ---| +<<<<<<< HEAD |[Policy CSP](policy-configuration-service-provider.md)|Added the following list:
    Policies supported by HoloLens 2| +======= +|[ApplicationControl CSP](applicationcontrol-csp.md)|Added new CSP in Windows 10, version 1903.| +|[Policy CSP - Privacy](policy-csp-privacy.md)|Added the following new policies:
    LetAppsActivateWithVoice, LetAppsActivateWithVoiceAboveLock| +|Create a custom configuration service provider|Deleted the following documents from the CSP reference because extensibility via CSPs is not currently supported:
    Create a custom configuration service provider
    Design a custom configuration service provider
    IConfigServiceProvider2
    IConfigServiceProvider2::ConfigManagerNotification
    IConfigServiceProvider2::GetNode
    ICSPNode
    ICSPNode::Add
    ICSPNode::Clear
    ICSPNode::Copy
    ICSPNode::DeleteChild
    ICSPNode::DeleteProperty
    ICSPNode::Execute
    ICSPNode::GetChildNodeNames
    ICSPNode::GetProperty
    ICSPNode::GetPropertyIdentifiers
    ICSPNode::GetValue
    ICSPNode::Move
    ICSPNode::SetProperty
    ICSPNode::SetValue
    ICSPNodeTransactioning
    ICSPValidate
    Samples for writing a custom configuration service provider| + +>>>>>>> master ### June 2019 diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 023cf63505..196da4b264 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -9,7 +9,11 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman +<<<<<<< HEAD ms.date: 07/05/2019 +======= +ms.date: 07/09/2019 +>>>>>>> master --- # Policy CSP @@ -2743,6 +2747,12 @@ The following diagram shows the Policy configuration service provider in tree fo
    Privacy/LetAppsAccessTrustedDevices_UserInControlOfTheseApps
    +
    + Privacy/LetAppsActivateWithVoice +
    +
    + Privacy/LetAppsActivateWithVoiceAboveLock +
    Privacy/LetAppsGetDiagnosticInfo
    @@ -5419,6 +5429,8 @@ The following diagram shows the Policy configuration service provider in tree fo - [DeviceHealthMonitoring/AllowDeviceHealthMonitoring](#devicehealthmonitoring-allowdevicehealthmonitoring) - [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringScope](#devicehealthmonitoring-configdevicehealthmonitoringscope) - [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringUploadDestination](#devicehealthmonitoring-configdevicehealthmonitoringuploaddestination) +- [Privacy/LetAppsActivateWithVoice](#privacy-letappsactivatewithvoice) +- [Privacy/LetAppsActivateWithVoiceAboveLock](#privacy-letappsactivatewithvoiceabovelock) - [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) - [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates) - [Update/ConfigureDeadlineGracePeriod](#update-configuredeadlinegraceperiod) @@ -5469,6 +5481,8 @@ The following diagram shows the Policy configuration service provider in tree fo - [DeviceHealthMonitoring/AllowDeviceHealthMonitoring](#devicehealthmonitoring-allowdevicehealthmonitoring) - [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringScope](#devicehealthmonitoring-configdevicehealthmonitoringscope) - [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringUploadDestination](#devicehealthmonitoring-configdevicehealthmonitoringuploaddestination) +- [Privacy/LetAppsActivateWithVoice](#privacy-letappsactivatewithvoice) +- [Privacy/LetAppsActivateWithVoiceAboveLock](#privacy-letappsactivatewithvoiceabovelock) - [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) - [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates) - [Update/ConfigureDeadlineGracePeriod](#update-configuredeadlinegraceperiod) diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index 68c9bf9cd5..6ce830a730 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -358,6 +358,9 @@ The following list shows the supported values: This policy is intended for use on Shared PCs to enable a quick first sign-in experience for a user. It works by automatically connecting new non-admin Azure Active Directory (Azure AD) accounts to the pre-configured candidate local accounts. +> [!Important] +> Pre-configured candidate local accounts are any local accounts (pre-configured or added) in your device. + Value type is integer. Supported values: - 0 - (default) The feature defaults to the existing SKU and device capabilities. diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md index 0e6f121709..2475975ca6 100644 --- a/windows/client-management/mdm/policy-csp-bluetooth.md +++ b/windows/client-management/mdm/policy-csp-bluetooth.md @@ -335,7 +335,7 @@ If this policy is not set or it is deleted, the default local radio name is used -Set a list of allowable services and profiles. String hex formatted array of Bluetooth service UUIDs in canonical format, delimited by semicolons. For example, {782AFCFC-7CAA-436C-8BF0-78CD0FFBD4AF}. +Added in Windows 10, version 1511. Set a list of allowable services and profiles. String hex formatted array of Bluetooth service UUIDs in canonical format, delimited by semicolons. For example, {782AFCFC-7CAA-436C-8BF0-78CD0FFBD4AF}. The default value is an empty string. For more information, see [ServicesAllowedList usage guide](#servicesallowedlist-usage-guide) diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index 2f36d9f2b4..ec391230a3 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -1567,10 +1567,10 @@ GP Info: cross mark - check mark5 - check mark5 - check mark5 - check mark5 + check mark + check mark + check mark + check mark @@ -1587,6 +1587,10 @@ GP Info: + +> [!WARNING] +> Starting in Windows 10, version 1803, this policy is deprecated. + Microsoft network server: Amount of idle time required before suspending a session This security setting determines the amount of continuous idle time that must pass in a Server Message Block (SMB) session before the session is suspended due to inactivity. diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md index 851686a482..47a68b79f4 100644 --- a/windows/client-management/mdm/policy-csp-privacy.md +++ b/windows/client-management/mdm/policy-csp-privacy.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman -ms.date: 05/01/2019 +ms.date: 07/09/2019 ms.reviewer: manager: dansimp --- @@ -229,6 +229,12 @@ manager: dansimp
    Privacy/LetAppsAccessTrustedDevices_UserInControlOfTheseApps
    +
    + Privacy/LetAppsActivateWithVoice +
    +
    + Privacy/LetAppsActivateWithVoiceAboveLock +
    Privacy/LetAppsGetDiagnosticInfo
    @@ -4084,6 +4090,126 @@ ADMX Info:
    + +**Privacy/LetAppsActivateWithVoice** + + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    checkmark mark6checkmark mark6check mark6check mark6check mark6
    + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
    + + + +Specifies if Windows apps can be activated by voice. + + + +ADMX Info: +- GP English name: *Allow voice activation* +- GP name: *LetAppsActivateWithVoice* +- GP element: *LetAppsActivateWithVoice_Enum* +- GP path: *Windows Components/App Privacy* +- GP ADMX file name: *AppPrivacy.admx* + + + +The following list shows the supported values: + +- 0 (default) – User in control. Users can decide if Windows apps can be activated by voice using Settings > Privacy options on the device. +- 1 – Force allow. Windows apps can be activated by voice and users cannot change it. +- 2 - Force deny. Windows apps cannot be activated by voice and users cannot change it. + + + + +
    + + +**Privacy/LetAppsActivateWithVoiceAboveLock** + + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    check mark6check mark6check mark6check mark6check mark6
    + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
    + + + +Specifies if Windows apps can be activated by voice while the screen is locked. + + + +ADMX Info: +- GP English name: *Allow voice activation above locked screen* +- GP name: *LetAppsActivateWithVoiceAboveLock* +- GP element: *LetAppsActivateWithVoiceAboveLock_Enum* +- GP path: *Windows Components/App Privacy* +- GP ADMX file name: *AppPrivacy.admx* + + + +The following list shows the supported values: + +- 0 (default) – User in control. Users can decide if Windows apps can be activated by voice while the screen is locked using Settings > Privacy options on the device. +- 1 – Force allow. Windows apps can be activated by voice while the screen is locked, and users cannot change it. +- 2 - Force deny. Windows apps cannot be activated by voice while the screen is locked, and users cannot change it. + + + + +
    + **Privacy/LetAppsGetDiagnosticInfo** @@ -4867,11 +4993,25 @@ ADMX Info: - [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization) +<<<<<<< HEAD ## Privacy policies supported by HoloLens (1st gen) Development Edition - [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization) +======= + +## Privacy policies supported by Windows 10 IoT Core +- [Privacy/LetAppsActivateWithVoice](#privacy-letappsactivatewithvoice) +- [Privacy/LetAppsActivateWithVoiceAboveLock](#privacy-letappsactivatewithvoiceabovelock) + + + +## Privacy policies supported by Windows 10 IoT Enterprise +- [Privacy/LetAppsActivateWithVoice](#privacy-letappsactivatewithvoice) +- [Privacy/LetAppsActivateWithVoiceAboveLock](#privacy-letappsactivatewithvoiceabovelock) + +>>>>>>> master
    diff --git a/windows/client-management/mdm/samples-for-writing-a-custom-configuration-service-provider.md b/windows/client-management/mdm/samples-for-writing-a-custom-configuration-service-provider.md deleted file mode 100644 index 0ee7ef78f1..0000000000 --- a/windows/client-management/mdm/samples-for-writing-a-custom-configuration-service-provider.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Samples for writing a custom configuration service provider -description: Samples for writing a custom configuration service provider -ms.assetid: ccda4d62-7ce1-483b-912f-25d50c974270 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: manikadhiman -ms.date: 06/26/2017 ---- - -# Samples for writing a custom configuration service provider - -The following example shows how to retrieve Integrated Circuit Card Identifier (ICCID) and International Mobile Subscriber Identity (IMSI) for a dual SIM phone. - -## Retrieving ICCID and IMSI for a dual SIM phone - -The following sample is used in the [IConfigServiceProvider2::ConfigManagerNotification](iconfigserviceprovider2configmanagernotification.md) method implementation. It first retrieves the IConfigSession2 object, and then queries the ICCID with the IConfigSession2::GetSessionVariable method. To retrieve the IMSI, replace L”ICCID” with L”IMSI”. - -``` syntax -case CFGMGR_NOTIFICATION_SETSESSIONOBJ: - if (NULL != lpParam) - { - m_pSession = reinterpret_cast(lpParam); -        m_pSession->AddRef(); -    } - -    bstrContext = SysAllocString(L"ICCID"); -    if (NULL == bstrContext) -    { -    hr = E_OUTOFMEMORY; -    goto Error; -    } - -    hr = m_pSession->GetSessionVariable(bstrContext, &varValue); -    if (FAILED(hr)) -    { -     goto Error; -    } -    break; -``` - -  - - - - - diff --git a/windows/configuration/customize-and-export-start-layout.md b/windows/configuration/customize-and-export-start-layout.md index 53cd1f9039..2fd51caeeb 100644 --- a/windows/configuration/customize-and-export-start-layout.md +++ b/windows/configuration/customize-and-export-start-layout.md @@ -45,10 +45,8 @@ You can deploy the resulting .xml file to devices using one of the following met - [Mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) - ## Customize the Start screen on your test computer - To prepare a Start layout for export, you simply customize the Start layout on a test computer. **To prepare a test computer** @@ -57,7 +55,6 @@ To prepare a Start layout for export, you simply customize the Start layout on a 2. Create a new user account that you will use to customize the Start layout. - **To customize Start** 1. Sign in to your test computer with the user account that you created. @@ -81,10 +78,8 @@ To prepare a Start layout for export, you simply customize the Start layout on a > >In earlier versions of Windows 10, no tile would be pinned. - ## Export the Start layout - When you have the Start layout that you want your users to see, use the [Export-StartLayout](https://docs.microsoft.com/powershell/module/startlayout/export-startlayout?view=win10-ps) cmdlet in Windows PowerShell to export the Start layout to an .xml file. Start layout is located by default at C:\Users\username\AppData\Local\Microsoft\Windows\Shell\ >[!IMPORTANT] @@ -176,9 +171,9 @@ If the Start layout is applied by Group Policy or MDM, and the policy is removed **To configure a partial Start screen layout** -1. [Customize the Start layout](#bmk-customize-start). +1. [Customize the Start layout](#customize-the-start-screen-on-your-test-computer). -2. [Export the Start layout](#bmk-exportstartscreenlayout). +2. [Export the Start layout](#export-the-start-layout). 3. Open the layout .xml file. There is a `` element. Add `LayoutCustomizationRestrictionType="OnlySpecifiedGroups"` to the **DefaultLayoutOverride** element as follows: ``` syntax diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md b/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md index f01c3b9f44..bda947c233 100644 --- a/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md +++ b/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md @@ -30,7 +30,7 @@ In Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education, you can us >[!NOTE] >Support for applying a customized taskbar using MDM is added in Windows 10, version 1703. -**Before you begin**: [Customize and export Start layout](customize-and-export-start-layout.md) for desktop editions. +**Before you begin**: [Customize and export Start layout](customize-and-export-start-layout.md) for desktop editions (also works for taskbar customization). >[!WARNING] >When a full Start layout is applied with this method, the users cannot pin, unpin, or uninstall apps from Start. Users can view and open all apps in the **All Apps** view, but they cannot pin any apps to Start. When a partial Start layout is applied, the contents of the specified tile groups cannot be changed, but users can move those groups, and can also create and customize their own groups. diff --git a/windows/configuration/kiosk-single-app.md b/windows/configuration/kiosk-single-app.md index 89c720dbc9..fec62e33fd 100644 --- a/windows/configuration/kiosk-single-app.md +++ b/windows/configuration/kiosk-single-app.md @@ -31,7 +31,7 @@ A single-app kiosk uses the Assigned Access feature to run a single app above th >[!IMPORTANT] >[User account control (UAC)](https://docs.microsoft.com/windows/security/identity-protection/user-account-control/user-account-control-overview) must be turned on to enable kiosk mode. > ->Kiosk mode is not supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk. +>Kiosk mode is not supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk. Apps that run in kiosk mode cannot use copy and paste. You have several options for configuring your single-app kiosk. diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md index 2c861f7c13..a8d16003c6 100644 --- a/windows/configuration/lock-down-windows-10-to-specific-apps.md +++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md @@ -18,16 +18,13 @@ ms.topic: article # Set up a multi-app kiosk - **Applies to** -- Windows 10 Pro, Enterprise, and Education +- Windows 10 Pro, Enterprise, and Education +A [kiosk device](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) typically runs a single app, and users are prevented from accessing any features or functions on the device outside of the kiosk app. In Windows 10, version 1709, the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) was expanded to make it easy for administrators to create kiosks that run more than one app. The benefit of a kiosk that runs only one or more specified apps is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they don’t need to access. -A [kiosk device](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) typically runs a single app, and users are prevented from accessing any features or functions on the device outside of the kiosk app. In Windows 10, version 1709, the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) was expanded to make it easy for administrators to create kiosks that run more than one app. The benefit of a kiosk that runs only one or more specified apps is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they don’t need to access. - -The following table lists changes to multi-app kiosk in recent updates. - +The following table lists changes to multi-app kiosk in recent updates. | New features and improvements | In update | |--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| @@ -39,21 +36,21 @@ The following table lists changes to multi-app kiosk in recent updates. You can configure multi-app kiosks using [Microsoft Intune](#intune) or a [provisioning package](#provision). - >[!TIP] >Be sure to check the [configuration recommendations](kiosk-prepare.md) before you set up your kiosk. -## Configure a kiosk in Microsoft Intune +## Configure a kiosk in Microsoft Intune To configure a kiosk in Microsoft Intune, see [Windows 10 and Windows Holographic for Business device settings to run as a dedicated kiosk using Intune](https://docs.microsoft.com/intune/kiosk-settings). For explanations of the specific settings, see [Windows 10 and later device settings to run as a kiosk in Intune](https://docs.microsoft.com/intune/kiosk-settings-windows). - + ## Configure a kiosk using a provisioning package Process: + 1. [Create XML file](#create-xml-file) 2. [Add XML file to provisioning package](#add-xml) 3. [Apply provisioning package to device](#apply-ppkg) @@ -70,19 +67,19 @@ If you don't want to use a provisioning package, you can deploy the configuratio - The kiosk device must be running Windows 10 (S, Pro, Enterprise, or Education), version 1709 or later >[!NOTE] ->For devices running versions of Windows 10 earlier than version 1709, you can [create AppLocker rules](lock-down-windows-10-applocker.md) to configure a multi-app kiosk. +>For devices running versions of Windows 10 earlier than version 1709, you can [create AppLocker rules](lock-down-windows-10-applocker.md) to configure a multi-app kiosk. ### Create XML file -Let's start by looking at the basic structure of the XML file. +Let's start by looking at the basic structure of the XML file. -- A configuration xml can define multiple *profiles*. Each profile has a unique **Id** and defines a set of applications that are allowed to run, whether the taskbar is visible, and can include a custom Start layout. +- A configuration xml can define multiple *profiles*. Each profile has a unique **Id** and defines a set of applications that are allowed to run, whether the taskbar is visible, and can include a custom Start layout. -- A configuration xml can have multiple *config* sections. Each config section associates a non-admin user account to a default profile **Id**. +- A configuration xml can have multiple *config* sections. Each config section associates a non-admin user account to a default profile **Id**. - Multiple config sections can be associated to the same profile. -- A profile has no effect if it’s not associated to a config section. +- A profile has no effect if it’s not associated to a config section. ![profile = app and config = account](images/profile-config.png) @@ -90,7 +87,7 @@ You can start your file by pasting the following XML (or any other examples in t ```xml - @@ -98,7 +95,7 @@ You can start your file by pasting the following XML (or any other examples in t - + @@ -119,11 +116,11 @@ There are two types of profiles that you can specify in the XML: - **Lockdown profile**: Users assigned a lockdown profile will see the desktop in tablet mode with the specific apps on the Start screen. - **Kiosk profile**: New in Windows 10, version 1803, this profile replaces the KioskModeApp node of the [AssignedAccess CSP](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp). Users assigned a kiosk profile will not see the desktop, but only the kiosk app running in full-screen mode. -A lockdown profile section in the XML has the following entries: +A lockdown profile section in the XML has the following entries: -- [**Id**](#id) +- [**Id**](#id) -- [**AllowedApps**](#allowedapps) +- [**AllowedApps**](#allowedapps) - [**FileExplorerNamespaceRestrictions**](#fileexplorernamespacerestrictions) @@ -133,15 +130,13 @@ A lockdown profile section in the XML has the following entries: A kiosk profile in the XML has the following entries: -- [**Id**](#id) +- [**Id**](#id) - [**KioskModeApp**](#kioskmodeapp) - - ##### Id -The profile **Id** is a GUID attribute to uniquely identify the profile. You can create a GUID using a GUID generator. The GUID just needs to be unique within this XML file. +The profile **Id** is a GUID attribute to uniquely identify the profile. You can create a GUID using a GUID generator. The GUID just needs to be unique within this XML file. ```xml @@ -151,30 +146,28 @@ The profile **Id** is a GUID attribute to uniquely identify the profile. You can ##### AllowedApps -**AllowedApps** is a list of applications that are allowed to run. Apps can be Universal Windows Platform (UWP) apps or Windows desktop applications. In Windows 10, version 1809, you can configure a single app in the **AllowedApps** list to run automatically when the assigned access user account signs in. +**AllowedApps** is a list of applications that are allowed to run. Apps can be Universal Windows Platform (UWP) apps or Windows desktop applications. In Windows 10, version 1809, you can configure a single app in the **AllowedApps** list to run automatically when the assigned access user account signs in. - - -- For UWP apps, you need to provide the App User Model ID (AUMID). [Learn how to get the AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867), or [get the AUMID from the Start Layout XML](#startlayout). +- For UWP apps, you need to provide the App User Model ID (AUMID). [Learn how to get the AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867), or [get the AUMID from the Start Layout XML](#startlayout). - For desktop apps, you need to specify the full path of the executable, which can contain one or more system environment variables in the form of %variableName% (i.e. %systemroot%, %windir%). -- If an app has a dependency on another app, both must be included in the allowed apps list. For example, Internet Explorer 64-bit has a dependency on Internet Explorer 32-bit, so you must allow both "C:\Program Files\internet explorer\iexplore.exe" and “C:\Program Files (x86)\Internet Explorer\iexplore.exe”. +- If an app has a dependency on another app, both must be included in the allowed apps list. For example, Internet Explorer 64-bit has a dependency on Internet Explorer 32-bit, so you must allow both "C:\Program Files\internet explorer\iexplore.exe" and “C:\Program Files (x86)\Internet Explorer\iexplore.exe”. - To configure a single app to launch automatically when the user signs in, include `rs5:AutoLaunch="true"` after the AUMID or path. You can also include arguments to be passed to the app. For an example, see [the AllowedApps sample XML](#apps-sample). -When the mult-app kiosk configuration is applied to a device, AppLocker rules will be generated to allow the apps that are listed in the configuration. Here are the predefined assigned access AppLocker rules for **UWP apps**: +When the multi-app kiosk configuration is applied to a device, AppLocker rules will be generated to allow the apps that are listed in the configuration. Here are the predefined assigned access AppLocker rules for **UWP apps**: -1. Default rule is to allow all users to launch the signed package apps. -2. The package app deny list is generated at runtime when the assigned access user signs in. Based on the installed/provisioned package apps available for the user account, assigned access generates the deny list. This list will exclude the default allowed inbox package apps which are critical for the system to function, and then exclude the allowed packages that enterprises defined in the assigned access configuration. If there are multiple apps within the same package, all these apps will be excluded. This deny list will be used to prevent the user from accessing the apps which are currently available for the user but not in the allowed list. +1. Default rule is to allow all users to launch the signed package apps. +2. The package app deny list is generated at runtime when the assigned access user signs in. Based on the installed/provisioned package apps available for the user account, assigned access generates the deny list. This list will exclude the default allowed inbox package apps which are critical for the system to function, and then exclude the allowed packages that enterprises defined in the assigned access configuration. If there are multiple apps within the same package, all these apps will be excluded. This deny list will be used to prevent the user from accessing the apps which are currently available for the user but not in the allowed list. >[!NOTE] >You cannot manage AppLocker rules that are generated by the multi-app kiosk configuration in [MMC snap-ins](https://technet.microsoft.com/library/hh994629.aspx#BKMK_Using_Snapins). Avoid creating AppLocker rules that conflict with AppLocker rules that are generated by the multi-app kiosk configuration. > - >Multi-app kiosk mode doesn’t block the enterprise or the users from installing UWP apps. When a new UWP app is installed during the current assigned access user session, this app will not be in the deny list. When the user signs out and signs in again, the app will be included in the deny list. If this is an enterprise-deployed line-of-business app and you want to allow it to run, update the assigned access configuration to include it in the allowed app list. + >Multi-app kiosk mode doesn’t block the enterprise or the users from installing UWP apps. When a new UWP app is installed during the current assigned access user session, this app will not be in the deny list. When the user signs out and signs in again, the app will be included in the deny list. If this is an enterprise-deployed line-of-business app and you want to allow it to run, update the assigned access configuration to include it in the allowed app list. Here are the predefined assigned access AppLocker rules for **desktop apps**: -1. Default rule is to allow all users to launch the desktop programs signed with Microsoft Certificate in order for the system to boot and function. The rule also allows the admin user group to launch all desktop programs. -2. There is a predefined inbox desktop app deny list for the assigned access user account, and this deny list is adjusted based on the desktop app allow list that you defined in the multi-app configuration. -3. Enterprise-defined allowed desktop apps are added in the AppLocker allow list. +1. Default rule is to allow all users to launch the desktop programs signed with Microsoft Certificate in order for the system to boot and function. The rule also allows the admin user group to launch all desktop programs. +2. There is a predefined inbox desktop app deny list for the assigned access user account, and this deny list is adjusted based on the desktop app allow list that you defined in the multi-app configuration. +3. Enterprise-defined allowed desktop apps are added in the AppLocker allow list. The following example allows Groove Music, Movies & TV, Photos, Weather, Calculator, Paint, and Notepad apps to run on the device, with Notepad configured to automatically launch and create a file called `123.text` when the user signs in. @@ -220,23 +213,23 @@ The following example shows how to allow user access to the Downloads folder in ... - + ``` ##### StartLayout -After you define the list of allowed applications, you can customize the Start layout for your kiosk experience. You can choose to pin all the allowed apps on the Start screen or just a subset, depending on whether you want the end user to directly access them on the Start screen. +After you define the list of allowed applications, you can customize the Start layout for your kiosk experience. You can choose to pin all the allowed apps on the Start screen or just a subset, depending on whether you want the end user to directly access them on the Start screen. The easiest way to create a customized Start layout to apply to other Windows 10 devices is to set up the Start screen on a test device and then export the layout. For detailed steps, see [Customize and export Start layout](customize-and-export-start-layout.md). A few things to note here: -- The test device on which you customize the Start layout should have the same OS version that is installed on the device where you plan to deploy the multi-app assigned access configuration. -- Since the multi-app assigned access experience is intended for fixed-purpose devices, to ensure the device experiences are consistent and predictable, use the *full* Start layout option instead of the *partial* Start layout. +- The test device on which you customize the Start layout should have the same OS version that is installed on the device where you plan to deploy the multi-app assigned access configuration. +- Since the multi-app assigned access experience is intended for fixed-purpose devices, to ensure the device experiences are consistent and predictable, use the *full* Start layout option instead of the *partial* Start layout. - There are no apps pinned on the taskbar in the multi-app mode, and it is not supported to configure Taskbar layout using the `` tag in a layout modification XML as part of the assigned access configuration. -- The following example uses DesktopApplicationLinkPath to pin the desktop app to start. When the desktop app doesn’t have a shortcut link on the target device, [learn how to provision .lnk files using Windows Configuration Designer](#lnk-files). +- The following example uses DesktopApplicationLinkPath to pin the desktop app to start. When the desktop app doesn’t have a shortcut link on the target device, [learn how to provision .lnk files using Windows Configuration Designer](#lnk-files). This example pins Groove Music, Movies & TV, Photos, Weather, Calculator, Paint, and Notepad apps on Start. @@ -267,14 +260,13 @@ This example pins Groove Music, Movies & TV, Photos, Weather, Calculator, Paint, ``` >[!NOTE] ->If an app is not installed for the user but is included in the Start layout XML, the app will not be shown on the Start screen. - +>If an app is not installed for the user but is included in the Start layout XML, the app will not be shown on the Start screen. ![What the Start screen looks like when the XML sample is applied](images/sample-start.png) ##### Taskbar -Define whether you want to have the taskbar present in the kiosk device. For tablet-based or touch-enabled all-in-one kiosks, when you don’t attach a keyboard and mouse, you can hide the taskbar as part of the multi-app experience if you want. +Define whether you want to have the taskbar present in the kiosk device. For tablet-based or touch-enabled all-in-one kiosks, when you don’t attach a keyboard and mouse, you can hide the taskbar as part of the multi-app experience if you want. The following example exposes the taskbar to the end user: @@ -289,9 +281,9 @@ The following example hides the taskbar: ``` >[!NOTE] ->This is different from the **Automatically hide the taskbar** option in tablet mode, which shows the taskbar when swiping up from or moving the mouse pointer down to the bottom of the screen. Setting **ShowTaskbar** as **false** will always keep the taskbar hidden. +>This is different from the **Automatically hide the taskbar** option in tablet mode, which shows the taskbar when swiping up from or moving the mouse pointer down to the bottom of the screen. Setting **ShowTaskbar** as **false** will always keep the taskbar hidden. -##### KioskModeApp +##### KioskModeApp **KioskModeApp** is used for a [kiosk profile](#profile) only. Enter the AUMID for a single app. You can only specify one kiosk profile in the XML. @@ -302,27 +294,25 @@ The following example hides the taskbar: >[!IMPORTANT] >The kiosk profile is designed for public-facing kiosk devices. We recommend that you use a local, non-administrator account. If the device is connected to your company network, using a domain or Azure Active Directory account could potentially compromise confidential information. - #### Configs -Under **Configs**, define which user account will be associated with the profile. When this user account signs in on the device, the associated assigned access profile will be enforced, including the allowed apps, Start layout, and taskbar configuration, as well as other local group policies or mobile device management (MDM) policies set as part of the multi-app experience. +Under **Configs**, define which user account will be associated with the profile. When this user account signs in on the device, the associated assigned access profile will be enforced, including the allowed apps, Start layout, and taskbar configuration, as well as other local group policies or mobile device management (MDM) policies set as part of the multi-app experience. -The full multi-app assigned access experience can only work for non-admin users. It’s not supported to associate an admin user with the assigned access profile; doing this in the XML file will result in unexpected/unsupported experiences when this admin user signs in. +The full multi-app assigned access experience can only work for non-admin users. It’s not supported to associate an admin user with the assigned access profile; doing this in the XML file will result in unexpected/unsupported experiences when this admin user signs in. You can assign: - [A local standard user account that signs in automatically](#config-for-autologon-account) (Applies to Windows 10, version 1803 only) - [An individual account, which can be local, domain, or Azure Active Directory (Azure AD)](#config-for-individual-accounts) -- [A group account, which can be local, Active Directory (domain), or Azure AD](#config-for-group-accounts) (Applies to Windows 10, version 1803 only) +- [A group account, which can be local, Active Directory (domain), or Azure AD](#config-for-group-accounts) (Applies to Windows 10, version 1803 only). >[!NOTE] ->Configs that specify group accounts cannot use a kiosk profile, only a lockdown profile. If a group is configured to a kiosk profile, the CSP will reject the request. +>Configs that specify group accounts cannot use a kiosk profile, only a lockdown profile. If a group is configured to a kiosk profile, the CSP will reject the request. ##### Config for AutoLogon Account When you use `` and the configuration is applied to a device, the specified account (managed by Assigned Access) is created on the device as a local standard user account. The specified account is signed in automatically after restart. - The following example shows how to specify an account to sign in automatically. ```xml @@ -331,7 +321,7 @@ The following example shows how to specify an account to sign in automatically. - + ``` In Windows 10, version 1809, you can configure the display name that will be shown when the user signs in. The following example shows how to create an AutoLogon Account that shows the name "Hello World". @@ -347,13 +337,12 @@ In Windows 10, version 1809, you can configure the display name that will be sho On domain-joined devices, local user accounts aren't shown on the sign-in screen by default. To show the **AutoLogonAccount** on the sign-in screen, enable the following Group Policy setting: **Computer Configuration > Administrative Templates > System > Logon > Enumerate local users on domain-joined computers**. (The corresponding MDM policy setting is [WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers in the Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-windowslogon#windowslogon-enumeratelocalusersondomainjoinedcomputers).) - >[!IMPORTANT] >When Exchange Active Sync (EAS) password restrictions are active on the device, the autologon feature does not work. This behavior is by design. For more informations, see [How to turn on automatic logon in Windows](https://support.microsoft.com/help/324737/how-to-turn-on-automatic-logon-in-windows). ##### Config for individual accounts -Individual accounts are specified using ``. +Individual accounts are specified using ``. - Local account can be entered as `machinename\account` or `.\account` or just `account`. - Domain account should be entered as `domain\account`. @@ -362,58 +351,56 @@ Individual accounts are specified using ``. >[!WARNING] >Assigned access can be configured via WMI or CSP to run its applications under a domain user or service account, rather than a local account. However, use of domain user or service accounts introduces risks that an attacker subverting the assigned access application might gain access to sensitive domain resources that have been inadvertently left accessible to any domain account. We recommend that customers proceed with caution when using domain accounts with assigned access, and consider the domain resources potentially exposed by the decision to do so. - Before applying the multi-app configuration, make sure the specified user account is available on the device, otherwise it will fail. >[!NOTE] >For both domain and Azure AD accounts, it’s not required that target account is explicitly added to the device. As long as the device is AD-joined or Azure AD-joined, the account can be discovered in the domain forest or tenant that the device is joined to. For local accounts, it is required that the account exist before you configure the account for assigned access. - ```xml MultiAppKioskUser - + ``` - - ##### Config for group accounts -Group accounts are specified using ``. Nested groups are not supported. For example, if user A is member of Group 1, Group 1 is member of Group 2, and Group 2 is used in ``, user A will not have the kiosk experience. +Group accounts are specified using ``. Nested groups are not supported. For example, if user A is member of Group 1, Group 1 is member of Group 2, and Group 2 is used in ``, user A will not have the kiosk experience. - Local group: Specify the group type as **LocalGroup** and put the group name in Name attribute. Any Azure AD accounts that are added to the local group will not have the kiosk settings applied. ```xml - - - - + + + + ``` + - Domain group: Both security and distribution groups are supported. Specify the group type as ActiveDirectoryGroup. Use the domain name as the prefix in the name attribute. ```xml - - - - + + + + ``` - Azure AD group: Use the group object ID from the Azure portal to uniquely identify the group in the Name attribute. You can find the object ID on the overview page for the group in **Users and groups** > **All groups**. Specify the group type as **AzureActiveDirectoryGroup**. The kiosk device must have internet connectivity when users that belong to the group sign in. ```xml - - - - + + + + ``` >[!NOTE] - >If an Azure AD group is configured with a lockdown profile on a device, a user in the Azure AD group must change their password (after the account has been created with default password on the portal) before they can sign in to this device. If the user uses the default password to sign in to the device, the user will be immediately signed out. + >If an Azure AD group is configured with a lockdown profile on a device, a user in the Azure AD group must change their password (after the account has been created with default password on the portal) before they can sign in to this device. If the user uses the default password to sign in to the device, the user will be immediately signed out. + ### Add XML file to provisioning package Before you add the XML file to a provisioning package, you can [validate your configuration XML against the XSD](kiosk-xml.md#xsd-for-assignedaccess-configuration-xml). @@ -439,7 +426,7 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L ![Screenshot of the MultiAppAssignedAccessSettings field in Windows Configuration Designer](images/multiappassignedaccesssettings.png) -8. (**Optional**: If you want to apply the provisioning package after device initial setup and there is an admin user already available on the kiosk device, skip this step.) Create an admin user account in **Runtime settings** > **Accounts** > **Users**. Provide a **UserName** and **Password**, and select **UserGroup** as **Administrators**. With this account, you can view the provisioning status and logs if needed. +8. (**Optional**: If you want to apply the provisioning package after device initial setup and there is an admin user already available on the kiosk device, skip this step.) Create an admin user account in **Runtime settings** > **Accounts** > **Users**. Provide a **UserName** and **Password**, and select **UserGroup** as **Administrators**. With this account, you can view the provisioning status and logs if needed. 9. (**Optional**: If you already have a non-admin account on the kiosk device, skip this step.) Create a local standard user account in **Runtime settings** > **Accounts** > **Users**. Make sure the **UserName** is the same as the account that you specify in the configuration XML. Select **UserGroup** as **Standard Users**. @@ -451,9 +438,9 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L 13. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing. - - **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen. + - **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen. - - **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Browse** and choosing the certificate you want to use to sign the package. + - **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Browse** and choosing the certificate you want to use to sign the package. 14. Click **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows Imaging and Configuration Designer (ICD) uses the project folder as the output location. @@ -469,12 +456,13 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L If your build is successful, the name of the provisioning package, output directory, and project directory will be shown. - - If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build. - - If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**. + - If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build. + - If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**. 18. Copy the provisioning package to the root directory of a USB drive. + ### Apply provisioning package to device Provisioning packages can be applied to a device during the first-run experience (out-of-box experience or "OOBE") and after ("runtime"). @@ -504,46 +492,28 @@ Provisioning packages can be applied to a device during the first-run experience ![Do you trust this package?](images/trust-package.png) - - #### After setup, from a USB drive, network folder, or SharePoint site 1. Sign in with an admin account. 2. Insert the USB drive to a desktop computer, navigate to **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** > **Add a package**, and select the package to install. For a provisioning package stored on a network folder or on a SharePoint site, navigate to the provisioning package and double-click it to begin installation. >[!NOTE] ->if your provisioning package doesn’t include the assigned access user account creation, make sure the account you specified in the multi-app configuration XML exists on the device. +>if your provisioning package doesn’t include the assigned access user account creation, make sure the account you specified in the multi-app configuration XML exists on the device. ![add a package option](images/package.png) - - - -### Use MDM to deploy the multi-app configuration +### Use MDM to deploy the multi-app configuration +Multi-app kiosk mode is enabled by the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp). Your MDM policy can contain the assigned access configuration XML. -Multi-app kiosk mode is enabled by the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp). Your MDM policy can contain the assigned access configuration XML. - -If your device is enrolled with a MDM server which supports applying the assigned access configuration, you can use it to apply the setting remotely. +If your device is enrolled with a MDM server which supports applying the assigned access configuration, you can use it to apply the setting remotely. The OMA-URI for multi-app policy is `./Device/Vendor/MSFT/AssignedAccess/Configuration`. - - - - - - - - - - - ## Considerations for Windows Mixed Reality immersive headsets - -With the advent of [mixed reality devices (video link)](https://www.youtube.com/watch?v=u0jqNioU2Lo), you might want to create a kiosk that can run mixed reality apps. +With the advent of [mixed reality devices (video link)](https://www.youtube.com/watch?v=u0jqNioU2Lo), you might want to create a kiosk that can run mixed reality apps. To create a multi-app kiosk that can run mixed reality apps, you must include the following apps in the [AllowedApps list](#allowedapps): @@ -561,14 +531,12 @@ After the admin has completed setup, the kiosk account can sign in and repeat th There is a difference between the mixed reality experiences for a kiosk user and other users. Typically, when a user connects a mixed reality device, they begin in the [Mixed Reality home](https://developer.microsoft.com/windows/mixed-reality/navigating_the_windows_mixed_reality_home). The Mixed Reality home is a shell that runs in "silent" mode when the PC is configured as a kiosk. When a kiosk user connects a mixed reality device, they will see only a blank display in the device, and will not have access to the features and functionality available in the home. To run a mixed reality app, the kiosk user must launch the app from the PC Start screen. - ## Policies set by multi-app kiosk configuration It is not recommended to set policies enforced in assigned access multi-app mode to different values using other channels, as the multi-app mode has been optimized to provide a locked-down experience. When the multi-app assigned access configuration is applied on the device, certain policies are enforced system-wide, and will impact other users on the device. - ### Group Policy The following local policies affect all **non-administrator** users on the system, regardless whether the user is configured as an assigned access user or not. This includes local users, domain users, and Azure Active Directory users. @@ -605,11 +573,8 @@ Prevent access to drives from My Computer | Enabled - Restrict all drivers >[!NOTE] >When **Prevent access to drives from My Computer** is enabled, users can browse the directory structure in File Explorer, but they cannot open folders and access the contents. Also, they cannot use the **Run** dialog box or the **Map Network Drive** dialog box to view the directories on these drives. The icons representing the specified drives still appear in File Explorer, but if users double-click the icons, a message appears explaining that a setting prevents the action. This setting does not prevent users from using programs to access local and network drives. It does not prevent users from using the Disk Management snap-in to view and change drive characteristics. - - ### MDM policy - Some of the MDM policies based on the [Policy configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider) affect all users on the system (i.e. system-wide). Setting | Value | System-wide @@ -633,13 +598,14 @@ Start/DisableContextMenus | 1 - Context menus are hidden for Start apps | No [WindowsLogon/DontDisplayNetworkSelectionUI](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-windowslogon#windowslogon-dontdisplaynetworkselectionui) | <Enabled/> | Yes + ## Provision .lnk files using Windows Configuration Designer First, create your desktop app's shortcut file by installing the app on a test device, using the default installation location. Right-click the installed application, and choose **Send to** > **Desktop (create shortcut)**. Rename the shortcut to `.lnk` -Next, create a batch file with two commands. If the desktop app is already installed on the target device, skip the first command for MSI install. +Next, create a batch file with two commands. If the desktop app is already installed on the target device, skip the first command for MSI install. -``` +```PowerShell msiexec /I ".msi" /qn /norestart copy .lnk "%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\.lnk" ``` diff --git a/windows/configuration/start-secondary-tiles.md b/windows/configuration/start-secondary-tiles.md index 5c93aacf5e..fd49af9302 100644 --- a/windows/configuration/start-secondary-tiles.md +++ b/windows/configuration/start-secondary-tiles.md @@ -64,7 +64,7 @@ In Windows 10, version 1703, by using the PowerShell cmdlet `export-StartLayoutE ## Export Start layout and assets -1. Follow the instructions in [Customize and export Start layout](customize-and-export-start-layout.md#bkmkcustomizestartscreen) to customize the Start screen on your test computer. +1. Follow the instructions in [Customize and export Start layout](customize-and-export-start-layout.md#customize-the-start-screen-on-your-test-computer) to customize the Start screen on your test computer. 2. Open Windows PowerShell as an administrator and enter the following command: ``` diff --git a/windows/configuration/wcd/wcd-admxingestion.md b/windows/configuration/wcd/wcd-admxingestion.md index 830319f0f7..4f71f13ace 100644 --- a/windows/configuration/wcd/wcd-admxingestion.md +++ b/windows/configuration/wcd/wcd-admxingestion.md @@ -51,7 +51,7 @@ In **ConfigADMXInstalledPolicy**, you provide a policy setting and value for tha ## ConfigOperations -Use **ConfigOperations** to import an ADXM file or policies from an ADMX file. +Use **ConfigOperations** to import an ADMX file or policies from an ADMX file. 1. Enter an app name, and then click **Add**. @@ -72,8 +72,8 @@ Use **ConfigOperations** to import an ADXM file or policies from an ADMX file. 5. Repeat for each ADMX, or set of ADMX policies, that you want to add, and then configure [ConfigADMXInstalledPolicy](#configadmxinstalledpolicy) for each one. + - ## Convert multi-line to single line Use the following PowerShell cmdlet to remove carriage returns and line feeds from a multi-line file to create a single-line file that you can paste in **AdmxFileUid**. diff --git a/windows/deployment/mbr-to-gpt.md b/windows/deployment/mbr-to-gpt.md index c0786ab2ce..568b71cc11 100644 --- a/windows/deployment/mbr-to-gpt.md +++ b/windows/deployment/mbr-to-gpt.md @@ -399,7 +399,55 @@ DISKPART> list disk In this example, Disk 0 is formatted with the MBR partition style, and Disk 1 is formatted using GPT. +## Known issue +### MBR2GPT.exe cannot run in Windows PE + +When you start a Windows 10, version 1903-based computer in the Windows Preinstallation Environment (Windows PE), you encounter the following issues: + +**Issue 1** When you run the MBR2GPT.exe command, the process exits without converting the drive. + +**Issue 2** When you manually run the MBR2GPT.exe command in a Command Prompt window, there is no output from the tool. + +**Issue 3** When MBR2GPT.exe runs inside an imaging process such as a System Center Configuration Manager task sequence, an MDT task sequence, or by using a script, you receive the following exit code: 0xC0000135/3221225781. + +#### Cause + +This issue occurs because in Windows 10, version 1903 and later versions, MBR2GPT.exe requires access to the ReAgent.dll file. However, this dll file and its associated libraries are currently not included in the Windows PE boot image for Windows 10, version 1903 and later. + +#### Workaround + +To fix this issue, mount the Windows PE image (WIM), copy the missing file from the [Windows 10, version 1903 Assessment and Development Kit (ADK)](https://go.microsoft.com/fwlink/?linkid=2086042) source, and then commit the changes to the WIM. To do this, follow these steps: + +1. Mount the Windows PE WIM to a path (for example, C:\WinPE_Mount). For more information about how to mount WIM files, see [Mount an image](https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#mount-an-image). + +2. Copy the ReAgent files and the ReAgent localization files from the Window 10, version 1903 ADK source folder to the mounted WIM. + + For example, if the ADK is installed to the default location of C:\Program Files (x86)\Windows Kits\10 and the Windows PE image is mounted to C:\WinPE_Mount, run the following commands from an elevated Command Prompt window: + + **Command 1:** + ```cmd + copy "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Setup\amd64\Sources\ReAgnet*.*" "C:\WinPE_Mount\Windows\System32" + ``` + This command copies three files: + + * ReAgent.admx + * ReAgent.dll + * ReAgent.xml + + **Command 2:** + ```cmd + copy "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Setup\amd64\Sources\En-Us\ReAgnet*.*" "C:\WinPE_Mount\Windows\System32\En-Us" + ``` + This command copies two files: + * ReAgent.adml + * ReAgent.dll.mui + + >![Note] + >If you aren't using an English version of Windows, replace "En-Us" in the path with the appropriate string that represents the system language. + +3. After you copy all the files, commit the changes and unmount the Windows PE WIM. MBR2GPT.exe now functions as expected in Windows PE. For information about how to unmount WIM files while committing changes, see [Unmounting an image](https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#unmounting-an-image). + ## Related topics diff --git a/windows/deployment/update/waas-configure-wufb.md b/windows/deployment/update/waas-configure-wufb.md index 2ca9caa0b5..4960481076 100644 --- a/windows/deployment/update/waas-configure-wufb.md +++ b/windows/deployment/update/waas-configure-wufb.md @@ -220,7 +220,7 @@ The following are quick-reference tables of the supported policy values for Wind | GPO Key | Key type | Value | | --- | --- | --- | -| BranchReadinessLevel | REG_DWORD | 16: systems take Feature Updates for the Current Branch (CB)
    32: systems take Feature Updates for the Current Branch for Business (CBB)
    Note: Other value or absent: receive all applicable updates (CB) | +| BranchReadinessLevel | REG_DWORD | 2: systems take Feature Updates for the Windows Insider build - Fast (added in Windows 10, version 1709)
    4: systems take Feature Updates for the Windows Insider build - Slow (added in Windows 10, version 1709)
    8: systems take Feature Updates for the Release Windows Insider build (added in Windows 10, version 1709)
    16: for Windows 10, version 1703: systems take Feature Updates for the Current Branch (CB); for Windows 10, version 1709, 1803 and 1809: systems take Feature Updates from Semi-annual Channel (Targeted) (SAC-T); for Windows 10, version 1903 or later: systems take Feature Updates from Semi-annual Channel
    32: systems take Feature Updates from Semi-annual Channel
    Note: Other value or absent: receive all applicable updates | | DeferQualityUpdates | REG_DWORD | 1: defer quality updates
    Other value or absent: don’t defer quality updates | | DeferQualityUpdatesPeriodinDays | REG_DWORD | 0-35: defer quality updates by given days | | PauseQualityUpdatesStartDate | REG_DWORD | 1: pause quality updates
    Other value or absent: don’t pause quality updates | @@ -234,7 +234,7 @@ The following are quick-reference tables of the supported policy values for Wind | MDM Key | Key type | Value | | --- | --- | --- | -| BranchReadinessLevel | REG_DWORD | 16: systems take Feature Updates for the Current Branch (CB)
    32: systems take Feature Updates for the Current Branch for Business (CBB)
    Note: Other value or absent: receive all applicable updates (CB) | +| BranchReadinessLevel | REG_DWORD |2: systems take Feature Updates for the Windows Insider build - Fast (added in Windows 10, version 1709)
    4: systems take Feature Updates for the Windows Insider build - Slow (added in Windows 10, version 1709)
    8: systems take Feature Updates for the Release Windows Insider build (added in Windows 10, version 1709)
    16: for Windows 10, version 1703: systems take Feature Updates for the Current Branch (CB); for Windows 10, version 1709, 1803 and 1809: systems take Feature Updates from Semi-annual Channel (Targeted) (SAC-T); for Windows 10, version 1903 or later: systems take Feature Updates from Semi-annual Channel
    32: systems take Feature Updates from Semi-annual Channel
    Note: Other value or absent: receive all applicable updates | | DeferQualityUpdatesPeriodinDays | REG_DWORD | 0-35: defer quality updates by given days | | PauseQualityUpdatesStartDate | REG_DWORD | 1: pause quality updates
    Other value or absent: don’t pause quality updates | | DeferFeatureUpdatesPeriodinDays | REG_DWORD | 0-365: defer feature updates by given days | diff --git a/windows/deployment/update/windows-analytics-get-started.md b/windows/deployment/update/windows-analytics-get-started.md index b3903e691b..35a8196735 100644 --- a/windows/deployment/update/windows-analytics-get-started.md +++ b/windows/deployment/update/windows-analytics-get-started.md @@ -75,6 +75,12 @@ To enable data sharing, configure your proxy server to whitelist the following e > [!IMPORTANT] > For privacy and data integrity, Windows checks for a Microsoft SSL certificate when communicating with the diagnostic data endpoints. SSL interception and inspection aren't possible. To use Desktop Analytics, exclude these endpoints from SSL inspection. +>[!NOTE] +>Microsoft has a strong commitment to providing the tools and resources that put you in control of your privacy. As a result, Microsoft doesn't collect the following data from devices located in European countries (EEA and Switzerland): +>- Windows diagnostic data from Windows 8.1 devices +>- App usage data for Windows 7 devices + + ### Configuring endpoint access with SSL inspection To ensure privacy and data integrity Windows checks for a Microsoft SSL certificate when communicating with the diagnostic data endpoints. Accordingly SSL interception and inspection is not possible. To use Windows Analytics services you should exclude the above endpoints from SSL inspection. @@ -135,7 +141,7 @@ You can use the Upgrade Readiness deployment script to automate and verify your See the [Upgrade Readiness deployment script](../upgrade/upgrade-readiness-deployment-script.md) topic for information about obtaining and running the script, and for a description of the error codes that can be displayed. See ["Understanding connectivity scenarios and the deployment script"](https://blogs.technet.microsoft.com/upgradeanalytics/2017/03/10/understanding-connectivity-scenarios-and-the-deployment-script/) on the Windows Analytics blog for a summary of setting the ClientProxy for the script, which will enable the script properly check for diagnostic data endpoint connectivity. -After data is sent from devices to Microsoft, it generally takes 48-56 hours for the data to populate in Windows Analytics. The compatibility update takes several minutes to run. If the update does not get a chance to finish running or if the computers are inaccessible (turned off or sleeping for example), data will take longer to populate in Windows Analytics. For this reason, you can expect most of your devices to be populated in Windows Analytics in about 1-2 weeks after deploying the update and configuration to user computers. As described in the Windows Analytics blog post ["You can now check on the status of your computers within hours of running the deployment script"](https://blogs.technet.microsoft.com/upgradeanalytics/2017/05/12/wheres-my-data/), you can verify that devices have successfully connected to the service within a few hours. Most of those devices should start to show up in the Windows Analytics console within a few days. +After data is sent from devices to Microsoft, it generally takes 48-56 hours for the data to populate in Windows Analytics. The compatibility update takes several minutes to run. If the update does not get a chance to finish running or if the computers are inaccessible (turned off or sleeping for example), data will take longer to populate in Windows Analytics. For this reason, you can expect most of your devices to be populated in Windows Analytics within 1-2 days after deploying the update and configuration to user computers. As described in the Windows Analytics blog post ["You can now check on the status of your computers within hours of running the deployment script"](https://blogs.technet.microsoft.com/upgradeanalytics/2017/05/12/wheres-my-data/), you can verify that devices have successfully connected to the service within a few hours. Most of those devices should start to show up in the Windows Analytics console within a few days. ## Deploy additional optional settings @@ -205,3 +211,4 @@ Note that it is possible to intiate a full inventory scan on a device by calling - CompatTelRunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun ent For details on how to run these and how to check results, see the deployment script. + diff --git a/windows/deployment/upgrade/upgrade-readiness-get-started.md b/windows/deployment/upgrade/upgrade-readiness-get-started.md index a75f7d866b..3cfb3be1df 100644 --- a/windows/deployment/upgrade/upgrade-readiness-get-started.md +++ b/windows/deployment/upgrade/upgrade-readiness-get-started.md @@ -26,7 +26,7 @@ You can use Upgrade Readiness to plan and manage your upgrade project end-to-end Before you begin, consider reviewing the following helpful information:
    - [Upgrade Readiness requirements](upgrade-readiness-requirements.md): Provides detailed requirements to use Upgrade Readiness.
    - - [Upgrade Readiness blog](https://aka.ms/blog/WindowsAnalytics): Contains announcements of new features and provides helpful tips for using Upgrade Readiness. + - [Upgrade Readiness blog](https://techcommunity.microsoft.com/t5/Windows-Analytics-Blog/bg-p/WindowsAnalyticsBlog): Contains announcements of new features and provides helpful tips for using Upgrade Readiness. >If you are using System Center Configuration Manager, also check out information about how to integrate Upgrade Readiness with Configuration Manager: [Integrate Upgrade Readiness with System Center Configuration Manager](https://docs.microsoft.com/sccm/core/clients/manage/upgrade/upgrade-analytics). diff --git a/windows/deployment/windows-autopilot/existing-devices.md b/windows/deployment/windows-autopilot/existing-devices.md index 3d3883c068..a053db3c32 100644 --- a/windows/deployment/windows-autopilot/existing-devices.md +++ b/windows/deployment/windows-autopilot/existing-devices.md @@ -212,7 +212,7 @@ See the following examples. - Click **Next**. >[!NOTE] - >The Autopilot for existing devices task sequence will result in an Azure Active Directory Domain (AAD) joined device. The User State Migration Toolkit (USMT) does not support AAD joined devices. + >The Autopilot for existing devices task sequence will result in an Azure Active Directory Domain (AAD) joined device. The User State Migration Toolkit (USMT) does not support AAD joined or hybrid AAD joined devices. 7. On the Include Updates page, choose one of the three available options. This selection is optional. 8. On the Install applications page, add applications if desired. This is optional. diff --git a/windows/deployment/windows-autopilot/troubleshooting.md b/windows/deployment/windows-autopilot/troubleshooting.md index ece1531dec..dda5ad6943 100644 --- a/windows/deployment/windows-autopilot/troubleshooting.md +++ b/windows/deployment/windows-autopilot/troubleshooting.md @@ -26,20 +26,20 @@ Windows Autopilot is designed to simplify all parts of the Windows device lifecy Regardless of whether performing user-driven or self-deploying device deployments, the troubleshooting process is the mostly the same. It is useful to understand the flow for a specific device: -- Network connection established. This can be a wireless (Wi-fi) or wired (Ethernet) connection. -- Windows Autopilot profile downloaded. Whether using a wired connection or manually establishing a wireless connection, the Windows Autopilot profile will be downloaded from the Autopilot deployment service as soon as the network connection is in place. -- User authentication. When performing a user-driven deployment, the user will enter their Azure Active Directory credentials, which will be validated. -- Azure Active Directory join. For user-driven deployments, the device will be joined to Azure AD using the specified user credentials. For self-deploying scenarios, the device will be joined without specifying any user credentials. -- Automatic MDM enrollment. As part of the Azure AD join process, the device will enroll in the MDM service configured in Azure AD (e.g. Microsoft Intune). -- Settings are applied. If the [enrollment status page](enrollment-status.md) is configured, most settings will be applied while the enrollment status page is displayed. If not configured or available, settings will be applied after the user is signed in. +- Network connection established. This can be a wireless (Wi-fi) or wired (Ethernet) connection. +- Windows Autopilot profile downloaded. Whether using a wired connection or manually establishing a wireless connection, the Windows Autopilot profile will be downloaded from the Autopilot deployment service as soon as the network connection is in place. +- User authentication. When performing a user-driven deployment, the user will enter their Azure Active Directory credentials, which will be validated. +- Azure Active Directory join. For user-driven deployments, the device will be joined to Azure AD using the specified user credentials. For self-deploying scenarios, the device will be joined without specifying any user credentials. +- Automatic MDM enrollment. As part of the Azure AD join process, the device will enroll in the MDM service configured in Azure AD (e.g. Microsoft Intune). +- Settings are applied. If the [enrollment status page](enrollment-status.md) is configured, most settings will be applied while the enrollment status page is displayed. If not configured or available, settings will be applied after the user is signed in. For troubleshooting, key activities to perform are: -- Configuration. Has Azure Active Directory and Microsoft Intune (or an equivalent MDM service) been configured as specified in [Windows Autopilot configuration requirements](windows-autopilot-requirements.md)? -- Network connectivity. Can the device access the services described in [Windows Autopilot networking requirements](windows-autopilot-requirements.md)? -- Autopilot OOBE behavior. Were only the expected out-of-box experience screens displayed? Was the Azure AD credentials page customized with organization-specific details as expected? -- Azure AD join issues. Was the device able to join Azure Active Directory? -- MDM enrollment issues. Was the device able to enroll in Microsoft Intune (or an equivalent MDM service)? +- Configuration. Has Azure Active Directory and Microsoft Intune (or an equivalent MDM service) been configured as specified in [Windows Autopilot configuration requirements](windows-autopilot-requirements.md)? +- Network connectivity. Can the device access the services described in [Windows Autopilot networking requirements](windows-autopilot-requirements.md)? +- Autopilot OOBE behavior. Were only the expected out-of-box experience screens displayed? Was the Azure AD credentials page customized with organization-specific details as expected? +- Azure AD join issues. Was the device able to join Azure Active Directory? +- MDM enrollment issues. Was the device able to enroll in Microsoft Intune (or an equivalent MDM service)? ## Troubleshooting Autopilot OOBE issues @@ -109,7 +109,7 @@ When a profile is downloaded depends on the version of Windows 10 that is runnin | 1803 | The profile is downloaded as soon as possible. If wired, it is downloaded at the start of OOBE. If wireless, it is downloaded after the network connection page. | | 1809 | The profile is downloaded as soon as possible (same as 1803), and again after each reboot. | -If you need to reboot a computer during OOBE: +If you need to reboot a computer during OOBE: - Press Shift-F10 to open a command prompt. - Enter **shutdown /r /t 0** to restart immediately, or **shutdown /s /t 0** to shutdown immediately. diff --git a/windows/deployment/windows-autopilot/white-glove.md b/windows/deployment/windows-autopilot/white-glove.md index d0a2891d0c..642497fe48 100644 --- a/windows/deployment/windows-autopilot/white-glove.md +++ b/windows/deployment/windows-autopilot/white-glove.md @@ -38,6 +38,9 @@ In addition to [Windows Autopilot requirements](windows-autopilot-requirements.m - Physical devices that support TPM 2.0 and device attestation; virtual machines are not supported. The white glove provisioning process leverages Windows Autopilot self-deploying capabilities, hence the TPM 2.0 requirements. - Physical devices with Ethernet connectivity; Wi-fi connectivity is not supported due to the requirement to choose a language, locale, and keyboard to make that Wi-fi connection; doing that in a pre-provisioning process could prevent the user from choosing their own language, locale, and keyboard when they receive the device. +>[!IMPORTANT] +>Because the OEM or vendor performs the white glove process, this doesn’t require access to an end-user's on-prem domain infrastructure. This is unlike a typical hybrid Azure AD-joined scenario because rebooting the device is postponed. The device is resealed prior to the time when connectivity to a domain controller is expected, and the domain network is contacted when the device is unboxed on-prem by the end-user. + ## Preparation Devices slated for WG provisioning are registered for Autopilot via the normal registration process. diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md index 5ef4bd2feb..7058bc777e 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md @@ -28,19 +28,19 @@ Windows Autopilot depends on specific capabilities available in Windows 10, Azur - Windows 10 version 1703 (semi-annual channel) or higher is required. - The following editions are supported: - - Windows 10 Pro - - Windows 10 Pro Education - - Windows 10 Pro for Workstations - - Windows 10 Enterprise - - Windows 10 Education - - Windows 10 Enterprise 2019 LTSC + - Windows 10 Pro + - Windows 10 Pro Education + - Windows 10 Pro for Workstations + - Windows 10 Enterprise + - Windows 10 Education + - Windows 10 Enterprise 2019 LTSC ## Networking requirements Windows Autopilot depends on a variety of internet-based services. Access to these services must be provided for Autopilot to function properly. In the simplest case, enabling proper functionality can be achieved by ensuring the following: -- Ensure DNS name resolution for internet DNS names -- Allow access to all hosts via port 80 (HTTP), 443 (HTTPS), and 123 (UDP/NTP) +- Ensure DNS name resolution for internet DNS names +- Allow access to all hosts via port 80 (HTTP), 443 (HTTPS), and 123 (UDP/NTP) In environments that have more restrictive Internet access, or for those that require authentication before internet access can be obtained, additional configuration may be required to whitelist access to the required services. For additional details about each of these services and their specific requirements, review the following details: @@ -60,7 +60,7 @@ If the Delivery Optimization Service is inaccessible, the AutoPilot process will Network Time Protocol (NTP) SyncWhen a Windows device starts up, it will talk to a network time server to ensure that the time on the device is accurate. Ensure that UDP port 123 to time.windows.com is accessible. Domain Name Services (DNS)To resolve DNS names for all services, the device communicates with a DNS server, typically provided via DHCP.  This DNS server must be able to resolve internet names. -Diagnostics dataTo enable Windows Analytics and related diagnostics capabilities, see Configure Windows diagnostic data in your organization.
    +Diagnostics dataStarting in Windows 10, 1903, diagnostic data collection will be enabled by default. To disable Windows Analytics and related diagnostics capabilities, see Manage enterprise diagnostic data level.
    If diagnostic data cannot be sent, the Autopilot process will still continue, but services that depend on diagnostic data, such as Windows Analytics, will not work. Network Connection Status Indicator (NCSI)Windows must be able to tell that the device is able to access the internet. For more information, see Network Connection Status Indicator (NCSI). diff --git a/windows/hub/TOC.md b/windows/hub/TOC.md index a811ff7119..1b9bb407c6 100644 --- a/windows/hub/TOC.md +++ b/windows/hub/TOC.md @@ -1,4 +1,4 @@ -# [Windows 10 and Windows 10 Mobile](index.md) +# [Windows 10](index.md) ## [What's new](/windows/whats-new) ## [Release information](/windows/release-information) ## [Deployment](/windows/deployment) @@ -8,4 +8,4 @@ ## [Security](/windows/security) ## [Privacy](/windows/privacy) ## [Troubleshooting](/windows/client-management/windows-10-support-solutions) -## [Other Windows client versions](https://docs.microsoft.com/previous-versions/windows) \ No newline at end of file +## [Previous Windows versions](https://docs.microsoft.com/previous-versions/windows) diff --git a/windows/hub/index.md b/windows/hub/index.md index 805d3fa7cd..c9bfdfd89d 100644 --- a/windows/hub/index.md +++ b/windows/hub/index.md @@ -1,19 +1,22 @@ --- -title: Windows 10 and Windows 10 Mobile (Windows 10) -description: Find the latest how to and support content that IT pros need to evaluate, plan, deploy, secure and manage devices running Windows 10 or Windows 10 Mobile. +title: Windows 10 +description: Find the latest how to and support content that IT pros need to evaluate, plan, deploy, secure and manage devices running Windows 10. ms.assetid: 345A4B4E-BC1B-4F5C-9E90-58E647D11C60 ms.prod: w10 ms.localizationpriority: high -author: greg-lindsay ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.date: 10/02/2018 +ms.date: 07/16/2019 +ms.author: dansimp +ms.date: 09/03/2018 +ms.reviewer: dansimp +manager: dansimp --- -# Windows 10 and Windows 10 Mobile +# Windows 10 -Find the latest how to and support content that IT pros need to evaluate, plan, deploy, secure and manage devices running Windows 10 or Windows 10 Mobile. +Find the latest how to and support content that IT pros need to evaluate, plan, deploy, secure and manage devices running Windows 10.   @@ -26,28 +29,28 @@ Find the latest how to and support content that IT pros need to evaluate, plan, Read what's new in Windows 10
    What's New?
    - + Configure Windows 10 in your enterprise
    Configuration
    - + Windows 10 deployment
    Deployment
    -
    +
    Manage applications in your Windows 10 enterprise deployment -
    Application Management     +
    App Management -
    +
    Windows 10 client management
    Client Management     -
    +
    Windows 10 security
    Security     @@ -59,20 +62,8 @@ Find the latest how to and support content that IT pros need to evaluate, plan, ## Get to know Windows as a Service (WaaS) -![Get to know Windows as a Service (WaaS)](images/w10-WaaS-poster.png) - The Windows 10 operating system introduces a new way to build, deploy, and service Windows: Windows as a service. Microsoft has reimagined each part of the process, to simplify the lives of IT pros and maintain a consistent Windows 10 experience for its customers. These improvements focus on maximizing customer involvement in Windows development, simplifying the deployment and servicing of Windows client computers, and leveling out the resources needed to deploy and maintain Windows over time. -- [Read more about Windows as a Service](/windows/deployment/update/waas-overview) - - -## Related topics -[Windows 10 TechCenter](https://go.microsoft.com/fwlink/?LinkId=620009) - - -  - - -  +- [Read more about Windows as a Service](/windows/deployment/update/waas-overview) \ No newline at end of file diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md index 12db0fe2fe..b9d06453a0 100644 --- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md +++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md @@ -196,7 +196,7 @@ Microsoft believes in and practices information minimization. We strive to gathe ### Enterprise management -Sharing diagnostic data with Microsoft provides many benefits to enterprises, so we do not recommend turning it off. For most enterprise customers, simply adjusting the diagnostic data level and managing specific components is the best option. +Sharing diagnostic data with Microsoft is enabled by default on Windows 10, 1903 and later. Sharing this data provides many benefits to enterprises, so we do not recommend turning it off. For most enterprise customers, simply adjusting the diagnostic data level and managing specific components is the best option. Customers can set the diagnostic data level in both the user interface and with existing management tools. Users can change the diagnostic data level in the **Diagnostic data** setting. In the **Settings** app, in **Privacy** > **Diagnostics & feedback**. They can choose between Basic and Full. The Enhanced level will only be displayed as an option when Group Policy or Mobile Device Management (MDM) are invoked with this level. The Security level is not available. diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index 9f89972a1f..843d0975aa 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -9,7 +9,7 @@ ms.sitesec: library ms.localizationpriority: medium author: medgarmedgar ms.author: v-medgar -ms.date: 3/1/2019 +ms.date: 7/9/2019 --- # Manage connections from Windows operating system components to Microsoft services using Microsoft Intune MDM Server @@ -70,14 +70,15 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt | 14. Offline maps | [AllowOfflineMapsDownloadOverMeteredConnection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-maps)|Allows the download and update of map data over metered connections.
    **Set to 0 (zero)** | | [EnableOfflineMapsAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-maps#maps-enableofflinemapsautoupdate)|Disables the automatic download and update of map data. **Set to 0 (zero)** | 15. OneDrive | [DisableOneDriveFileSync](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-disableonedrivefilesync)| Allows IT Admins to prevent apps and features from working with files on OneDrive. **Set to 1 (one)** +| 15.1 Injest the ADMX | To get the latest OneDrive ADMX file you need an up-to-date Windows 10 client. | The ADMX files are located under the following path: %LocalAppData%\Microsoft\OneDrive\ there's a folder with the current OneDrive build (e.g. "18.162.0812.0001"). +| 15.2 Prevent Network Traffic before User SignIn | PreventNetworkTrafficPreUserSignIn | The OMA-URI value is: ./Device/Vendor/MSFT/Policy/Config/OneDriveNGSC\~Policy\~OneDriveNGSC/PreventNetworkTrafficPreUserSignIn | 16. Preinstalled apps | N/A | N/A | 17. Privacy settings | | Except for the Feedback & Diagnostics page, these settings must be configured for every user account that signs into the PC. | 17.1 General | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | This policy setting controls the ability to send inking and typing data to Microsoft. **Set to 0 (zero)** | 17.2 Location | [System/AllowLocation](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowlocation) | Specifies whether to allow app access to the Location service. **Set to 0 (zero)** | 17.3 Camera | [Camera/AllowCamera](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-camera#camera-allowcamera) | Disables or enables the camera. **Set to 0 (zero)** | 17.4 Microphone | [Privacy/LetAppsAccessMicrophone](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmicrophone) | Specifies whether Windows apps can access the microphone. **Set to 2 (two)** -| 17.5 Notifications | [Notifications/DisallowCloudNotification](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-notifications#notifications-disallowcloudnotification) | Turn off notifications network usage. **DO NOT TURN OFF WNS Notifications if you want manage your device(s) using Microsoft InTune** -| | [Privacy/LetAppsAccessNotifications](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessnotifications) | Specifies whether Windows apps can access notifications. **Set to 2 (two)** +| 17.5 Notifications | [Privacy/LetAppsAccessNotifications](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessnotifications) | Specifies whether Windows apps can access notifications. **Set to 2 (two)** | | [Settings/AllowOnlineTips]( https://docs.microsoft.com/windows/client-management/mdm/policy-csp-settings#settings-allowonlinetips) | Enables or disables the retrieval of online tips and help for the Settings app. **Set to Disabled** | 17.6 Speech, Inking, & Typing | [Privacy/AllowInputPersonalization](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | This policy specifies whether users on the device have the option to enable online speech recognition. **Set to 0 (zero)** | | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection)| This policy setting controls the ability to send inking and typing data to Microsoft **Set to 0 (zero)** @@ -106,13 +107,30 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt | | [Defender/SubmitSamplesConsent](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-submitsamplesconsent) | Stop sending file samples back to Microsoft. **Set to 2 (two)** | 23.1 Windows Defender Smartscreen | [Browser/AllowSmartScreen](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) | Disable Windows Defender Smartscreen. **Set to 0 (zero)** | 23.2 Windows Defender Smartscreen EnableAppInstallControl | [SmartScreen/EnableAppInstallControl](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol) | Controls whether users are allowed to install apps from places other than the Microsoft Store. **Set to 0 (zero)** +| 23.3 Windows Defender Potentially Unwanted Applications(PUA) Protection | [Defender/PUAProtection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-puaprotection) | Specifies the level of detection for potentially unwanted applications (PUAs). **Set to 1 (one)** | 24. Windows Spotlight | [Experience/AllowWindowsSpotlight](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsspotlight) | Disable Windows Spotlight. **Set to 0 (zero)** | 25. Microsoft Store | [ApplicationManagement/DisableStoreOriginatedApps](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-disablestoreoriginatedapps)| Boolean value that disables the launch of all apps from Microsoft Store that came pre-installed or were downloaded. **Set to 1 (one)** | | [ApplicationManagement/AllowAppStoreAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowappstoreautoupdate)| Specifies whether automatic update of apps from Microsoft Store are allowed. **Set to 0 (zero)** | 25.1 Apps for websites | [ApplicationDefaults/EnableAppUriHandlers](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationdefaults#applicationdefaults-enableappurihandlers) | This policy setting determines whether Windows supports web-to-app linking with app URI handlers. **Set to 0 (zero)** | 26. Windows Update Delivery Optimization | | The following Delivery Optimization MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). | | [DeliveryOptimization/DODownloadMode](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodownloadmode)| Lets you choose where Delivery Optimization gets or sends updates and apps. **Set to 100 (one hundred)** -| 27. Windows Update | [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) | Control automatic updates. **Set to 5 (five)** +| 27. Windows Update | [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) | Control automatic updates. **Set to 5 (five)** +| 27.1 Windows Update Allow Update Service | [Update/AllowUpdateService](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-allowupdateservice) | Specifies whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. **Set to 0 (zero)** +| 27.2 Windows Update Service URL| [Update/UpdateServiceUrl](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-updateserviceurl) | Allows the device to check for updates from a WSUS server instead of Microsoft Update. **Set to String** with this Value: + + + $CmdID$ + + + chr + text/plain + + + ./Vendor/MSFT/Policy/Config/Update/UpdateServiceUrl + + http://abcd-srv:8530 + + ### Allowed traffic ("Whitelisted traffic") for Microsoft InTune / MDM configurations diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 6130327341..a53d72a967 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -547,14 +547,7 @@ To turn off the Windows Mail app: ### 12. Microsoft Account -To prevent communication to the Microsoft Account cloud authentication service. Many apps and system components that depend on Microsoft Account authentication may lose functionality. Some of them could be in unexpected ways. For example, Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See [Feature updates are not being offered while other updates are](https://docs.microsoft.com/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are). - -- **Enable** the Group Policy: **Computer Configuration** > **Windows Settings** > **Security Settings** > **Local Policies** > **Security Options** > **Accounts: Block Microsoft Accounts** and set it to **Users can't add Microsoft accounts**. - - -or- - -- Create a REG_DWORD registry setting named **NoConnectedUser** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System** with a **value of 3**. - +Use the below setting to prevent communication to the Microsoft Account cloud authentication service. Many apps and system components that depend on Microsoft Account authentication may lose functionality. Some of them could be in unexpected ways. For example, Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See [Feature updates are not being offered while other updates are](https://docs.microsoft.com/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are). To disable the Microsoft Account Sign-In Assistant: @@ -604,9 +597,9 @@ For a complete list of the Microsoft Edge policies, see [Available policies for ### 14. Network Connection Status Indicator -Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to http://www.msftconnecttest.com/connecttest.txt to determine if the device can communicate with the Internet. For more info about NCSI, see [The Network Connection Status Icon](https://techcommunity.microsoft.com/t5/Networking-Blog/bg-p/NetworkingBlog). +Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to http://www.msftconnecttest.com/connecttest.txt to determine if the device can communicate with the Internet. See the [Microsoft Networking Blog](https://techcommunity.microsoft.com/t5/Networking-Blog/bg-p/NetworkingBlog) to learn more. -In versions of Windows 10 prior to Windows 10, version 1607 and Windows Server 2016, the URL was `http://www.msftncsi.com`. +In versions of Windows 10 prior to version 1607 and Windows Server 2016, the URL was `http://www.msftncsi.com/ncsi.txt`. You can turn off NCSI by doing one of the following: @@ -1149,7 +1142,7 @@ To turn off **Let apps access my call history**: ### 18.11 Email -In the **Email** area, you can choose which apps have can access and send email. +In the **Email** area, you can choose which apps have access and can send email. To turn off **Let apps access and send email**: diff --git a/windows/release-information/cat-windows-docs-pr - Shortcut.lnk b/windows/release-information/cat-windows-docs-pr - Shortcut.lnk deleted file mode 100644 index 1c599245a0..0000000000 Binary files a/windows/release-information/cat-windows-docs-pr - Shortcut.lnk and /dev/null differ diff --git a/windows/release-information/resolved-issues-windows-10-1507.yml b/windows/release-information/resolved-issues-windows-10-1507.yml index 1c510dd2e2..fcb44369bb 100644 --- a/windows/release-information/resolved-issues-windows-10-1507.yml +++ b/windows/release-information/resolved-issues-windows-10-1507.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -52,6 +53,15 @@ sections:
    " +- title: June 2019 +- items: + - type: markdown + text: " +
    SummaryOriginating updateStatusDate resolved
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		OS Build 10240.18244

    June 11, 2019
    KB4503291    		Resolved
    KB4507458    		July 09, 2019
    10:00 AM PT
    Unable to access some gov.uk websites
    gov.uk websites that don’t support “HSTS” may not be accessible

    See details >    		OS Build 10240.18215

    May 14, 2019
    KB4499154    		Resolved
    KB4505051    		May 19, 2019
    02:00 PM PT
    MSXML6 may cause applications to stop responding
    MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

    See details >    		OS Build 10240.18094

    January 08, 2019
    KB4480962    		Resolved
    KB4493475    		April 09, 2019
    10:00 AM PT
    Custom URI schemes may not start corresponding application
    Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

    See details >    		OS Build 10240.18158

    March 12, 2019
    KB4489872    		Resolved
    KB4493475    		April 09, 2019
    10:00 AM PT
    + +
    DetailsOriginating updateStatusHistory
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view, or create Custom Views in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4507458.

    Back to top    		OS Build 10240.18244

    June 11, 2019
    KB4503291    		Resolved
    KB4507458    		Resolved:
    July 09, 2019
    10:00 AM PT

    Opened:
    June 12, 2019
    11:11 AM PT
    + " + - title: May 2019 - items: - type: markdown diff --git a/windows/release-information/resolved-issues-windows-10-1607.yml b/windows/release-information/resolved-issues-windows-10-1607.yml index 49d7c93e32..f7a7113111 100644 --- a/windows/release-information/resolved-issues-windows-10-1607.yml +++ b/windows/release-information/resolved-issues-windows-10-1607.yml @@ -32,6 +32,8 @@ sections: - type: markdown text: " + + @@ -69,6 +71,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    Some applications may fail to run as expected on clients of AD FS 2016
    Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016)

    See details >    		OS Build 14393.2941

    April 25, 2019
    KB4493473    		Resolved
    KB4507459    		July 16, 2019
    10:00 AM PT
    Devices with Hyper-V enabled may receive BitLocker error 0xC0210000
    Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000.

    See details >    		OS Build 14393.2969

    May 14, 2019
    KB4494440    		Resolved
    KB4507460    		July 09, 2019
    10:00 AM PT
    Difficulty connecting to some iSCSI-based SANs
    Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

    See details >    		OS Build 14393.2999

    May 23, 2019
    KB4499177    		Resolved
    KB4509475    		June 27, 2019
    02:00 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Resolved
    KB4503294    		June 18, 2019
    02:00 PM PT
    Opening Internet Explorer 11 may fail
    Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

    See details >    		OS Build 14393.2999

    May 23, 2019
    KB4499177    		Resolved
    KB4503267    		June 11, 2019
    10:00 AM PT
    + @@ -80,6 +83,7 @@ sections: - type: markdown text: "
    DetailsOriginating updateStatusHistory
    Some applications may fail to run as expected on clients of AD FS 2016
    Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016) after installation of KB4493473 on the server. Applications that may exhibit this behavior use an IFRAME during non-interactive authentication requests and receive X-Frame Options set to DENY.

    Affected platforms:
    • Server: Windows Server 2016
    Resolution: This issue was resolved in KB4507459.

    Back to top    		OS Build 14393.2941

    April 25, 2019
    KB4493473    		Resolved
    KB4507459    		Resolved:
    July 16, 2019
    10:00 AM PT

    Opened:
    June 04, 2019
    05:55 PM PT
    Difficulty connecting to some iSCSI-based SANs
    Devices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing KB4499177. You may also receive an error in the System log section of Event Viewer with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
    • Server: Windows Server 2019; Windows Server 2016
    Resolution: This issue was resolved in KB4509475.

    Back to top    		OS Build 14393.2999

    May 23, 2019
    KB4499177    		Resolved
    KB4509475    		Resolved:
    June 27, 2019
    02:00 PM PT

    Opened:
    June 20, 2019
    04:46 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view, or create Custom Views in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4503294.

    Back to top    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Resolved
    KB4503294    		Resolved:
    June 18, 2019
    02:00 PM PT

    Opened:
    June 12, 2019
    11:11 AM PT
    Opening Internet Explorer 11 may fail
    Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server 2019; Windows Server 2016
    Resolution: This issue was resolved in KB4503267.

    Back to top    		OS Build 14393.2999

    May 23, 2019
    KB4499177    		Resolved
    KB4503267    		Resolved:
    June 11, 2019
    10:00 AM PT

    Opened:
    June 05, 2019
    05:49 PM PT
    + diff --git a/windows/release-information/resolved-issues-windows-10-1703.yml b/windows/release-information/resolved-issues-windows-10-1703.yml index 0d6b415ad8..30427c2a53 100644 --- a/windows/release-information/resolved-issues-windows-10-1703.yml +++ b/windows/release-information/resolved-issues-windows-10-1703.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: "
    DetailsOriginating updateStatusHistory
    Devices with Hyper-V enabled may receive BitLocker error 0xC0210000
    Some devices with Hyper-V enabled may enter BitLocker recovery mode and receive an error, \"0xC0210000\" after installing KB4494440 and restarting.

    Affected platforms:
    • Client: Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server 2016
    Resolution: This issue was resolved in KB4507460.

    Back to top    		OS Build 14393.2969

    May 14, 2019
    KB4494440    		Resolved
    KB4507460    		Resolved:
    July 09, 2019
    10:00 AM PT

    Opened:
    May 21, 2019
    08:50 AM PT
    Update not showing as applicable through WSUS or SCCM or when manually installed
    KB4494440 or later updates may not show as applicable through WSUS or SCCM to the affected platforms. When manually installing the standalone update from Microsoft Update Catalog, it may fail to install with the error, \"The update is not applicable to your computer.\"


    Affected platforms:
    • Client: Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server 2016

    Resolution: The servicing stack update (SSU) (KB4498947) must be installed before installing the latest cumulative update (LCU). The LCU will not be reported as applicable until the SSU is installed. For more information, see Servicing stack updates.

    Back to top    		OS Build 14393.2969

    May 14, 2019
    KB4494440    		Resolved
    KB4498947    		Resolved:
    May 14, 2019
    10:00 AM PT

    Opened:
    May 24, 2019
    04:20 PM PT
    Unable to access some gov.uk websites
    After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
    Resolution: We have released an \"optional, out-of-band\" update for Windows 10 (KB4505052) to resolve this issue. If you are affected, we recommend you apply this update by installing KB4505052 from Windows Update and then restarting your device.

    This update will not be applied automatically. To download and install this update, go to Settings > Update & Security > Windows Update and select Check for updates. To get the standalone package for KB4505052, search for it in the Microsoft Update Catalog.
     

    Back to top    		OS Build 14393.2969

    May 14, 2019
    KB4494440    		Resolved
    KB4505052    		Resolved:
    May 19, 2019
    02:00 PM PT

    Opened:
    May 16, 2019
    01:57 PM PT
    Layout and cell size of Excel sheets may change when using MS UI Gothic
    When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
    Resolution: This issue has been resolved.

    Back to top    		OS Build 14393.2941

    April 25, 2019
    KB4493473    		Resolved
    KB4494440    		Resolved:
    May 14, 2019
    10:00 AM PT

    Opened:
    May 10, 2019
    10:35 AM PT
    + @@ -47,8 +48,6 @@ sections: - -
    SummaryOriginating updateStatusDate resolved
    Devices with Hyper-V enabled may receive BitLocker error 0xC0210000
    Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000.

    See details >    		OS Build 15063.1805

    May 14, 2019
    KB4499181    		Resolved
    KB4507450    		July 09, 2019
    10:00 AM PT
    Difficulty connecting to some iSCSI-based SANs
    Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

    See details >    		OS Build 15063.1839

    May 28, 2019
    KB4499162    		Resolved
    KB4509476    		June 26, 2019
    04:00 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		OS Build 15063.1868

    June 11, 2019
    KB4503279    		Resolved
    KB4503289    		June 18, 2019
    02:00 PM PT
    Opening Internet Explorer 11 may fail
    Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

    See details >    		OS Build 15063.1839

    May 28, 2019
    KB4499162    		Resolved
    KB4503279    		June 11, 2019
    10:00 AM PT
    Applications using Microsoft Jet database and Access 95 file format stop working
    Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

    See details >    		OS Build 15063.1631

    February 12, 2019
    KB4487020    		Resolved
    KB4487011    		February 19, 2019
    02:00 PM PT
    Applications using Microsoft Jet database fail to open
    Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

    See details >    		OS Build 15063.1563

    January 08, 2019
    KB4480973    		Resolved
    KB4487020    		February 12, 2019
    10:00 AM PT
    Webpages become unresponsive in Microsoft Edge
    Microsoft Edge users report difficulty browsing and loading webpages.

    See details >    		OS Build 15063.1563

    January 08, 2019
    KB4480973    		Resolved
    KB4487020    		February 12, 2019
    10:00 AM PT
    SqlConnection instantiation exception on .NET 4.6 and later
    Instantiation of SqlConnection can throw an exception after certain updates have been installed.

    See details >    		OS Build 15063.1292

    August 30, 2018
    KB4343889    		Resolved
    KB4480959    		January 15, 2019
    10:00 AM PT
    Unable to access hotspots with third-party applications
    Third-party applications may have difficulty authenticating hotspots.

    See details >    		OS Build 15063.1563

    January 08, 2019
    KB4480973    		Resolved
    KB4480959    		January 15, 2019
    10:00 AM PT
    " @@ -75,6 +74,7 @@ sections: - type: markdown text: " +
    DetailsOriginating updateStatusHistory
    Devices with Hyper-V enabled may receive BitLocker error 0xC0210000
    Some devices with Hyper-V enabled may enter BitLocker recovery mode and receive an error, \"0xC0210000\" after installing KB4499181 and restarting.

    Affected platforms:
    • Client: Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server 2016
    Resolution: This issue was resolved in KB4507450.

    Back to top    		OS Build 15063.1805

    May 14, 2019
    KB4499181    		Resolved
    KB4507450    		Resolved:
    July 09, 2019
    10:00 AM PT

    Opened:
    May 21, 2019
    08:50 AM PT
    Unable to access some gov.uk websites
    After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
    Resolution: We have released an \"optional, out-of-band\" update for Windows 10 (KB4505055) to resolve this issue. If you are affected, we recommend you apply this update by installing KB4505055 from Windows Update and then restarting your device.

    This update will not be applied automatically. To download and install this update, go to Settings > Update & Security > Windows Update and select Check for updates. To get the standalone package for KB4505055, search for it in the Microsoft Update Catalog.
     

    Back to top    		OS Build 15063.1805

    May 14, 2019
    KB4499181    		Resolved
    KB4505055    		Resolved:
    May 19, 2019
    02:00 PM PT

    Opened:
    May 16, 2019
    01:57 PM PT
    Layout and cell size of Excel sheets may change when using MS UI Gothic
    When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
    Resolution: This issue has been resolved.

    Back to top    		OS Build 15063.1784

    April 25, 2019
    KB4493436    		Resolved
    KB4499181    		Resolved:
    May 14, 2019
    10:00 AM PT

    Opened:
    May 10, 2019
    10:35 AM PT
    @@ -111,15 +111,5 @@ sections:
    First character of the Japanese era name not recognized as an abbreviation
    After installing KB4480959, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4487011.

    Back to topOS Build 15063.1596

    January 15, 2019
    KB4480959Resolved
    KB4487011Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    January 15, 2019
    10:00 AM PT
    Applications using Microsoft Jet database fail to open
    Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, “Unrecognized Database Format”.

    Affected platforms:
    • Client: Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
    • Server: Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4487020.

    Back to topOS Build 15063.1563

    January 08, 2019
    KB4480973Resolved
    KB4487020Resolved:
    February 12, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    Webpages become unresponsive in Microsoft Edge
    After installing KB4480973, some Microsoft Edge users report that they:
    • Cannot load web pages using a local IP address.
    • Cannot load web pages on the Internet using a VPN connection.
    Browsing fails or the web page may become unresponsive.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
    Resolution: This issue is resolved in KB4486996

    Back to topOS Build 15063.1563

    January 08, 2019
    KB4480973Resolved
    KB4487020Resolved:
    February 12, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT -
    Unable to access hotspots with third-party applications
    After installing KB4480973, third-party applications may have difficulty authenticating hotspots.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
    Resolution: This issue is resolved in KB4480959.

    Back to topOS Build 15063.1563

    January 08, 2019
    KB4480973Resolved
    KB4480959Resolved:
    January 15, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT - - " - -- title: August 2018 -- items: - - type: markdown - text: " - -
    DetailsOriginating updateStatusHistory
    SqlConnection instantiation exception on .NET 4.6 and later
    After you install the August Preview of Quality Rollup or September 11, 2018 .NET Framework update, instantiation of SqlConnection can throw an exception.

    For more information about this issue, see the following article in the Microsoft Knowledge Base:
    4470809 SqlConnection instantiation exception on .NET 4.6 and later after August-September 2018 .NET Framework updates.

    Affected platforms:
    • Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
    • Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016
    Resolution: This issue is resolved in KB4480959.

    Back to top    		OS Build 15063.1292

    August 30, 2018
    KB4343889    		Resolved
    KB4480959    		Resolved:
    January 15, 2019
    10:00 AM PT

    Opened:
    August 30, 2018
    05:00 PM PT
    " diff --git a/windows/release-information/resolved-issues-windows-10-1709.yml b/windows/release-information/resolved-issues-windows-10-1709.yml index 850dcb03d2..b80a28eec7 100644 --- a/windows/release-information/resolved-issues-windows-10-1709.yml +++ b/windows/release-information/resolved-issues-windows-10-1709.yml @@ -49,8 +49,6 @@ sections:
    Internet Explorer may fail to load images
    Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

    See details >OS Build 16299.967

    February 12, 2019
    KB4486996Resolved
    KB4487021February 19, 2019
    02:00 PM PT
    Applications using Microsoft Jet database fail to open
    Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

    See details >OS Build 16299.904

    January 08, 2019
    KB4480978Resolved
    KB4486996February 12, 2019
    10:00 AM PT
    Webpages become unresponsive in Microsoft Edge
    Microsoft Edge users report difficulty browsing and loading webpages.

    See details >OS Build 16299.904

    January 08, 2019
    KB4480978Resolved
    KB4486996February 12, 2019
    10:00 AM PT -
    SqlConnection instantiation exception on .NET 4.6 and later
    Instantiation of SqlConnection can throw an exception after certain updates have been installed.

    See details >OS Build 16299.637

    August 30, 2018
    KB4343893Resolved
    KB4480967January 15, 2019
    10:00 AM PT -
    Unable to access hotspots with third-party applications
    Third-party applications may have difficulty authenticating hotspots.

    See details >OS Build 16299.904

    January 08, 2019
    KB4480978Resolved
    KB4480967January 15, 2019
    10:00 AM PT " @@ -123,15 +121,5 @@ sections:
    First character of the Japanese era name not recognized as an abbreviation
    After installing KB4480967, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4487021.

    Back to topOS Build 16299.936

    January 15, 2019
    KB4480967Resolved
    KB4487021Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    January 15, 2019
    10:00 AM PT
    Applications using Microsoft Jet database fail to open
    Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, “Unrecognized Database Format.”

    Affected platforms:
    • Client: Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
    • Server: Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
    Resolution: This issue is resolved in KB4486996.

    Back to topOS Build 16299.904

    January 08, 2019
    KB4480978Resolved
    KB4486996Resolved:
    February 12, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    Webpages become unresponsive in Microsoft Edge
    After installing KB4480978, some Microsoft Edge users report that they:
    • Cannot load web pages using a local IP address. 
    • Cannot load web pages on the Internet using a VPN connection.  
    Browsing fails or the web page may become unresponsive. 

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
    Resolution: This issue is resolved in KB4486996.

    Back to topOS Build 16299.904

    January 08, 2019
    KB4480978Resolved
    KB4486996Resolved:
    February 12, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT -
    Unable to access hotspots with third-party applications
    After installing KB4480978, third-party applications may have difficulty authenticating hotspots.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
    Resolution: This issue is resolved in KB4480967.

    Back to topOS Build 16299.904

    January 08, 2019
    KB4480978Resolved
    KB4480967Resolved:
    January 15, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT - - " - -- title: August 2018 -- items: - - type: markdown - text: " - -
    DetailsOriginating updateStatusHistory
    SqlConnection instantiation exception on .NET 4.6 and later
    After you install the August Preview of Quality Rollup or September 11, 2018 .NET Framework update, instantiation of SqlConnection can throw an exception.

    For more information about this issue, see the following article in the Microsoft Knowledge Base:
    4470809 SqlConnection instantiation exception on .NET 4.6 and later after August-September 2018 .NET Framework updates.

    Affected platforms:
    • Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
    • Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016
    Resolution: This issue is resolved in KB4480967.

    Back to top    		OS Build 16299.637

    August 30, 2018
    KB4343893    		Resolved
    KB4480967    		Resolved:
    January 15, 2019
    10:00 AM PT

    Opened:
    August 30, 2018
    05:00 PM PT
    " diff --git a/windows/release-information/resolved-issues-windows-10-1803.yml b/windows/release-information/resolved-issues-windows-10-1803.yml index df8d35b361..3353facc94 100644 --- a/windows/release-information/resolved-issues-windows-10-1803.yml +++ b/windows/release-information/resolved-issues-windows-10-1803.yml @@ -49,8 +49,6 @@ sections:
    Internet Explorer may fail to load images
    Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

    See details >OS Build 17134.590

    February 12, 2019
    KB4487017Resolved
    KB4487029February 19, 2019
    02:00 PM PT
    Applications using Microsoft Jet database and Access 95 file format stop working
    Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

    See details >OS Build 17134.523

    January 08, 2019
    KB4480966Resolved
    KB4487017February 12, 2019
    10:00 AM PT
    Webpages become unresponsive in Microsoft Edge
    Microsoft Edge users report difficulty browsing and loading webpages.

    See details >OS Build 17134.523

    January 08, 2019
    KB4480966Resolved
    KB4487017February 12, 2019
    10:00 AM PT -
    SqlConnection instantiation exception on .NET 4.6 and later
    After you install the August Preview of Quality Rollup or the September 11, 2018 .NET Framework update, instantiation of SqlConnection can throw an exception.

    See details >OS Build 17134.285

    September 11, 2018
    KB4457128Resolved
    KB4480976January 15, 2019
    10:00 AM PT -
    Unable to access hotspots with third-party applications
    Third-party applications may have difficulty authenticating hotspots.

    See details >OS Build 17134.523

    January 08, 2019
    KB4480966Resolved
    KB4480976January 15, 2019
    10:00 AM PT " @@ -122,7 +120,6 @@ sections:
    MSXML6 may cause applications to stop responding
    After installing KB4480966, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

    The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
    Resolution: This issue was resolved in KB4493464

    Back to topOS Build 17134.523

    January 08, 2019
    KB4480966Resolved
    KB4493464Resolved:
    April 09, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    Applications using Microsoft Jet database and Access 95 file format stop working
    Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working. 

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4487017.

    Back to topOS Build 17134.523

    January 08, 2019
    KB4480966Resolved
    KB4487017Resolved:
    February 12, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    Webpages become unresponsive in Microsoft Edge
    After installing KB4480966, some Microsoft Edge users report that they: 
    • Cannot load web pages using a local IP address. 
    • Cannot load web pages on the Internet using a VPN connection.  
    Browsing fails or the web page may become unresponsive. 

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
    Resolution: This issue is resolved in KB4487017

    Back to topOS Build 17134.523

    January 08, 2019
    KB4480966Resolved
    KB4487017Resolved:
    February 12, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT -
    Unable to access hotspots with third-party applications
    After installing KB4480966, third-party applications may have difficulty authenticating hotspots.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
    Resolution: This issue is resolved in KB4480976

    Back to topOS Build 17134.523

    January 08, 2019
    KB4480966Resolved
    KB4480976Resolved:
    January 15, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT " @@ -134,12 +131,3 @@ sections:
    Cannot pin a web link on the Start menu or the taskbar
    After installing KB4471324, some users cannot pin a web link on the Start menu or the taskbar. 

    Affected platforms:
    • Client: Windows 10, version 1803
    • Server: Windows Server, version 1803
    Resolution: This issue is resolved in KB4487029

    Back to topOS Build 17134.471

    December 11, 2018
    KB4471324Resolved
    KB4487029Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    December 11, 2018
    10:00 AM PT " - -- title: September 2018 -- items: - - type: markdown - text: " - - -
    DetailsOriginating updateStatusHistory
    SqlConnection instantiation exception on .NET 4.6 and later
    After you install the August Preview of Quality Rollup or September 11, 2018 .NET Framework update, instantiation of SqlConnection can throw an exception.  

    For more information about this issue, see the following article in the Microsoft Knowledge Base: 4470809, SqlConnection instantiation exception on .NET 4.6 and later after August-September 2018 .NET Framework updates.

    Affected platforms:
    • Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
    • Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016
    Resolution: This issue is resolved in KB4480976

    Back to top    		OS Build 17134.285

    September 11, 2018
    KB4457128    		Resolved
    KB4480976    		Resolved:
    January 15, 2019
    10:00 AM PT

    Opened:
    September 11, 2018
    10:00 AM PT
    - " diff --git a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml index b5d57f8c65..c3b5e984d1 100644 --- a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml @@ -58,7 +58,7 @@ sections:
    First character of the Japanese era name not recognized
    The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    See details >OS Build 17763.316

    February 12, 2019
    KB4487044Resolved
    KB4482887March 01, 2019
    10:00 AM PT
    Shared albums may not sync with iCloud for Windows
    Upgrade block: Apple has identified an incompatibility with iCloud for Windows (version 7.7.0.27) where users may experience issues updating or synching Shared Albums.

    See details >OS Build 17763.134

    November 13, 2018
    KB4467708Resolved
    KB4482887March 01, 2019
    10:00 AM PT
    Intel Audio Display (intcdaud.sys) notification during Windows 10 Setup
    Upgrade block: Users may see an Intel Audio Display (intcdaud.sys) notification during setup for devices with certain Intel Display Audio Drivers.

    See details >OS Build 17763.134

    November 13, 2018
    KB4467708Resolved
    KB4482887March 01, 2019
    10:00 AM PT -
    F5 VPN clients losing network connectivity
    Upgrade block: After updating to Window 10, version 1809, F5 VPN clients may lose network connectivity when the VPN service is in a split tunnel configuration.

    See details >OS Build 17763.134

    November 13, 2018
    KB4467708Resolved
    KB4482887March 01, 2019
    10:00 AM PT +
    F5 VPN clients losing network connectivity
    Upgrade block: After updating to Windows 10, version 1809, F5 VPN clients may lose network connectivity when the VPN service is in a split tunnel configuration.

    See details >OS Build 17763.134

    November 13, 2018
    KB4467708Resolved
    KB4482887March 01, 2019
    10:00 AM PT
    Webpages become unresponsive in Microsoft Edge
    Microsoft Edge users report difficulty browsing and loading webpages.

    See details >OS Build 17763.253

    January 08, 2019
    KB4480116Resolved
    KB4487044February 12, 2019
    10:00 AM PT
    Issues with lock screen and Microsoft Edge tabs for certain AMD Radeon video cards
    Upgrade block: Devices utilizing AMD Radeon HD2000 or HD4000 series video cards may experience issues with the lock screen and Microsoft Edge tabs.

    See details >OS Build 17763.134

    November 13, 2018
    KB4467708Resolved
    KB4487044February 12, 2019
    10:00 AM PT
    Trend Micro OfficeScan and Worry-Free Business Security AV software not compatible
    Upgrade block: Microsoft and Trend Micro identified a compatibility issue with the Trend Micro business endpoint security solutions OfficeScan and Worry-Free Business Security.

    See details >OS Build 17763.134

    November 13, 2018
    KB4467708Resolved
    February 01, 2019
    09:00 AM PT @@ -152,10 +152,10 @@ sections: text: " - + - - + +
    DetailsOriginating updateStatusHistory
    Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort
    Upgrade block: Microsoft has identified issues with certain new Intel display drivers. Intel inadvertently released versions of its display driver (versions 24.20.100.6344, 24.20.100.6345) to OEMs that accidentally turned on unsupported features in Windows. 
     
    As a result, after updating to Windows 10, version 1809, audio playback from a monitor or television connected to a PC via HDMI, USB-C, or a DisplayPort may not function correctly on devices with these drivers.
    Note: This Intel display driver issue is different from the Intel Smart Sound Technology driver (version 09.21.00.3755) audio issue previously documented.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
    • Server: Windows Server, version 1809; Windows Server 2019 
    Next steps: Intel has released updated drivers to OEM device manufacturers. OEMs need to make the updated driver available via Windows Update. For more information, see the Intel Customer Support article.

    Resolution: Microsoft has removed the safeguard hold.



    Back to top    		OS Build 17763.134

    November 13, 2018
    KB4467708    		Resolved
    		Resolved:
    May 21, 2019
    07:42 AM PT

    Opened:
    November 13, 2018
    10:00 AM PT
    Shared albums may not sync with iCloud for Windows
    Upgrade block: Users who attempt to install iCloud for Windows (version 7.7.0.27) will see a message displayed that this version iCloud for Windows isn't supported and the install will fail.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
    • Server: Windows Server, version 1809; Windows Server 2019
    To ensure a seamless experience, Microsoft is blocking devices with iCloud for Windows (version 7.7.0.27) software installed from being offered Window 10, version 1809 until this issue has been resolved. 

    We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool from the Microsoft software download website until this issue is resolved. 
     
    Resolution: Apple has released an updated version of iCloud for Windows (version 7.8.1) that resolves compatibility issues encountered when updating or synching Shared Albums after updating to Windows 10, version 1809. We recommend that you update your iCloud for Windows to version 7.8.1 when prompted before attempting to upgrade to Windows 10, version 1809. You can also manually download the latest version of iCloud for Windows by visiting https://support.apple.com/HT204283.

    Back to top    		OS Build 17763.134

    November 13, 2018
    KB4467708    		Resolved
    KB4482887    		Resolved:
    March 01, 2019
    10:00 AM PT

    Opened:
    November 13, 2018
    10:00 AM PT
    Shared albums may not sync with iCloud for Windows
    Upgrade block: Users who attempt to install iCloud for Windows (version 7.7.0.27) will see a message displayed that this version iCloud for Windows isn't supported and the install will fail.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
    • Server: Windows Server, version 1809; Windows Server 2019
    To ensure a seamless experience, Microsoft is blocking devices with iCloud for Windows (version 7.7.0.27) software installed from being offered Windows 10, version 1809 until this issue has been resolved. 

    We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool from the Microsoft software download website until this issue is resolved. 
     
    Resolution: Apple has released an updated version of iCloud for Windows (version 7.8.1) that resolves compatibility issues encountered when updating or synching Shared Albums after updating to Windows 10, version 1809. We recommend that you update your iCloud for Windows to version 7.8.1 when prompted before attempting to upgrade to Windows 10, version 1809. You can also manually download the latest version of iCloud for Windows by visiting https://support.apple.com/HT204283.

    Back to top    		OS Build 17763.134

    November 13, 2018
    KB4467708    		Resolved
    KB4482887    		Resolved:
    March 01, 2019
    10:00 AM PT

    Opened:
    November 13, 2018
    10:00 AM PT
    Intel Audio Display (intcdaud.sys) notification during Windows 10 Setup
    Upgrade block: Microsoft and Intel have identified a compatibility issue with a range of Intel Display Audio device drivers (intcdaud.sys, versions 10.25.0.3 - 10.25.0.8) that may result in excessive processor demand and reduced battery life. As a result, the update process to the Windows 10 October 2018 Update (Windows 10, version 1809) will fail and affected devices will automatically revert to the previous working configuration. 

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
    • Server: Windows Server, version 1809; Windows Server 2019
    If you see a \"What needs your attention\" notification during installation of the October 2018 Update, you have one of these affected drivers on your system. On the notification, click Back to remain on your current version of Windows 10. 
     
    To ensure a seamless experience, we are blocking devices from being offered the October 2018 Update until updated Intel device drivers are installed on your current operating system. We recommend that you do not attempt to manually update to Windows 10, version 1809, using the Update Now button or the Media Creation Tool from the Microsoft Software Download Center until newer Intel device drivers are available with the update. You can either wait for newer drivers to be installed automatically through Windows Update or check with your computer manufacturer for the latest device driver software availability and installation procedures. For more information about this issue, see Intel's customer support guidance.
     
    Resolution: This issue was resolved in KB4482887 and the upgrade block removed. 

    Back to top    		OS Build 17763.134

    November 13, 2018
    KB4467708    		Resolved
    KB4482887    		Resolved:
    March 01, 2019
    10:00 AM PT

    Opened:
    November 13, 2018
    10:00 AM PT
    F5 VPN clients losing network connectivity
    Upgrade block: After updating to Window 10, version 1809, F5 VPN clients may lose network connectivity when the VPN service is in a split tunnel configuration.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
    • Server: Windows Server, version 1809; Windows Server 2019
    Resolution: This issue was resolved in KB4482887 and the upgrade block removed. 

    Back to top    		OS Build 17763.134

    November 13, 2018
    KB4467708    		Resolved
    KB4482887    		Resolved:
    March 01, 2019
    10:00 AM PT

    Opened:
    November 13, 2018
    10:00 AM PT
    Issues with lock screen and Microsoft Edge tabs for certain AMD Radeon video cards
    Note: AMD no longer supports Radeon HD2000 and HD4000 series graphic processor units (GPUs).
     
    Upgrade block: After updating to Window 10, version 1809, Microsoft Edge tabs may stop working when a device is configured with AMD Radeon HD2000 or HD4000 series video cards. Customers may get the following error code: \"INVALID_POINTER_READ_c0000005_atidxx64.dll\". 
     
    Some users may also experience performance issues with the lock screen or the ShellExperienceHost. (The lock screen hosts widgets, and the ShellExperienceHost is responsible for assorted shell functionality.) 

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
    • Server: Windows Server, version 1809; Windows Server 2019
    Resolution: This issue was resolved in KB4487044, and the block was removed.

    Back to top    		OS Build 17763.134

    November 13, 2018
    KB4467708    		Resolved
    KB4487044    		Resolved:
    February 12, 2019
    10:00 AM PT

    Opened:
    November 13, 2018
    10:00 AM PT
    F5 VPN clients losing network connectivity
    Upgrade block: After updating to Windows 10, version 1809, F5 VPN clients may lose network connectivity when the VPN service is in a split tunnel configuration.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
    • Server: Windows Server, version 1809; Windows Server 2019
    Resolution: This issue was resolved in KB4482887 and the upgrade block removed. 

    Back to top    		OS Build 17763.134

    November 13, 2018
    KB4467708    		Resolved
    KB4482887    		Resolved:
    March 01, 2019
    10:00 AM PT

    Opened:
    November 13, 2018
    10:00 AM PT
    Issues with lock screen and Microsoft Edge tabs for certain AMD Radeon video cards
    Note: AMD no longer supports Radeon HD2000 and HD4000 series graphic processor units (GPUs).
     
    Upgrade block: After updating to Windows 10, version 1809, Microsoft Edge tabs may stop working when a device is configured with AMD Radeon HD2000 or HD4000 series video cards. Customers may get the following error code: \"INVALID_POINTER_READ_c0000005_atidxx64.dll\". 
     
    Some users may also experience performance issues with the lock screen or the ShellExperienceHost. (The lock screen hosts widgets, and the ShellExperienceHost is responsible for assorted shell functionality.) 

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
    • Server: Windows Server, version 1809; Windows Server 2019
    Resolution: This issue was resolved in KB4487044, and the block was removed.

    Back to top    		OS Build 17763.134

    November 13, 2018
    KB4467708    		Resolved
    KB4487044    		Resolved:
    February 12, 2019
    10:00 AM PT

    Opened:
    November 13, 2018
    10:00 AM PT
    Trend Micro OfficeScan and Worry-Free Business Security AV software not compatible
    Upgrade block: Microsoft and Trend Micro have identified a compatibility issue with Trend Micro's OfficeScan and Worry-Free Business Security software when attempting to update to Windows 10, version 1809.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
    • Server: Windows Server, version 1809; Windows Server 2019 
    Resolution: Trend Micro has released a new version of these products that resolves the issue. To download them, please visit the Trend Micro Business Support Portal.

    Once you have updated your version of Trend Micro's OfficeScan or Worry-Free Business Security software, you will be offered Windows 10, version 1809 automatically. 

    Back to top    		OS Build 17763.134

    November 13, 2018
    KB4467708    		Resolved
    		Resolved:
    February 01, 2019
    09:00 AM PT

    Opened:
    November 13, 2018
    10:00 AM PT
    " diff --git a/windows/release-information/resolved-issues-windows-10-1903.yml b/windows/release-information/resolved-issues-windows-10-1903.yml index 226786acae..6b4eeb59c5 100644 --- a/windows/release-information/resolved-issues-windows-10-1903.yml +++ b/windows/release-information/resolved-issues-windows-10-1903.yml @@ -1,10 +1,10 @@ ### YamlMime:YamlDocument documentType: LandingData -title: Resolved issues in Windows 10, version 1903 and Windows Server, vesion 1903 +title: Resolved issues in Windows 10, version 1903 and Windows Server, version 1903 metadata: document_id: - title: Resolved issues in Windows 10, version 1903 and Windows Server, vesion 1903 + title: Resolved issues in Windows 10, version 1903 and Windows Server, version 1903 description: Resolved issues in Windows 10, version 1903 and Windows Server 1903 keywords: ["Resolved issues in Windows 10", "Windows 10", "Windows 10, version 1903"] ms.localizationpriority: high @@ -32,6 +32,9 @@ sections: - type: markdown text: " + + + @@ -61,7 +64,10 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    Loss of functionality in Dynabook Smartphone Link app
    After updating to Windows 10, version 1903, you may experience a loss of functionality when using the Dynabook Smartphone Link application.

    See details >    		OS Build 18362.116

    May 20, 2019
    KB4505057    		Resolved
    		July 11, 2019
    01:54 PM PT
    Audio not working with Dolby Atmos headphones and home theater
    Users may experience audio loss with Dolby Atmos headphones or Dolby Atmos home theater.

    See details >    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Resolved
    		July 11, 2019
    01:53 PM PT
    Error attempting to update with external USB device or memory card attached
    PCs with an external USB device or SD memory card attached may get error: \"This PC can't be upgraded to Windows 10.\"

    See details >    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Resolved
    		July 11, 2019
    01:53 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		OS Build 18362.175

    June 11, 2019
    KB4503293    		Resolved
    KB4501375    		June 27, 2019
    10:00 AM PT
    Duplicate folders and documents showing in user profile directory
    If known folders (e.g. Desktop, Documents, or Pictures folders) are redirected, an empty folder with that same name may be created.

    See details >    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Resolved
    KB4497935    		May 29, 2019
    02:00 PM PT
    Older versions of BattlEye anti-cheat software incompatible
    Microsoft and BattlEye have identified a compatibility issue with some games that use older versions of BattlEye anti-cheat software.

    See details >    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Resolved
    		June 07, 2019
    04:26 PM PT
    - + + + + diff --git a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml index 2c5038bcff..1f8c14cf98 100644 --- a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml @@ -50,7 +50,6 @@ sections: -
    DetailsOriginating updateStatusHistory
    Duplicate folders and documents showing in user profile directory
    If you have redirected known folders (e.g. Desktop, Documents, or Pictures folders) you may see an empty folder with the same name in your %userprofile% directories after updating to Windows 10, version 1903. This may occur if known folders were redirected when you chose to back up your content to OneDrive using the OneDrive wizard, or if you chose to back up your content during the Windows Out-of-Box-Experience (OOBE). This may also occur if you redirected your known folders manually through the Properties dialog box in File Explorer. ​This issue does not cause any user files to be deleted and a solution is in progress.

    To safeguard your update experience, we have applied a quality hold on devices with redirected known folders from being offered Windows 10, version 1903, until this issue is resolved.

    Affected platforms:
    • Client: Windows 10, version 1903
    Resolution: This issue was resolved in KB4497935 and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Window 10, version 1903.
    (Posted June 11, 2019)

    Back to top    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Resolved
    KB4497935    		Resolved:
    May 29, 2019
    02:00 PM PT

    Opened:
    May 21, 2019
    07:16 AM PT
    Loss of functionality in Dynabook Smartphone Link app
    Some users may experience a loss of functionality after updating to Windows 10, version 1903 when using the Dynabook Smartphone Link application on Windows devices. Loss of functionality may affect the display of phone numbers in the Call menu and the ability to answer phone calls on the Windows PC.

    To safeguard your update experience, we have applied a compatibility hold on devices with Dynabook Smartphone Link from being offered Windows 10, version 1903, until this issue is resolved.

    Affected platforms:
    • Client: Windows 10, version 1903
    Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

    Back to top    		OS Build 18362.116

    May 20, 2019
    KB4505057    		Resolved
    		Resolved:
    July 11, 2019
    01:54 PM PT

    Opened:
    May 24, 2019
    03:10 PM PT
    Audio not working with Dolby Atmos headphones and home theater
    After updating to Windows 10, version 1903, you may experience loss of audio with Dolby Atmos for home theater (free extension) or Dolby Atmos for headphones (paid extension) acquired through the Microsoft Store due to a licensing configuration error.
     
    This occurs due to an issue with a Microsoft Store licensing component, where license holders are not able to connect to the Dolby Access app and enable Dolby Atmos extensions.
     
    To safeguard your update experience, we have applied protective hold on devices from being offered Windows 10, version 1903 until this issue is resolved. This configuration error will not result in loss of access for the acquired license once the problem is resolved.

    Affected platforms:
    • Client: Windows 10, version 1903
    Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

    Back to top    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Resolved
    		Resolved:
    July 11, 2019
    01:53 PM PT

    Opened:
    May 21, 2019
    07:16 AM PT
    Error attempting to update with external USB device or memory card attached
    If you have an external USB device or SD memory card attached when installing Windows 10, version 1903, you may get an error message stating \"This PC can't be upgraded to Windows 10.\" This is caused by inappropriate drive reassignment during installation.

    Sample scenario: An update to Windows 10, version 1903 is attempted on a computer that has a thumb drive inserted into its USB port. Before the update, the thumb drive is mounted in the system as drive G based on the existing drive configuration. After the feature update is installed; however, the device is reassigned a different drive letter (e.g., drive H).

    Note The drive reassignment is not limited to removable drives. Internal hard drives may also be affected.

    To safeguard your update experience, we have applied a hold on devices with an external USB device or SD memory card attached from being offered Windows 10, version 1903 until this issue is resolved.

    Affected platforms:
    • Client: Windows 10, version 1903
    Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

    Back to top    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Resolved
    		Resolved:
    July 11, 2019
    01:53 PM PT

    Opened:
    May 21, 2019
    07:38 AM PT
    Duplicate folders and documents showing in user profile directory
    If you have redirected known folders (e.g. Desktop, Documents, or Pictures folders) you may see an empty folder with the same name in your %userprofile% directories after updating to Windows 10, version 1903. This may occur if known folders were redirected when you chose to back up your content to OneDrive using the OneDrive wizard, or if you chose to back up your content during the Windows Out-of-Box-Experience (OOBE). This may also occur if you redirected your known folders manually through the Properties dialog box in File Explorer. ?This issue does not cause any user files to be deleted and a solution is in progress.

    To safeguard your update experience, we have applied a quality hold on devices with redirected known folders from being offered Windows 10, version 1903, until this issue is resolved.

    Affected platforms:
    • Client: Windows 10, version 1903
    Resolution: This issue was resolved in KB4497935 and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.
    (Posted June 11, 2019)

    Back to top    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Resolved
    KB4497935    		Resolved:
    May 29, 2019
    02:00 PM PT

    Opened:
    May 21, 2019
    07:16 AM PT
    Older versions of BattlEye anti-cheat software incompatible
    Microsoft and BattlEye have identified a compatibility issue with some games that use older versions of BattlEye anti-cheat software. When launching a game that uses an older, impacted version of BattlEye anti-cheat software on a device running Windows 10, version 1903, the device may experience a system crash.

    To safeguard your gaming experience, we have applied a compatibility hold on devices with the impacted versions of BattlEye software used by games installed on your PC. This will prevent Windows 10, version 1903 from being offered until the incompatible version of BattlEye software is no longer installed on the device. 

    Affected platforms:
    • Client: Windows 10, version 1903
    Workaround: Before updating your machine, we recommend you do one or more of the following:

    • Verify that your game is up to date with the latest available version of BattlEye software. Some game platforms allow you to validate your game files, which can confirm that your installation is fully up to date.
    • Restart your system and open the game again.
    • Uninstall BattlEye using https://www.battleye.com/downloads/UninstallBE.exe, and then reopen your game.
    • Uninstall and reinstall your game.
    Resolution: This issue was resolved externally by BattlEye for all known impacted games. For a list of recent games that use BattlEye, go to https://www.battleye.com/. We recommend following the workaround before updating to Windows 10, version 1903, as games with incompatible versions of BattleEye may fail to open after updating Windows. If you have confirmed your game is up to date and you have any issues with opening games related to a BattlEye error, please see https://www.battleye.com/support/faq/.

    Back to top    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Resolved
    		Resolved:
    June 07, 2019
    04:26 PM PT

    Opened:
    May 21, 2019
    07:34 AM PT
    AMD RAID driver incompatibility
    Microsoft and AMD have identified an incompatibility with AMD RAID driver versions earlier than 9.2.0.105. When you attempt to install the Windows 10, version 1903 update on a Windows 10-based computer with an affected driver version, the installation process stops and you get a message like the following:

    AMD Ryzen™ or AMD Ryzen™ Threadripper™ configured in SATA or NVMe RAID mode.

    “A driver is installed that causes stability problems on Windows. This driver will be disabled. Check with your software/driver provider for an updated version that runs on this version of Windows.”

     
    To safeguard your update experience, we have applied a compatibility hold on devices with these AMD drivers from being offered Windows 10, version 1903, until this issue is resolved.

    Affected platforms:
    • Client: Windows 10, version 1903
    Resolution: This issue has been resolved externally by AMD. To resolve this issue, you will need to download the latest AMD RAID drivers directly from AMD at https://www.amd.com/en/support/chipsets/amd-socket-tr4/x399. The drivers must be version 9.2.0.105 or later. Install the drivers on the affected computer, and then restart the installation process for the Windows 10, version 1903 feature update.
     
    Note The safeguard hold will remain in place on machines with the older AMD RAID drivers. We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until a new driver has been installed and the Windows 10, version 1903 feature update has been automatically offered to you.

    Back to top    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Resolved
    		Resolved:
    June 06, 2019
    11:06 AM PT

    Opened:
    May 21, 2019
    07:12 AM PT
    D3D applications and games may fail to enter full-screen mode on rotated displays
    Some Direct3D (D3D) applications and games (e.g., 3DMark) may fail to enter full-screen mode on displays where the display orientation has been changed from the default (e.g., a landscape display in portrait mode).

    Affected platforms:
    • Client: Windows 10, version 1903
    • Server: Windows Server, version 1903
    Resolution: This issue was resolved in KB4497935

    Back to top    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Resolved
    KB4497935    		Resolved:
    May 29, 2019
    02:00 PM PT

    Opened:
    May 21, 2019
    07:05 AM PT
    Internet Explorer may fail to load images
    Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

    See details >    		February 12, 2019
    KB4486563    		Resolved
    KB4486565    		February 19, 2019
    02:00 PM PT
    Applications using Microsoft Jet database and Access 95 file format stop working
    Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

    See details >    		February 12, 2019
    KB4486563    		Resolved
    KB4486565    		February 19, 2019
    02:00 PM PT
    Applications using Microsoft Jet database fail to open
    Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

    See details >    		January 08, 2019
    KB4480970    		Resolved
    KB4486563    		February 12, 2019
    10:00 AM PT
    Local Administrators unable to remotely access shares
    Local users who are part of the local Administrators group may not be able to remotely access shares on Windows Server 2008 R2 and Windows 7 machines.

    See details >    		January 08, 2019
    KB4480970    		Resolved
    KB4487345    		January 11, 2019
    02:00 PM PT
    " @@ -123,7 +122,6 @@ sections:
    Virtual machines fail to restore
    After installing KB4480970, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, “Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).”

    This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.

    Affected platforms: 
    • Client: Windows 8.1; Windows 7 SP1 
    • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4490511.

    Back to topJanuary 08, 2019
    KB4480970Resolved
    KB4490511Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    First character of the Japanese era name not recognized as an abbreviation
    After installing KB4480955, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    Affected platforms: 
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
    Resolution: This issue is resolved in KB4486565.

    Back to topJanuary 17, 2019
    KB4480955Resolved
    KB4486565Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    January 17, 2019
    10:00 AM PT
    Applications using Microsoft Jet database fail to open
    Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, “Unrecognized Database Format”.

    Affected Platforms:
    • Client: Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
    • Server: Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 

    Resolution: This issue is resolved in KB4486563.

    Back to topJanuary 08, 2019
    KB4480970Resolved
    KB4486563Resolved:
    February 12, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT -
    Local Administrators unable to remotely access shares
    Local users who are part of the local Administrators group may not be able to remotely access shares on Windows Server 2008 R2 and Windows 7 machines after installing KB4480970. This does not affect domain accounts in the local Administrators group.
     
    Affected platforms: 
    • Client: Windows 7 SP1 
    • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
    Resolution: This issue is resolved in KB4487345.

    Back to topJanuary 08, 2019
    KB4480970Resolved
    KB4487345Resolved:
    January 11, 2019
    02:00 PM PT

    Opened:
    January 08, 2019
    10:00 AM PT " diff --git a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml index 45706d7e3c..a4428a3d64 100644 --- a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml @@ -51,7 +51,6 @@ sections:
    First character of the Japanese era name not recognized as an abbreviation
    The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    See details >January 15, 2019
    KB4480969Resolved
    KB4487016February 19, 2019
    02:00 PM PT
    Internet Explorer may fail to load images
    Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

    See details >February 12, 2019
    KB4487000Resolved
    KB4487016February 19, 2019
    02:00 PM PT
    Applications using Microsoft Jet database fail to open
    Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

    See details >January 08, 2019
    KB4480963Resolved
    KB4487000February 12, 2019
    10:00 AM PT -
    Unable to access hotspots with third-party applications
    Third-party applications may have difficulty authenticating hotspots.

    See details >January 08, 2019
    KB4480963Resolved
    KB4480969January 15, 2019
    10:00 AM PT " @@ -126,6 +125,5 @@ sections:
    Virtual machines fail to restore
    After installing KB4480963, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, “Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).”

    This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.

    Affected platforms: 
    • Client: Windows 8.1; Windows 7 SP1 
    • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4490512.

    Back to topJanuary 08, 2019
    KB4480963Resolved
    KB4490512Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    First character of the Japanese era name not recognized as an abbreviation
    After installing KB4480969, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    Affected platforms: 
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
    Resolution: This issue is resolved in KB4487016.

    Back to topJanuary 15, 2019
    KB4480969Resolved
    KB4487016Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    January 15, 2019
    10:00 AM PT
    Applications using Microsoft Jet database fail to open
    Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, “Unrecognized Database Format”.

    Affected platforms: 
    • Client: Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
    • Server: Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
    Resolution: This issue is resolved in KB4487000.

    Back to topJanuary 08, 2019
    KB4480963Resolved
    KB4487000Resolved:
    February 12, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT -
    Unable to access hotspots with third-party applications
    After installing KB4480963, third-party applications may have difficulty authenticating hotspots.

    Affected platforms: 
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1 
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
    Resolution: This issue is resolved in KB4480969.

    Back to topJanuary 08, 2019
    KB4480963Resolved
    KB4480969Resolved:
    January 15, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT " diff --git a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml index 9d094123ba..31be3e66fc 100644 --- a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml +++ b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml @@ -42,7 +42,6 @@ sections:
    Virtual machines fail to restore
    Virtual machines (VMs) may fail to restore successfully if the VM has been saved and restored once before.

    See details >January 08, 2019
    KB4480968Resolved
    KB4490514February 19, 2019
    02:00 PM PT
    Applications using Microsoft Jet database and Access 95 file format stop working
    Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

    See details >February 12, 2019
    KB4487023Resolved
    KB4487022February 19, 2019
    02:00 PM PT
    Applications using Microsoft Jet database fail to open
    Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

    See details >January 08, 2019
    KB4480968Resolved
    KB4487023February 12, 2019
    10:00 AM PT -
    Local Administrators unable to remotely access shares
    Local users who are part of the local Administrators group may not be able to remotely access shares on Windows Server 2008 R2 and Windows 7 machines.

    See details >January 08, 2019
    KB4480968Resolved
    KB4487354January 11, 2019
    02:00 PM PT " @@ -100,6 +99,5 @@ sections:
    First character of the Japanese era name not recognized as an abbreviation
    After installing KB4480974, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4489880.

    Back to topJanuary 17, 2019
    KB4480974Resolved
    KB4489880Resolved:
    March 12, 2019
    10:00 AM PT

    Opened:
    January 17, 2019
    10:00 AM PT
    Virtual machines fail to restore
    After installing KB4480968, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, “Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).”

    This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.

    Affected platforms: 
    • Client: Windows 8.1; Windows 7 SP1 
    • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4490514.

    Back to topJanuary 08, 2019
    KB4480968Resolved
    KB4490514Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    Applications using Microsoft Jet database fail to open
    Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, “Unrecognized Database Format”.

    Affected platforms: 
    • Client: Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
    • Server: Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4487023.

    Back to topJanuary 08, 2019
    KB4480968Resolved
    KB4487023Resolved:
    February 12, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT -
    Local Administrators unable to remotely access shares
    Local users who are part of the local Administrators group may not be able to remotely access shares on Windows Server 2008 R2 and Windows 7 machines after installing KB4480968. This does not affect domain accounts in the local Administrators group.

    Affected platforms: 
    • Client: Windows 7 SP1 
    • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4487354.

    Back to topJanuary 08, 2019
    KB4480968Resolved
    KB4487354Resolved:
    January 11, 2019
    02:00 PM PT

    Opened:
    January 08, 2019
    10:00 AM PT " diff --git a/windows/release-information/resolved-issues-windows-server-2012.yml b/windows/release-information/resolved-issues-windows-server-2012.yml index 15736d25c5..678c8e0517 100644 --- a/windows/release-information/resolved-issues-windows-server-2012.yml +++ b/windows/release-information/resolved-issues-windows-server-2012.yml @@ -49,7 +49,6 @@ sections:
    First character of the Japanese era name not recognized as an abbreviation
    The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    See details >January 15, 2019
    KB4480971Resolved
    KB4487024February 19, 2019
    02:00 PM PT
    Applications using Microsoft Jet database and Access 95 file format stop working
    Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

    See details >February 12, 2019
    KB4487025Resolved
    KB4487024February 19, 2019
    02:00 PM PT
    Applications using Microsoft Jet database fail to open
    Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

    See details >January 08, 2019
    KB4480975Resolved
    KB4487025February 12, 2019
    10:00 AM PT -
    Unable to access hotspots with third-party applications
    Third-party applications may have difficulty authenticating hotspots.

    See details >January 08, 2019
    KB4480975Resolved
    KB4480971January 15, 2019
    10:00 AM PT " @@ -121,7 +120,6 @@ sections:
    Virtual machines fail to restore
    After installing KB4480975, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, \"Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).\"

    This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.

    Affected platforms: 
    • Client: Windows 8.1; Windows 7 SP1 
    • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4490516.

    Back to topJanuary 08, 2019
    KB4480975Resolved
    KB4490516Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    First character of the Japanese era name not recognized as an abbreviation
    After installing KB4480971, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4487024.

    Back to topJanuary 15, 2019
    KB4480971Resolved
    KB4487024Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    January 15, 2019
    10:00 AM PT
    Applications using Microsoft Jet database fail to open
    Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, \"Unrecognized Database Format\".

    Affected platforms: 
    • Client: Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
    • Server: Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4487025.

    Back to topJanuary 08, 2019
    KB4480975Resolved
    KB4487025Resolved:
    February 12, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT -
    Unable to access hotspots with third-party applications
    After installing KB4480975, third-party applications may have difficulty authenticating hotspots.

    Affected platforms: 
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1 
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
    Resolution: This issue is resolved in KB4480971.

    Back to topJanuary 08, 2019
    KB4480975Resolved
    KB4480971Resolved:
    January 15, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT " diff --git a/windows/release-information/status-windows-10-1507.yml b/windows/release-information/status-windows-10-1507.yml index 038724ee59..e81ad9523c 100644 --- a/windows/release-information/status-windows-10-1507.yml +++ b/windows/release-information/status-windows-10-1507.yml @@ -60,8 +60,8 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - +
    SummaryOriginating updateStatusLast updated
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		OS Build 10240.18244

    June 11, 2019
    KB4503291    		Mitigated
    		June 13, 2019
    02:21 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

    See details >    		OS Build 10240.18094

    January 08, 2019
    KB4480962    		Mitigated
    		April 25, 2019
    02:00 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		OS Build 10240.18244

    June 11, 2019
    KB4503291    		Resolved
    KB4507458    		July 09, 2019
    10:00 AM PT
    " @@ -77,7 +77,7 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view, or create Custom Views in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Workaround: To mitigate this issue, see KB4508640.

    Next steps: We are working on a resolution and estimate a solution will be available in late June.

    Back to top    		OS Build 10240.18244

    June 11, 2019
    KB4503291    		Mitigated
    		Last updated:
    June 13, 2019
    02:21 PM PT

    Opened:
    June 12, 2019
    11:11 AM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view, or create Custom Views in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4507458.

    Back to top    		OS Build 10240.18244

    June 11, 2019
    KB4503291    		Resolved
    KB4507458    		Resolved:
    July 09, 2019
    10:00 AM PT

    Opened:
    June 12, 2019
    11:11 AM PT
    " diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml index db44883cf7..02443f7e42 100644 --- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml +++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml @@ -60,16 +60,15 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - - + + + - -
    SummaryOriginating updateStatusLast updated
    Devices with Hyper-V enabled may receive BitLocker error 0xC0210000
    Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000

    See details >    		OS Build 14393.2969

    May 14, 2019
    KB4494440    		Mitigated
    		June 24, 2019
    10:46 AM PT
    Some applications may fail to run as expected on clients of AD FS 2016
    Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016)

    See details >    		OS Build 14393.2941

    April 25, 2019
    KB4493473    		Mitigated
    		June 07, 2019
    04:25 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Mitigated
    		July 10, 2019
    07:09 PM PT
    Cluster service may fail if the minimum password length is set to greater than 14
    The cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the Group Policy “Minimum Password Length” is configured with greater than 14 characters.

    See details >    		OS Build 14393.2639

    November 27, 2018
    KB4467684    		Mitigated
    		April 25, 2019
    02:00 PM PT
    SCVMM cannot enumerate and manage logical switches deployed on the host
    For hosts managed by System Center Virtual Machine Manager (VMM), VMM cannot enumerate and manage logical switches deployed on the host.

    See details >    		OS Build 14393.2639

    November 27, 2018
    KB4467684    		Mitigated
    		April 25, 2019
    02:00 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

    See details >    		OS Build 14393.2724

    January 08, 2019
    KB4480961    		Mitigated
    		April 25, 2019
    02:00 PM PT
    Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM
    Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.

    See details >    		OS Build 14393.2608

    November 13, 2018
    KB4467691    		Mitigated
    		February 19, 2019
    10:00 AM PT
    Some applications may fail to run as expected on clients of AD FS 2016
    Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016)

    See details >    		OS Build 14393.2941

    April 25, 2019
    KB4493473    		Resolved
    KB4507459    		July 16, 2019
    10:00 AM PT
    Devices with Hyper-V enabled may receive BitLocker error 0xC0210000
    Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000.

    See details >    		OS Build 14393.2969

    May 14, 2019
    KB4494440    		Resolved
    KB4507460    		July 09, 2019
    10:00 AM PT
    Difficulty connecting to some iSCSI-based SANs
    Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

    See details >    		OS Build 14393.2999

    May 23, 2019
    KB4499177    		Resolved
    KB4509475    		June 27, 2019
    02:00 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Resolved
    KB4503294    		June 18, 2019
    02:00 PM PT
    Opening Internet Explorer 11 may fail
    Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

    See details >    		OS Build 14393.2999

    May 23, 2019
    KB4499177    		Resolved
    KB4503267    		June 11, 2019
    10:00 AM PT
    Issue using PXE to start a device from WDS
    There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.

    See details >    		OS Build 14393.2848

    March 12, 2019
    KB4489882    		Resolved
    KB4503267    		June 11, 2019
    10:00 AM PT
    " @@ -80,15 +79,23 @@ sections:
    " +- title: July 2019 +- items: + - type: markdown + text: " + + +
    DetailsOriginating updateStatusHistory
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503267 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Workaround:
    To mitigate this issue on an SCCM server:
    1. Verify Variable Window Extension is enabled.
    2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
    Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

    To mitigate this issue on a WDS server without SCCM:
    1. In WDS TFTP settings, verify Variable Window Extension is enabled.
    2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
    3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
    Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Mitigated
    		Last updated:
    July 10, 2019
    07:09 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    + " + - title: June 2019 - items: - type: markdown text: " - + -
    DetailsOriginating updateStatusHistory
    Some applications may fail to run as expected on clients of AD FS 2016
    Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016) after installation of KB4493473 on the server. Applications that may exhibit this behavior use an IFRAME during non-interactive authentication requests and receive X-Frame Options set to DENY.

    Affected platforms:
    • Server: Windows Server 2016
    Workaround: You can use the Allow-From value of the header if the IFRAME is only accessing pages from a single-origin URL. On the affected server, open a PowerShell window as an administrator and run the following command: set-AdfsResponseHeaders -SetHeaderName X-Frame-Options -SetHeaderValue \"allow-from https://example.com\"

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 14393.2941

    April 25, 2019
    KB4493473    		Mitigated
    		Last updated:
    June 07, 2019
    04:25 PM PT

    Opened:
    June 04, 2019
    05:55 PM PT
    Some applications may fail to run as expected on clients of AD FS 2016
    Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016) after installation of KB4493473 on the server. Applications that may exhibit this behavior use an IFRAME during non-interactive authentication requests and receive X-Frame Options set to DENY.

    Affected platforms:
    • Server: Windows Server 2016
    Resolution: This issue was resolved in KB4507459.

    Back to top    		OS Build 14393.2941

    April 25, 2019
    KB4493473    		Resolved
    KB4507459    		Resolved:
    July 16, 2019
    10:00 AM PT

    Opened:
    June 04, 2019
    05:55 PM PT
    Difficulty connecting to some iSCSI-based SANs
    Devices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing KB4499177. You may also receive an error in the System log section of Event Viewer with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
    • Server: Windows Server 2019; Windows Server 2016
    Resolution: This issue was resolved in KB4509475.

    Back to top    		OS Build 14393.2999

    May 23, 2019
    KB4499177    		Resolved
    KB4509475    		Resolved:
    June 27, 2019
    02:00 PM PT

    Opened:
    June 20, 2019
    04:46 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view, or create Custom Views in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4503294.

    Back to top    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Resolved
    KB4503294    		Resolved:
    June 18, 2019
    02:00 PM PT

    Opened:
    June 12, 2019
    11:11 AM PT
    Opening Internet Explorer 11 may fail
    Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server 2019; Windows Server 2016
    Resolution: This issue was resolved in KB4503267.

    Back to top    		OS Build 14393.2999

    May 23, 2019
    KB4499177    		Resolved
    KB4503267    		Resolved:
    June 11, 2019
    10:00 AM PT

    Opened:
    June 05, 2019
    05:49 PM PT
    " @@ -97,16 +104,7 @@ sections: - type: markdown text: " - -
    DetailsOriginating updateStatusHistory
    Devices with Hyper-V enabled may receive BitLocker error 0xC0210000
    Some devices with Hyper-V enabled may enter BitLocker recovery mode and receive an error, \"0xC0210000\" after installing KB4494440 and restarting.

    Affected platforms:
    • Client: Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server 2016
    Workaround: If your device is already in this state, you can successfully start Windows after suspending BitLocker from the Windows Recovery Environment (WinRE) using the following steps:
    1. Retrieve the 48-digit BitLocker recovery password for the OS volume from your organization's portal or from wherever the key was stored when BitLocker was first enabled.
    2. From the recovery screen, press the enter key and enter the recovery password when prompted.
    3. If your device starts in the Windows Recovery Environment and asks for recovery key again, select Skip the drive to continue to WinRE.
    4. Select Advanced options then Troubleshoot then Advanced options then Command Prompt.
    5. Unlock drive using the command: Manage-bde -unlock c: -rp <48 digit numerical recovery password separated by “-“ in 6 digit group>
    6. Suspend BitLocker using the command: Manage-bde -protectors -disable c:
    7. Exit the command window using the command: exit
    8. Select Continue from recovery environment.
    9. The device should now start Windows.
    10. Once started, launch an elevated Command Prompt (i.e. run Command Prompt as administrator) and resume the BitLocker to ensure the system remains protected, using the command: Manage-bde -protectors -enable c:
    Note The steps in this workaround need to be followed on every system start unless BitLocker is suspended before restarting.

    To prevent this issue, execute the following command to temporarily suspend BitLocker just before restarting the system: Manage-bde -protectors -disable c: -rc 1
    Note This command will suspend BitLocker for one restart of the device (-rc 1 option only works inside OS and does not work from recovery environment).

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 14393.2969

    May 14, 2019
    KB4494440    		Mitigated
    		Last updated:
    June 24, 2019
    10:46 AM PT

    Opened:
    May 21, 2019
    08:50 AM PT
    - " - -- title: March 2019 -- items: - - type: markdown - text: " - - +
    DetailsOriginating updateStatusHistory
    Issue using PXE to start a device from WDS
    After installing KB4489882, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
    Resolution: This issue was resolved in KB4503267.

    Back to top    		OS Build 14393.2848

    March 12, 2019
    KB4489882    		Resolved
    KB4503267    		Resolved:
    June 11, 2019
    10:00 AM PT

    Opened:
    March 12, 2019
    10:00 AM PT
    Devices with Hyper-V enabled may receive BitLocker error 0xC0210000
    Some devices with Hyper-V enabled may enter BitLocker recovery mode and receive an error, \"0xC0210000\" after installing KB4494440 and restarting.

    Affected platforms:
    • Client: Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server 2016
    Resolution: This issue was resolved in KB4507460.

    Back to top    		OS Build 14393.2969

    May 14, 2019
    KB4494440    		Resolved
    KB4507460    		Resolved:
    July 09, 2019
    10:00 AM PT

    Opened:
    May 21, 2019
    08:50 AM PT
    " diff --git a/windows/release-information/status-windows-10-1703.yml b/windows/release-information/status-windows-10-1703.yml index 761911bdc5..7bc0807985 100644 --- a/windows/release-information/status-windows-10-1703.yml +++ b/windows/release-information/status-windows-10-1703.yml @@ -60,11 +60,10 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + -
    SummaryOriginating updateStatusLast updated
    Devices with Hyper-V enabled may receive BitLocker error 0xC0210000
    Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000

    See details >    		OS Build 15063.1805

    May 14, 2019
    KB4499181    		Mitigated
    		June 24, 2019
    10:46 AM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

    See details >    		OS Build 15063.1563

    January 08, 2019
    KB4480973    		Mitigated
    		April 25, 2019
    02:00 PM PT
    Devices with Hyper-V enabled may receive BitLocker error 0xC0210000
    Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000.

    See details >    		OS Build 15063.1805

    May 14, 2019
    KB4499181    		Resolved
    KB4507450    		July 09, 2019
    10:00 AM PT
    Difficulty connecting to some iSCSI-based SANs
    Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

    See details >    		OS Build 15063.1839

    May 28, 2019
    KB4499162    		Resolved
    KB4509476    		June 26, 2019
    04:00 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		OS Build 15063.1868

    June 11, 2019
    KB4503279    		Resolved
    KB4503289    		June 18, 2019
    02:00 PM PT
    Opening Internet Explorer 11 may fail
    Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

    See details >    		OS Build 15063.1839

    May 28, 2019
    KB4499162    		Resolved
    KB4503279    		June 11, 2019
    10:00 AM PT
    " @@ -82,7 +81,6 @@ sections: -
    DetailsOriginating updateStatusHistory
    Difficulty connecting to some iSCSI-based SANs
    Devices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing KB4499162. You may also receive an error in the System log section of Event Viewer with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
    • Server: Windows Server 2019; Windows Server 2016
    Resolution: This issue was resolved in KB4509476.

    Back to top    		OS Build 15063.1839

    May 28, 2019
    KB4499162    		Resolved
    KB4509476    		Resolved:
    June 26, 2019
    04:00 PM PT

    Opened:
    June 20, 2019
    04:46 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view, or create Custom Views in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4503289.

    Back to top    		OS Build 15063.1868

    June 11, 2019
    KB4503279    		Resolved
    KB4503289    		Resolved:
    June 18, 2019
    02:00 PM PT

    Opened:
    June 12, 2019
    11:11 AM PT
    Opening Internet Explorer 11 may fail
    Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server 2019; Windows Server 2016
    Resolution: This issue was resolved in KB4503279.

    Back to top    		OS Build 15063.1839

    May 28, 2019
    KB4499162    		Resolved
    KB4503279    		Resolved:
    June 11, 2019
    10:00 AM PT

    Opened:
    June 05, 2019
    05:49 PM PT
    " @@ -91,7 +89,7 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    Devices with Hyper-V enabled may receive BitLocker error 0xC0210000
    Some devices with Hyper-V enabled may enter BitLocker recovery mode and receive an error, \"0xC0210000\" after installing KB4499181 and restarting.

    Affected platforms:
    • Client: Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server 2016
    Workaround: If your device is already in this state, you can successfully start Windows after suspending BitLocker from the Windows Recovery Environment (WinRE) using the following steps:
    1. Retrieve the 48-digit BitLocker recovery password for the OS volume from your organization's portal or from wherever the key was stored when BitLocker was first enabled.
    2. From the recovery screen, press the enter key and enter the recovery password when prompted.
    3. If your device starts in the Windows Recovery Environment and asks for recovery key again, select Skip the drive to continue to WinRE.
    4. Select Advanced options then Troubleshoot then Advanced options then Command Prompt.
    5. Unlock drive using the command: Manage-bde -unlock c: -rp <48 digit numerical recovery password separated by “-“ in 6 digit group>
    6. Suspend BitLocker using the command: Manage-bde -protectors -disable c:
    7. Exit the command window using the command: exit
    8. Select Continue from recovery environment.
    9. The device should now start Windows.
    10. Once started, launch an elevated Command Prompt (i.e. run Command Prompt as administrator) and resume the BitLocker to ensure the system remains protected, using the command: Manage-bde -protectors -enable c:
    Note The steps in this workaround need to be followed on every system start unless BitLocker is suspended before restarting.

    To prevent this issue, execute the following command to temporarily suspend BitLocker just before restarting the system: Manage-bde -protectors -disable c: -rc 1
    Note This command will suspend BitLocker for one restart of the device (-rc 1 option only works inside OS and does not work from recovery environment).

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 15063.1805

    May 14, 2019
    KB4499181    		Mitigated
    		Last updated:
    June 24, 2019
    10:46 AM PT

    Opened:
    May 21, 2019
    08:50 AM PT
    Devices with Hyper-V enabled may receive BitLocker error 0xC0210000
    Some devices with Hyper-V enabled may enter BitLocker recovery mode and receive an error, \"0xC0210000\" after installing KB4499181 and restarting.

    Affected platforms:
    • Client: Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server 2016
    Resolution: This issue was resolved in KB4507450.

    Back to top    		OS Build 15063.1805

    May 14, 2019
    KB4499181    		Resolved
    KB4507450    		Resolved:
    July 09, 2019
    10:00 AM PT

    Opened:
    May 21, 2019
    08:50 AM PT
    " diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml index 3363497f79..181bfbf128 100644 --- a/windows/release-information/status-windows-10-1709.yml +++ b/windows/release-information/status-windows-10-1709.yml @@ -60,10 +60,10 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    + -
    SummaryOriginating updateStatusLast updated
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Mitigated
    		July 10, 2019
    07:09 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

    See details >    		OS Build 16299.904

    January 08, 2019
    KB4480978    		Mitigated
    		April 25, 2019
    02:00 PM PT
    Difficulty connecting to some iSCSI-based SANs
    Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

    See details >    		OS Build 16299.1182

    May 28, 2019
    KB4499147    		Resolved
    KB4509477    		June 26, 2019
    04:00 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved
    KB4503281    		June 18, 2019
    02:00 PM PT
    Opening Internet Explorer 11 may fail
    Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

    See details >    		OS Build 16299.1182

    May 28, 2019
    KB4499147    		Resolved
    KB4503284    		June 11, 2019
    10:00 AM PT
    " @@ -74,6 +74,15 @@ sections:
    " +- title: July 2019 +- items: + - type: markdown + text: " + + +
    DetailsOriginating updateStatusHistory
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503284 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Workaround:
    To mitigate this issue on an SCCM server:
    1. Verify Variable Window Extension is enabled.
    2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
    Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

    To mitigate this issue on a WDS server without SCCM:
    1. In WDS TFTP settings, verify Variable Window Extension is enabled.
    2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
    3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
    Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Mitigated
    		Last updated:
    July 10, 2019
    07:09 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    + " + - title: June 2019 - items: - type: markdown @@ -81,7 +90,6 @@ sections: -
    DetailsOriginating updateStatusHistory
    Difficulty connecting to some iSCSI-based SANs
    Devices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing KB4499147. You may also receive an error in the System log section of Event Viewer with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
    • Server: Windows Server 2019; Windows Server 2016
    Resolution: This issue was resolved in KB4509477.

    Back to top    		OS Build 16299.1182

    May 28, 2019
    KB4499147    		Resolved
    KB4509477    		Resolved:
    June 26, 2019
    04:00 PM PT

    Opened:
    June 20, 2019
    04:46 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view, or create Custom Views in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4503281.

    Back to top    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved
    KB4503281    		Resolved:
    June 18, 2019
    02:00 PM PT

    Opened:
    June 12, 2019
    11:11 AM PT
    Opening Internet Explorer 11 may fail
    Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server 2019; Windows Server 2016
    Resolution: This issue was resolved in KB4503284.

    Back to top    		OS Build 16299.1182

    May 28, 2019
    KB4499147    		Resolved
    KB4503284    		Resolved:
    June 11, 2019
    10:00 AM PT

    Opened:
    June 05, 2019
    05:49 PM PT
    " diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml index bbff4c0692..1f39a3eeff 100644 --- a/windows/release-information/status-windows-10-1803.yml +++ b/windows/release-information/status-windows-10-1803.yml @@ -60,11 +60,11 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    + -
    SummaryOriginating updateStatusLast updated
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Mitigated
    		July 10, 2019
    07:09 PM PT
    Startup to a black screen after installing updates
    Your device may startup to a black screen during the first logon after installing updates.

    See details >    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Mitigated
    		June 14, 2019
    04:41 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

    See details >    		OS Build 17134.523

    January 08, 2019
    KB4480966    		Mitigated
    		April 25, 2019
    02:00 PM PT
    Difficulty connecting to some iSCSI-based SANs
    Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

    See details >    		OS Build 17134.799

    May 21, 2019
    KB4499183    		Resolved
    KB4509478    		June 26, 2019
    04:00 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Resolved
    KB4503288    		June 18, 2019
    02:00 PM PT
    Opening Internet Explorer 11 may fail
    Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

    See details >    		OS Build 17134.799

    May 21, 2019
    KB4499183    		Resolved
    KB4503286    		June 11, 2019
    10:00 AM PT
    " @@ -75,6 +75,15 @@ sections:
    " +- title: July 2019 +- items: + - type: markdown + text: " + + +
    DetailsOriginating updateStatusHistory
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503286 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Workaround:
    To mitigate this issue on an SCCM server:
    1. Verify Variable Window Extension is enabled.
    2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
    Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

    To mitigate this issue on a WDS server without SCCM:
    1. In WDS TFTP settings, verify Variable Window Extension is enabled.
    2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
    3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
    Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Mitigated
    		Last updated:
    July 10, 2019
    07:09 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    + " + - title: June 2019 - items: - type: markdown @@ -83,7 +92,6 @@ sections:
    Startup to a black screen after installing updates
    We are investigating reports that a small number of devices may startup to a black screen during the first logon after installing updates.


    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803
    • Server: Windows Server 2019
    Workaround: To mitigate this issue, press Ctrl+Alt+Delete, then select the Power button in the lower right corner of the screen and select Restart. Your device should now restart normally.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to topOS Build 17134.829

    June 11, 2019
    KB4503286Mitigated
    Last updated:
    June 14, 2019
    04:41 PM PT

    Opened:
    June 14, 2019
    04:41 PM PT
    Difficulty connecting to some iSCSI-based SANs
    Devices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing KB4499183. You may also receive an error in the System log section of Event Viewer with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
    • Server: Windows Server 2019; Windows Server 2016
    Resolution: This issue was resolved in KB4509478.

    Back to topOS Build 17134.799

    May 21, 2019
    KB4499183Resolved
    KB4509478Resolved:
    June 26, 2019
    04:00 PM PT

    Opened:
    June 20, 2019
    04:46 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view, or create Custom Views in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4503288.

    Back to topOS Build 17134.829

    June 11, 2019
    KB4503286Resolved
    KB4503288Resolved:
    June 18, 2019
    02:00 PM PT

    Opened:
    June 12, 2019
    11:11 AM PT -
    Opening Internet Explorer 11 may fail
    Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server 2019; Windows Server 2016
    Resolution: This issue was resolved in KB4503286.

    Back to topOS Build 17134.799

    May 21, 2019
    KB4499183Resolved
    KB4503286Resolved:
    June 11, 2019
    10:00 AM PT

    Opened:
    June 05, 2019
    05:49 PM PT " diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index 0f816b4c0d..ef9a99126b 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -65,6 +65,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    + @@ -72,8 +73,6 @@ sections: - -
    SummaryOriginating updateStatusLast updated
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Mitigated
    		July 10, 2019
    07:09 PM PT
    Startup to a black screen after installing updates
    Your device may startup to a black screen during the first logon after installing updates.

    See details >    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Mitigated
    		June 14, 2019
    04:41 PM PT
    Devices with some Asian language packs installed may receive an error
    After installing the KB4493509 devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_F

    See details >    		OS Build 17763.437

    April 09, 2019
    KB4493509    		Mitigated
    		May 03, 2019
    10:59 AM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

    See details >    		OS Build 17763.253

    January 08, 2019
    KB4480116    		Mitigated
    		April 09, 2019
    10:00 AM PT
    Devices with Realtek Bluetooth radios drivers may not pair or connect as expected
    Devices with some Realtek Bluetooth radios drivers, in some circumstances, may have issues pairing or connecting to devices.

    See details >    		OS Build 17763.503

    May 14, 2019
    KB4494441    		Resolved
    KB4501371    		June 18, 2019
    02:00 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved
    KB4501371    		June 18, 2019
    02:00 PM PT
    Printing from Microsoft Edge or other UWP apps may result in the error 0x80070007
    Attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) apps, you may receive an error.

    See details >    		OS Build 17763.379

    March 12, 2019
    KB4489899    		Resolved
    KB4501371    		June 18, 2019
    02:00 PM PT
    Opening Internet Explorer 11 may fail
    Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

    See details >    		OS Build 17763.529

    May 21, 2019
    KB4497934    		Resolved
    KB4503327    		June 11, 2019
    10:00 AM PT
    Issue using PXE to start a device from WDS
    Using PXE to start a device from a WDS server configured to use Variable Window Extension may cause the connection to the WDS server to terminate prematurely.

    See details >    		OS Build 17763.379

    March 12, 2019
    KB4489899    		Resolved
    KB4503327    		June 11, 2019
    10:00 AM PT
    " @@ -84,6 +83,15 @@ sections:
    " +- title: July 2019 +- items: + - type: markdown + text: " + + +
    DetailsOriginating updateStatusHistory
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503327 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Workaround:
    To mitigate this issue on an SCCM server:
    1. Verify Variable Window Extension is enabled.
    2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
    Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

    To mitigate this issue on a WDS server without SCCM:
    1. In WDS TFTP settings, verify Variable Window Extension is enabled.
    2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
    3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
    Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Mitigated
    		Last updated:
    July 10, 2019
    07:09 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    + " + - title: June 2019 - items: - type: markdown @@ -93,7 +101,6 @@ sections:
    Difficulty connecting to some iSCSI-based SANs
    Devices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing KB4497934. You may also receive an error in the System log section of Event Viewer with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
    • Server: Windows Server 2019; Windows Server 2016
    Resolution: This issue was resolved in KB4509479.

    Back to topOS Build 17763.529

    May 21, 2019
    KB4497934Resolved
    KB4509479Resolved:
    June 26, 2019
    04:00 PM PT

    Opened:
    June 20, 2019
    04:46 PM PT
    Devices with Realtek Bluetooth radios drivers may not pair or connect as expected
    In some circumstances, devices with Realtek Bluetooth radios may have issues pairing or connecting to Bluetooth devices due to a driver issue.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
    • Server: Windows Server 2019
    Resolution: This issue was resolved in KB4501371.

    Back to topOS Build 17763.503

    May 14, 2019
    KB4494441Resolved
    KB4501371Resolved:
    June 18, 2019
    02:00 PM PT

    Opened:
    June 14, 2019
    05:45 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view, or create Custom Views in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4501371.

    Back to topOS Build 17763.557

    June 11, 2019
    KB4503327Resolved
    KB4501371Resolved:
    June 18, 2019
    02:00 PM PT

    Opened:
    June 12, 2019
    11:11 AM PT -
    Opening Internet Explorer 11 may fail
    Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server 2019; Windows Server 2016
    Resolution: This issue was resolved in KB4503327.

    Back to topOS Build 17763.529

    May 21, 2019
    KB4497934Resolved
    KB4503327Resolved:
    June 11, 2019
    10:00 AM PT

    Opened:
    June 05, 2019
    05:49 PM PT " @@ -107,15 +114,6 @@ sections: " -- title: March 2019 -- items: - - type: markdown - text: " - - -
    DetailsOriginating updateStatusHistory
    Issue using PXE to start a device from WDS
    After installing KB4489899, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension. 

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
    Resolution: This issue was resolved in KB4503327.

    Back to top    		OS Build 17763.379

    March 12, 2019
    KB4489899    		Resolved
    KB4503327    		Resolved:
    June 11, 2019
    10:00 AM PT

    Opened:
    March 12, 2019
    10:00 AM PT
    - " - - title: January 2019 - items: - type: markdown diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml index 98f91cde7b..88fff57f7a 100644 --- a/windows/release-information/status-windows-10-1903.yml +++ b/windows/release-information/status-windows-10-1903.yml @@ -21,8 +21,8 @@ sections: Find information on known issues for Windows 10, version 1903 and Windows Server, version 1903. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s). -
    Current status as of June 18, 2019:
    -
    Windows 10, version 1903 is available for any user who manually selects “Check for updates” via Windows Update for all devices that do not have a safeguard hold. If you are not offered the update, please check below for any known issues that may affect your device. The recommended servicing status is Semi-Annual Channel.

    We are now beginning to build and train the machine learning (ML) based rollout process to update devices running the April 2018 Update, and earlier versions of Windows 10, to ensure we can continue to service these devices and provide the latest updates, security updates and improvements.

    Note Follow @WindowsUpdate to find out when new content is published to the release information dashboard.
    +    		Current status as of July 16, 2019:
    +
    We are initiating the Windows 10 May 2019 Update for customers with devices that are at or nearing end of service and have not yet updated their device. Keeping these devices both supported and receiving monthly updates is critical to device security and ecosystem health. Based on the large number of devices running the April 2018 Update, that will reach the end of 18 months of service on November 12, 2019, we are starting the update process now for Home and Pro editions to help ensure adequate time for a smooth update process.

    Our update rollout process takes into consideration the scale and complexity of the Windows 10 ecosystem, with the many hardware, software, and app configuration options users have, to provide a seamless update experience for all users. We closely monitor update feedback to allow us to prioritize those devices likely to have a good update experience and quickly put safeguards on other devices while we address known issues. Windows 10 Home and Pro edition users will have the ability to pause the update for up to 35 days so they can choose a convenient time.

    The Windows 10 May 2019 Update is available for any user who manually selects “Check for updates” via Windows Update on a device that does not have a safeguard hold for issues already detected. If you are not offered the update, please check below for any known issues that may affect your device.

    We recommend commercial customers running earlier versions of Windows 10 begin targeted deployments of Windows 10, version 1903 to validate that the apps, devices, and infrastructure used by their organizations work as expected with the new release and features.

    Note Follow @WindowsUpdate to find out when new content is published to the release information dashboard.
    @@ -66,22 +66,21 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    + + - - + - + + + - - - -
    SummaryOriginating updateStatusLast updated
    The dGPU may occasionally disappear from device manager on Surface Book 2 with dGPU
    Some apps or games that needs to perform graphics intensive operations may close or fail to open on Surface Book 2 devices with Nvidia dGPU.

    See details >    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		July 16, 2019
    09:04 AM PT
    Initiating a Remote Desktop connection may result in black screen
    When initiating a Remote Desktop connection to devices with some older GPU drivers, you may receive a black screen.

    See details >    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		July 12, 2019
    04:42 PM PT
    Windows Sandbox may fail to start with error code “0x80070002”
    Windows Sandbox may fail to start with \"ERROR_FILE_NOT_FOUND (0x80070002)\" on devices in which the operating system language was changed between updates

    See details >    		OS Build 18362.116

    May 20, 2019
    KB4505057    		Investigating
    		June 10, 2019
    06:06 PM PT
    Loss of functionality in Dynabook Smartphone Link app
    After updating to Windows 10, version 1903, you may experience a loss of functionality when using the Dynabook Smartphone Link application.

    See details >    		OS Build 18362.116

    May 20, 2019
    KB4505057    		Investigating
    		May 24, 2019
    03:10 PM PT
    Display brightness may not respond to adjustments
    Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers.

    See details >    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Investigating
    		May 21, 2019
    04:47 PM PT
    Audio not working with Dolby Atmos headphones and home theater
    Users may experience audio loss with Dolby Atmos headphones or Dolby Atmos home theater.

    See details >    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Investigating
    		May 21, 2019
    07:17 AM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 18362.175

    June 11, 2019
    KB4503293    		Mitigated
    		July 10, 2019
    07:09 PM PT
    RASMAN service may stop working and result in the error “0xc0000005”
    The Remote Access Connection Manager (RASMAN) service may stop working and result in the error “0xc0000005” with VPN profiles configured as an Always On VPN connection.

    See details >    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Mitigated
    		July 01, 2019
    05:04 PM PT
    Error attempting to update with external USB device or memory card attached
    PCs with an external USB device or SD memory card attached may get error: \"This PC can't be upgraded to Windows 10.\"

    See details >    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Mitigated
    		June 11, 2019
    12:34 PM PT
    Gamma ramps, color profiles, and night light settings do not apply in some cases
    Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.

    See details >    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Mitigated
    		May 24, 2019
    11:02 AM PT
    Unable to discover or connect to Bluetooth devices
    Microsoft has identified compatibility issues with some versions of Realtek and Qualcomm Bluetooth radio drivers.

    See details >    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Mitigated
    		May 21, 2019
    04:48 PM PT
    Intel Audio displays an intcdaud.sys notification
    Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in battery drain.

    See details >    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Mitigated
    		May 21, 2019
    04:47 PM PT
    Cannot launch Camera app
    Microsoft and Intel have identified an issue affecting Intel RealSense SR300 or Intel RealSense S200 camera apps.

    See details >    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Mitigated
    		May 21, 2019
    04:47 PM PT
    Intermittent loss of Wi-Fi connectivity
    Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver.

    See details >    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Mitigated
    		May 21, 2019
    04:46 PM PT
    Loss of functionality in Dynabook Smartphone Link app
    After updating to Windows 10, version 1903, you may experience a loss of functionality when using the Dynabook Smartphone Link application.

    See details >    		OS Build 18362.116

    May 20, 2019
    KB4505057    		Resolved
    		July 11, 2019
    01:54 PM PT
    Audio not working with Dolby Atmos headphones and home theater
    Users may experience audio loss with Dolby Atmos headphones or Dolby Atmos home theater.

    See details >    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Resolved
    		July 11, 2019
    01:53 PM PT
    Error attempting to update with external USB device or memory card attached
    PCs with an external USB device or SD memory card attached may get error: \"This PC can't be upgraded to Windows 10.\"

    See details >    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Resolved
    		July 11, 2019
    01:53 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		OS Build 18362.175

    June 11, 2019
    KB4503293    		Resolved
    KB4501375    		June 27, 2019
    10:00 AM PT
    Duplicate folders and documents showing in user profile directory
    If known folders (e.g. Desktop, Documents, or Pictures folders) are redirected, an empty folder with that same name may be created.

    See details >    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Resolved
    KB4497935    		May 29, 2019
    02:00 PM PT
    Older versions of BattlEye anti-cheat software incompatible
    Microsoft and BattlEye have identified a compatibility issue with some games that use older versions of BattlEye anti-cheat software.

    See details >    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Resolved
    		June 07, 2019
    04:26 PM PT
    AMD RAID driver incompatibility
    Installation process may stop when trying to install Windows 10, version 1903 update on computers that run certain versions of AMD RAID drivers.

    See details >    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Resolved
    		June 06, 2019
    11:06 AM PT
    D3D applications and games may fail to enter full-screen mode on rotated displays
    Some Direct3D (D3D) applications and games may fail to enter full-screen mode on rotated displays.

    See details >    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Resolved
    KB4497935    		May 29, 2019
    02:00 PM PT
    " @@ -92,6 +91,17 @@ sections:
    " +- title: July 2019 +- items: + - type: markdown + text: " + + + + +
    DetailsOriginating updateStatusHistory
    The dGPU may occasionally disappear from device manager on Surface Book 2 with dGPU
    Microsoft has identified a compatibility issue on some Surface Book 2 devices configured with Nvidia discrete graphics processing unit (dGPU). After updating to Windows 10, version 1903 (May 2019 Feature Update), some apps or games that needs to perform graphics intensive operations may close or fail to open.

    To safeguard your update experience, we have applied a compatibility hold on Surface Book 2 devices with Nvidia dGPUs from being offered Windows 10, version 1903, until this issue is resolved.

    Affected platforms:
    • Client: Windows 10, version 1903
    Workaround: To mitigate the issue if you are already on Windows 10, version 1903, you can restart the device or select the Scan for hardware changes button in the Action menu or on the toolbar in Device Manager.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		Last updated:
    July 16, 2019
    09:04 AM PT

    Opened:
    July 12, 2019
    04:20 PM PT
    Initiating a Remote Desktop connection may result in black screen
    When initiating a Remote Desktop connection to devices with some older GPU drivers, you may receive a black screen. Any version of Windows may encounter this issue when initiating a Remote Desktop connection to a Windows 10, version 1903 device which is running an affected display driver, including the drivers for the Intel 4 series chipset integrated GPU (iGPU).

    Affected platforms:
    • Client: Windows 10, version 1903
    • Server: Windows Server, version 1903
    Next steps: We are working on a resolution that will be made available in upcoming release.

    Back to top    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		Last updated:
    July 12, 2019
    04:42 PM PT

    Opened:
    July 12, 2019
    04:42 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503293 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Workaround:
    To mitigate this issue on an SCCM server:
    1. Verify Variable Window Extension is enabled.
    2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
    Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

    To mitigate this issue on a WDS server without SCCM:
    1. In WDS TFTP settings, verify Variable Window Extension is enabled.
    2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
    3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
    Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 18362.175

    June 11, 2019
    KB4503293    		Mitigated
    		Last updated:
    July 10, 2019
    07:09 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    + " + - title: June 2019 - items: - type: markdown @@ -108,18 +118,14 @@ sections: text: " - - - - + - - - - + + +
    DetailsOriginating updateStatusHistory
    Windows Sandbox may fail to start with error code “0x80070002”
    Windows Sandbox may fail to start with \"ERROR_FILE_NOT_FOUND (0x80070002)\" on devices in which the operating system language is changed during the update process when installing Windows 10, version 1903.

    Affected platforms:
    • Client: Windows 10, version 1903
    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 18362.116

    May 20, 2019
    KB4505057    		Investigating
    		Last updated:
    June 10, 2019
    06:06 PM PT

    Opened:
    May 24, 2019
    04:20 PM PT
    Loss of functionality in Dynabook Smartphone Link app
    Some users may experience a loss of functionality after updating to Windows 10, version 1903 when using the Dynabook Smartphone Link application on Windows devices. Loss of functionality may affect the display of phone numbers in the Call menu and the ability to answer phone calls on the Windows PC.

    To safeguard your update experience, we have applied a compatibility hold on devices with Dynabook Smartphone Link from being offered Windows 10, version 1903, until this issue is resolved.

    Affected platforms:
    • Client: Windows 10, version 1903
    Next steps: Microsoft and Dynabook are working on a resolution; the Dynabook Smartphone Link application may have a loss of functionality until this issue is resolved.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Back to top    		OS Build 18362.116

    May 20, 2019
    KB4505057    		Investigating
    		Last updated:
    May 24, 2019
    03:10 PM PT

    Opened:
    May 24, 2019
    03:10 PM PT
    Display brightness may not respond to adjustments
    Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers. After updating to Window 10, version 1903, brightness settings may sometime appear as if changes applied took effect, yet the actual display brightness doesn't change.

    To safeguard your update experience, we have applied a compatibility hold on devices with certain Intel drivers from being offered Windows 10, version 1903, until this issue is resolved.

    Affected platforms:
    • Client: Windows 10, version 1903
    Workaround: Restart your device to apply changes to brightness.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Next steps: We are working on a resolution that will be made available in upcoming release.

    Back to top    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Investigating
    		Last updated:
    May 21, 2019
    04:47 PM PT

    Opened:
    May 21, 2019
    07:56 AM PT
    Audio not working with Dolby Atmos headphones and home theater
    After updating to Windows 10, version 1903, you may experience loss of audio with Dolby Atmos for home theater (free extension) or Dolby Atmos for headphones (paid extension) acquired through the Microsoft Store due to a licensing configuration error.
     
    This occurs due to an issue with a Microsoft Store licensing component, where license holders are not able to connect to the Dolby Access app and enable Dolby Atmos extensions.
     
    To safeguard your update experience, we have applied protective hold on devices from being offered Windows 10, version 1903 until this issue is resolved. This configuration error will not result in loss of access for the acquired license once the problem is resolved.

    Affected platforms:
    • Client: Windows 10, version 1903
    Next steps: We are working on a resolution for Microsoft Store and estimate a solution will be available in mid-June.
    Note We recommend you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved. 

    Back to top    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Investigating
    		Last updated:
    May 21, 2019
    07:17 AM PT

    Opened:
    May 21, 2019
    07:16 AM PT
    Error attempting to update with external USB device or memory card attached
    If you have an external USB device or SD memory card attached when installing Windows 10, version 1903, you may get an error message stating \"This PC can't be upgraded to Windows 10.\" This is caused by inappropriate drive reassignment during installation.

    Sample scenario: An update to Windows 10, version 1903 is attempted on a computer that has a thumb drive inserted into its USB port. Before the update, the thumb drive is mounted in the system as drive G based on the existing drive configuration. After the feature update is installed; however, the device is reassigned a different drive letter (e.g., drive H).

    Note The drive reassignment is not limited to removable drives. Internal hard drives may also be affected.

    To safeguard your update experience, we have applied a hold on devices with an external USB device or SD memory card attached from being offered Windows 10, version 1903 until this issue is resolved.

    Affected platforms:
    • Client: Windows 10, version 1903
    Workaround: This issue has been partially resolved but to ensure seamless update experience, the safeguard hold is still in place. In the short term, we recommend you do the following workaround to update to Windows 10, version 1903. Remove all external media, such as USB devices and SD cards, from your computer and restart installation of the Windows 10, version 1903 feature update. The update should then proceed normally.

    Note If you need to keep your external device, SD memory card, or other devices attached to your computer while updating, we recommend that you do not attempt to manually update to Windows 10, version 1903 using the Update now button or the Media Creation Tool until this issue has been resolved.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Mitigated
    		Last updated:
    June 11, 2019
    12:34 PM PT

    Opened:
    May 21, 2019
    07:38 AM PT
    Display brightness may not respond to adjustments
    Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers. After updating to Windows 10, version 1903, brightness settings may sometime appear as if changes applied took effect, yet the actual display brightness doesn't change.

    To safeguard your update experience, we have applied a compatibility hold on devices with certain Intel drivers from being offered Windows 10, version 1903, until this issue is resolved.

    Affected platforms:
    • Client: Windows 10, version 1903
    Workaround: Restart your device to apply changes to brightness.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Next steps: We are working on a resolution that will be made available in upcoming release.

    Back to top    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Investigating
    		Last updated:
    May 21, 2019
    04:47 PM PT

    Opened:
    May 21, 2019
    07:56 AM PT
    Gamma ramps, color profiles, and night light settings do not apply in some cases
    Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.

    Microsoft has identified some scenarios where night light settings may stop working, for example:
    • Connecting to (or disconnecting from) an external monitor, dock, or projector
    • Rotating the screen
    • Updating display drivers or making other display mode changes
    • Closing full screen applications
    • Applying custom color profiles
    • Running applications that rely on custom gamma ramps
    Affected platforms:
    • Client: Windows 10, version 1903
    Workaround: If you find that your night light has stopped working, try turning the night light off and on, or restarting your computer. For other color setting issues, restart your computer to correct the issue.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Mitigated
    		Last updated:
    May 24, 2019
    11:02 AM PT

    Opened:
    May 21, 2019
    07:28 AM PT
    Unable to discover or connect to Bluetooth devices
    Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek and Qualcomm. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek or Qualcomm Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.

    Affected platforms:
    • Client: Windows 10, version 1903
    • Server: Windows Server, version 1903
    Workaround: Check with your device manufacturer (OEM) to see if an updated driver is available and install it.

    • For Qualcomm drivers, you will need to install a driver version greater than 10.0.1.11.
    • For Realtek drivers, you will need to install a driver version greater than 1.5.1011.0.
    Note Until an updated driver has been installed, we recommend you do not attempt to manually update using the Update now button or the Media Creation Tool. 

    Next steps: Microsoft is working with Realtek and Qualcomm to release new drivers for all affected system via Windows Update.  


    Back to top    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Mitigated
    		Last updated:
    May 21, 2019
    04:48 PM PT

    Opened:
    May 21, 2019
    07:29 AM PT
    Intel Audio displays an intcdaud.sys notification
    Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in higher than normal battery drain. If you see an intcdaud.sys notification or “What needs your attention” notification when trying to update to Windows 10, version 1903, you have an affected Intel Audio Display device driver installed on your machine (intcdaud.sys, versions 10.25.0.3 through 10.25.0.8).
      
    To safeguard your update experience, we have applied a compatibility hold on devices with drivers from being offered Windows 10, version 1903 until updated device drivers have been installed.

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809
    Workaround:
    On the “What needs your attention\" notification, click the Back button to remain on your current version of Windows 10. (Do not click Confirm as this will proceed with the update and you may experience compatibility issues.) Affected devices will automatically revert to the previous working configuration.

    For more information, see Intel's customer support guidance and the Microsoft knowledge base article KB4465877.

    Note We recommend you do not attempt to update your devices until newer device drivers are installed.

    Next steps: You can opt to wait for newer drivers to be installed automatically through Windows Update or check with the computer manufacturer for the latest device driver software availability and installation procedures.

    Back to top    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Mitigated
    		Last updated:
    May 21, 2019
    04:47 PM PT

    Opened:
    May 21, 2019
    07:22 AM PT
    Cannot launch Camera app
    Microsoft and Intel have identified an issue affecting Intel RealSense SR300 and Intel RealSense S200 cameras when using the Camera app. After updating to the Windows 10 May 2019 Update and launching the Camera app, you may get an error message stating:

    \"Close other apps, error code: 0XA00F4243.”


    To safeguard your update experience, we have applied a protective hold on machines with Intel RealSense SR300 or Intel RealSense S200 cameras installed from being offered Windows 10, version 1903, until this issue is resolved.

    Affected platforms:
    • Client: Windows 10, version 1903
    Workaround: To temporarily resolve this issue, perform one of the following:

    • Unplug your camera and plug it back in.

    or

    • Disable and re-enable the driver in Device Manager. In the Search box, type \"Device Manager\" and press Enter. In the Device Manager dialog box, expand Cameras, then right-click on any RealSense driver listed and select Disable device. Right click on the driver again and select Enable device.

    or

    • Restart the RealSense service. In the Search box, type \"Task Manager\" and hit Enter. In the Task Manager dialog box, click on the Services tab, right-click on RealSense, and select Restart
    Note This workaround will only resolve the issue until your next system restart.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Mitigated
    		Last updated:
    May 21, 2019
    04:47 PM PT

    Opened:
    May 21, 2019
    07:20 AM PT
    Intermittent loss of Wi-Fi connectivity
    Some older computers may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. An updated Wi-Fi driver should be available from your device manufacturer (OEM).

    To safeguard your upgrade experience, we have applied a hold on devices with this Qualcomm driver from being offered Windows 10, version 1903, until the updated driver is installed.

    Affected platforms:
    • Client: Windows 10, version 1903
    Workaround: Download and install an updated Wi-Fi driver from your device manufacturer (OEM).
     
    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until a new driver has been installed and the Windows 10, version 1903 feature update has been automatically offered to you.

    Back to top    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Mitigated
    		Last updated:
    May 21, 2019
    04:46 PM PT

    Opened:
    May 21, 2019
    07:13 AM PT
    Duplicate folders and documents showing in user profile directory
    If you have redirected known folders (e.g. Desktop, Documents, or Pictures folders) you may see an empty folder with the same name in your %userprofile% directories after updating to Windows 10, version 1903. This may occur if known folders were redirected when you chose to back up your content to OneDrive using the OneDrive wizard, or if you chose to back up your content during the Windows Out-of-Box-Experience (OOBE). This may also occur if you redirected your known folders manually through the Properties dialog box in File Explorer. ​This issue does not cause any user files to be deleted and a solution is in progress.

    To safeguard your update experience, we have applied a quality hold on devices with redirected known folders from being offered Windows 10, version 1903, until this issue is resolved.

    Affected platforms:
    • Client: Windows 10, version 1903
    Resolution: This issue was resolved in KB4497935 and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Window 10, version 1903.
    (Posted June 11, 2019)

    Back to top    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Resolved
    KB4497935    		Resolved:
    May 29, 2019
    02:00 PM PT

    Opened:
    May 21, 2019
    07:16 AM PT
    Older versions of BattlEye anti-cheat software incompatible
    Microsoft and BattlEye have identified a compatibility issue with some games that use older versions of BattlEye anti-cheat software. When launching a game that uses an older, impacted version of BattlEye anti-cheat software on a device running Windows 10, version 1903, the device may experience a system crash.

    To safeguard your gaming experience, we have applied a compatibility hold on devices with the impacted versions of BattlEye software used by games installed on your PC. This will prevent Windows 10, version 1903 from being offered until the incompatible version of BattlEye software is no longer installed on the device. 

    Affected platforms:
    • Client: Windows 10, version 1903
    Workaround: Before updating your machine, we recommend you do one or more of the following:

    • Verify that your game is up to date with the latest available version of BattlEye software. Some game platforms allow you to validate your game files, which can confirm that your installation is fully up to date.
    • Restart your system and open the game again.
    • Uninstall BattlEye using https://www.battleye.com/downloads/UninstallBE.exe, and then reopen your game.
    • Uninstall and reinstall your game.
    Resolution: This issue was resolved externally by BattlEye for all known impacted games. For a list of recent games that use BattlEye, go to https://www.battleye.com/. We recommend following the workaround before updating to Windows 10, version 1903, as games with incompatible versions of BattleEye may fail to open after updating Windows. If you have confirmed your game is up to date and you have any issues with opening games related to a BattlEye error, please see https://www.battleye.com/support/faq/.

    Back to top    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Resolved
    		Resolved:
    June 07, 2019
    04:26 PM PT

    Opened:
    May 21, 2019
    07:34 AM PT
    AMD RAID driver incompatibility
    Microsoft and AMD have identified an incompatibility with AMD RAID driver versions earlier than 9.2.0.105. When you attempt to install the Windows 10, version 1903 update on a Windows 10-based computer with an affected driver version, the installation process stops and you get a message like the following:

    AMD Ryzen™ or AMD Ryzen™ Threadripper™ configured in SATA or NVMe RAID mode.

    “A driver is installed that causes stability problems on Windows. This driver will be disabled. Check with your software/driver provider for an updated version that runs on this version of Windows.”

     
    To safeguard your update experience, we have applied a compatibility hold on devices with these AMD drivers from being offered Windows 10, version 1903, until this issue is resolved.

    Affected platforms:
    • Client: Windows 10, version 1903
    Resolution: This issue has been resolved externally by AMD. To resolve this issue, you will need to download the latest AMD RAID drivers directly from AMD at https://www.amd.com/en/support/chipsets/amd-socket-tr4/x399. The drivers must be version 9.2.0.105 or later. Install the drivers on the affected computer, and then restart the installation process for the Windows 10, version 1903 feature update.
     
    Note The safeguard hold will remain in place on machines with the older AMD RAID drivers. We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until a new driver has been installed and the Windows 10, version 1903 feature update has been automatically offered to you.

    Back to top    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Resolved
    		Resolved:
    June 06, 2019
    11:06 AM PT

    Opened:
    May 21, 2019
    07:12 AM PT
    D3D applications and games may fail to enter full-screen mode on rotated displays
    Some Direct3D (D3D) applications and games (e.g., 3DMark) may fail to enter full-screen mode on displays where the display orientation has been changed from the default (e.g., a landscape display in portrait mode).

    Affected platforms:
    • Client: Windows 10, version 1903
    • Server: Windows Server, version 1903
    Resolution: This issue was resolved in KB4497935

    Back to top    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Resolved
    KB4497935    		Resolved:
    May 29, 2019
    02:00 PM PT

    Opened:
    May 21, 2019
    07:05 AM PT
    Loss of functionality in Dynabook Smartphone Link app
    Some users may experience a loss of functionality after updating to Windows 10, version 1903 when using the Dynabook Smartphone Link application on Windows devices. Loss of functionality may affect the display of phone numbers in the Call menu and the ability to answer phone calls on the Windows PC.

    To safeguard your update experience, we have applied a compatibility hold on devices with Dynabook Smartphone Link from being offered Windows 10, version 1903, until this issue is resolved.

    Affected platforms:
    • Client: Windows 10, version 1903
    Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

    Back to top    		OS Build 18362.116

    May 20, 2019
    KB4505057    		Resolved
    		Resolved:
    July 11, 2019
    01:54 PM PT

    Opened:
    May 24, 2019
    03:10 PM PT
    Audio not working with Dolby Atmos headphones and home theater
    After updating to Windows 10, version 1903, you may experience loss of audio with Dolby Atmos for home theater (free extension) or Dolby Atmos for headphones (paid extension) acquired through the Microsoft Store due to a licensing configuration error.
     
    This occurs due to an issue with a Microsoft Store licensing component, where license holders are not able to connect to the Dolby Access app and enable Dolby Atmos extensions.
     
    To safeguard your update experience, we have applied protective hold on devices from being offered Windows 10, version 1903 until this issue is resolved. This configuration error will not result in loss of access for the acquired license once the problem is resolved.

    Affected platforms:
    • Client: Windows 10, version 1903
    Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

    Back to top    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Resolved
    		Resolved:
    July 11, 2019
    01:53 PM PT

    Opened:
    May 21, 2019
    07:16 AM PT
    Error attempting to update with external USB device or memory card attached
    If you have an external USB device or SD memory card attached when installing Windows 10, version 1903, you may get an error message stating \"This PC can't be upgraded to Windows 10.\" This is caused by inappropriate drive reassignment during installation.

    Sample scenario: An update to Windows 10, version 1903 is attempted on a computer that has a thumb drive inserted into its USB port. Before the update, the thumb drive is mounted in the system as drive G based on the existing drive configuration. After the feature update is installed; however, the device is reassigned a different drive letter (e.g., drive H).

    Note The drive reassignment is not limited to removable drives. Internal hard drives may also be affected.

    To safeguard your update experience, we have applied a hold on devices with an external USB device or SD memory card attached from being offered Windows 10, version 1903 until this issue is resolved.

    Affected platforms:
    • Client: Windows 10, version 1903
    Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

    Back to top    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Resolved
    		Resolved:
    July 11, 2019
    01:53 PM PT

    Opened:
    May 21, 2019
    07:38 AM PT
    " diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml index 02209f2340..bd47291e52 100644 --- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml @@ -60,6 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    + @@ -73,6 +74,15 @@ sections:
    " +- title: July 2019 +- items: + - type: markdown + text: " +
    SummaryOriginating updateStatusLast updated
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503292    		Mitigated
    		July 10, 2019
    02:59 PM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493472    		Mitigated
    		April 25, 2019
    02:00 PM PT
    IE11 may stop working when loading or interacting with Power BI reports
    Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

    See details >    		May 14, 2019
    KB4499164    		Resolved
    KB4503277    		June 20, 2019
    02:00 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		June 11, 2019
    KB4503292    		Resolved
    KB4503277    		June 20, 2019
    02:00 PM PT
    + +
    DetailsOriginating updateStatusHistory
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503292 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Workaround:
    To mitigate this issue on an SCCM server, set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.

    Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

    To mitigate this issue on a WDS server without SCCM:
    1. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
    2. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
    Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		June 11, 2019
    KB4503292    		Mitigated
    		Last updated:
    July 10, 2019
    02:59 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    + " + - title: June 2019 - items: - type: markdown diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml index 0c01e06684..70d40a6d5e 100644 --- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml @@ -60,12 +60,12 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    + -
    SummaryOriginating updateStatusLast updated
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503276    		Mitigated
    		July 10, 2019
    07:09 PM PT
    Japanese IME doesn't show the new Japanese Era name as a text input option
    If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

    See details >    		April 25, 2019
    KB4493443    		Mitigated
    		May 15, 2019
    05:53 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”.

    See details >    		January 08, 2019
    KB4480963    		Mitigated
    		April 25, 2019
    02:00 PM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493446    		Mitigated
    		April 18, 2019
    05:00 PM PT
    IE11 may stop working when loading or interacting with Power BI reports
    Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

    See details >    		May 14, 2019
    KB4499151    		Resolved
    KB4503283    		June 20, 2019
    02:00 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		June 11, 2019
    KB4503276    		Resolved
    KB4503283    		June 20, 2019
    02:00 PM PT
    Issue using PXE to start a device from WDS
    There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.

    See details >    		March 12, 2019
    KB4489881    		Resolved
    KB4503276    		June 11, 2019
    10:00 AM PT
    " @@ -76,6 +76,15 @@ sections:
    " +- title: July 2019 +- items: + - type: markdown + text: " + + +
    DetailsOriginating updateStatusHistory
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503276 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Workaround:
    To mitigate this issue on an SCCM server:
    1. Verify Variable Window Extension is enabled.
    2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
    Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

    To mitigate this issue on a WDS server without SCCM:
    1. In WDS TFTP settings, verify Variable Window Extension is enabled.
    2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
    3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
    Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		June 11, 2019
    KB4503276    		Mitigated
    		Last updated:
    July 10, 2019
    07:09 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    + " + - title: June 2019 - items: - type: markdown @@ -104,15 +113,6 @@ sections: " -- title: March 2019 -- items: - - type: markdown - text: " - - -
    DetailsOriginating updateStatusHistory
    Issue using PXE to start a device from WDS
    After installing KB4489881, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.

    Affected platforms: 
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1 
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012 
    Resolution: This issue was resolved in KB4503276.

    Back to top    		March 12, 2019
    KB4489881    		Resolved
    KB4503276    		Resolved:
    June 11, 2019
    10:00 AM PT

    Opened:
    March 12, 2019
    10:00 AM PT
    - " - - title: January 2019 - items: - type: markdown diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml index 4d86a87e46..c8ea355938 100644 --- a/windows/release-information/status-windows-server-2008-sp2.yml +++ b/windows/release-information/status-windows-server-2008-sp2.yml @@ -60,6 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    +
    SummaryOriginating updateStatusLast updated
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503273    		Mitigated
    		July 10, 2019
    02:59 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		June 11, 2019
    KB4503273    		Resolved
    KB4503271    		June 20, 2019
    02:00 PM PT
    " @@ -71,6 +72,15 @@ sections:
    " +- title: July 2019 +- items: + - type: markdown + text: " + + +
    DetailsOriginating updateStatusHistory
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503273 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Workaround:
    To mitigate this issue on an SCCM server, set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.

    Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

    To mitigate this issue on a WDS server without SCCM:
    1. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
    2. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
    Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		June 11, 2019
    KB4503273    		Mitigated
    		Last updated:
    July 10, 2019
    02:59 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    + " + - title: June 2019 - items: - type: markdown diff --git a/windows/release-information/status-windows-server-2012.yml b/windows/release-information/status-windows-server-2012.yml index 7588536963..ee7242d18a 100644 --- a/windows/release-information/status-windows-server-2012.yml +++ b/windows/release-information/status-windows-server-2012.yml @@ -60,12 +60,12 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    + -
    SummaryOriginating updateStatusLast updated
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503285    		Mitigated
    		July 10, 2019
    07:09 PM PT
    Japanese IME doesn't show the new Japanese Era name as a text input option
    If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

    See details >    		April 25, 2019
    KB4493462    		Mitigated
    		May 15, 2019
    05:53 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”.

    See details >    		January 08, 2019
    KB4480975    		Mitigated
    		April 25, 2019
    02:00 PM PT
    Some devices and generation 2 Hyper-V VMs may have issues installing updates
    Some devices and generation 2 Hyper-V virtual machines (VMs) may have issues installing some updates when Secure Boot is enabled.

    See details >    		June 11, 2019
    KB4503285    		Resolved
    KB4503295    		June 21, 2019
    02:00 PM PT
    IE11 may stop working when loading or interacting with Power BI reports
    Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

    See details >    		May 14, 2019
    KB4499171    		Resolved
    KB4503295    		June 21, 2019
    02:00 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		June 11, 2019
    KB4503285    		Resolved
    KB4503295    		June 20, 2019
    02:00 PM PT
    Issue using PXE to start a device from WDS
    There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.

    See details >    		March 12, 2019
    KB4489891    		Resolved
    KB4503285    		June 11, 2019
    10:00 AM PT
    " @@ -76,6 +76,15 @@ sections:
    " +- title: July 2019 +- items: + - type: markdown + text: " + + +
    DetailsOriginating updateStatusHistory
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503285 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Workaround:
    To mitigate this issue on an SCCM server:
    1. Verify Variable Window Extension is enabled.
    2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
    Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

    To mitigate this issue on a WDS server without SCCM:
    1. In WDS TFTP settings, verify Variable Window Extension is enabled.
    2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
    3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
    Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		June 11, 2019
    KB4503285    		Mitigated
    		Last updated:
    July 10, 2019
    07:09 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    + " + - title: June 2019 - items: - type: markdown @@ -96,15 +105,6 @@ sections: " -- title: March 2019 -- items: - - type: markdown - text: " - - -
    DetailsOriginating updateStatusHistory
    Issue using PXE to start a device from WDS
    After installing KB4489891, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.

    Affected platforms: 
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1 
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012 
    Resolution: This issue was resolved in KB4503285.

    Back to top    		March 12, 2019
    KB4489891    		Resolved
    KB4503285    		Resolved:
    June 11, 2019
    10:00 AM PT

    Opened:
    March 12, 2019
    10:00 AM PT
    - " - - title: January 2019 - items: - type: markdown diff --git a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md index 6b0c32bc57..57524af4a3 100644 --- a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md +++ b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md @@ -19,7 +19,7 @@ ms.reviewer: # Planning an adequate number of Windows Server 2019 Domain Controllers for Windows Hello for Business deployments **Applies to** -- Windows 10, version 1702 or later +- Windows 10, version 1703 or later - Windows Server, versions 2016 and 2019 - Hybrid or On-Premises deployment - Key trust diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md index da365a7f4e..b7cb9450d8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md @@ -52,6 +52,9 @@ The trust model determines how you want users to authenticate to the on-premises * The certificate-trust model is for enterprise that *do* want to issue end-entity certificates to their users and have the benefits of certificate expiration and renewal, similar to how smart cards work today. * The certificate trust model also supports enterprises which are not ready to deploy Windows Server 2016 Domain Controllers. +>[!NOTE] +>RDP does not support authentication with Windows Hello for business key trust deployments. RDP is only supported with certificate trust deployments at this time. + Following are the various deployment guides included in this topic: - [Hybrid Azure AD Joined Key Trust Deployment](hello-hybrid-key-trust.md) - [Hybrid Azure AD Joined Certificate Trust Deployment](hello-hybrid-cert-trust.md) diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.md b/windows/security/identity-protection/hello-for-business/hello-faq.md index 116bff8b92..107b3b238b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.md +++ b/windows/security/identity-protection/hello-for-business/hello-faq.md @@ -27,6 +27,9 @@ Windows Hello for Business is the modern, two-factor credential for Windows 10. ## What about convenience PIN? Microsoft is committed to its vision of a world without passwords. We recognize the *convenience* provided by convenience PIN, but it stills uses a password for authentication. Microsoft recommends customers using Windows 10 and convenience PINs should move to Windows Hello for Business. New Windows 10 deployments should deploy Windows Hello for Business and not convenience PINs. Microsoft will be deprecating convenience PINs in the future and will publish the date early to ensure customers have adequate lead time to deploy Windows Hello for Business. +## Can I use Windows Hello for Business key trust and RDP? +RDP currently does not support key based authentication and does not support self signed certificates. RDP with Windows Hello for Business is currently only supported with certificate based deployments. + ## Can I deploy Windows Hello for Business using System Center Configuration Manager? Windows Hello for Business deployments using System Center Configuration Manager need to move to the hybrid deployment model that uses Active Directory Federation Services. Deployments using System Center Configuration Manager will no longer be supported after November 2018. diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md index 83bb883504..ba1e004510 100644 --- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md +++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md @@ -26,7 +26,7 @@ Windows Hello addresses the following problems with passwords: - Strong passwords can be difficult to remember, and users often reuse passwords on multiple sites. - Server breaches can expose symmetric network credentials (passwords). - Passwords are subject to [replay attacks](https://go.microsoft.com/fwlink/p/?LinkId=615673). -- Users can inadvertently expose their passwords due to [phishing attacks](https://go.microsoft.com/fwlink/p/?LinkId=615674). +- Users can inadvertently expose their passwords due to [phishing attacks](https://docs.microsoft.com/windows/security/threat-protection/intelligence/phishing). >[!div class="mx-tdBreakAll"] >| | | | diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md index cd6424eb47..295be4d248 100644 --- a/windows/security/identity-protection/hello-for-business/hello-overview.md +++ b/windows/security/identity-protection/hello-for-business/hello-overview.md @@ -92,7 +92,9 @@ For details, see [How Windows Hello for Business works](hello-how-it-works.md). ## Comparing key-based and certificate-based authentication -Windows Hello for Business can use either keys (hardware or software) or certificates in hardware or software. Enterprises that have a public key infrastructure (PKI) for issuing and managing certificates can continue to use PKI in combination with Windows Hello. Enterprises that do not use PKI or want to reduce the effort associated with managing certificates can rely on key-based credentials for Windows Hello but still use certificates on their domain controllers as a root of trust. +Windows Hello for Business can use either keys (hardware or software) or certificates in hardware or software. Enterprises that have a public key infrastructure (PKI) for issuing and managing end user certificates can continue to use PKI in combination with Windows Hello. Enterprises that do not use PKI or want to reduce the effort associated with managing user certificates can rely on key-based credentials for Windows Hello but still use certificates on their domain controllers as a root of trust. + +Windows Hello for Business with a key does not support RDP. RDP does not support authentication with a key or a self signed certificate. RDP with Windows Hello for Business is supported with certificate based deployments. ## Learn more diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index 97ceac8319..c61e51d04e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -80,6 +80,9 @@ The key trust type does not require issuing authentication certificates to end u The certificate trust type issues authentication certificates to end users. Users authenticate using a certificate requested using a hardware-bound key created during the built-in provisioning experience. Unlike key trust, certificate trust does not require Windows Server 2016 domain controllers (but still requires [Windows Server 2016 Active Directory schema](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs#directories)). Users can use their certificate to authenticate to any Windows Server 2008 R2, or later, domain controller. +>[!NOTE] +>RDP does not support authentication with Windows Hello for business key trust deployments. RDP is only supported with certificate trust deployments at this tim + #### Device registration All devices included in the Windows Hello for Business deployment must go through device registration. Device registration enables devices to authenticate to identity providers. For cloud only and hybrid deployment, the identity provider is Azure Active Directory. For on-premises deployments, the identity provider is the on-premises server running the Windows Server 2016 Active Directory Federation Services (AD FS) role. diff --git a/windows/security/information-protection/tpm/tpm-recommendations.md b/windows/security/information-protection/tpm/tpm-recommendations.md index c808dfe356..b058f905a9 100644 --- a/windows/security/information-protection/tpm/tpm-recommendations.md +++ b/windows/security/information-protection/tpm/tpm-recommendations.md @@ -70,7 +70,9 @@ TPM 2.0 products and systems have important security advantages over TPM 1.2, in - While TPM 1.2 parts are discrete silicon components which are typically soldered on the motherboard, TPM 2.0 is available as a **discrete (dTPM)** silicon component in a single semiconductor package, an **integrated** component incorporated in one or more semiconductor packages - alongside other logic units in the same package(s) - and as a **firmware (fTPM)** based component running in a trusted execution environment (TEE) on a general purpose SoC. > [!NOTE] -> TPM 2.0 requires UEFI firmware. A computer with legacy BIOS and TPM 2.0 won't work as expected. +> TPM 2.0 is not supported in Legacy and CSM Modes of the BIOS. Devices with TPM 2.0 must have their BIOS mode configured as Native UEFI only. The Legacy and Compatibility Support Module (CSM) options must be disabled. For added security Enable the Secure Boot feature. + +> Installed Operating System on hardware in legacy mode will stop the OS from booting when the BIOS mode is changed to UEFI. Use the tool [MBR2GPT](https://docs.microsoft.com/en-us/windows/deployment/mbr-to-gpt) before changing the BIOS mode which will prepare the OS and the disk to support UEFI. ## Discrete, Integrated or Firmware TPM? diff --git a/windows/security/information-protection/windows-information-protection/wip-learning.md b/windows/security/information-protection/windows-information-protection/wip-learning.md index 5e113928fe..6edaaf0f7d 100644 --- a/windows/security/information-protection/windows-information-protection/wip-learning.md +++ b/windows/security/information-protection/windows-information-protection/wip-learning.md @@ -10,9 +10,9 @@ ms.mktglfcycl: ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dulcemontemayor -ms.author: dolmont -manager: dansimp +author: stephow-MSFT +ms.author: stephow +manager: laurawi audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index e054a66443..4ac282f82f 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -1,432 +1,493 @@ # [Threat protection](index.md) -## [Microsoft Defender Advanced Threat Protection](microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) +## [Overview]() +### [What is Microsoft Defender Advanced Threat Protection?](microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) +### [Overview of Microsoft Defender ATP capabilities](microsoft-defender-atp/overview.md) +### [Attack surface reduction]() +#### [Hardware-based isolation]() +##### [Hardware-based isolation in Windows 10](microsoft-defender-atp/overview-hardware-based-isolation.md) -### [Overview](microsoft-defender-atp/overview.md) -#### [Attack surface reduction](microsoft-defender-atp/overview-attack-surface-reduction.md) -##### [Hardware-based isolation](microsoft-defender-atp/overview-hardware-based-isolation.md) -###### [Application isolation](windows-defender-application-guard/wd-app-guard-overview.md) -####### [System requirements](windows-defender-application-guard/reqs-wd-app-guard.md) -###### [System integrity](windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md) -##### [Application control](windows-defender-application-control/windows-defender-application-control.md) -##### [Exploit protection](windows-defender-exploit-guard/exploit-protection-exploit-guard.md) -##### [Network protection](windows-defender-exploit-guard/network-protection-exploit-guard.md) -##### [Controlled folder access](windows-defender-exploit-guard/controlled-folders-exploit-guard.md) -##### [Attack surface reduction](windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md) -##### [Network firewall](windows-firewall/windows-firewall-with-advanced-security.md) -#### [Next generation protection](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) -#### [Endpoint detection and response](microsoft-defender-atp/overview-endpoint-detection-response.md) -##### [Security operations dashboard](microsoft-defender-atp/security-operations-dashboard.md) +##### [Application isolation]() +###### [Application guard overview](windows-defender-application-guard/wd-app-guard-overview.md) +###### [System requirements](windows-defender-application-guard/reqs-wd-app-guard.md) -##### [Incidents queue](microsoft-defender-atp/incidents-queue.md) -###### [View and organize the Incidents queue](microsoft-defender-atp/view-incidents-queue.md) -###### [Manage incidents](microsoft-defender-atp/manage-incidents.md) -###### [Investigate incidents](microsoft-defender-atp/investigate-incidents.md) +##### [System integrity](windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md) +#### [Application control](windows-defender-application-control/windows-defender-application-control.md) +#### [Exploit protection](windows-defender-exploit-guard/exploit-protection-exploit-guard.md) +#### [Network protection](windows-defender-exploit-guard/network-protection-exploit-guard.md) +#### [Controlled folder access](windows-defender-exploit-guard/controlled-folders-exploit-guard.md) +#### [Attack surface reduction](windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md) +#### [Network firewall](windows-firewall/windows-firewall-with-advanced-security.md) +### [Next generation protection](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) -##### Alerts queue -###### [View and organize the Alerts queue](microsoft-defender-atp/alerts-queue.md) -###### [Manage alerts](microsoft-defender-atp/manage-alerts.md) -###### [Investigate alerts](microsoft-defender-atp/investigate-alerts.md) -###### [Investigate files](microsoft-defender-atp/investigate-files.md) -###### [Investigate machines](microsoft-defender-atp/investigate-machines.md) -###### [Investigate an IP address](microsoft-defender-atp/investigate-ip.md) -###### [Investigate a domain](microsoft-defender-atp/investigate-domain.md) -###### [Investigate a user account](microsoft-defender-atp/investigate-user.md) +### [Endpoint detection and response]() +#### [Endpoint detection and response overview](microsoft-defender-atp/overview-endpoint-detection-response.md) +#### [Security operations dashboard](microsoft-defender-atp/security-operations-dashboard.md) + +#### [Incidents queue]() +##### [View and organize the Incidents queue](microsoft-defender-atp/view-incidents-queue.md) +##### [Manage incidents](microsoft-defender-atp/manage-incidents.md) +##### [Investigate incidents](microsoft-defender-atp/investigate-incidents.md) + +#### [Alerts queue]() +##### [View and organize the Alerts queue](microsoft-defender-atp/alerts-queue.md) +##### [Manage alerts](microsoft-defender-atp/manage-alerts.md) +##### [Investigate alerts](microsoft-defender-atp/investigate-alerts.md) +##### [Investigate files](microsoft-defender-atp/investigate-files.md) +##### [Investigate machines](microsoft-defender-atp/investigate-machines.md) +##### [Investigate an IP address](microsoft-defender-atp/investigate-ip.md) +##### [Investigate a domain](microsoft-defender-atp/investigate-domain.md) +##### [Investigate a user account](microsoft-defender-atp/investigate-user.md) -##### Machines list -###### [View and organize the Machines list](microsoft-defender-atp/machines-view-overview.md) -###### [Manage machine group and tags](microsoft-defender-atp/machine-tags.md) -###### [Alerts related to this machine](microsoft-defender-atp/investigate-machines.md#alerts-related-to-this-machine) -###### [Machine timeline](microsoft-defender-atp/investigate-machines.md#machine-timeline) -####### [Search for specific events](microsoft-defender-atp/investigate-machines.md#search-for-specific-events) -####### [Filter events from a specific date](microsoft-defender-atp/investigate-machines.md#filter-events-from-a-specific-date) -####### [Export machine timeline events](microsoft-defender-atp/investigate-machines.md#export-machine-timeline-events) -####### [Navigate between pages](microsoft-defender-atp/investigate-machines.md#navigate-between-pages) +#### [Machines list]() +##### [View and organize the Machines list](microsoft-defender-atp/machines-view-overview.md) +##### [Manage machine group and tags](microsoft-defender-atp/machine-tags.md) +##### [Alerts related to this machine](microsoft-defender-atp/investigate-machines.md#alerts-related-to-this-machine) +##### [Machine timeline]() +###### [View machine profile](microsoft-defender-atp/investigate-machines.md#machine-timeline) +###### [Search for specific events](microsoft-defender-atp/investigate-machines.md#search-for-specific-events) +###### [Filter events from a specific date](microsoft-defender-atp/investigate-machines.md#filter-events-from-a-specific-date) +###### [Export machine timeline events](microsoft-defender-atp/investigate-machines.md#export-machine-timeline-events) +###### [Navigate between pages](microsoft-defender-atp/investigate-machines.md#navigate-between-pages) -##### [Take response actions](microsoft-defender-atp/response-actions.md) -###### [Take response actions on a machine](microsoft-defender-atp/respond-machine-alerts.md) -####### [Collect investigation package](microsoft-defender-atp/respond-machine-alerts.md#collect-investigation-package-from-machines) -####### [Run antivirus scan](microsoft-defender-atp/respond-machine-alerts.md#run-windows-defender-antivirus-scan-on-machines) -####### [Restrict app execution](microsoft-defender-atp/respond-machine-alerts.md#restrict-app-execution) -####### [Remove app restriction](microsoft-defender-atp/respond-machine-alerts.md#remove-app-restriction) -####### [Isolate machines from the network](microsoft-defender-atp/respond-machine-alerts.md#isolate-machines-from-the-network) -####### [Release machine from isolation](microsoft-defender-atp/respond-machine-alerts.md#release-machine-from-isolation) +#### [Take response actions]() +##### [Take response actions on a machine]() +###### [Response actions on machines](microsoft-defender-atp/respond-machine-alerts.md) +###### [Collect investigation package](microsoft-defender-atp/respond-machine-alerts.md#collect-investigation-package-from-machines) +###### [Run antivirus scan](microsoft-defender-atp/respond-machine-alerts.md#run-windows-defender-antivirus-scan-on-machines) +###### [Restrict app execution](microsoft-defender-atp/respond-machine-alerts.md#restrict-app-execution) +###### [Remove app restriction](microsoft-defender-atp/respond-machine-alerts.md#remove-app-restriction) +###### [Isolate machines from the network](microsoft-defender-atp/respond-machine-alerts.md#isolate-machines-from-the-network) +###### [Release machine from isolation](microsoft-defender-atp/respond-machine-alerts.md#release-machine-from-isolation) ####### [Check activity details in Action center](microsoft-defender-atp/respond-machine-alerts.md#check-activity-details-in-action-center) -###### [Take response actions on a file](microsoft-defender-atp/respond-file-alerts.md) -####### [Stop and quarantine files in your network](microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network) -####### [Remove file from quarantine](microsoft-defender-atp/respond-file-alerts.md#remove-file-from-quarantine) -####### [Block files in your network](microsoft-defender-atp/respond-file-alerts.md#block-files-in-your-network) -####### [Remove file from blocked list](microsoft-defender-atp/respond-file-alerts.md#remove-file-from-blocked-list) -####### [Check activity details in Action center](microsoft-defender-atp/respond-file-alerts.md#check-activity-details-in-action-center) -####### [Deep analysis](microsoft-defender-atp/respond-file-alerts.md#deep-analysis) -####### [Submit files for analysis](microsoft-defender-atp/respond-file-alerts.md#submit-files-for-analysis) -####### [View deep analysis reports](microsoft-defender-atp/respond-file-alerts.md#view-deep-analysis-reports) +##### [Take response actions on a file]() +###### [Response actions on files](microsoft-defender-atp/respond-file-alerts.md) +###### [Stop and quarantine files in your network](microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network) +###### [Remove file from quarantine](microsoft-defender-atp/respond-file-alerts.md#remove-file-from-quarantine) +###### [Block files in your network](microsoft-defender-atp/respond-file-alerts.md#block-files-in-your-network) +###### [Remove file from blocked list](microsoft-defender-atp/respond-file-alerts.md#remove-file-from-blocked-list) +###### [Check activity details in Action center](microsoft-defender-atp/respond-file-alerts.md#check-activity-details-in-action-center) +###### [Deep analysis](microsoft-defender-atp/respond-file-alerts.md#deep-analysis) +###### [Submit files for analysis](microsoft-defender-atp/respond-file-alerts.md#submit-files-for-analysis) +###### [View deep analysis reports](microsoft-defender-atp/respond-file-alerts.md#view-deep-analysis-reports) ####### [Troubleshoot deep analysis](microsoft-defender-atp/respond-file-alerts.md#troubleshoot-deep-analysis) - -###### [Investigate entities using Live response](microsoft-defender-atp/live-response.md) -#######[Live response command examples](microsoft-defender-atp/live-response-command-examples.md) -#### [Automated investigation and remediation](microsoft-defender-atp/automated-investigations.md) -##### [Learn about the automated investigation and remediation dashboard](microsoft-defender-atp/manage-auto-investigation.md) +##### [Investigate entities using Live response]() +###### [Investigate entities on machines](microsoft-defender-atp/live-response.md) +######[Live response command examples](microsoft-defender-atp/live-response-command-examples.md) + +### [Automated investigation and remediation]() +#### [Automated investigation and remediation overview](microsoft-defender-atp/automated-investigations.md) +#### [Learn about the automated investigation and remediation dashboard](microsoft-defender-atp/manage-auto-investigation.md) #####[Manage actions related to automated investigation and remediation](microsoft-defender-atp/auto-investigation-action-center.md) +### [Secure score](microsoft-defender-atp/overview-secure-score.md) +### [Threat analytics](microsoft-defender-atp/threat-analytics.md) -#### [Secure score](microsoft-defender-atp/overview-secure-score.md) -#### [Threat analytics](microsoft-defender-atp/threat-analytics.md) +### [Advanced hunting]() +#### [Advanced hunting overview](microsoft-defender-atp/overview-hunting.md) +#### [Query data using Advanced hunting](microsoft-defender-atp/advanced-hunting.md) +##### [Advanced hunting reference](microsoft-defender-atp/advanced-hunting-reference.md) +##### [Advanced hunting query language best practices](microsoft-defender-atp/advanced-hunting-best-practices.md) -#### [Advanced hunting](microsoft-defender-atp/overview-hunting.md) -##### [Query data using Advanced hunting](microsoft-defender-atp/advanced-hunting.md) -###### [Advanced hunting reference](microsoft-defender-atp/advanced-hunting-reference.md) -###### [Advanced hunting query language best practices](microsoft-defender-atp/advanced-hunting-best-practices.md) -##### [Custom detections](microsoft-defender-atp/overview-custom-detections.md) -###### [Create custom detections rules](microsoft-defender-atp/custom-detection-rules.md) +#### [Custom detections]() +##### [Understand custom detection rules](microsoft-defender-atp/overview-custom-detections.md) +##### [Create custom detections rules](microsoft-defender-atp/custom-detection-rules.md) - - -#### [Management and APIs](microsoft-defender-atp/management-apis.md) +#### [Management and APIs]() +##### [Overview of management and APIs](microsoft-defender-atp/management-apis.md) ##### [Understand threat intelligence concepts](microsoft-defender-atp/threat-indicator-concepts.md) ##### [Microsoft Defender ATP APIs](microsoft-defender-atp/apis-intro.md) ##### [Managed security service provider support](microsoft-defender-atp/mssp-support.md) -#### [Microsoft threat protection](microsoft-defender-atp/threat-protection-integration.md) +#### [Integrations]() +##### [Microsoft Defender ATP integrations](microsoft-defender-atp/threat-protection-integration.md) ##### [Protect users, data, and devices with conditional access](microsoft-defender-atp/conditional-access.md) ##### [Microsoft Cloud App Security integration overview](microsoft-defender-atp/microsoft-cloud-app-security-integration.md) -##### [Information protection in Windows overview](microsoft-defender-atp/information-protection-in-windows-overview.md) -###### [Use sensitivity labels to prioritize incident response](microsoft-defender-atp/information-protection-investigation.md) + +#### [Information protection in Windows overview]() +##### [Windows integration](microsoft-defender-atp/information-protection-in-windows-overview.md) +##### [Use sensitivity labels to prioritize incident response](microsoft-defender-atp/information-protection-investigation.md) + +### [Microsoft Threat Experts](microsoft-defender-atp/microsoft-threat-experts.md) + +### [Portal overview](microsoft-defender-atp/portal-overview.md) +## [Get started]() +### [What's new in Microsoft Defender ATP](microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md) +### [Minimum requirements](microsoft-defender-atp/minimum-requirements.md) +### [Validate licensing and complete setup](microsoft-defender-atp/licensing.md) +### [Preview features](microsoft-defender-atp/preview.md) +### [Data storage and privacy](microsoft-defender-atp/data-storage-privacy.md) +### [Assign user access to the portal](microsoft-defender-atp/assign-portal-access.md) -#### [Microsoft Threat Experts](microsoft-defender-atp/microsoft-threat-experts.md) - - - -#### [Portal overview](microsoft-defender-atp/portal-overview.md) - - - -### [Get started](microsoft-defender-atp/get-started.md) -#### [What's new in Microsoft Defender ATP](microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md) -#### [Minimum requirements](microsoft-defender-atp/minimum-requirements.md) -#### [Validate licensing and complete setup](microsoft-defender-atp/licensing.md) -#### [Preview features](microsoft-defender-atp/preview.md) -#### [Data storage and privacy](microsoft-defender-atp/data-storage-privacy.md) -#### [Assign user access to the portal](microsoft-defender-atp/assign-portal-access.md) - -#### [Evaluate Microsoft Defender ATP](microsoft-defender-atp/evaluate-atp.md) -#####Evaluate attack surface reduction -###### [Hardware-based isolation](windows-defender-application-guard/test-scenarios-wd-app-guard.md) -###### [Application control](windows-defender-application-control/audit-windows-defender-application-control-policies.md) -###### [Exploit protection](windows-defender-exploit-guard/evaluate-exploit-protection.md) -###### [Network Protection](windows-defender-exploit-guard/evaluate-network-protection.md) -###### [Controlled folder access](windows-defender-exploit-guard/evaluate-controlled-folder-access.md) -###### [Attack surface reduction](windows-defender-exploit-guard/evaluate-attack-surface-reduction.md) -###### [Network firewall](windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md) +### [Evaluate Microsoft Defender ATP]() +#### [Attack surface reduction and next-generation capability evaluation]() +##### [Attack surface reduction and nex-generation evaluation overview](microsoft-defender-atp/evaluate-atp.md) +##### [Hardware-based isolation](windows-defender-application-guard/test-scenarios-wd-app-guard.md) +##### [Application control](windows-defender-application-control/audit-windows-defender-application-control-policies.md) +##### [Exploit protection](windows-defender-exploit-guard/evaluate-exploit-protection.md) +##### [Network Protection](windows-defender-exploit-guard/evaluate-network-protection.md) +##### [Controlled folder access](windows-defender-exploit-guard/evaluate-controlled-folder-access.md) +##### [Attack surface reduction](windows-defender-exploit-guard/evaluate-attack-surface-reduction.md) +##### [Network firewall](windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md) ##### [Evaluate next generation protection](windows-defender-antivirus/evaluate-windows-defender-antivirus.md) -#### [Access the Windows Defender Security Center Community Center](microsoft-defender-atp/community.md) +### [Access the Windows Defender Security Center Community Center](microsoft-defender-atp/community.md) -### [Configure and manage capabilities](microsoft-defender-atp/onboard.md) -#### [Configure attack surface reduction](microsoft-defender-atp/configure-attack-surface-reduction.md) -#####Hardware-based isolation -###### [System isolation](windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md) -###### [Application isolation](windows-defender-application-guard/install-wd-app-guard.md) -####### [Configuration settings](windows-defender-application-guard/configure-wd-app-guard.md) -##### [Application control](windows-defender-application-control/windows-defender-application-control.md) -##### Device control -###### [Control USB devices](device-control/control-usb-devices-using-intune.md) -###### [Device Guard](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md) -####### [Memory integrity](windows-defender-exploit-guard/memory-integrity.md) -######## [Hardware qualifications](windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md) -######## [Enable HVCI](windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md) -##### [Exploit protection](windows-defender-exploit-guard/enable-exploit-protection.md) -###### [Import/export configurations](windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md) -##### [Network protection](windows-defender-exploit-guard/enable-network-protection.md) -##### [Controlled folder access](windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md) -##### [Attack surface reduction controls](windows-defender-exploit-guard/enable-attack-surface-reduction.md) -###### [Customize attack surface reduction](windows-defender-exploit-guard/customize-attack-surface-reduction.md) -##### [Network firewall](windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md) +## [Configure and manage capabilities]() +### [Configure attack surface reduction]() +#### [Attack surface reduction configuration settings](microsoft-defender-atp/configure-attack-surface-reduction.md) +#### [Hardware-based isolation]() +##### [System isolation](windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md) +##### [Application isolation]() +###### [Install Windows Defender Application Guard](windows-defender-application-guard/install-wd-app-guard.md) +###### [Configuration settings](windows-defender-application-guard/configure-wd-app-guard.md) -#### [Configure next generation protection](windows-defender-antivirus/configure-windows-defender-antivirus-features.md) -##### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md) -###### [Enable cloud-delivered protection](windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) -###### [Specify the cloud-delivered protection level](windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md) -###### [Configure and validate network connections](windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md) -###### [Enable Block at first sight](windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md) -###### [Configure the cloud block timeout period](windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md) -##### [Configure behavioral, heuristic, and real-time protection](windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md) -###### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md) -###### [Enable and configure always-on protection and monitoring](windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) -##### [Antivirus on Windows Server 2016](windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md) -##### [Antivirus compatibility](windows-defender-antivirus/windows-defender-antivirus-compatibility.md) -###### [Use limited periodic antivirus scanning](windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md) +#### [Application control](windows-defender-application-control/windows-defender-application-control.md) -##### [Deploy, manage updates, and report on antivirus](windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md) -###### [Deploy and enable antivirus](windows-defender-antivirus/deploy-windows-defender-antivirus.md) -####### [Deployment guide for VDI environments](windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md) -###### [Report on antivirus protection](windows-defender-antivirus/report-monitor-windows-defender-antivirus.md) -####### [Troubleshoot antivirus reporting in Update Compliance](windows-defender-antivirus/troubleshoot-reporting.md) -###### [Manage updates and apply baselines](windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md) -####### [Manage protection and definition updates](windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md) -####### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md) -####### [Manage updates for endpoints that are out of date](windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md) -####### [Manage event-based forced updates](windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md) -####### [Manage updates for mobile devices and VMs](windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md) +#### [Device control]() +##### [Control USB devices](device-control/control-usb-devices-using-intune.md) -##### [Customize, initiate, and review the results of scans and remediation](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md) -###### [Configure and validate exclusions in antivirus scans](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md) -####### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md) -####### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md) -####### [Configure antivirus exclusions Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md) -###### [Configure scanning antivirus options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md) -###### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md) -###### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md) -###### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md) -###### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md) -###### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md) +##### [Device Guard]() +###### [Code integrity](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md) + +###### [Memory integrity]() +####### [Understand memory integrity](windows-defender-exploit-guard/memory-integrity.md) +####### [Hardware qualifications](windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md) +####### [Enable HVCI](windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md) + +#### [Exploit protection]() +##### [Enable exploit protection](windows-defender-exploit-guard/enable-exploit-protection.md) +##### [Import/export configurations](windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md) + +#### [Network protection](windows-defender-exploit-guard/enable-network-protection.md) +#### [Controlled folder access](windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md) + +#### [Attack surface reduction controls]() +##### [Enable attack surface reduction rules](windows-defender-exploit-guard/enable-attack-surface-reduction.md) +##### [Customize attack surface reduction](windows-defender-exploit-guard/customize-attack-surface-reduction.md) +#### [Network firewall](windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md) + +### [Configure next generation protection]() +#### [Configure Windows Defender Antivirus features](windows-defender-antivirus/configure-windows-defender-antivirus-features.md) +#### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md) +##### [Enable cloud-delivered protection](windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) +##### [Specify the cloud-delivered protection level](windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md) +##### [Configure and validate network connections](windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md) +##### [Prevent security settings changes with tamper protection](windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md) +##### [Enable Block at first sight](windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md) +##### [Configure the cloud block timeout period](windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md) + +#### [Configure behavioral, heuristic, and real-time protection]() +##### [Configuration overview](windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md) +##### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md) +##### [Enable and configure always-on protection and monitoring](windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) + +#### [Antivirus on Windows Server 2016](windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md) + +#### [Antivirus compatibility]() +##### [Compatibility charts](windows-defender-antivirus/windows-defender-antivirus-compatibility.md) +##### [Use limited periodic antivirus scanning](windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md) + +#### [Deploy, manage updates, and report on antivirus]() +##### [Preparing to deploy](windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md) +##### [Deploy and enable antivirus](windows-defender-antivirus/deploy-windows-defender-antivirus.md) +###### [Deployment guide for VDI environments](windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md) + +##### [Report on antivirus protection]() +###### [Review protection status and alerts](windows-defender-antivirus/report-monitor-windows-defender-antivirus.md) +###### [Troubleshoot antivirus reporting in Update Compliance](windows-defender-antivirus/troubleshoot-reporting.md) + +##### [Manage updates and apply baselines]() +###### [Learn about the different kinds of updates](windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md) +###### [Manage protection and definition updates](windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md) +###### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md) +###### [Manage updates for endpoints that are out of date](windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md) +###### [Manage event-based forced updates](windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md) +###### [Manage updates for mobile devices and VMs](windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md) + +#### [Customize, initiate, and review the results of scans and remediation]() +##### [Configuration overview](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md) + +##### [Configure and validate exclusions in antivirus scans]() +###### [Exclusions overview](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md) +###### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md) +###### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md) +###### [Configure antivirus exclusions Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md) + +##### [Configure scanning antivirus options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md) +##### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md) +##### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md) +##### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md) +##### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md) +##### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md) + +#### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md) + +#### [Manage antivirus in your business]() +##### [Management overview](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md) +##### [Use Group Policy settings to configure and manage antivirus](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md) +##### [Use System Center Configuration Manager and Microsoft Intune to configure and manage antivirus](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md) +##### [Use PowerShell cmdlets to configure and manage antivirus](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md) +##### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md) +##### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md) + +#### [Manage scans and remediation]() +##### [Management overview](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md) + +##### [Configure and validate exclusions in antivirus scans]() +###### [Exclusions overview](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md) +###### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md) +###### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md) +###### [Configure antivirus exclusions on Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md) + +##### [Configure scanning options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md) + +#### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md) +##### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md) +##### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md) +##### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md) +##### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md) +##### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md) ##### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md) -##### [Manage antivirus in your business](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md) -###### [Use Group Policy settings to configure and manage antivirus](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md) -###### [Use System Center Configuration Manager and Microsoft Intune to configure and manage antivirus](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md) -###### [Use PowerShell cmdlets to configure and manage antivirus](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md) -###### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md) -###### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md) -##### [Manage scans and remediation](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md) -###### [Configure and validate exclusions in antivirus scans](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md) -####### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md) -####### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md) -####### [Configure antivirus exclusions on Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md) -###### [Configure scanning options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md) -###### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md) -###### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md) -###### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md) -###### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md) -###### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md) -###### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md) -##### [Manage next generation protection in your business](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md) -###### [Use Microsoft Intune and System Center Configuration Manager to manage next generation protection](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md) -###### [Use Group Policy settings to manage next generation protection](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md) -###### [Use PowerShell cmdlets to manage next generation protection](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md) -###### [Use Windows Management Instrumentation (WMI) to manage next generation protection](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md) -###### [Use the mpcmdrun.exe command line tool to manage next generation protection](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md) +#### [Manage next generation protection in your business]() +##### [Management overview](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md) +##### [Management overview](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md) +##### [Use Microsoft Intune and System Center Configuration Manager to manage next generation protection](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md) +##### [Use Group Policy settings to manage next generation protection](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md) +##### [Use PowerShell cmdlets to manage next generation protection](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md) +##### [Use Windows Management Instrumentation (WMI) to manage next generation protection](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md) +##### [Use the mpcmdrun.exe command line tool to manage next generation protection](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md) + +### [Configure Secure score dashboard security controls](microsoft-defender-atp/secure-score-dashboard.md) + +### [Configure and manage Microsoft Threat Experts capabilities](microsoft-defender-atp/configure-microsoft-threat-experts.md) + +### [Management and API support]() +#### [Onboard devices to the service]() +##### [Onboard machines to Microsoft Defender ATP](microsoft-defender-atp/onboard-configure.md) +##### [Onboard previous versions of Windows](microsoft-defender-atp/onboard-downlevel.md) +##### [Onboard Windows 10 machines]() +###### [Onboarding tools and methods](microsoft-defender-atp/configure-endpoints.md) +###### [Onboard machines using Group Policy](microsoft-defender-atp/configure-endpoints-gp.md) +###### [Onboard machines using System Center Configuration Manager](microsoft-defender-atp/configure-endpoints-sccm.md) +###### [Onboard machines using Mobile Device Management tools](microsoft-defender-atp/configure-endpoints-mdm.md) +###### [Onboard machines using a local script](microsoft-defender-atp/configure-endpoints-script.md) +###### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](microsoft-defender-atp/configure-endpoints-vdi.md) + +##### [Onboard servers](microsoft-defender-atp/configure-server-endpoints.md) +##### [Onboard non-Windows machines](microsoft-defender-atp/configure-endpoints-non-windows.md) +##### [Onboard machines without Internet access](microsoft-defender-atp/onboard-offline-machines.md) +##### [Run a detection test on a newly onboarded machine](microsoft-defender-atp/run-detection-test.md) +##### [Run simulated attacks on machines](microsoft-defender-atp/attack-simulations.md) +##### [Configure proxy and Internet connectivity settings](microsoft-defender-atp/configure-proxy-internet.md) + +##### [Troubleshoot onboarding issues]() +###### [Troubleshoot issues during onboarding](microsoft-defender-atp/troubleshoot-onboarding.md) +###### [Troubleshoot subscription and portal access issues](microsoft-defender-atp/troubleshoot-onboarding-error-messages.md) + +#### [Microsoft Defender ATP API]() +##### [Microsoft Defender ATP API license and terms](microsoft-defender-atp/api-terms-of-use.md) +##### [Get started with Microsoft Defender ATP APIs]() +###### [Introduction](microsoft-defender-atp/apis-intro.md) +###### [Hello World](microsoft-defender-atp/api-hello-world.md) +###### [Get access with application context](microsoft-defender-atp/exposed-apis-create-app-webapp.md) +###### [Get access with user context](microsoft-defender-atp/exposed-apis-create-app-nativeapp.md) + +##### [APIs]() +###### [Supported Microsoft Defender ATP query APIs](microsoft-defender-atp/exposed-apis-list.md) +###### [Advanced Hunting](microsoft-defender-atp/run-advanced-query-api.md) + +###### [Alert]() +####### [Alert methods and properties](microsoft-defender-atp/alerts.md) +####### [List alerts](microsoft-defender-atp/get-alerts.md) +####### [Create alert](microsoft-defender-atp/create-alert-by-reference.md) +####### [Update Alert](microsoft-defender-atp/update-alert.md) +####### [Get alert information by ID](microsoft-defender-atp/get-alert-info-by-id.md) +####### [Get alert related domains information](microsoft-defender-atp/get-alert-related-domain-info.md) +####### [Get alert related file information](microsoft-defender-atp/get-alert-related-files-info.md) +####### [Get alert related IPs information](microsoft-defender-atp/get-alert-related-ip-info.md) +####### [Get alert related machine information](microsoft-defender-atp/get-alert-related-machine-info.md) +####### [Get alert related user information](microsoft-defender-atp/get-alert-related-user-info.md) + +###### [Machine]() +####### [Machine methods and properties](microsoft-defender-atp/machine.md) +####### [List machines](microsoft-defender-atp/get-machines.md) +####### [Get machine by ID](microsoft-defender-atp/get-machine-by-id.md) +####### [Get machine log on users](microsoft-defender-atp/get-machine-log-on-users.md) +####### [Get machine related alerts](microsoft-defender-atp/get-machine-related-alerts.md) +####### [Add or Remove machine tags](microsoft-defender-atp/add-or-remove-machine-tags.md) +####### [Find machines by IP](microsoft-defender-atp/find-machines-by-ip.md) + +###### [Machine Action]() +####### [Machine Action methods and properties](microsoft-defender-atp/machineaction.md) +####### [List Machine Actions](microsoft-defender-atp/get-machineactions-collection.md) +####### [Get Machine Action](microsoft-defender-atp/get-machineaction-object.md) +####### [Collect investigation package](microsoft-defender-atp/collect-investigation-package.md) +####### [Get investigation package SAS URI](microsoft-defender-atp/get-package-sas-uri.md) +####### [Isolate machine](microsoft-defender-atp/isolate-machine.md) +####### [Release machine from isolation](microsoft-defender-atp/unisolate-machine.md) +####### [Restrict app execution](microsoft-defender-atp/restrict-code-execution.md) +####### [Remove app restriction](microsoft-defender-atp/unrestrict-code-execution.md) +####### [Run antivirus scan](microsoft-defender-atp/run-av-scan.md) +####### [Offboard machine](microsoft-defender-atp/offboard-machine-api.md) +####### [Stop and quarantine file](microsoft-defender-atp/stop-and-quarantine-file.md) +####### [Initiate investigation (preview)](microsoft-defender-atp/initiate-autoir-investigation.md) + +###### [Indicators]() +####### [Indicators methods and properties](microsoft-defender-atp/ti-indicator.md) +####### [Submit Indicator](microsoft-defender-atp/post-ti-indicator.md) +####### [List Indicators](microsoft-defender-atp/get-ti-indicators-collection.md) +####### [Delete Indicator](microsoft-defender-atp/delete-ti-indicator-by-id.md) + +###### [Domain]() +####### [Get domain related alerts](microsoft-defender-atp/get-domain-related-alerts.md) +####### [Get domain related machines](microsoft-defender-atp/get-domain-related-machines.md) +####### [Get domain statistics](microsoft-defender-atp/get-domain-statistics.md) +####### [Is domain seen in organization](microsoft-defender-atp/is-domain-seen-in-org.md) + +###### [File]() +####### [File methods and properties](microsoft-defender-atp/files.md) +####### [Get file information](microsoft-defender-atp/get-file-information.md) +####### [Get file related alerts](microsoft-defender-atp/get-file-related-alerts.md) +####### [Get file related machines](microsoft-defender-atp/get-file-related-machines.md) +####### [Get file statistics](microsoft-defender-atp/get-file-statistics.md) + +###### [IP]() +####### [Get IP related alerts](microsoft-defender-atp/get-ip-related-alerts.md) +####### [Get IP related machines](microsoft-defender-atp/get-ip-related-machines.md) +####### [Get IP statistics](microsoft-defender-atp/get-ip-statistics.md) +####### [Is IP seen in organization](microsoft-defender-atp/is-ip-seen-org.md) + +###### [User]() +####### [User methods](microsoft-defender-atp/user.md) +####### [Get user related alerts](microsoft-defender-atp/get-user-related-alerts.md) +####### [Get user related machines](microsoft-defender-atp/get-user-related-machines.md) + +##### [How to use APIs - Samples]() +###### [Advanced Hunting API]() +####### [Schedule advanced Hunting using Microsoft Flow](microsoft-defender-atp/run-advanced-query-sample-ms-flow.md) +####### [Advanced Hunting using PowerShell](microsoft-defender-atp/run-advanced-query-sample-powershell.md) +####### [Advanced Hunting using Python](microsoft-defender-atp/run-advanced-query-sample-python.md) +####### [Create custom Power BI reports](microsoft-defender-atp/run-advanced-query-sample-power-bi-app-token.md) + +###### [Multiple APIs]() +####### [PowerShell](microsoft-defender-atp/exposed-apis-full-sample-powershell.md) + +###### [Using OData Queries](microsoft-defender-atp/exposed-apis-odata-samples.md) + +#### [Windows updates (KB) info]() +##### [Get KbInfo collection](microsoft-defender-atp/get-kbinfo-collection.md) + +#### [Common Vulnerabilities and Exposures (CVE) to KB map]() +##### [Get CVE-KB map](microsoft-defender-atp/get-cvekbmap-collection.md) + +#### [API for custom alerts (Deprecated)]() +##### [Enable the custom threat intelligence application (Deprecated)](microsoft-defender-atp/enable-custom-ti.md) +##### [Use the threat intelligence API to create custom alerts (Deprecated)](microsoft-defender-atp/use-custom-ti.md) +##### [Create custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/custom-ti-api.md) +##### [PowerShell code examples (Deprecated)](microsoft-defender-atp/powershell-example-code.md) +##### [Python code examples (Deprecated)](microsoft-defender-atp/python-example-code.md) +##### [Experiment with custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/experiment-custom-ti.md) +##### [Troubleshoot custom threat intelligence issues (Deprecated)](microsoft-defender-atp/troubleshoot-custom-ti.md) + +#### [Pull alerts to your SIEM tools]() +##### [Learn about different ways to pull alerts](microsoft-defender-atp/configure-siem.md) +##### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md) +##### [Configure Splunk to pull alerts](microsoft-defender-atp/configure-splunk.md) +##### [Configure HP ArcSight to pull alerts](microsoft-defender-atp/configure-arcsight.md) +##### [Microsoft Defender ATP SIEM alert API fields](microsoft-defender-atp/api-portal-mapping.md) +##### [Pull alerts using SIEM REST API](microsoft-defender-atp/pull-alerts-using-rest-api.md) +##### [Troubleshoot SIEM tool integration issues](microsoft-defender-atp/troubleshoot-siem.md) + +#### [Reporting]() +##### [Create and build Power BI reports using Microsoft Defender ATP data](microsoft-defender-atp/powerbi-reports.md) +##### [Threat protection reports](microsoft-defender-atp/threat-protection-reports.md) +##### [Machine health and compliance reports](microsoft-defender-atp/machine-reports.md) + +#### [Interoperability]() +##### [Partner applications](microsoft-defender-atp/partner-applications.md) + +#### [Role-based access control]() +##### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md) +##### [Create and manage roles](microsoft-defender-atp/user-roles.md) +##### [Create and manage machine groups]() +###### [Using machine groups](microsoft-defender-atp/machine-groups.md) +###### [Create and manage machine tags](microsoft-defender-atp/machine-tags.md) + +#### [Configure managed security service provider (MSSP) support](microsoft-defender-atp/configure-mssp-support.md) + +### [Configure and manage Microsoft Threat Experts capabilities](microsoft-defender-atp/configure-microsoft-threat-experts.md) + +### [Configure Microsoft threat protection integration]() +#### [Configure conditional access](microsoft-defender-atp/configure-conditional-access.md) +#### [Configure Microsoft Cloud App Security integration](microsoft-defender-atp/microsoft-cloud-app-security-config.md) +#### [Configure information protection in Windows](microsoft-defender-atp/information-protection-in-windows-config.md) + +### [Configure portal settings]() +#### [General]() +##### [Update data retention settings](microsoft-defender-atp/data-retention-settings.md) +##### [Configure alert notifications](microsoft-defender-atp/configure-email-notifications.md) +##### [Enable and create Power BI reports using Windows Defender Security center data](microsoft-defender-atp/powerbi-reports.md) +##### [Enable Secure score security controls](microsoft-defender-atp/enable-secure-score.md) +##### [Configure advanced features](microsoft-defender-atp/advanced-features.md) + +#### [Permissions]() +##### [Use basic permissions to access the portal](microsoft-defender-atp/basic-permissions.md) +##### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md) +###### [Create and manage roles](microsoft-defender-atp/user-roles.md) +###### [Create and manage machine groups](microsoft-defender-atp/machine-groups.md) +####### [Create and manage machine tags](microsoft-defender-atp/machine-tags.md) + +#### [APIs]() +##### [Enable Threat intel (Deprecated)](microsoft-defender-atp/enable-custom-ti.md) +##### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md) + +#### [Rules]() +##### [Manage suppression rules](microsoft-defender-atp/manage-suppression-rules.md) +##### [Manage automation allowed/blocked lists](microsoft-defender-atp/manage-automation-allowed-blocked-list.md) +##### [Manage indicators](microsoft-defender-atp/manage-indicators.md) +##### [Manage automation file uploads](microsoft-defender-atp/manage-automation-file-uploads.md) +##### [Manage automation folder exclusions](microsoft-defender-atp/manage-automation-folder-exclusions.md) + +#### [Machine management]() +##### [Onboarding machines](microsoft-defender-atp/onboard-configure.md) +##### [Offboarding machines](microsoft-defender-atp/offboard-machines.md) + +#### [Configure Windows Defender Security Center time zone settings](microsoft-defender-atp/time-settings.md) -#### [Configure Secure score dashboard security controls](microsoft-defender-atp/secure-score-dashboard.md) +## [Troubleshoot Microsoft Defender ATP]() +### [Troubleshoot sensor state]() +#### [Check sensor state](microsoft-defender-atp/check-sensor-status.md) +#### [Fix unhealthy sensors](microsoft-defender-atp/fix-unhealthy-sensors.md) +#### [Inactive machines](microsoft-defender-atp/fix-unhealthy-sensors.md#inactive-machines) +#### [Misconfigured machines](microsoft-defender-atp/fix-unhealthy-sensors.md#misconfigured-machines) +#### [Review sensor events and errors on machines with Event Viewer](microsoft-defender-atp/event-error-codes.md) +### [Troubleshoot Microsoft Defender ATP service issues]() +#### [Troubleshoot service issues](microsoft-defender-atp/troubleshoot-mdatp.md) +#### [Check service health](microsoft-defender-atp/service-status.md) -#### Management and API support -##### [Onboard machines](microsoft-defender-atp/onboard-configure.md) -###### [Onboard previous versions of Windows](microsoft-defender-atp/onboard-downlevel.md) -###### [Onboard Windows 10 machines](microsoft-defender-atp/configure-endpoints.md) -####### [Onboard machines using Group Policy](microsoft-defender-atp/configure-endpoints-gp.md) -####### [Onboard machines using System Center Configuration Manager](microsoft-defender-atp/configure-endpoints-sccm.md) -####### [Onboard machines using Mobile Device Management tools](microsoft-defender-atp/configure-endpoints-mdm.md) -######## [Onboard machines using Microsoft Intune](microsoft-defender-atp/configure-endpoints-mdm.md#onboard-machines-using-microsoft-intune) -####### [Onboard machines using a local script](microsoft-defender-atp/configure-endpoints-script.md) -####### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](microsoft-defender-atp/configure-endpoints-vdi.md) -###### [Onboard servers](microsoft-defender-atp/configure-server-endpoints.md) -###### [Onboard non-Windows machines](microsoft-defender-atp/configure-endpoints-non-windows.md) -###### [Onboard machines without Internet access](microsoft-defender-atp/onboard-offline-machines.md) -###### [Run a detection test on a newly onboarded machine](microsoft-defender-atp/run-detection-test.md) -###### [Run simulated attacks on machines](microsoft-defender-atp/attack-simulations.md) -###### [Configure proxy and Internet connectivity settings](microsoft-defender-atp/configure-proxy-internet.md) -###### [Troubleshoot onboarding issues](microsoft-defender-atp/troubleshoot-onboarding.md) -####### [Troubleshoot subscription and portal access issues](microsoft-defender-atp/troubleshoot-onboarding-error-messages.md) - -##### [Microsoft Defender ATP API](microsoft-defender-atp/use-apis.md) -###### [Microsoft Defender ATP API license and terms](microsoft-defender-atp/api-terms-of-use.md) -###### [Get started with Microsoft Defender ATP APIs](microsoft-defender-atp/apis-intro.md) -####### [Hello World](microsoft-defender-atp/api-hello-world.md) -####### [Get access with application context](microsoft-defender-atp/exposed-apis-create-app-webapp.md) -####### [Get access with user context](microsoft-defender-atp/exposed-apis-create-app-nativeapp.md) -###### [APIs](microsoft-defender-atp/exposed-apis-list.md) +### [Troubleshoot live response issues]() +#### [Troubleshoot issues related to live response](microsoft-defender-atp/troubleshoot-live-response.md) -####### [Advanced Hunting](microsoft-defender-atp/run-advanced-query-api.md) - -####### [Alert](microsoft-defender-atp/alerts.md) -######## [List alerts](microsoft-defender-atp/get-alerts.md) -######## [Create alert](microsoft-defender-atp/create-alert-by-reference.md) -######## [Update Alert](microsoft-defender-atp/update-alert.md) -######## [Get alert information by ID](microsoft-defender-atp/get-alert-info-by-id.md) -######## [Get alert related domains information](microsoft-defender-atp/get-alert-related-domain-info.md) -######## [Get alert related file information](microsoft-defender-atp/get-alert-related-files-info.md) -######## [Get alert related IPs information](microsoft-defender-atp/get-alert-related-ip-info.md) -######## [Get alert related machine information](microsoft-defender-atp/get-alert-related-machine-info.md) -######## [Get alert related user information](microsoft-defender-atp/get-alert-related-user-info.md) - -####### [Machine](microsoft-defender-atp/machine.md) -######## [List machines](microsoft-defender-atp/get-machines.md) -######## [Get machine by ID](microsoft-defender-atp/get-machine-by-id.md) -######## [Get machine log on users](microsoft-defender-atp/get-machine-log-on-users.md) -######## [Get machine related alerts](microsoft-defender-atp/get-machine-related-alerts.md) -######## [Add or Remove machine tags](microsoft-defender-atp/add-or-remove-machine-tags.md) -######## [Find machines by IP](microsoft-defender-atp/find-machines-by-ip.md) - -####### [Machine Action](microsoft-defender-atp/machineaction.md) -######## [List Machine Actions](microsoft-defender-atp/get-machineactions-collection.md) -######## [Get Machine Action](microsoft-defender-atp/get-machineaction-object.md) -######## [Collect investigation package](microsoft-defender-atp/collect-investigation-package.md) -######## [Get investigation package SAS URI](microsoft-defender-atp/get-package-sas-uri.md) -######## [Isolate machine](microsoft-defender-atp/isolate-machine.md) -######## [Release machine from isolation](microsoft-defender-atp/unisolate-machine.md) -######## [Restrict app execution](microsoft-defender-atp/restrict-code-execution.md) -######## [Remove app restriction](microsoft-defender-atp/unrestrict-code-execution.md) -######## [Run antivirus scan](microsoft-defender-atp/run-av-scan.md) -######## [Offboard machine](microsoft-defender-atp/offboard-machine-api.md) -######## [Stop and quarantine file](microsoft-defender-atp/stop-and-quarantine-file.md) -######## [Initiate investigation (preview)](microsoft-defender-atp/initiate-autoir-investigation.md) - -####### [Indicators](microsoft-defender-atp/ti-indicator.md) -######## [Submit Indicator](microsoft-defender-atp/post-ti-indicator.md) -######## [List Indicators](microsoft-defender-atp/get-ti-indicators-collection.md) -######## [Delete Indicator](microsoft-defender-atp/delete-ti-indicator-by-id.md) - -####### Domain -######## [Get domain related alerts](microsoft-defender-atp/get-domain-related-alerts.md) -######## [Get domain related machines](microsoft-defender-atp/get-domain-related-machines.md) -######## [Get domain statistics](microsoft-defender-atp/get-domain-statistics.md) -######## [Is domain seen in organization](microsoft-defender-atp/is-domain-seen-in-org.md) - -####### [File](microsoft-defender-atp/files.md) -######## [Get file information](microsoft-defender-atp/get-file-information.md) -######## [Get file related alerts](microsoft-defender-atp/get-file-related-alerts.md) -######## [Get file related machines](microsoft-defender-atp/get-file-related-machines.md) -######## [Get file statistics](microsoft-defender-atp/get-file-statistics.md) - -####### IP -######## [Get IP related alerts](microsoft-defender-atp/get-ip-related-alerts.md) -######## [Get IP related machines](microsoft-defender-atp/get-ip-related-machines.md) -######## [Get IP statistics](microsoft-defender-atp/get-ip-statistics.md) -######## [Is IP seen in organization](microsoft-defender-atp/is-ip-seen-org.md) - -####### [User](microsoft-defender-atp/user.md) -######## [Get user related alerts](microsoft-defender-atp/get-user-related-alerts.md) -######## [Get user related machines](microsoft-defender-atp/get-user-related-machines.md) - - -###### How to use APIs - Samples -####### Advanced Hunting API -######## [Schedule advanced Hunting using Microsoft Flow](microsoft-defender-atp/run-advanced-query-sample-ms-flow.md) -######## [Advanced Hunting using PowerShell](microsoft-defender-atp/run-advanced-query-sample-powershell.md) -######## [Advanced Hunting using Python](microsoft-defender-atp/run-advanced-query-sample-python.md) -######## [Create custom Power BI reports](microsoft-defender-atp/run-advanced-query-sample-power-bi-app-token.md) -####### Multiple APIs -######## [PowerShell](microsoft-defender-atp/exposed-apis-full-sample-powershell.md) -####### [Using OData Queries](microsoft-defender-atp/exposed-apis-odata-samples.md) - - -#####Windows updates (KB) info -###### [Get KbInfo collection](microsoft-defender-atp/get-kbinfo-collection.md) -#####Common Vulnerabilities and Exposures (CVE) to KB map -###### [Get CVE-KB map](microsoft-defender-atp/get-cvekbmap-collection.md) +### [Troubleshoot attack surface reduction]() +#### [Network protection](windows-defender-exploit-guard/troubleshoot-np.md) +#### [Attack surface reduction rules](windows-defender-exploit-guard/troubleshoot-asr.md) - -##### API for custom alerts (Deprecated) -###### [Enable the custom threat intelligence application (Deprecated)](microsoft-defender-atp/enable-custom-ti.md) -###### [Use the threat intelligence API to create custom alerts (Deprecated)](microsoft-defender-atp/use-custom-ti.md) -###### [Create custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/custom-ti-api.md) -###### [PowerShell code examples (Deprecated)](microsoft-defender-atp/powershell-example-code.md) -###### [Python code examples (Deprecated)](microsoft-defender-atp/python-example-code.md) -###### [Experiment with custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/experiment-custom-ti.md) -###### [Troubleshoot custom threat intelligence issues (Deprecated)](microsoft-defender-atp/troubleshoot-custom-ti.md) - - -##### [Pull alerts to your SIEM tools](microsoft-defender-atp/configure-siem.md) -###### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md) -###### [Configure Splunk to pull alerts](microsoft-defender-atp/configure-splunk.md) -###### [Configure HP ArcSight to pull alerts](microsoft-defender-atp/configure-arcsight.md) -###### [Microsoft Defender ATP SIEM alert API fields](microsoft-defender-atp/api-portal-mapping.md) -###### [Pull alerts using SIEM REST API](microsoft-defender-atp/pull-alerts-using-rest-api.md) -###### [Troubleshoot SIEM tool integration issues](microsoft-defender-atp/troubleshoot-siem.md) +### [Troubleshoot next generation protection](windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md) -##### Reporting -###### [Create and build Power BI reports using Microsoft Defender ATP data](microsoft-defender-atp/powerbi-reports.md) -###### [Threat protection reports](microsoft-defender-atp/threat-protection-reports.md) -###### [Machine health and compliance reports](microsoft-defender-atp/machine-reports.md) - -##### Interoperability -###### [Partner applications](microsoft-defender-atp/partner-applications.md) - - -##### Role-based access control -###### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md) -####### [Create and manage roles](microsoft-defender-atp/user-roles.md) -####### [Create and manage machine groups](microsoft-defender-atp/machine-groups.md) -######## [Create and manage machine tags](microsoft-defender-atp/machine-tags.md) - - -##### [Configure managed security service provider (MSSP) support](microsoft-defender-atp/configure-mssp-support.md) - - -#### [Configure and manage Microsoft Threat Experts capabilities](microsoft-defender-atp/configure-microsoft-threat-experts.md) - - - -#### Configure Microsoft threat protection integration -##### [Configure conditional access](microsoft-defender-atp/configure-conditional-access.md) -##### [Configure Microsoft Cloud App Security integration](microsoft-defender-atp/microsoft-cloud-app-security-config.md) -##### [Configure information protection in Windows](microsoft-defender-atp/information-protection-in-windows-config.md) - - - - -#### [Configure Windows Defender Security Center settings](microsoft-defender-atp/preferences-setup.md) -##### General -###### [Update data retention settings](microsoft-defender-atp/data-retention-settings.md) -###### [Configure alert notifications](microsoft-defender-atp/configure-email-notifications.md) -###### [Enable and create Power BI reports using Windows Defender Security center data](microsoft-defender-atp/powerbi-reports.md) -###### [Enable Secure score security controls](microsoft-defender-atp/enable-secure-score.md) -###### [Configure advanced features](microsoft-defender-atp/advanced-features.md) - -##### Permissions -###### [Use basic permissions to access the portal](microsoft-defender-atp/basic-permissions.md) -###### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md) -####### [Create and manage roles](microsoft-defender-atp/user-roles.md) -####### [Create and manage machine groups](microsoft-defender-atp/machine-groups.md) -######## [Create and manage machine tags](microsoft-defender-atp/machine-tags.md) - -##### APIs -###### [Enable Threat intel (Deprecated)](microsoft-defender-atp/enable-custom-ti.md) -###### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md) - -#####Rules -###### [Manage suppression rules](microsoft-defender-atp/manage-suppression-rules.md) -###### [Manage automation allowed/blocked lists](microsoft-defender-atp/manage-automation-allowed-blocked-list.md) -###### [Manage indicators](microsoft-defender-atp/manage-indicators.md) -###### [Manage automation file uploads](microsoft-defender-atp/manage-automation-file-uploads.md) -###### [Manage automation folder exclusions](microsoft-defender-atp/manage-automation-folder-exclusions.md) - -#####Machine management -###### [Onboarding machines](microsoft-defender-atp/onboard-configure.md) -###### [Offboarding machines](microsoft-defender-atp/offboard-machines.md) - -##### [Configure Windows Defender Security Center time zone settings](microsoft-defender-atp/time-settings.md) - - -### [Troubleshoot Microsoft Defender ATP](microsoft-defender-atp/troubleshoot-overview.md) -####Troubleshoot sensor state -##### [Check sensor state](microsoft-defender-atp/check-sensor-status.md) -##### [Fix unhealthy sensors](microsoft-defender-atp/fix-unhealthy-sensors.md) -##### [Inactive machines](microsoft-defender-atp/fix-unhealthy-sensors.md#inactive-machines) -##### [Misconfigured machines](microsoft-defender-atp/fix-unhealthy-sensors.md#misconfigured-machines) -##### [Review sensor events and errors on machines with Event Viewer](microsoft-defender-atp/event-error-codes.md) - -#### [Troubleshoot Microsoft Defender ATP service issues](microsoft-defender-atp/troubleshoot-mdatp.md) -##### [Check service health](microsoft-defender-atp/service-status.md) - -####Troubleshoot attack surface reduction -##### [Network protection](windows-defender-exploit-guard/troubleshoot-np.md) -##### [Attack surface reduction rules](windows-defender-exploit-guard/troubleshoot-asr.md) -##### [Collect diagnostic data for files](windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md) - -#### [Troubleshoot next generation protection](windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md) ## [Security intelligence](intelligence/index.md) ### [Understand malware & other threats](intelligence/understanding-malware.md) diff --git a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md index 1a252befcc..8896c08c25 100644 --- a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md +++ b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md @@ -9,7 +9,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.md b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.md index a493220c28..c0611c6e06 100644 --- a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.md +++ b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.md @@ -9,7 +9,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing.md b/windows/security/threat-protection/auditing/advanced-security-auditing.md index 021751d479..63485f34ef 100644 --- a/windows/security/threat-protection/auditing/advanced-security-auditing.md +++ b/windows/security/threat-protection/auditing/advanced-security-auditing.md @@ -9,7 +9,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md b/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md index ff4abced1d..f416edda8c 100644 --- a/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md +++ b/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md index b63008134d..c5c5466214 100644 --- a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md +++ b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md @@ -9,7 +9,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/auditing/audit-account-lockout.md b/windows/security/threat-protection/auditing/audit-account-lockout.md index bc27706761..dcd17c9695 100644 --- a/windows/security/threat-protection/auditing/audit-account-lockout.md +++ b/windows/security/threat-protection/auditing/audit-account-lockout.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 07/16/2018 --- diff --git a/windows/security/threat-protection/auditing/audit-application-generated.md b/windows/security/threat-protection/auditing/audit-application-generated.md index 5f12787bad..02e58a7acf 100644 --- a/windows/security/threat-protection/auditing/audit-application-generated.md +++ b/windows/security/threat-protection/auditing/audit-application-generated.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-application-group-management.md b/windows/security/threat-protection/auditing/audit-application-group-management.md index 243a0a2793..07fe9cb88d 100644 --- a/windows/security/threat-protection/auditing/audit-application-group-management.md +++ b/windows/security/threat-protection/auditing/audit-application-group-management.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-audit-policy-change.md b/windows/security/threat-protection/auditing/audit-audit-policy-change.md index 92ddf75cc3..f8d37dcdaa 100644 --- a/windows/security/threat-protection/auditing/audit-audit-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-audit-policy-change.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-authentication-policy-change.md b/windows/security/threat-protection/auditing/audit-authentication-policy-change.md index c5948e2a98..0171ab438c 100644 --- a/windows/security/threat-protection/auditing/audit-authentication-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-authentication-policy-change.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-authorization-policy-change.md b/windows/security/threat-protection/auditing/audit-authorization-policy-change.md index 9cd3235fed..329e7259b8 100644 --- a/windows/security/threat-protection/auditing/audit-authorization-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-authorization-policy-change.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md b/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md index 90c6830590..a9c4011dab 100644 --- a/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md +++ b/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-certification-services.md b/windows/security/threat-protection/auditing/audit-certification-services.md index 6a92ec70fa..2b7957cb67 100644 --- a/windows/security/threat-protection/auditing/audit-certification-services.md +++ b/windows/security/threat-protection/auditing/audit-certification-services.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-computer-account-management.md b/windows/security/threat-protection/auditing/audit-computer-account-management.md index 6bd25fe17e..1425e2cb70 100644 --- a/windows/security/threat-protection/auditing/audit-computer-account-management.md +++ b/windows/security/threat-protection/auditing/audit-computer-account-management.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-credential-validation.md b/windows/security/threat-protection/auditing/audit-credential-validation.md index afdc02bc12..68b0305d77 100644 --- a/windows/security/threat-protection/auditing/audit-credential-validation.md +++ b/windows/security/threat-protection/auditing/audit-credential-validation.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md b/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md index b7b19c64be..93757103e6 100644 --- a/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md +++ b/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-detailed-file-share.md b/windows/security/threat-protection/auditing/audit-detailed-file-share.md index 45f0d84812..6d6e5b0095 100644 --- a/windows/security/threat-protection/auditing/audit-detailed-file-share.md +++ b/windows/security/threat-protection/auditing/audit-detailed-file-share.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-directory-service-access.md b/windows/security/threat-protection/auditing/audit-directory-service-access.md index 0fdac3e3ab..a56a269acd 100644 --- a/windows/security/threat-protection/auditing/audit-directory-service-access.md +++ b/windows/security/threat-protection/auditing/audit-directory-service-access.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-directory-service-changes.md b/windows/security/threat-protection/auditing/audit-directory-service-changes.md index 46fde5296b..8fc975671d 100644 --- a/windows/security/threat-protection/auditing/audit-directory-service-changes.md +++ b/windows/security/threat-protection/auditing/audit-directory-service-changes.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-directory-service-replication.md b/windows/security/threat-protection/auditing/audit-directory-service-replication.md index 207691696b..6580b8f311 100644 --- a/windows/security/threat-protection/auditing/audit-directory-service-replication.md +++ b/windows/security/threat-protection/auditing/audit-directory-service-replication.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-distribution-group-management.md b/windows/security/threat-protection/auditing/audit-distribution-group-management.md index ef75ae3395..6dea144077 100644 --- a/windows/security/threat-protection/auditing/audit-distribution-group-management.md +++ b/windows/security/threat-protection/auditing/audit-distribution-group-management.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-dpapi-activity.md b/windows/security/threat-protection/auditing/audit-dpapi-activity.md index 850ee6ccd6..3efd600fab 100644 --- a/windows/security/threat-protection/auditing/audit-dpapi-activity.md +++ b/windows/security/threat-protection/auditing/audit-dpapi-activity.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-file-share.md b/windows/security/threat-protection/auditing/audit-file-share.md index bcd5e1c94a..ed86354e2b 100644 --- a/windows/security/threat-protection/auditing/audit-file-share.md +++ b/windows/security/threat-protection/auditing/audit-file-share.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-file-system.md b/windows/security/threat-protection/auditing/audit-file-system.md index dce5c61456..6f97bd7fdd 100644 --- a/windows/security/threat-protection/auditing/audit-file-system.md +++ b/windows/security/threat-protection/auditing/audit-file-system.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md b/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md index ddc64a5ebd..187040144e 100644 --- a/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md +++ b/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md b/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md index 8d5152fbd3..e37ee47f16 100644 --- a/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md +++ b/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md b/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md index 1a4f6057a4..63e9821c12 100644 --- a/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-group-membership.md b/windows/security/threat-protection/auditing/audit-group-membership.md index 6f3d57854c..7af1da773b 100644 --- a/windows/security/threat-protection/auditing/audit-group-membership.md +++ b/windows/security/threat-protection/auditing/audit-group-membership.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-handle-manipulation.md b/windows/security/threat-protection/auditing/audit-handle-manipulation.md index 39286372c6..6642a9576a 100644 --- a/windows/security/threat-protection/auditing/audit-handle-manipulation.md +++ b/windows/security/threat-protection/auditing/audit-handle-manipulation.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-ipsec-driver.md b/windows/security/threat-protection/auditing/audit-ipsec-driver.md index bb31873f01..e1ea4700ec 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-driver.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-driver.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 10/02/2018 --- diff --git a/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md index 1f64ccddd8..5e6f49e5b2 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 10/02/2018 --- diff --git a/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md index ffb510a3d0..0cc0aa7340 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 10/02/2018 --- diff --git a/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md index e775a3c861..4121e3101b 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 10/02/2018 --- diff --git a/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md b/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md index c0b06e1fe1..995bf11ffc 100644 --- a/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md +++ b/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md b/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md index 34189b1f84..4e685381b1 100644 --- a/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md +++ b/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-kernel-object.md b/windows/security/threat-protection/auditing/audit-kernel-object.md index e8e980b574..f4c965ec52 100644 --- a/windows/security/threat-protection/auditing/audit-kernel-object.md +++ b/windows/security/threat-protection/auditing/audit-kernel-object.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-logoff.md b/windows/security/threat-protection/auditing/audit-logoff.md index ad99e15524..3ff2570d46 100644 --- a/windows/security/threat-protection/auditing/audit-logoff.md +++ b/windows/security/threat-protection/auditing/audit-logoff.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 07/16/2018 --- diff --git a/windows/security/threat-protection/auditing/audit-logon.md b/windows/security/threat-protection/auditing/audit-logon.md index 6b4a018bc0..a1fa633cae 100644 --- a/windows/security/threat-protection/auditing/audit-logon.md +++ b/windows/security/threat-protection/auditing/audit-logon.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md b/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md index 168b3092df..f756f7d9b5 100644 --- a/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-network-policy-server.md b/windows/security/threat-protection/auditing/audit-network-policy-server.md index b54295726e..0b76e614a1 100644 --- a/windows/security/threat-protection/auditing/audit-network-policy-server.md +++ b/windows/security/threat-protection/auditing/audit-network-policy-server.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md b/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md index 198fafbb9a..309f195d7d 100644 --- a/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md +++ b/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-other-account-logon-events.md b/windows/security/threat-protection/auditing/audit-other-account-logon-events.md index 132ef45445..218e662e92 100644 --- a/windows/security/threat-protection/auditing/audit-other-account-logon-events.md +++ b/windows/security/threat-protection/auditing/audit-other-account-logon-events.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-other-account-management-events.md b/windows/security/threat-protection/auditing/audit-other-account-management-events.md index a0c84a45db..a52ff0d042 100644 --- a/windows/security/threat-protection/auditing/audit-other-account-management-events.md +++ b/windows/security/threat-protection/auditing/audit-other-account-management-events.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md b/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md index e8c3a4a9ab..77527e8253 100644 --- a/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md +++ b/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-other-object-access-events.md b/windows/security/threat-protection/auditing/audit-other-object-access-events.md index 2b34a59026..d9513980da 100644 --- a/windows/security/threat-protection/auditing/audit-other-object-access-events.md +++ b/windows/security/threat-protection/auditing/audit-other-object-access-events.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 05/29/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-other-policy-change-events.md b/windows/security/threat-protection/auditing/audit-other-policy-change-events.md index b0dd87d7af..2690694166 100644 --- a/windows/security/threat-protection/auditing/audit-other-policy-change-events.md +++ b/windows/security/threat-protection/auditing/audit-other-policy-change-events.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md b/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md index e9a27ea9ef..bbe45925d3 100644 --- a/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md +++ b/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-other-system-events.md b/windows/security/threat-protection/auditing/audit-other-system-events.md index d7c450d16a..66a05eb6c1 100644 --- a/windows/security/threat-protection/auditing/audit-other-system-events.md +++ b/windows/security/threat-protection/auditing/audit-other-system-events.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-pnp-activity.md b/windows/security/threat-protection/auditing/audit-pnp-activity.md index 52fc369770..cc7a689b7c 100644 --- a/windows/security/threat-protection/auditing/audit-pnp-activity.md +++ b/windows/security/threat-protection/auditing/audit-pnp-activity.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-process-creation.md b/windows/security/threat-protection/auditing/audit-process-creation.md index a2306f7577..0868fa7fe7 100644 --- a/windows/security/threat-protection/auditing/audit-process-creation.md +++ b/windows/security/threat-protection/auditing/audit-process-creation.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-process-termination.md b/windows/security/threat-protection/auditing/audit-process-termination.md index 98610489a7..5bf90b6f6a 100644 --- a/windows/security/threat-protection/auditing/audit-process-termination.md +++ b/windows/security/threat-protection/auditing/audit-process-termination.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-registry.md b/windows/security/threat-protection/auditing/audit-registry.md index 6f804cc917..4db7d65686 100644 --- a/windows/security/threat-protection/auditing/audit-registry.md +++ b/windows/security/threat-protection/auditing/audit-registry.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-removable-storage.md b/windows/security/threat-protection/auditing/audit-removable-storage.md index c069248b22..f35a441ef8 100644 --- a/windows/security/threat-protection/auditing/audit-removable-storage.md +++ b/windows/security/threat-protection/auditing/audit-removable-storage.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-rpc-events.md b/windows/security/threat-protection/auditing/audit-rpc-events.md index 6581dc9ecb..1a4b0dbfbc 100644 --- a/windows/security/threat-protection/auditing/audit-rpc-events.md +++ b/windows/security/threat-protection/auditing/audit-rpc-events.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-sam.md b/windows/security/threat-protection/auditing/audit-sam.md index 621886f3cf..2a7efe94ec 100644 --- a/windows/security/threat-protection/auditing/audit-sam.md +++ b/windows/security/threat-protection/auditing/audit-sam.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-security-group-management.md b/windows/security/threat-protection/auditing/audit-security-group-management.md index 92ca9f0cc3..73b06e0091 100644 --- a/windows/security/threat-protection/auditing/audit-security-group-management.md +++ b/windows/security/threat-protection/auditing/audit-security-group-management.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 02/28/2019 --- diff --git a/windows/security/threat-protection/auditing/audit-security-state-change.md b/windows/security/threat-protection/auditing/audit-security-state-change.md index bddc7c3b72..526f198904 100644 --- a/windows/security/threat-protection/auditing/audit-security-state-change.md +++ b/windows/security/threat-protection/auditing/audit-security-state-change.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-security-system-extension.md b/windows/security/threat-protection/auditing/audit-security-system-extension.md index ee05761add..97c9f853c7 100644 --- a/windows/security/threat-protection/auditing/audit-security-system-extension.md +++ b/windows/security/threat-protection/auditing/audit-security-system-extension.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md index 148208ccb0..7e2fcd6fba 100644 --- a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md +++ b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-special-logon.md b/windows/security/threat-protection/auditing/audit-special-logon.md index 82e41e77a1..faa994ab12 100644 --- a/windows/security/threat-protection/auditing/audit-special-logon.md +++ b/windows/security/threat-protection/auditing/audit-special-logon.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-system-integrity.md b/windows/security/threat-protection/auditing/audit-system-integrity.md index 780b2f6b5a..df2120830a 100644 --- a/windows/security/threat-protection/auditing/audit-system-integrity.md +++ b/windows/security/threat-protection/auditing/audit-system-integrity.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-user-account-management.md b/windows/security/threat-protection/auditing/audit-user-account-management.md index c63b155800..82f8975fd5 100644 --- a/windows/security/threat-protection/auditing/audit-user-account-management.md +++ b/windows/security/threat-protection/auditing/audit-user-account-management.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/audit-user-device-claims.md b/windows/security/threat-protection/auditing/audit-user-device-claims.md index 3f7727d40f..7877fe6b80 100644 --- a/windows/security/threat-protection/auditing/audit-user-device-claims.md +++ b/windows/security/threat-protection/auditing/audit-user-device-claims.md @@ -10,7 +10,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md b/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md index d09135ef91..07f239f4d3 100644 --- a/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md +++ b/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md @@ -9,7 +9,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/auditing/basic-audit-account-management.md b/windows/security/threat-protection/auditing/basic-audit-account-management.md index a9c1e83493..3d6f35ef9d 100644 --- a/windows/security/threat-protection/auditing/basic-audit-account-management.md +++ b/windows/security/threat-protection/auditing/basic-audit-account-management.md @@ -9,7 +9,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md b/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md index a1744341ec..65f6a0672b 100644 --- a/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md +++ b/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md @@ -9,7 +9,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/auditing/basic-audit-logon-events.md b/windows/security/threat-protection/auditing/basic-audit-logon-events.md index 01df735d39..edba7f71a5 100644 --- a/windows/security/threat-protection/auditing/basic-audit-logon-events.md +++ b/windows/security/threat-protection/auditing/basic-audit-logon-events.md @@ -9,7 +9,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/auditing/basic-audit-object-access.md b/windows/security/threat-protection/auditing/basic-audit-object-access.md index 26e2122845..ae6a25d613 100644 --- a/windows/security/threat-protection/auditing/basic-audit-object-access.md +++ b/windows/security/threat-protection/auditing/basic-audit-object-access.md @@ -9,7 +9,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/auditing/basic-audit-policy-change.md b/windows/security/threat-protection/auditing/basic-audit-policy-change.md index 391acd4cfb..a98760482c 100644 --- a/windows/security/threat-protection/auditing/basic-audit-policy-change.md +++ b/windows/security/threat-protection/auditing/basic-audit-policy-change.md @@ -9,7 +9,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/auditing/basic-audit-privilege-use.md b/windows/security/threat-protection/auditing/basic-audit-privilege-use.md index 3482f78df0..4a0ea891c0 100644 --- a/windows/security/threat-protection/auditing/basic-audit-privilege-use.md +++ b/windows/security/threat-protection/auditing/basic-audit-privilege-use.md @@ -9,7 +9,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/auditing/basic-audit-process-tracking.md b/windows/security/threat-protection/auditing/basic-audit-process-tracking.md index cb8dcae793..c99e882563 100644 --- a/windows/security/threat-protection/auditing/basic-audit-process-tracking.md +++ b/windows/security/threat-protection/auditing/basic-audit-process-tracking.md @@ -9,7 +9,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/auditing/basic-audit-system-events.md b/windows/security/threat-protection/auditing/basic-audit-system-events.md index 378ea7a13f..6283d5a530 100644 --- a/windows/security/threat-protection/auditing/basic-audit-system-events.md +++ b/windows/security/threat-protection/auditing/basic-audit-system-events.md @@ -9,7 +9,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/auditing/basic-security-audit-policies.md b/windows/security/threat-protection/auditing/basic-security-audit-policies.md index ce8988ec09..80170efbf6 100644 --- a/windows/security/threat-protection/auditing/basic-security-audit-policies.md +++ b/windows/security/threat-protection/auditing/basic-security-audit-policies.md @@ -9,7 +9,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md index a630363f60..997ee3cfee 100644 --- a/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md +++ b/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md @@ -9,7 +9,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md b/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md index 19df234c28..a99bb14e40 100644 --- a/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md +++ b/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md @@ -9,7 +9,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh manager: dansimp audience: ITPro ms.collection: M365-security-compliance diff --git a/windows/security/threat-protection/auditing/event-1100.md b/windows/security/threat-protection/auditing/event-1100.md index c9d45258d5..5f995bb735 100644 --- a/windows/security/threat-protection/auditing/event-1100.md +++ b/windows/security/threat-protection/auditing/event-1100.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/event-1102.md b/windows/security/threat-protection/auditing/event-1102.md index 9a91340db1..1edce314ef 100644 --- a/windows/security/threat-protection/auditing/event-1102.md +++ b/windows/security/threat-protection/auditing/event-1102.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/event-1104.md b/windows/security/threat-protection/auditing/event-1104.md index 7828382017..d70f00eeb9 100644 --- a/windows/security/threat-protection/auditing/event-1104.md +++ b/windows/security/threat-protection/auditing/event-1104.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dulcemontemayor +author: Mir0sh ms.date: 04/19/2017 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/event-4768.md b/windows/security/threat-protection/auditing/event-4768.md index 41c866e704..74e6e22b45 100644 --- a/windows/security/threat-protection/auditing/event-4768.md +++ b/windows/security/threat-protection/auditing/event-4768.md @@ -219,7 +219,7 @@ The most common values: | 0x18 | KDC\_ERR\_PREAUTH\_FAILED | Pre-authentication information was invalid | The wrong password was provided.
    This error code cannot occur in event “[4768](event-4768.md). A Kerberos authentication ticket (TGT) was requested”. It occurs in “[4771](event-4771.md). Kerberos pre-authentication failed” event. | | 0x19 | KDC\_ERR\_PREAUTH\_REQUIRED | Additional pre-authentication required | This error often occurs in UNIX interoperability scenarios. MIT-Kerberos clients do not request pre-authentication when they send a KRB\_AS\_REQ message. If pre-authentication is required (the default), Windows systems will send this error. Most MIT-Kerberos clients will respond to this error by giving the pre-authentication, in which case the error can be ignored, but some clients might not respond in this way. | | 0x1A | KDC\_ERR\_SERVER\_NOMATCH | KDC does not know about the requested server | No information. | -| 0x1B | KDC\_ERR\_SVC\_UNAVAILABLE | KDC is unavailable | No information. | +| 0x1D | KDC\_ERR\_SVC\_UNAVAILABLE | KDC is unavailable | No information. | | 0x1F | KRB\_AP\_ERR\_BAD\_INTEGRITY | Integrity check on decrypted field failed | The authenticator was encrypted with something other than the session key. The result is that the client cannot decrypt the resulting message. The modification of the message could be the result of an attack or it could be because of network noise. | | 0x20 | KRB\_AP\_ERR\_TKT\_EXPIRED | The ticket has expired | The smaller the value for the “Maximum lifetime for user ticket” Kerberos policy setting, the more likely it is that this error will occur. Because ticket renewal is automatic, you should not have to do anything if you get this message. | | 0x21 | KRB\_AP\_ERR\_TKT\_NYV | The ticket is not yet valid | The ticket presented to the server is not yet valid (in relationship to the server time). The most probable cause is that the clocks on the KDC and the client are not synchronized.
    If cross-realm Kerberos authentication is being attempted, then you should verify time synchronization between the KDC in the target realm and the KDC in the client realm, as well. | diff --git a/windows/security/threat-protection/intelligence/fileless-threats.md b/windows/security/threat-protection/intelligence/fileless-threats.md index 546e5f5d36..6e0e5385e8 100644 --- a/windows/security/threat-protection/intelligence/fileless-threats.md +++ b/windows/security/threat-protection/intelligence/fileless-threats.md @@ -1,8 +1,8 @@ --- title: Fileless threats ms.reviewer: -description: Learn about fileless threats, its categories, and how it runs -keywords: fileless, amsi, behavior monitoring, memory scanning, boot sector protection, security, malware, Windows Defender ATP, antivirus, AV, Microsoft Defender ATP +description: Learn about the categories of fileless threats and malware that "live off the land" +keywords: fileless, fileless malware, living off the land, lolbins, amsi, behavior monitoring, memory scanning, boot sector protection, security, malware, Windows Defender ATP, antivirus, AV, Microsoft Defender ATP, next generation protection ms.prod: w10 ms.mktglfcycl: secure ms.sitesec: library @@ -18,9 +18,9 @@ search.appverid: met150 # Fileless threats -What exactly is a fileless threat? The term "fileless" suggests that a threat that does not come in a file, such as a backdoor that lives only in the memory of a machine. However, there's no generally accepted definition. The term is used broadly; it's also used to describe malware families that do rely on files to operate. +What exactly are fileless threats? The term "fileless" suggests that a threat does not come in a file, such as a backdoor that lives only in the memory of a machine. However, there's no generally accepted definition for fileless malware. The term is used broadly; it's also used to describe malware families that do rely on files to operate. -Given that attacks involve [several stages](https://attack.mitre.org/wiki/ATT&CK_Matrix) for functionalities like execution, persistence, or information theft, some parts of the attack chain may be fileless, while others may involve the filesystem in some form or another. +Given that attacks involve [several stages](https://attack.mitre.org/wiki/ATT&CK_Matrix) for functionalities like execution, persistence, or information theft, some parts of the attack chain may be fileless, while others may involve the filesystem in some form. For clarity, fileless threats are grouped into different categories. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md index a49b614738..edf9758501 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md @@ -39,6 +39,7 @@ When you enable this feature, users with the appropriate permissions can initiat For more information on role assignments see, [Create and manage roles](user-roles.md). ## Live response unsigned script execution + Enabling this feature allows you to run unsigned scripts in a live response session. ## Auto-resolve remediated alerts @@ -58,7 +59,7 @@ Blocking is only available if your organization uses Windows Defender Antivirus This feature enables you to block potentially malicious files in your network. Blocking a file will prevent it from being read, written, or executed on machines in your organization. -To turn **Block or allow** files on: +To turn **Allow or block** files on: 1. In the navigation pane, select **Settings** > **Advanced features** > **Allow or block file**. @@ -137,12 +138,22 @@ Turning this setting on forwards signals to Azure Information Protection, giving ## Microsoft Intune connection -This feature is only available if you have an active Microsoft Intune (Intune) license. +Microsoft Defender ATP can be integrated with [Microsoft Intune](https://docs.microsoft.com/intune/what-is-intune) to [enable device risk-based conditional access](https://docs.microsoft.com/intune/advanced-threat-protection#enable-windows-defender-atp-in-intune). When you [enable this feature](configure-conditional-access.md), you'll be able to share Microsoft Defender ATP device information with Intune, enhancing policy enforcement. -When you enable this feature, you'll be able to share Microsoft Defender ATP device information to Intune and enhance policy enforcement. +>[!IMPORTANT] +>You'll need to enable the integration on both Intune and Microsoft Defender ATP to use this feature. For more information on specific steps, see [Configure Conditional Access in Microsoft Defender ATP](configure-conditional-access.md). + +This feature is only available if you have the following: + +- A licensed tenant for Enterprise Mobility + Security E3, and Windows E5 (or Microsoft 365 Enterprise E5) +- An active Microsoft Intune environment, with Intune-managed Windows 10 devices [Azure AD-joined](https://docs.microsoft.com/azure/active-directory/devices/concept-azure-ad-join/). + +### Conditional Access policy + +When you enable Intune integration, Intune will automatically create a classic Conditional Access (CA) policy. This classic CA policy is a prerequisite for setting up status reports to Intune. It should not be deleted. >[!NOTE] ->You'll need to enable the integration on both Intune and Microsoft Defender ATP to use this feature. +> The classic CA policy created by Intune is distinct from modern [Conditional Access policies](https://docs.microsoft.com/azure/active-directory/conditional-access/overview/), which are used for configuring endpoints. ## Preview features diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md index 8e6f64817f..c22f668986 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md @@ -18,7 +18,7 @@ ms.topic: conceptual ms.date: 04/24/2018 --- -# Advanced hunting query best practices Microsoft Defender ATP +# Advanced hunting query best practices in Microsoft Defender ATP **Applies to:** @@ -28,23 +28,26 @@ ms.date: 04/24/2018 ## Performance best practices The following best practices serve as a guideline of query performance best practices and for you to get faster results and be able to run complex queries. -- Use time filters first. Azure Kusto is highly optimized to utilize time filters. For more information, see [Azure Kusto](https://docs.microsoft.com/connectors/kusto/). -- Put filters that are expected to remove most of the data in the beginning of the query, following the time filter. -- Use 'has' keyword over 'contains' when looking for full tokens. +- When trying new queries, always use `limit` to avoid extremely large result sets or use `count` to assess the size of the result set. +- Use time filters first. Ideally, limit your queries to 7 days. +- Put filters that are expected to remove most of the data in the beginning of the query, right after the time filter. +- Use the `has` operator over `contains` when looking for full tokens. - Use looking in specific column rather than using full text search across all columns. -- When joining between two tables - choose the table with less rows to be the first one (left-most). -- When joining between two tables - project only needed columns from both sides of the join. +- When joining between two tables, specify the table with fewer rows first. +- When joining between two tables, project only needed columns from both sides of the join. + +>[!Tip] +>For more guidance on improving query performance, read [Kusto query best practices](https://docs.microsoft.com/en-us/azure/kusto/query/best-practices). ## Query tips and pitfalls -### Unique Process IDs -Process IDs are recycled in Windows and reused for new processes and therefore can't serve as a unique identifier for a specific process. +### Using process IDs +Process IDs (PIDs) are recycled in Windows and reused for new processes and therefore can't serve as a unique identifier for a specific process. To address this issue, Microsoft Defender ATP created the time process. To get a unique identifier for a process on a specific machine, use the process ID together with the process creation time. +So, when you join data based on a specific process or summarize data for each process, you'll need to use a machine identifier (either `MachineId` or `ComputerName`), a process ID (`ProcessId` or `InitiatingProcessId`) and the process creation time (`ProcessCreationTime` or `InitiatingProcessCreationTime`) -So, when you join data based on a specific process or summarize data for each process, you'll need to use a machine identifier (either MachineId or ComputerName), a process ID (ProcessId or InitiatingProcessId) and the process creation time (ProcessCreationTime or InitiatingProcessCreationTime) - -The following example query is created to find processes that access more than 10 IP addresses over port 445 (SMB) - possibly scanning for file shares. +The following example query is created to find processes that access more than 10 IP addresses over port 445 (SMB), possibly scanning for file shares. Example query: ``` @@ -54,13 +57,13 @@ NetworkCommunicationEvents | where RemoteIPCount > 10 ``` -The query summarizes by both InitiatingProcessId and InitiatingProcessCreationTime - to make sure the query looks at a single process, and not mixing multiple processes with the same process ID. +The query summarizes by both `InitiatingProcessId` and `InitiatingProcessCreationTime` so that it looks at a single process, without mixing multiple processes with the same process ID. -### Using command line queries +### Using command lines -Command lines may vary - when applicable, filter on file names and do fuzzy matching. +Command lines can vary. When applicable, filter on file names and do fuzzy matching. -There are numerous ways to construct a command line to accomplish a task. +There are numerous ways to construct a command line to accomplish a task. For example, a malicious attacker could specify the process image file name without a path, with full path, without the file extension, using environment variables, add quotes, and others. In addition, the attacker can also change the order of some parameters, add multiple quotes or spaces, and much more. @@ -68,7 +71,7 @@ To create more durable queries using command lines, we recommended the following - Identify the known processes (such as net.exe, psexec.exe, and others) by matching on the filename fields, instead of filtering on the command line field. - When querying for command line arguments, don't look for an exact match on multiple unrelated arguments in a certain order. Instead, use regular expressions or use multiple separate contains operators. -- Use case insensitive matches. For example, use '=~', 'in~', 'contains' instead of '==', 'in' or 'contains_cs' +- Use case insensitive matches. For example, use `=~`, `in~`, `contains` instead of `==`, `in` or `contains_cs` - To mitigate DOS command line obfuscation techniques, consider removing quotes, replacing commas with spaces, and replacing multiple consecutive spaces with a single space. This is just the start of handling DOS obfuscation techniques, but it does mitigate the most common ones. The following example query shows various ways to construct a query that looks for the file *net.exe* to stop the Windows Defender Firewall service: @@ -90,7 +93,4 @@ ProcessCreationEvents | where CanonicalCommandLine contains "stop" and CanonicalCommandLine contains "MpsSvc" ``` ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-bestpractices-belowfoldlink) - - - +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-bestpractices-belowfoldlink) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md index 55acfa866d..0233da71e9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md @@ -72,7 +72,6 @@ To effectively build queries that span multiple tables, you need to understand t | Ipv6Dhcp | string | IPv6 address of DHCP server | | IsAzureADJoined | boolean | Boolean indicator of whether machine is joined to the Azure Active Directory | | IsAzureInfoProtectionApplied | boolean | Indicates whether the file is encrypted by Azure Information Protection | -| IsWindowsInfoProtectionApplied | boolean | Indicates whether Windows Information Protection (WIP) policies apply to the file | | LocalIP | string | IP address assigned to the local machine used during communication | | LocalPort | int | TCP port on the local machine used during communication | | LocalIPType | string | Type of IP address, for example Public, Private, Reserved, Loopback, Teredo, FourToSixMapping, and Broadcast | diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md b/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md index a09b2f556d..a3d83d4880 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md @@ -1,5 +1,5 @@ --- -title: Advanced Hunting API +title: Hello World ms.reviewer: description: Use this API to run advanced queries keywords: apis, supported apis, advanced hunting, query @@ -19,10 +19,9 @@ ms.topic: article # Microsoft Defender ATP API - Hello World -**Applies to:** -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) ## Get Alerts using a simple PowerShell script @@ -33,68 +32,60 @@ It only takes 5 minutes done in two steps: - Use examples: only requires copy/paste of a short PowerShell script ### Do I need a permission to connect? -For the App registration stage, you must have a Global administrator role in your Azure Active Directory (Azure AD) tenant. +For the Application registration stage, you must have a **Global administrator** role in your Azure Active Directory (Azure AD) tenant. ### Step 1 - Create an App in Azure Active Directory -1. Log on to [Azure](https://portal.azure.com) with your Global administrator user. +1. Log on to [Azure](https://portal.azure.com) with your **Global administrator** user. -2. Navigate to **Azure Active Directory** > **App registrations** > **New application registration**. +2. Navigate to **Azure Active Directory** > **App registrations** > **New registration**. - ![Image of Microsoft Azure and navigation to application registration](images/atp-azure-new-app.png) + ![Image of Microsoft Azure and navigation to application registration](images/atp-azure-new-app2.png) -3. In the registration form, enter the following information, then click **Create**. +3. In the registration form, choose a name for your application and then click **Register**. - - **Name:** Choose your own name. - - **Application type:** Web app / API - - **Redirect URI:** `https://127.0.0.1` +4. Allow your Application to access Microsoft Defender ATP and assign it **'Read all alerts'** permission: - ![Image of Create application window](images/webapp-create.png) + - On your application page, click **API Permissions** > **Add permission** > **APIs my organization uses** > type **WindowsDefenderATP** and click on **WindowsDefenderATP**. -4. Allow your App to access Microsoft Defender ATP and assign it 'Read all alerts' permission: + - **Note**: WindowsDefenderATP does not appear in the original list. You need to start writing its name in the text box to see it appear. - - Click **Settings** > **Required permissions** > **Add**. + ![Image of API access and API selection](images/add-permission.png) - ![Image of new app in Azure](images/webapp-add-permission.png) + - Choose **Application permissions** > **Alert.Read.All** > Click on **Add permissions** - - Click **Select an API** > **WindowsDefenderATP**, then click **Select**. + ![Image of API access and API selection](images/application-permissions.png) - **Note**: WindowsDefenderATP does not appear in the original list. You need to start writing its name in the text box to see it appear. + **Important note**: You need to select the relevant permissions. 'Read All Alerts' is only an example! - ![Image of API access and API selection](images/webapp-add-permission-2.png) + For instance, - - Click **Select permissions** > **Read all alerts** > **Select**. + - To [run advanced queries](run-advanced-query-api.md), select 'Run advanced queries' permission + - To [isolate a machine](isolate-machine.md), select 'Isolate machine' permission + - To determine which permission you need, please look at the **Permissions** section in the API you are interested to call. - ![Image of API access and API selection](images/webapp-add-permission-readalerts.png) +5. Click **Grant consent** - - Click **Done** + - **Note**: Every time you add permission you must click on **Grant consent** for the new permission to take effect. - ![Image of add permissions completion](images/webapp-add-permission-end.png) + ![Image of Grant permissions](images/grant-consent.png) - - Click **Grant permissions** +6. Add a secret to the application. - **Note**: Every time you add permission you must click on **Grant permissions**. + - Click **Certificates & secrets**, add description to the secret and click **Add**. - ![Image of Grant permissions](images/webapp-grant-permissions.png) + **Important**: After click Add, **copy the generated secret value**. You won't be able to retrieve after you leave! -5. Create a key for your App: + ![Image of create app key](images/webapp-create-key2.png) - - Click **Keys**, type a key name and click **Save**. +7. Write down your application ID and your tenant ID: - ![Image of create app key](images/webapp-create-key.png) + - On your application page, go to **Overview** and copy the following: -6. Write down your App ID and your Tenant ID: - - - App ID: - - ![Image of created app id](images/webapp-app-id1.png) - - - Tenant ID: Navigate to **Azure Active Directory** > **Properties** - - ![Image of create app key](images/api-tenant-id.png) + ![Image of created app id](images/app-and-tenant-ids.png) -Done! You have successfully registered an application! +Done! You have successfully registered an application! ### Step 2 - Get a token using the App and use this token to access the API. @@ -106,8 +97,8 @@ Done! You have successfully registered an application! # Paste below your Tenant ID, App ID and App Secret (App key). $tenantId = '' ### Paste your tenant ID here -$appId = '' ### Paste your app ID here -$appSecret = '' ### Paste your app key here +$appId = '' ### Paste your Application ID here +$appSecret = '' ### Paste your Application secret here $resourceAppIdUri = 'https://api.securitycenter.windows.com' $oAuthUri = "https://login.windows.net/$TenantId/oauth2/token" diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md b/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md index e1ba0b2aff..76fe3c070d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md @@ -1,7 +1,7 @@ --- title: Configure Conditional Access in Microsoft Defender ATP -description: -keywords: +description: Learn about steps that you need to do in Intune, Microsoft Defender Security Center, and Azure to implement Conditional access +keywords: conditional access, conditional, access, device risk, risk level, integration, intune integration search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 @@ -15,7 +15,6 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 09/03/2018 --- # Configure Conditional Access in Microsoft Defender ATP @@ -29,17 +28,24 @@ This section guides you through all the steps you need to take to properly imple >It's important to note that Azure AD registered devices is not supported in this scenario.
    >Only Intune enrolled devices are supported. + You need to make sure that all your devices are enrolled in Intune. You can use any of the following options to enroll devices in Intune: - IT Admin: For more information on how to enabling auto-enrollment, see [Windows Enrollment](https://docs.microsoft.com/intune/windows-enroll#enable-windows-10-automatic-enrollment) -- End-user: For more information on how to enroll your Windows 10 device in Intune, see [Enroll your Windows 10 device in Intune](https://docs.microsoft.com/intune-user-help/enroll-your-w10-device-access-work-or-school) -- End-user alternative: For more information on joining an Azure AD domain, see [Set up Azure Active Directory joined devices](https://docs.microsoft.com/azure/active-directory/device-management-azuread-joined-devices-setup). +- End-user: For more information on how to enroll your Windows 10 device in Intune, see [Enroll your Windows 10 device in Intune]https://docs.microsoft.com/intune/quickstart-enroll-windows-device) +- End-user alternative: For more information on joining an Azure AD domain, see [How to: Plan your Azure AD join implementation](https://docs.microsoft.com/azure/active-directory/devices/azureadjoin-plan). There are steps you'll need to take in Microsoft Defender Security Center, the Intune portal, and Azure AD portal. +It's important to note the required roles to access these portals and implement Conditional access: +- **Microsoft Defender Security Center** - You'll need to sign into the portal with a global administrator role to turn on the integration. +- **Intune** - You'll need to sign in to the portal with security administrator rights with management permissions. +- **Azure AD portal** - You'll need to sign in as a global administrator, security administrator, or Conditional Access administrator. + + > [!NOTE] > You'll need a Microsoft Intune environment, with Intune managed and Azure AD joined Windows 10 devices. diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md index d16c45de90..54f60b64f4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md @@ -52,9 +52,9 @@ ms.date: 04/24/2018 4. In the **Group Policy Management Editor**, go to **Computer configuration**, then **Preferences**, and then **Control panel settings**. -5. Right-click **Scheduled tasks**, point to **New**, and then click **Immediate task**. +5. Right-click **Scheduled tasks**, point to **New**, and then click **Immediate Task (At least Windows 7)**. -6. In the **Task** window that opens, go to the **General** tab. Choose the local SYSTEM user account (BUILTIN\SYSTEM) under **Security options**. +6. In the **Task** window that opens, go to the **General** tab. Under **Security options** click **Change User or Group** and type SYSTEM and then click **Check Names** then **OK**. NT AUTHORITY\SYSTEM appears as the user account the task will run as. 7. Select **Run whether user is logged on or not** and check the **Run with highest privileges** check box. @@ -84,7 +84,7 @@ You can use Group Policy (GP) to configure settings, such as settings for the sa 4. Click **Policies**, then **Administrative templates**. -5. Click **Windows components** and then **Microsoft Defender ATP**. +5. Click **Windows components** and then **Windows Defender ATP**. 6. Choose to enable or disable sample sharing from your machines. diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md index 3507beb090..3387e07476 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md @@ -1,5 +1,5 @@ --- -title: Onboard Windows 10 machines on Microsoft Defender ATP +title: Onboarding tools and methods for Windows 10 machines description: Onboard Windows 10 machines so that they can send sensor data to the Microsoft Defender ATP sensor keywords: Onboard Windows 10 machines, group policy, system center configuration manager, mobile device management, local script, gp, sccm, mdm, intune search.product: eADQiWindows 10XVcnh @@ -15,10 +15,9 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 07/12/2018 --- -# Onboard Windows 10 machines +# Onboarding tools and methods for Windows 10 machines **Applies to:** diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md index 9b0a3173f6..d6b0b6bed5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md @@ -14,7 +14,7 @@ ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance -ms.topic: procedural +ms.topic: article --- # Optimize ASR rule deployment and detections diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md index ad42b1bcd9..70cfffed50 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md @@ -14,7 +14,7 @@ ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance -ms.topic: procedural +ms.topic: article --- # Get machines onboarded to Microsoft Defender ATP @@ -28,6 +28,9 @@ ms.topic: procedural Each onboarded machine adds an additional endpoint detection and response (EDR) sensor and increases visibility over breach activity in your network. Onboarding also ensures that a machine can be checked for vulnerable components as well security configuration issues and can receive critical remediation actions during attacks. +>[!NOTE] +>Before you can track and manage onboarding of machines, [enroll your machines to Intune management](configure-machines.md#enroll-machines-to-intune-management). + ## Discover and track unprotected machines The **Onboarding** card provides a high-level overview of your onboarding rate by comparing the number of Windows 10 machines that have actually onboarded to Microsoft Defender ATP against the total number of Intune-managed Windows 10 machines. diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md index b7a5c0bf30..14dbc385d6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md @@ -14,7 +14,7 @@ ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance -ms.topic: procedural +ms.topic: article --- # Increase compliance to the Microsoft Defender ATP security baseline @@ -30,6 +30,9 @@ Security baselines ensure that security features are configured according to gui To understand security baselines and how they are assigned on Intune using configuration profiles, [read this FAQ](https://docs.microsoft.com/intune/security-baselines#q--a). +>[!NOTE] +>Before you can track and manage compliance to the Microsoft Defender ATP security baseline, [enroll your machines to Intune management](configure-machines.md#enroll-machines-to-intune-management). + ## Compare the Microsoft Defender ATP and the Windows Intune security baselines The Windows Intune security baseline provides a comprehensive set of recommended settings needed to securely configure machines running Windows, including browser settings, PowerShell settings, as well as settings for some security features like Windows Defender Antivirus. In contrast, the Microsoft Defender ATP baseline provides settings that optimize all the security controls in the Microsoft Defender ATP stack, including settings for endpoint detection and response (EDR) as well as settings also found in the Windows Intune security baseline. For more information about each baseline, see: @@ -38,6 +41,9 @@ The Windows Intune security baseline provides a comprehensive set of recommended Both baselines are maintained so that they complement one another and have identical values for shared settings. Deploying both baselines to the same machine will not result in conflicts. Ideally, machines onboarded to Microsoft Defender ATP are deployed both baselines: the Windows Intune security baseline to initially secure Windows and then the Microsoft Defender ATP security baseline layered on top to optimally configure the Microsoft Defender ATP security controls. +>[!NOTE] +>The Microsoft Defender ATP security baseline has been optimized for physical devices and is currently not recommended for use on virtual machines (VMs) or VDI endpoints. Certain baseline settings can impact remote interactive sessions on virtualized environments. + ## Get permissions to manage security baselines in Intune By default, only users who have been assigned the Global Administrator or the Intune Service Administrator role on Azure AD can manage security baseline profiles. If you haven’t been assigned either role, work with a Global Administrator or an Intune Service Administrator to [create a custom role in Intune](https://docs.microsoft.com/intune/create-custom-role#to-create-a-custom-role) with full permissions to security baselines and then assign that role to your Azure AD group. diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md index 62140b2d6d..cce444980a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md @@ -14,7 +14,7 @@ ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance -ms.topic: procedural +ms.topic: conceptual --- # Ensure your machines are configured properly @@ -49,14 +49,17 @@ Machine configuration management works closely with Intune device management to Before you can ensure your machines are configured properly, enroll them to Intune management. Intune enrollment is robust and has several enrollment options for Windows 10 machines. For more information about Intune enrollment options, read [Set up enrollment for Windows devices](https://docs.microsoft.com/en-us/intune/windows-enroll). +>[!NOTE] +>To enroll Windows devices to Intune, administrators must have already been assigned licenses. [Read about assigning licenses for device enrollment](https://docs.microsoft.com/en-us/intune/licenses-assign). + >[!TIP] >To optimize machine management through Intune, [connect Intune to Microsoft Defender ATP](https://docs.microsoft.com/en-us/intune/advanced-threat-protection#enable-windows-defender-atp-in-intune). ->[!NOTE] ->During preview, you might encounter a few known limitations: ->- You might experience discrepancies in aggregated data displayed on the machine configuration management page and those displayed on overview screens in Intune. ->- The count of onboarded machines tracked by machine configuration management might not include machines onboarded using Security Center Configuration Manager, the onboarding script, or other onboarding methods that don’t use Intune profiles. To include these machines, create a corresponding Intune configuration profile for Microsoft Defender ATP onboarding and assign that profile to these machines. ->- The Microsoft Defender ATP security baseline currently doesn’t cover settings for all Microsoft Defender ATP security controls, including settings for exploit protection and Application Guard. +## Known issues and limitations in this preview +During preview, you might encounter a few known limitations: +- You might experience discrepancies in aggregated data displayed on the machine configuration management page and those displayed on overview screens in Intune. +- The count of onboarded machines tracked by machine configuration management might not include machines onboarded using Security Center Configuration Manager, the onboarding script, or other onboarding methods that don’t use Intune profiles. To include these machines, create a corresponding Intune configuration profile for Microsoft Defender ATP onboarding and assign that profile to these machines. +- The Microsoft Defender ATP security baseline currently doesn’t cover settings for all Microsoft Defender ATP security controls, including settings for exploit protection and Application Guard. ## In this section diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md index 96a1dc2cc7..6e08192fa6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md @@ -134,7 +134,7 @@ You can find the Azure IP range on [Microsoft Azure Datacenter IP Ranges](https: Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Microsoft Defender ATP service URLs. -1. Download the [connectivity verification tool](https://go.microsoft.com/fwlink/p/?linkid=823683) to the PC where Microsoft Defender ATP sensor is running on. +1. Download the [connectivity verification tool](https://aka.ms/mdatpanalyzer) to the PC where Microsoft Defender ATP sensor is running on. 2. Extract the contents of WDATPConnectivityAnalyzer on the machine. diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md index 69993debe0..ad8b37b921 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md @@ -137,7 +137,7 @@ Agent Resource | Ports ## Windows Server, version 1803 and Windows Server 2019 -To onboard Windows Server, version 1803 or Windows Server 2019, use the same method used when onboarding Windows 10 machines. +To onboard Windows Server, version 1803 or Windows Server 2019, please refer to the supported methods and versions below. Supported tools include: - Local script @@ -245,4 +245,4 @@ To offboard the server, you can use either of the following methods: - [Onboard non-Windows machines](configure-endpoints-non-windows.md) - [Configure proxy and Internet connectivity settings](configure-proxy-internet.md) - [Run a detection test on a newly onboarded Microsoft Defender ATP machine](run-detection-test.md) -- [Troubleshooting Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md) \ No newline at end of file +- [Troubleshooting Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md b/windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md index 30b66351ac..13cf662e66 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md @@ -15,7 +15,6 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 10/16/2017 --- # Configure Splunk to pull Microsoft Defender ATP alerts @@ -33,7 +32,7 @@ You'll need to configure Splunk so that it can pull Microsoft Defender ATP alert ## Before you begin -- Install the [REST API Modular Input app](https://splunkbase.splunk.com/app/1546/) in Splunk. +- Install the open source [Windows Defender ATP Modular Inputs TA](https://splunkbase.splunk.com/app/4128/) in Splunk. - Make sure you have enabled the **SIEM integration** feature from the **Settings** menu. For more information, see [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md) - Have the details file you saved from enabling the **SIEM integration** feature ready. You'll need to get the following values: @@ -52,7 +51,7 @@ You'll need to configure Splunk so that it can pull Microsoft Defender ATP alert 3. Click **REST** under **Local inputs**. NOTE: - This input will only appear after you install the [REST API Modular Input app](https://splunkbase.splunk.com/app/1546/). + This input will only appear after you install the [Windows Defender ATP Modular Inputs TA](https://splunkbase.splunk.com/app/4128/). 4. Click **New**. diff --git a/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md b/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md index 4a19677915..080111bee7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md +++ b/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md @@ -216,7 +216,7 @@ See The below code was tested with nuget Microsoft.IdentityModel.Clients.ActiveDirectory 3.19.8 +>The below code was tested with Nuget Microsoft.IdentityModel.Clients.ActiveDirectory 3.19.8 - Create a new Console Application - Install Nuget [Microsoft.IdentityModel.Clients.ActiveDirectory](https://www.nuget.org/packages/Microsoft.IdentityModel.Clients.ActiveDirectory/) @@ -215,7 +203,7 @@ You will get an answer of the form: Sanity check to make sure you got a correct token: - Copy/paste into [JWT](https://jwt.ms) the token you get in the previous step in order to decode it - Validate you get a 'roles' claim with the desired permissions -- In the screenshot below you can see a decoded token acquired from an app with permissions to all of Microsoft Defender ATP's roles: +- In the screen shot below you can see a decoded token acquired from an Application with permissions to all of Microsoft Defender ATP's roles: ![Image of token validation](images/webapp-decoded-token.png) diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/add-permission.png b/windows/security/threat-protection/microsoft-defender-atp/images/add-permission.png new file mode 100644 index 0000000000..74d57acf8e Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/add-permission.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/api-tenant-id.png b/windows/security/threat-protection/microsoft-defender-atp/images/api-tenant-id.png deleted file mode 100644 index ebac0b0e34..0000000000 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/api-tenant-id.png and /dev/null differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/app-and-tenant-ids.png b/windows/security/threat-protection/microsoft-defender-atp/images/app-and-tenant-ids.png new file mode 100644 index 0000000000..1f4f508c8c Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/app-and-tenant-ids.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/application-permissions-public-client.png b/windows/security/threat-protection/microsoft-defender-atp/images/application-permissions-public-client.png new file mode 100644 index 0000000000..3fc32f22db Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/application-permissions-public-client.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/application-permissions.png b/windows/security/threat-protection/microsoft-defender-atp/images/application-permissions.png new file mode 100644 index 0000000000..15977b7c35 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/application-permissions.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-new-app.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-new-app.png deleted file mode 100644 index 4449661657..0000000000 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-new-app.png and /dev/null differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-new-app2.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-new-app2.png new file mode 100644 index 0000000000..e04f757cff Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-new-app2.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/grant-consent.png b/windows/security/threat-protection/microsoft-defender-atp/images/grant-consent.png new file mode 100644 index 0000000000..0735940d05 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/grant-consent.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/nativeapp-create2.png b/windows/security/threat-protection/microsoft-defender-atp/images/nativeapp-create2.png new file mode 100644 index 0000000000..03c10910cb Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/nativeapp-create2.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ta_dashboard.png b/windows/security/threat-protection/microsoft-defender-atp/images/ta_dashboard.png new file mode 100644 index 0000000000..11d2edcf3e Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/ta_dashboard.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/timeline-machine.png b/windows/security/threat-protection/microsoft-defender-atp/images/timeline-machine.png index 6a13d4d007..146dca1470 100644 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/timeline-machine.png and b/windows/security/threat-protection/microsoft-defender-atp/images/timeline-machine.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/webapp-add-permission-2.png b/windows/security/threat-protection/microsoft-defender-atp/images/webapp-add-permission-2.png deleted file mode 100644 index 84672bbe4a..0000000000 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/webapp-add-permission-2.png and /dev/null differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/webapp-add-permission-end.png b/windows/security/threat-protection/microsoft-defender-atp/images/webapp-add-permission-end.png deleted file mode 100644 index 24bb4d1854..0000000000 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/webapp-add-permission-end.png and /dev/null differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/webapp-add-permission-readalerts.png b/windows/security/threat-protection/microsoft-defender-atp/images/webapp-add-permission-readalerts.png deleted file mode 100644 index 2872b71881..0000000000 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/webapp-add-permission-readalerts.png and /dev/null differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/webapp-add-permission.png b/windows/security/threat-protection/microsoft-defender-atp/images/webapp-add-permission.png deleted file mode 100644 index 38e98ce07d..0000000000 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/webapp-add-permission.png and /dev/null differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/webapp-app-id1.png b/windows/security/threat-protection/microsoft-defender-atp/images/webapp-app-id1.png deleted file mode 100644 index 4c058c2f93..0000000000 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/webapp-app-id1.png and /dev/null differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/webapp-create-key.png b/windows/security/threat-protection/microsoft-defender-atp/images/webapp-create-key.png deleted file mode 100644 index 4ddb1fae83..0000000000 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/webapp-create-key.png and /dev/null differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/webapp-create-key2.png b/windows/security/threat-protection/microsoft-defender-atp/images/webapp-create-key2.png new file mode 100644 index 0000000000..99339be6a7 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/webapp-create-key2.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/webapp-create.png b/windows/security/threat-protection/microsoft-defender-atp/images/webapp-create.png deleted file mode 100644 index dea9d8493d..0000000000 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/webapp-create.png and /dev/null differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/webapp-edit-multitenant.png b/windows/security/threat-protection/microsoft-defender-atp/images/webapp-edit-multitenant.png deleted file mode 100644 index 47203a8151..0000000000 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/webapp-edit-multitenant.png and /dev/null differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/webapp-grant-permissions.png b/windows/security/threat-protection/microsoft-defender-atp/images/webapp-grant-permissions.png deleted file mode 100644 index b7c7e0926f..0000000000 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/webapp-grant-permissions.png and /dev/null differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/webapp-select-permission.png b/windows/security/threat-protection/microsoft-defender-atp/images/webapp-select-permission.png deleted file mode 100644 index 8edc069eaf..0000000000 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/webapp-select-permission.png and /dev/null differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md index 216cc284d1..c79fa83c94 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md @@ -109,7 +109,7 @@ To see a full page view of an alert including incident graph and process tree, s The **Timeline** section provides a chronological view of the events and associated alerts that have been observed on the machine. This can help you correlate any events, files, and IP addresses in relation to the machine. -Timeline also enables you to selectively drill down into events that occurred within a given time period. You can view the temporal sequence of events that occurred on a machine over a selected time period. To further control your view, you can filter by event groups or customize the columns. +The timeline also enables you to selectively drill down into events that occurred within a given time period. You can view the temporal sequence of events that occurred on a machine over a selected time period. To further control your view, you can filter by event groups or customize the columns. >[!NOTE] > For firewall events to be displayed, you'll need to enable the audit policy, see [Audit Filtering Platform connection](https://docs.microsoft.com/windows/security/threat-protection/auditing/audit-filtering-platform-connection). @@ -131,15 +131,15 @@ Some of the functionality includes: - Export detailed machine timeline events - Export the machine timeline for the current date or a specified date range up to seven days. -Along with event time and users, one of the main categories on the timeline is "Details". They describe what happened in the events. The list of possible details are: +More details about certain events are provided in the **Additional information** section. These details vary depending on the type of event, for example: -- Contained by Application Guard -- Active threat detected - when the detection happened, the threat was executing (i.e. it was running) -- Remediation unsuccessful - remediation was invoked but failed -- Remediation successful - the threat was stopped and cleaned up -- Warning bypassed by user - SmartScreen warning appeared but the user dismissed it -- Suspicious script detected -- Alert category (e.g. lateral movement)- if the event is correlated to an alert, the tag will show the alert category +- Contained by Application Guard - the web browser event was restricted by an isolated container +- Active threat detected - the threat detection occurred while the threat was running +- Remediation unsuccessful - an attempt to remediate the detected threat was invoked but failed +- Remediation successful - the detected threat was stopped and cleaned +- Warning bypassed by user - the SmartScreen warning was dismissed and overridden by a user +- Suspicious script detected - a potentially malicious script was found running +- The alert category - if the event led to the generation of an alert, the alert category ("Lateral Movement", for example) is provided You can also use the [Artifact timeline](investigate-alerts.md#artifact-timeline) feature to see the correlation between alerts and events on a specific machine. diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md b/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md index c431ecb195..89649bba47 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md +++ b/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md @@ -95,6 +95,19 @@ getfile c:\Users\user\Desktop\work.txt getfile c:\Users\user\Desktop\work.txt -auto ``` +>[!NOTE] +> +> The following file types **cannot** be downloaded using this command from within Live Response: +> +> * [Reparse point files](/windows/desktop/fileio/reparse-points/) +> * [Sparse files](/windows/desktop/fileio/sparse-files/) +> * Empty files +> * Virtual files, or files that are not fully present locally +> +> These file types **are** supported by [PowerShell](/powershell/scripting/overview?view=powershell-6/). +> +> Use PowerShell as an alternative, if you have problems using this command from within Live Response. + ## processes ``` # Show all processes diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md index 9a0cc2d05f..3113e4b4f9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md @@ -74,6 +74,7 @@ Create custom rules to control when alerts are suppressed, or resolved. You can * Folder path - wildcard supported * IP address * URL - wildcard supported + * Command line - wildcard supported 3. Select the **Trigerring IOC**. diff --git a/windows/security/threat-protection/microsoft-defender-atp/TOC.md b/windows/security/threat-protection/microsoft-defender-atp/oldTOC.md similarity index 70% rename from windows/security/threat-protection/microsoft-defender-atp/TOC.md rename to windows/security/threat-protection/microsoft-defender-atp/oldTOC.md index 881293505c..e716d3a9e1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/TOC.md +++ b/windows/security/threat-protection/microsoft-defender-atp/oldTOC.md @@ -1,7 +1,9 @@ # [Microsoft Defender Advanced Threat Protection](microsoft-defender-advanced-threat-protection.md) -## [Overview](overview.md) -### [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) +## [Overview]() +### [Overview of Microsoft Defender ATP capabilities](overview.md) +### [Threat & Vulnerability Management]() +#### [Next-generation capabilities](next-gen-threat-and-vuln-mgt.md) #### [What's in the dashboard and what it means for my organization](tvm-dashboard-insights.md) #### [Exposure score](tvm-exposure-score.md) #### [Configuration score](configuration-score.md) @@ -12,29 +14,39 @@ #### [Scenarios](threat-and-vuln-mgt-scenarios.md) -### [Attack surface reduction](overview-attack-surface-reduction.md) -#### [Hardware-based isolation](overview-hardware-based-isolation.md) -##### [Application isolation](../windows-defender-application-guard/wd-app-guard-overview.md) +### [Attack surface reduction]() +#### [Hardware-based isolation]() +##### [Hardware-based isolation in Windows 10](overview-hardware-based-isolation.md) + +##### [Application isolation]() +###### [Application guard overview](../windows-defender-application-guard/wd-app-guard-overview.md) ###### [System requirements](../windows-defender-application-guard/reqs-wd-app-guard.md) + ##### [System integrity](../windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md) -#### [Application control](../windows-defender-application-control/windows-defender-application-control.md) + +#### [Application control]() +##### [Windows Defender Application Guard](../windows-defender-application-control/windows-defender-application-control.md) + #### [Exploit protection](../windows-defender-exploit-guard/exploit-protection-exploit-guard.md) #### [Network protection](../windows-defender-exploit-guard/network-protection-exploit-guard.md) #### [Controlled folder access](../windows-defender-exploit-guard/controlled-folders-exploit-guard.md) #### [Attack surface reduction](../windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md) #### [Network firewall](../windows-firewall/windows-firewall-with-advanced-security.md) + + ### [Next generation protection](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) -### [Endpoint detection and response](overview-endpoint-detection-response.md) + + +### [Endpoint detection and response]() +#### [Endpoint detection and response overview](overview-endpoint-detection-response.md) #### [Security operations dashboard](security-operations-dashboard.md) - -#### [Incidents queue](incidents-queue.md) +#### [Incidents queue]() ##### [View and organize the Incidents queue](view-incidents-queue.md) ##### [Manage incidents](manage-incidents.md) ##### [Investigate incidents](investigate-incidents.md) - -#### Alerts queue +#### [Alerts queue]() ##### [View and organize the Alerts queue](alerts-queue.md) ##### [Manage alerts](manage-alerts.md) ##### [Investigate alerts](investigate-alerts.md) @@ -44,16 +56,18 @@ ##### [Investigate a domain](investigate-domain.md) ##### [Investigate a user account](investigate-user.md) -#### [Machines list](machines-view-overview.md) -##### [Investigate machines](investigate-machines.md#machine-timeline) +#### [Machines list]() +##### [View and organize the Machines list](machines-view-overview.md) + +##### [Investigate machines]() ###### [Machine details](investigate-machines.md#machine-details) ###### [Response actions](investigate-machines.md#response-actions) ###### [Cards](investigate-machines.md#cards) ###### [Tabs](investigate-machines.md#tabs) - -#### [Take response actions](response-actions.md) -##### [Take response actions on a machine](respond-machine-alerts.md) +#### [Take response actions]() +##### [Take response actions on a machine]() +###### [Understand response actions](respond-machine-alerts.md) ###### [Manage tags](respond-machine-alerts.md#manage-tags) ###### [Initiate Automated Investigation](respond-machine-alerts.md#initiate-automated-investigation) ###### [Initiate Live Response Session](respond-machine-alerts.md#initiate-live-response-session) @@ -63,46 +77,60 @@ ###### [Isolate machines from the network](respond-machine-alerts.md#isolate-machines-from-the-network) ###### [Check activity details in Action center](respond-machine-alerts.md#check-activity-details-in-action-center) -##### [Take response actions on a file](respond-file-alerts.md) +##### [Take response actions on a file]() +###### [Understand response actions](respond-file-alerts.md) ###### [Stop and quarantine files in your network](respond-file-alerts.md#stop-and-quarantine-files-in-your-network) -###### [Remove file from quarantine](respond-file-alerts.md#remove-file-from-quarantine) -###### [Block files in your network](respond-file-alerts.md#block-files-in-your-network) -###### [Remove file from blocked list](respond-file-alerts.md#remove-file-from-blocked-list) -###### [Check activity details in Action center](respond-file-alerts.md#check-activity-details-in-action-center) +###### [Restore file from quarantine](respond-file-alerts.md#restore-file-from-quarantine) +###### [Add an indicator to block or allow a file](respond-file-alerts.md#add-indicator-to-block-or-allow-a-file) ###### [Deep analysis](respond-file-alerts.md#deep-analysis) - -##### [Investigate entities using Live response](live-response.md) +##### [Live response]() +###### [Investigate entities on machines](live-response.md) ###### [Live response command examples](live-response-command-examples.md) -### [Automated investigation and remediation](automated-investigations.md) + +### [Automated investigation and remediation]() +#### [Understand Automated investigations](automated-investigations.md) #### [Learn about the automated investigation and remediation dashboard](manage-auto-investigation.md) #### [Manage actions related to automated investigation and remediation](auto-investigation-action-center.md) ### [Secure score](overview-secure-score.md) + + ### [Threat analytics](threat-analytics.md) + ### [Microsoft Threat Experts](microsoft-threat-experts.md) -### [Advanced hunting](overview-hunting.md) -#### [Query data using Advanced hunting](advanced-hunting.md) + +### [Advanced hunting]() +#### [Advanced hunting overview](overview-hunting.md) + +#### [Query data using Advanced hunting]() +##### [Data querying basics](advanced-hunting.md) ##### [Advanced hunting reference](advanced-hunting-reference.md) ##### [Advanced hunting query language best practices](advanced-hunting-best-practices.md) -#### [Custom detections](overview-custom-detections.md) + +#### [Custom detections]() +##### [Understand custom detection rules](overview-custom-detections.md) ##### [Create custom detections rules](custom-detection-rules.md) -### [Management and APIs](management-apis.md) +### [Management and APIs]() +#### [Overview of management and APIs](management-apis.md) #### [Understand threat intelligence concepts](threat-indicator-concepts.md) #### [Microsoft Defender ATP APIs](apis-intro.md) #### [Managed security service provider support](mssp-support.md) -### [Microsoft Threat Protection](threat-protection-integration.md) -#### [Protect users, data, and devices with Conditional Access](conditional-access.md) -#### [Microsoft Cloud App Security in Windows overview](microsoft-cloud-app-security-integration.md) -#### [Information protection in Windows overview](information-protection-in-windows-overview.md) -##### [Use sensitivity labels to prioritize incident response](information-protection-investigation.md) +### [Integrations]() +#### [Microsoft Defender ATP integrations](threat-protection-integration.md) +#### [Conditional Access integration overview](conditional-access.md) +#### [Microsoft Cloud App Security in Windows overview](microsoft-cloud-app-security-integration.md) + +#### [Information protection in Windows overview]() +##### [Windows integration](information-protection-in-windows-overview.md) +##### [Use sensitivity labels to prioritize incident response](information-protection-investigation.md) ### [Microsoft Threat Experts](microsoft-threat-experts.md) @@ -111,7 +139,8 @@ ### [Portal overview](portal-overview.md) -## [Get started](get-started.md) + +## [Get started]() ### [What's new in Microsoft Defender ATP](whats-new-in-microsoft-defender-atp.md) ### [Minimum requirements](minimum-requirements.md) ### [Validate licensing and complete setup](licensing.md) @@ -119,92 +148,137 @@ ### [Data storage and privacy](data-storage-privacy.md) ### [Assign user access to the portal](assign-portal-access.md) -### [Evaluate Microsoft Defender ATP](evaluate-atp.md) -#### Evaluate attack surface reduction -##### [Hardware-based isolation](../windows-defender-application-guard/test-scenarios-wd-app-guard.md) -##### [Application control](../windows-defender-application-control/audit-windows-defender-application-control-policies.md) -##### [Exploit protection](../windows-defender-exploit-guard/evaluate-exploit-protection.md) -##### [Network Protection](../windows-defender-exploit-guard/evaluate-network-protection.md) -##### [Controlled folder access](../windows-defender-exploit-guard/evaluate-controlled-folder-access.md) -##### [Attack surface reduction](../windows-defender-exploit-guard/evaluate-attack-surface-reduction.md) -##### [Network firewall](../windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md) -#### [Evaluate next generation protection](../windows-defender-antivirus/evaluate-windows-defender-antivirus.md) +### [Evaluate Microsoft Defender ATP capabilities]() +#### [Evaluate attack surface reduction]() + +##### [Evaluate attack surface reduction and next-generation capabilities](evaluate-atp.md) +###### [Hardware-based isolation](../windows-defender-application-guard/test-scenarios-wd-app-guard.md) +###### [Application control](../windows-defender-application-control/audit-windows-defender-application-control-policies.md) +###### [Exploit protection](../windows-defender-exploit-guard/evaluate-exploit-protection.md) +###### [Network Protection](../windows-defender-exploit-guard/evaluate-network-protection.md) +###### [Controlled folder access](../windows-defender-exploit-guard/evaluate-controlled-folder-access.md) +###### [Attack surface reduction](../windows-defender-exploit-guard/evaluate-attack-surface-reduction.md) +###### [Network firewall](../windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md) +##### [Evaluate next generation protection](../windows-defender-antivirus/evaluate-windows-defender-antivirus.md) ### [Access the Microsoft Defender Security Center Community Center](community.md) -## [Configure and manage capabilities](onboard.md) +## [Configure and manage capabilities]() + ### [Configure attack surface reduction](configure-attack-surface-reduction.md) -### Hardware-based isolation + +### [Hardware-based isolation]() #### [System integrity](../windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md) -#### [Application isolation](../windows-defender-application-guard/install-wd-app-guard.md) + +#### [Application isolation]() +##### [Install Windows Defender Application Guard](../windows-defender-application-guard/install-wd-app-guard.md) ##### [Configuration settings](../windows-defender-application-guard/configure-wd-app-guard.md) + #### [Application control](../windows-defender-application-control/windows-defender-application-control.md) -#### Device control + +#### [Device control]() ##### [Control USB devices](../device-control/control-usb-devices-using-intune.md) -##### [Device Guard](../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md) -###### [Memory integrity](../windows-defender-exploit-guard/memory-integrity.md) + +##### [Device Guard]() +###### [Code integrity](../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md) + +###### [Memory integrity]() +####### [Understand memory integrity](../windows-defender-exploit-guard/memory-integrity.md) ####### [Hardware qualifications](../windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md) ####### [Enable HVCI](../windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md) -#### [Exploit protection](../windows-defender-exploit-guard/enable-exploit-protection.md) + +#### [Exploit protection]() +##### [Enable exploit protection](../windows-defender-exploit-guard/enable-exploit-protection.md) ##### [Import/export configurations](../windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md) + #### [Network protection](../windows-defender-exploit-guard/enable-network-protection.md) -#### [Controlled folder access](../windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md) + +#### [Controlled folder access]() +##### [Enable controlled folder access](../windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md) ##### [Customize controlled folder access](../windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md) -#### [Attack surface reduction controls](../windows-defender-exploit-guard/enable-attack-surface-reduction.md) + +#### [Attack surface reduction controls]() +##### [Enable attack surface reduction rules](../windows-defender-exploit-guard/enable-attack-surface-reduction.md) +##### [Customize attack surface reduction rules](../windows-defender-exploit-guard/customize-attack-surface-reduction.md) + #### [Network firewall](../windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md) - -### [Configure next generation protection](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md) -#### [Utilize Microsoft cloud-delivered protection](../windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md) +### [Configure next generation protection]() +#### [Configure Windows Defender Antivirus features](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md) +#### [Utilize Microsoft cloud-delivered protection]() +##### [Understand cloud-delivered protection](../windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md) ##### [Enable cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) ##### [Specify the cloud-delivered protection level](../windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md) ##### [Configure and validate network connections](../windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md) ##### [Enable Block at first sight](../windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md) ##### [Configure the cloud block timeout period](../windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md) -#### [Configure behavioral, heuristic, and real-time protection](../windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md) + +#### [Configure behavioral, heuristic, and real-time protection]() +##### [Configuration overview](../windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md) ##### [Detect and block potentially unwanted applications](../windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md) ##### [Enable and configure always-on protection and monitoring](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) + #### [Antivirus on Windows Server 2016](../windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md) -#### [Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md) + +#### [Antivirus compatibility]() +##### [Compatibility charts](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md) ##### [Use limited periodic antivirus scanning](../windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md) -#### [Deploy, manage updates, and report on antivirus](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md) -##### [Deploy and enable antivirus](../windows-defender-antivirus/deploy-windows-defender-antivirus.md) +#### [Deploy, manage updates, and report on antivirus]() +##### [Using Windows Defender Antivirus](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md) + +##### [Deploy and enable antivirus]() +###### [Preparing to deploy](../windows-defender-antivirus/deploy-windows-defender-antivirus.md) ###### [Deployment guide for VDI environments](../windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md) -##### [Report on antivirus protection](../windows-defender-antivirus/report-monitor-windows-defender-antivirus.md) + +##### [Report on antivirus protection]() +###### [Review protection status and aqlerts](../windows-defender-antivirus/report-monitor-windows-defender-antivirus.md) ###### [Troubleshoot antivirus reporting in Update Compliance](../windows-defender-antivirus/troubleshoot-reporting.md) -##### [Manage updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md) + +##### [Manage updates and apply baselines]() +###### [Learn about the different kinds of updates](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md) ###### [Manage protection and Security intelligence updates](../windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md) ###### [Manage when protection updates should be downloaded and applied](../windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md) ###### [Manage updates for endpoints that are out of date](../windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md) ###### [Manage event-based forced updates](../windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md) ###### [Manage updates for mobile devices and VMs](../windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md) -#### [Customize, initiate, and review the results of scans and remediation](../windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md) -##### [Configure and validate exclusions in antivirus scans](../windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md) +#### [Customize, initiate, and review the results of scans and remediation]() +##### [Configuration overview](../windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md) + +##### [Configure and validate exclusions in antivirus scans]() +###### [Exclusions overview](../windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md) ###### [Configure and validate exclusions based on file name, extension, and folder location](../windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md) ###### [Configure and validate exclusions for files opened by processes](../windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md) ###### [Configure antivirus exclusions Windows Server 2016](../windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md) + ##### [Configure antivirus scanning options](../windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md) ##### [Configure remediation for scans](../windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md) ##### [Configure scheduled scans](../windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md) ##### [Configure and run scans](../windows-defender-antivirus/run-scan-windows-defender-antivirus.md) ##### [Review scan results](../windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md) ##### [Run and review the results of an offline scan](../windows-defender-antivirus/windows-defender-offline.md) + #### [Restore quarantined files](../windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md) -#### [Manage antivirus in your business](../windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md) + +#### [Manage antivirus in your business]() +##### [Management overview](../windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md) ##### [Use Group Policy settings to configure and manage antivirus](../windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md) ##### [Use System Center Configuration Manager and Microsoft Intune to configure and manage antivirus](../windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md) ##### [Use PowerShell cmdlets to configure and manage antivirus](../windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md) ##### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](../windows-defender-antivirus/use-wmi-windows-defender-antivirus.md) ##### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](../windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md) -#### [Manage scans and remediation](../windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md) -##### [Configure and validate exclusions in antivirus scans](../windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md) +#### [Manage scans and remediation]() +##### [Management overview](../windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md) + +##### [Configure and validate exclusions in antivirus scans]() +###### [Exclusions overview](../windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md) ###### [Configure and validate exclusions based on file name, extension, and folder location](../windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md) ###### [Configure and validate exclusions for files opened by processes](../windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md) ###### [Configure antivirus exclusions on Windows Server 2016](../windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md) + ##### [Configure scanning options](../windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md) ##### [Configure remediation for scans](../windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md) ##### [Configure scheduled scans](../windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md) @@ -212,7 +286,9 @@ ##### [Review scan results](../windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md) ##### [Run and review the results of an offline scan](../windows-defender-antivirus/windows-defender-offline.md) ##### [Restore quarantined files](../windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md) -#### [Manage next generation protection in your business](../windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md) + +#### [Manage next generation protection in your business]() +##### [Management overview](../windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md) ##### [Use Microsoft Intune and System Center Configuration Manager to manage next generation protection](../windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md) ##### [Use Group Policy settings to manage next generation protection](../windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md) ##### [Use PowerShell cmdlets to manage next generation protection](../windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md) @@ -220,41 +296,56 @@ ##### [Use the mpcmdrun.exe command line tool to manage next generation protection](../windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md) -### [Configure Secure score dashboard security controls](secure-score-dashboard.md) +### [Configure Secure score dashboard security controls](secure-score-dashboard.md) + ### [Configure and manage Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md) -### Management and API support -#### [Onboard machines](onboard-configure.md) + +### [Endpoint detection and response management and API support]() + +#### [Onboard machines]() +##### [Onboarding overview](onboard-configure.md) ##### [Onboard previous versions of Windows](onboard-downlevel.md) -##### [Onboard Windows 10 machines](configure-endpoints.md) + +##### [Onboard Windows 10 machines]() +###### [Ways to onboard](configure-endpoints.md) ###### [Onboard machines using Group Policy](configure-endpoints-gp.md) ###### [Onboard machines using System Center Configuration Manager](configure-endpoints-sccm.md) -###### [Onboard machines using Mobile Device Management tools](configure-endpoints-mdm.md) + +###### [Onboard machines using Mobile Device Management tools]() +####### [Overview](configure-endpoints-mdm.md) ####### [Onboard machines using Microsoft Intune](configure-endpoints-mdm.md#onboard-machines-using-microsoft-intune) ###### [Onboard machines using a local script](configure-endpoints-script.md) ###### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi.md) + ##### [Onboard servers](configure-server-endpoints.md) ##### [Onboard non-Windows machines](configure-endpoints-non-windows.md) ##### [Onboard machines without Internet access](onboard-offline-machines.md) ##### [Run a detection test on a newly onboarded machine](run-detection-test.md) ##### [Run simulated attacks on machines](attack-simulations.md) ##### [Configure proxy and Internet connectivity settings](configure-proxy-internet.md) -##### [Troubleshoot onboarding issues](troubleshoot-onboarding.md) + +##### [Troubleshoot onboarding issues]() +###### [Troubleshooting basics](troubleshoot-onboarding.md) ###### [Troubleshoot subscription and portal access issues](troubleshoot-onboarding-error-messages.md) - -#### [Microsoft Defender ATP API](use-apis.md) +#### [Microsoft Defender ATP API]() +##### [Understand Microsoft Defender ATP APIs](use-apis.md) ##### [Microsoft Defender ATP API license and terms](api-terms-of-use.md) -##### [Get started with Microsoft Defender ATP APIs](apis-intro.md) + +##### [Get started with Microsoft Defender ATP APIs]() +###### [Introduction](apis-intro.md) ###### [Hello World](api-hello-world.md) ###### [Get access with application context](exposed-apis-create-app-webapp.md) ###### [Get access with user context](exposed-apis-create-app-nativeapp.md) -##### [APIs](exposed-apis-list.md) +##### [APIs]() +###### [Supported Microsoft Defender ATP query APIs](exposed-apis-list.md) ###### [Advanced Hunting](run-advanced-query-api.md) -###### [Alert](alerts.md) +###### [Alert]() +####### [Methods, properties, and JSON representation](alerts.md) ####### [List alerts](get-alerts.md) ####### [Create alert](create-alert-by-reference.md) ####### [Update Alert](update-alert.md) @@ -265,7 +356,8 @@ ####### [Get alert related machine information](get-alert-related-machine-info.md) ####### [Get alert related user information](get-alert-related-user-info.md) -###### [Machine](machine.md) +###### [Machine]() +####### [Methods and properties](machine.md) ####### [List machines](get-machines.md) ####### [Get machine by ID](get-machine-by-id.md) ####### [Get machine log on users](get-machine-log-on-users.md) @@ -273,7 +365,8 @@ ####### [Add or Remove machine tags](add-or-remove-machine-tags.md) ####### [Find machines by IP](find-machines-by-ip.md) -###### [Machine Action](machineaction.md) +###### [Machine Action]() +####### [Methods and properties](machineaction.md) ####### [List Machine Actions](get-machineactions-collection.md) ####### [Get Machine Action](get-machineaction-object.md) ####### [Collect investigation package](collect-investigation-package.md) @@ -287,45 +380,49 @@ ####### [Stop and quarantine file](stop-and-quarantine-file.md) ####### [Initiate investigation (preview)](initiate-autoir-investigation.md) -###### [Indicators](ti-indicator.md) +###### [Indicators]() +####### [Methods and properties](ti-indicator.md) ####### [Submit Indicator](post-ti-indicator.md) ####### [List Indicators](get-ti-indicators-collection.md) ####### [Delete Indicator](delete-ti-indicator-by-id.md) -###### Domain +###### [Domain]() ####### [Get domain related alerts](get-domain-related-alerts.md) ####### [Get domain related machines](get-domain-related-machines.md) ####### [Get domain statistics](get-domain-statistics.md) ####### [Is domain seen in organization](is-domain-seen-in-org.md) -###### [File](files.md) +###### [File]() +####### [Methods and properties](files.md) ####### [Get file information](get-file-information.md) ####### [Get file related alerts](get-file-related-alerts.md) ####### [Get file related machines](get-file-related-machines.md) ####### [Get file statistics](get-file-statistics.md) -###### IP +###### [IP]() ####### [Get IP related alerts](get-ip-related-alerts.md) ####### [Get IP related machines](get-ip-related-machines.md) ####### [Get IP statistics](get-ip-statistics.md) ####### [Is IP seen in organization](is-ip-seen-org.md) -###### [User](user.md) +###### [User]() +####### [Methods](user.md) ####### [Get user related alerts](get-user-related-alerts.md) ####### [Get user related machines](get-user-related-machines.md) -##### How to use APIs - Samples -###### Advanced Hunting API +##### [How to use APIs - Samples]() +###### [Advanced Hunting API]() ####### [Schedule advanced Hunting using Microsoft Flow](run-advanced-query-sample-ms-flow.md) ####### [Advanced Hunting using PowerShell](run-advanced-query-sample-powershell.md) ####### [Advanced Hunting using Python](run-advanced-query-sample-python.md) ####### [Create custom Power BI reports](run-advanced-query-sample-power-bi-app-token.md) -###### Multiple APIs + +###### [Multiple APIs]() ####### [PowerShell](exposed-apis-full-sample-powershell.md) + ###### [Using OData Queries](exposed-apis-odata-samples.md) - -#### API for custom alerts +#### [API for custom alerts]() ##### [Enable the custom threat intelligence application](enable-custom-ti.md) ##### [Use the threat intelligence API to create custom alerts](use-custom-ti.md) ##### [Create custom threat intelligence alerts](custom-ti-api.md) @@ -334,8 +431,8 @@ ##### [Experiment with custom threat intelligence alerts](experiment-custom-ti.md) ##### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti.md) - -#### [Pull alerts to your SIEM tools](configure-siem.md) +#### [Pull alerts to your SIEM tools]() +##### [Learn about different ways to pull alerts](configure-siem.md) ##### [Enable SIEM integration](enable-siem-integration.md) ##### [Configure Splunk to pull alerts](configure-splunk.md) ##### [Configure HP ArcSight to pull alerts](configure-arcsight.md) @@ -343,84 +440,94 @@ ##### [Pull alerts using SIEM REST API](pull-alerts-using-rest-api.md) ##### [Troubleshoot SIEM tool integration issues](troubleshoot-siem.md) - -#### Reporting +#### [Reporting]() ##### [Create and build Power BI reports using Microsoft Defender ATP data](powerbi-reports.md) ##### [Threat protection reports](threat-protection-reports.md) ##### [Machine health and compliance reports](machine-reports.md) - -#### Interoperability +#### [Interoperability]() ##### [Partner applications](partner-applications.md) -#### [Manage machine configuration](configure-machines.md) +#### [Manage machine configuration]() +##### [Ensure your machines are configured properly](configure-machines.md) ##### [Monitor and increase machine onboarding](configure-machines-onboarding.md) ##### [Increase compliance to the security baseline](configure-machines-security-baseline.md) ##### [Optimize ASR rule deployment and detections](configure-machines-asr.md) -#### Role-based access control -##### [Manage portal access using RBAC](rbac.md) +#### [Role-based access control]() + +##### [Manage portal access using RBAC]() +###### [Using RBAC](rbac.md) ###### [Create and manage roles](user-roles.md) -###### [Create and manage machine groups](machine-groups.md) + +###### [Create and manage machine groups]() +####### [Using machine groups](machine-groups.md) ####### [Create and manage machine tags](machine-tags.md) #### [Configure managed security service provider (MSSP) support](configure-mssp-support.md) -### Configure Microsoft Threat Protection integration + +### [Configure Microsoft threat protection integration]() #### [Configure Conditional Access](configure-conditional-access.md) #### [Configure Microsoft Cloud App Security in Windows](microsoft-cloud-app-security-config.md) #### [Configure information protection in Windows](information-protection-in-windows-config.md) -### [Configure Microsoft Defender Security Center settings](preferences-setup.md) -#### General +### [Configure portal settings]() +#### [Set up preferences](preferences-setup.md) + +#### [General]() ##### [Update data retention settings](data-retention-settings.md) ##### [Configure alert notifications](configure-email-notifications.md) ##### [Enable and create Power BI reports using Windows Security app data](powerbi-reports.md) ##### [Enable Secure score security controls](enable-secure-score.md) ##### [Configure advanced features](advanced-features.md) - -#### Permissions + +#### [Permissions]() ##### [Use basic permissions to access the portal](basic-permissions.md) ##### [Manage portal access using RBAC](rbac.md) ###### [Create and manage roles](user-roles.md) ###### [Create and manage machine groups](machine-groups.md) ####### [Create and manage machine tags](machine-tags.md) - -#### APIs + +#### [APIs]() ##### [Enable Threat intel](enable-custom-ti.md) ##### [Enable SIEM integration](enable-siem-integration.md) - -#### Rules + +#### [Rules]() ##### [Manage suppression rules](manage-suppression-rules.md) ##### [Manage automation allowed/blocked lists](manage-automation-allowed-blocked-list.md) ##### [Manage indicators](manage-indicators.md) ##### [Manage automation file uploads](manage-automation-file-uploads.md) ##### [Manage automation folder exclusions](manage-automation-folder-exclusions.md) - -#### Machine management + +#### [Machine management]() ##### [Onboarding machines](onboard-configure.md) ##### [Offboarding machines](offboard-machines.md) - -#### [Configure Windows Security app time zone settings](time-settings.md) - + +#### [Configure time zone settings](time-settings.md) -## [Troubleshoot Microsoft Defender ATP](troubleshoot-overview.md) -### Troubleshoot sensor state + +## [Troubleshoot Microsoft Defender ATP]() + +### [Troubleshoot sensor state]() #### [Check sensor state](check-sensor-status.md) #### [Fix unhealthy sensors](fix-unhealthy-sensors.md) #### [Inactive machines](fix-unhealthy-sensors.md#inactive-machines) #### [Misconfigured machines](fix-unhealthy-sensors.md#misconfigured-machines) #### [Review sensor events and errors on machines with Event Viewer](event-error-codes.md) -### [Troubleshoot Microsoft Defender ATP service issues](troubleshoot-mdatp.md) + +### [Troubleshoot service issues]() +#### [Troubleshooting issues](troubleshoot-mdatp.md) #### [Check service health](service-status.md) -### Troubleshoot attack surface reduction + +### [Troubleshoot attack surface reduction issues]() #### [Network protection](../windows-defender-exploit-guard/troubleshoot-np.md) #### [Attack surface reduction rules](../windows-defender-exploit-guard/troubleshoot-asr.md) -#### [Collect diagnostic data for files](../windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md) +#### [Collect diagnostic data for files](../windows-defender-exploit-guard/troubleshoot-np.md) -### [Troubleshoot next generation protection](../windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md) +### [Troubleshoot next generation protection issues](../windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md b/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md index bec39c02a1..1d8fa91df1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md @@ -57,7 +57,7 @@ The following steps are required to enable this integration: ### Before you begin Review the following details to verify minimum system requirements: -- Install the [February monthly update rollup](https://support.microsoft.com/help/4074598/windows-7-update-kb4074598) +- Install the [February 2018 monthly update rollup](https://support.microsoft.com/help/4074598/windows-7-update-kb4074598) >[!NOTE] >Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro. diff --git a/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md b/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md index be5e22d9d9..84cf299759 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md @@ -66,6 +66,9 @@ Area | Description **(2) Main portal** | Main area where you will see the different views such as the Dashboards, Alerts queue, and Machines list. **(3) Community center, Localization, Help and support, Feedback** | **Community center** -Access the Community center to learn, collaborate, and share experiences about the product.

    **Time settings** - Gives you access to the configuration settings where you can set time zones and view license information.

    **Help and support** - Gives you access to the Microsoft Defender ATP guide, Microsoft support, and Premier support.

    **Feedback** - Access the feedback button to provide comments about the portal. +> [!NOTE] +> For devices with high resolution DPI scaling issues, please see [Windows scaling issues for high-DPI devices](https://support.microsoft.com/help/3025083/windows-scaling-issues-for-high-dpi-devices) for possible solutions. + ## Microsoft Defender ATP icons The following table provides information on the icons used all throughout the portal: diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md b/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md index 4ba83c3145..a1c5557fed 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md @@ -1,7 +1,7 @@ --- -title: Microsoft Defender Advanced Threat Protection Threat analytics +title: Track and respond to emerging threats with Microsoft Defender ATP threat analytics ms.reviewer: -description: Get a tailored organizational risk evaluation and actionable steps you can take to minimize risks in your organization. +description: Learn about emerging threats and attack techniques and how to stop them. Assess their impact to your organization and evaluate your organizational resilience. keywords: threat analytics, risk evaluation, OS mitigation, microcode mitigation, mitigation status search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -9,8 +9,8 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: mjcaparas -author: mjcaparas +ms.author: lomayor +author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro @@ -18,47 +18,46 @@ ms.collection: M365-security-compliance ms.topic: article --- -# Threat analytics +# Track and respond to emerging threats with threat analytics **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +Cyberthreats are emerging more frequently and prevalently. It is critical for organizations to quickly assess their security posture, covering the impact of emerging threats and their organizational resilience. -Cyberthreats are emerging more frequently and prevalently. It is critical for organizations to be able to quickly assess their security posture, including impact, and organizational resilience in the context of specific emerging threats. +Threat analytics is a set of reports published by Microsoft security researchers as soon as emerging threats and outbreaks are identified. The reports help you assess the impact of threats to your environment and identify actions that can contain them. -Threat Analytics is a set of interactive reports published by the Microsoft Defender ATP research team as soon as emerging threats and outbreaks are identified. The reports help you the assess impact of threats in your environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats. - +## View the threat analytics dashboard ->[!NOTE] ->The number of resolved alerts indicates how quickly your organization responds to alerts associated with a threat. Ideally, the chart should be showing alerts being resolved within a few days. +The threat analytics dashboard is a great jump off point for getting to the reports that are most relevant to your organization. It provides several overviews about the threats covered in the reports: -Each threat report provides a summary to describe details such as where the threat is coming from, where it's been seen, or techniques and tools that were used by the threat. +- **Latest threats** — lists the most recently published threat reports, along with the number of machines with resolved and unresolved alerts. +- **High-impact threats** — lists the threats that have had the highest impact on the organization in terms of the number of machines that have had related alerts, along with the number of machines with resolved and unresolved alerts. +- **Threat summary** — shows the number of threats among the threats reported in threat analytics with actual alerts. -The dashboard shows the impact in your organization through the following tiles: -- Machines with alerts - shows the current distinct number of impacted machines in your organization -- Machines with alerts over time - shows the distinct number of impacted over time -- Mitigation status - shows the number of mitigated and unmitigated machines. Machines are considered mitigated if they have all the measurable mitigations in place. -- Vulnerability patching status - lists any vulnerabilities associated with the threat, and if they have been patched -- Mitigation recommendations - lists the measurable mitigations and the number of machines that do not have each of the mitigations in place +![Image of a threat analytics dashboard](images/ta_dashboard.png) + +Select a threat on any of the overviews or on the table to view the report for that threat. + +## View a threat analytics report + +Each threat report generally provides an overview of the threat and an analysis of the techniques and tools used by the threat. It also provides worldwide impact information, mitigation recommendations, and detection information. It includes several cards that show dynamic data about how your organization is impacted by the threat and how prepared it is to stop the threat. ![Image of a threat analytics report](images/ta.png) -## Organizational impact -You can assess the organizational impact of a threat using the **Machines with alerts** and **Machines with alerts over time** tiles. +### Organizational impact +Each report includes cards designed to provide information about the organizational impact of a threat: +- **Machines with alerts** — shows the current number of distinct machines in your organization that have been impacted by the threat. A machine is categorized as **Active** if there is at least 1 alert associated with that threat and **Resolved** if *all* alerts associated with the threat on the machine have been resolved. +- **Machines with alerts over time** — shows the number of distinct machines with **Active** and **Resolved** alerts over time. The number of resolved alerts indicates how quickly your organization responds to alerts associated with a threat. Ideally, the chart should be showing alerts resolved within a few days. -A machine is categorized as **Active** if there is at least 1 alert associated with that threat and **Resolved** if *all* alerts associated with the threat on the machine are resolved. - - -The **Machine with alerts over time**, shows the number of distinct machines with **Active** and **Resolved alerts over time**. The number of resolved alerts indicates how quickly your organization responds to alerts associated with a threat. Ideally, the chart should be showing alerts being resolved within a few days. -## Organizational resilience -The **Mitigation recommendations** section provides specific actionable recommendations to improve your visibility into this threat and increase your organizational resilience. - -The **Mitigation status** and **Mitigation status over time** shows the endpoint configuration status assessed based on the recommended mitigations. +### Organizational resilience +Each report also includes cards that provide an overview of how resilient your organization can be against a given threat: +- **Mitigation status** — shows the number of machines that have and have not applied mitigations for the threat. Machines are considered mitigated if they have all the measurable mitigations in place. +- **Vulnerability patching status** — shows the number of machines that have applied security updates or patches that address vulnerabilities exploited by the threat. +- **Mitigation recommendations** — lists specific actionable recommendations to improve your visibility into the threat and increase your organizational resilience. This card lists only measurable mitigations along with the number of machines that don't have these mitigations in place. >[!IMPORTANT] ->- The chart only reflects mitigations that are measurable and where an evaluation can be made on the machine state as being compliant or non-compliant. There can be additional mitigations or compliance actions that currently cannot be computed or measured that are not reflected in the charts and are covered in the threat description under **Mitigation recommendations** section. ->- Even if all mitigations were measurable, there is no absolute guarantee of complete resilience but reflects the best possible actions that need to be taken to improve resiliency. - - +>- Charts only reflect mitigations that are measurable, meaning an evaluation can be made on whether a machine has applied the mitigations or not. Check the report overview for additional mitigations that are not reflected in the charts. +>- Even if all mitigations were measurable, they don't guarantee complete resilience. They reflect the best possible actions needed to improve resiliency. >[!NOTE] ->The Unavailable category indicates that there is no data available from the specific machine yet. +>Machines are counted as "unavailable" if they have been unable to transmit data to the service. diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-live-response.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-live-response.md new file mode 100644 index 0000000000..c9f75c07aa --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-live-response.md @@ -0,0 +1,56 @@ +--- +title: Troubleshoot Microsoft Defender ATP live response issues +description: Troubleshoot issues that might arise when using live response in Microsoft Defender ATP +keywords: troubleshoot live response, live, response, locked, file +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: troubleshooting +--- + +# Troubleshoot Microsoft Defender Advanced Threat Protection live response issues + + +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + + +This page provides detailed steps to troubleshoot live response issues. + +## File cannot be accessed during live response sessions +If while trying to take an action during a live response session, you encounter an error message stating that the file can't be accessed, you'll need to use the steps below to address the issue. + +1. Copy the following script code snippet and save it as a PS1 file: + + ``` + $copied_file_path=$args[0] + $action=Copy-Item $copied_file_path -Destination $env:TEMP -PassThru -ErrorAction silentlyContinue + + if ($action){ + Write-Host "You copied the file specified in $copied_file_path to $env:TEMP Succesfully" + } + + else{ + Write-Output "Error occoured while trying to copy a file, details:" + Write-Output $error[0].exception.message + + } + ``` + + +2. Add the script to the live response library. +3. Run the script with one parameter: the file path of the file to be copied. +4. Navigate to your TEMP folder. +5. Run the action you wanted to take on the copied file. + + + diff --git a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md index 44b4dab75d..994b79b7b6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md @@ -41,7 +41,7 @@ For more information preview features, see [Preview features](https://docs.micro - [Microsoft Threat Experts](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts)
    Microsoft Threat Experts is the new managed threat hunting service in Microsoft Defender ATP that provides proactive hunting, prioritization, and additional context and insights that further empower security operations centers (SOCs) to identify and respond to threats quickly and accurately. It provides additional layer of expertise and optics that Microsoft customers can utilize to augment security operation capabilities as part of Microsoft 365. -- [Indicators](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/ti-indicator)
    APIs for indicators are now generally available. +- [Indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/ti-indicator)
    APIs for indicators are now generally available. - [Interoperability](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/partner-applications)
    Microsoft Defender ATP supports third-party applications to help enhance the detection, investigation, and threat intelligence capabilities of the platform. diff --git a/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md b/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md index 66aa8cbcb8..8a376e6b4f 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md @@ -32,16 +32,17 @@ For more information, see [article 977321](https://support.microsoft.com/kb/9773 The following table lists and explains the allowed encryption types. - -| Encryption type | Description and version support | -|-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| DES_CBC_CRC | Data Encryption Standard with Cipher Block Chaining using the Cyclic Redundancy Check function
    Supported in Windows 2000 Server, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. The Windows 7 and Windows Server 2008 R2 operating systems do not support DES | -| DES_CBC_MD5 | Data Encryption Standard with Cipher Block Chaining using the Message-Digest algorithm 5 checksum function
    Supported in Windows 2000 Server, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. The Windows 7 and Windows Server 2008 R2 operating systems do not support DES by default. | -| RC4_HMAC_MD5 | Rivest Cipher 4 with Hashed Message Authentication Code using the Message-Digest algorithm 5 checksum function
    Supported in Windows 2000 Server, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. | -| AES128_HMAC_SHA1 | Advanced Encryption Standard in 128 bit cipher block with Hashed Message Authentication Code using the Secure Hash Algorithm (1).
    Not supported in Windows 2000 Server, Windows XP, or Windows Server 2003. Supported in Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. | -| AES256_HMAC_SHA1 | Advanced Encryption Standard in 256 bit cipher block with Hashed Message Authentication Code using the Secure Hash Algorithm (1).
    Not supported in Windows 2000 Server, Windows XP, or Windows Server 2003. Supported in Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. | -| Future encryption types | Reserved by Microsoft for additional encryption types that might be implemented. | - + +| Encryption type | Description and version support | +| - | - | +| DES_CBC_CRC | Data Encryption Standard with Cipher Block Chaining using the Cyclic Redundancy Check function
    Supported in Windows 2000 Server, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. The Windows 7, Windows 10 and Windows Server 2008 R2 operating systems do not support DES| by default. +| DES_CBC_MD5| Data Encryption Standard with Cipher Block Chaining using the Message-Digest algorithm 5 checksum function
    Supported in Windows 2000 Server, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. The Windows 7, Windows 10 and Windows Server 2008 R2 operating systems do not support DES by default. | +| RC4_HMAC_MD5| Rivest Cipher 4 with Hashed Message Authentication Code using the Message-Digest algorithm 5 checksum function
    Supported in Windows 2000 Server, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows 10 and Windows Server 2008 R2.| +| AES128_HMAC_SHA1| Advanced Encryption Standard in 128 bit cipher block with Hashed Message Authentication Code using the Secure Hash Algorithm (1).
    Not supported in Windows 2000 Server, Windows XP, or Windows Server 2003. Supported in Windows Vista, Windows Server 2008, Windows 7, Windows 10 and Windows Server 2008 R2. | +| AES256_HMAC_SHA1| Advanced Encryption Standard in 256 bit cipher block with Hashed Message Authentication Code using the Secure Hash Algorithm (1).
    Not supported in Windows 2000 Server, Windows XP, or Windows Server 2003. Supported in Windows Vista, Windows Server 2008, Windows 7, Windows 10 and Windows Server 2008 R2. | +| Future encryption types| Reserved by Microsoft for additional encryption types that might be implemented.| +  + ### Possible values @@ -81,16 +82,17 @@ This section describes how an attacker might exploit a feature or its configurat ### Vulnerability -Windows Server 2008 R2 and Windows 7 do not support the DES cryptographic suites because stronger ones are available. To enable Kerberos interoperability with non-Windows versions of the Kerberos protocol, these suites can be enabled. However, doing so might open attack vectors on computers running -Windows Server 2008 R2 and Windows 7. You can also disable DES for your computers running Windows Vista and Windows Server 2008. +Windows Server 2008 R2, Windows 7 and Windows 10, do not support the DES cryptographic suites because stronger ones are available. To enable Kerberos interoperability with non-Windows versions of the Kerberos protocol, these suites can be enabled. However, doing so might open attack vectors on computers running +Windows Server 2008 R2, Windows 7 and Windows 10. You can also disable DES for your computers running Windows Vista and Windows Server 2008. ### Countermeasure -Do not configure this policy. This will force the computers running Windows Server 2008 R2 and Windows 7 to use the AES or RC4 cryptographic suites. +Do not configure this policy. This will force the computers running Windows Server 2008 R2, Windows 7 and Windows 10 to use the AES or RC4 cryptographic suites. ### Potential impact -If you do not select any of the encryption types, computers running Windows Server 2008 R2 and Windows 7 might have Kerberos authentication failures when connecting with computers running non-Windows versions of the Kerberos protocol. +If you do not select any of the encryption types, computers running Windows Server 2008 R2, Windows 7 and Windows 10, might have Kerberos authentication failures when connecting with computers running non-Windows versions of the Kerberos protocol. + If you do select any encryption type, you will lower the effectiveness of encryption for Kerberos authentication but you will improve interoperability with computers running older versions of Windows. Contemporary non-Windows implementations of the Kerberos protocol support RC4 and AES 128-bit and AES 256-bit encryption. Most implementations, including the MIT Kerberos protocol and the Windows Kerberos protocol, are deprecating DES encryption. diff --git a/windows/security/threat-protection/security-policy-settings/security-policy-settings.md b/windows/security/threat-protection/security-policy-settings/security-policy-settings.md index ea05d79cc2..a6ae751c35 100644 --- a/windows/security/threat-protection/security-policy-settings/security-policy-settings.md +++ b/windows/security/threat-protection/security-policy-settings/security-policy-settings.md @@ -305,7 +305,7 @@ At the level of each organizational unit in the Active Directory hierarchy, one, This order means that the local Group Policy Object is processed first, and Group Policy Objects that are linked to the organizational unit of which the computer or user is a direct member are processed last, which overwrites the earlier Group Policy Objects. -This is the default processing order and administrators can specify exceptions to this order. A Group Policy Object that is linked to a site, domain, or organizational unit (not a local Group Policy Object) can be set to **Enforced** with respect to that site, domain, or organizational unit, so that none of its policy settings can be overridden. At any site, domain, or organizational unit, you can mark Group Policy inheritance selectively as **Block Inheritance**. Group Policy Object links that are set to **Enforced** are always applied, however, and they cannot be blocked. +This is the default processing order and administrators can specify exceptions to this order. A Group Policy Object that is linked to a site, domain, or organizational unit (not a local Group Policy Object) can be set to **Enforced** with respect to that site, domain, or organizational unit, so that none of its policy settings can be overridden. At any site, domain, or organizational unit, you can mark Group Policy inheritance selectively as **Block Inheritance**. Group Policy Object links that are set to **Enforced** are always applied, however, and they cannot be blocked. For more information see [Group Policy Basics – Part 2: Understanding Which GPOs to Apply](https://blogs.technet.microsoft.com/musings_of_a_technical_tam/2012/02/15/group-policy-basics-part-2-understanding-which-gpos-to-apply/). ###     Security settings policy processing diff --git a/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md index 4bbfd25108..83abf9cc69 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md @@ -92,7 +92,7 @@ Use the following cmdlets to enable cloud-delivered protection: ```PowerShell Set-MpPreference -MAPSReporting Advanced -Set-MpPreference -SubmitSamplesConsent Always +Set-MpPreference -SubmitSamplesConsent AlwaysPrompt ``` >[!NOTE] diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/MDATP_8_IntuneAppInfo.png b/windows/security/threat-protection/windows-defender-antivirus/images/MDATP_8_IntuneAppInfo.png index 2cb9a5a416..1fba4fa7f5 100644 Binary files a/windows/security/threat-protection/windows-defender-antivirus/images/MDATP_8_IntuneAppInfo.png and b/windows/security/threat-protection/windows-defender-antivirus/images/MDATP_8_IntuneAppInfo.png differ diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/admintemplates.png b/windows/security/threat-protection/windows-defender-antivirus/images/admintemplates.png new file mode 100644 index 0000000000..e95c44f251 Binary files /dev/null and b/windows/security/threat-protection/windows-defender-antivirus/images/admintemplates.png differ diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/baselines.png b/windows/security/threat-protection/windows-defender-antivirus/images/baselines.png new file mode 100644 index 0000000000..d08380470f Binary files /dev/null and b/windows/security/threat-protection/windows-defender-antivirus/images/baselines.png differ diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/bluetooth.png b/windows/security/threat-protection/windows-defender-antivirus/images/bluetooth.png new file mode 100644 index 0000000000..f4f5e4804b Binary files /dev/null and b/windows/security/threat-protection/windows-defender-antivirus/images/bluetooth.png differ diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md index cb39ebc506..a76cb6ae4a 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md @@ -119,11 +119,11 @@ Use the following PowerShell cmdlets to set the update order. ```PowerShell Set-MpPreference -SignatureFallbackOrder {LOCATION|LOCATION|LOCATION|LOCATION} -Set-MpPreference -SignatureDefinitionUpdateFileSharesSouce {\\UNC SHARE PATH|\\UNC SHARE PATH} +Set-MpPreference -SignatureDefinitionUpdateFileSharesSource {\\UNC SHARE PATH|\\UNC SHARE PATH} ``` See the following for more information: - [Set-MpPreference -SignatureFallbackOrder](https://technet.microsoft.com/itpro/powershell/windows/defender/set-mppreference#-signaturefallbackorder) -- [Set-MpPreference -SignatureDefinitionUpdateFileSharesSouce](https://technet.microsoft.com/itpro/powershell/windows/defender/set-mppreference#-signaturedefinitionupdatefilesharessources) +- [Set-MpPreference -SignatureDefinitionUpdateFileSharesSource](https://technet.microsoft.com/itpro/powershell/windows/defender/set-mppreference#-signaturedefinitionupdatefilesharessources) - [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) - [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx) @@ -133,7 +133,7 @@ Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com ```WMI SignatureFallbackOrder -SignatureDefinitionUpdateFileSharesSouce +SignatureDefinitionUpdateFileSharesSource ``` See the following for more information: diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md index 3963464f4e..73f3bdc5e1 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md @@ -24,6 +24,11 @@ ms.topic: conceptual - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md) +This topic describes how to deploy Microsoft Defender ATP for Mac manually. A successful deployment requires the completion of all of the following steps: +- [Download installation and onboarding packages](#download-installation-and-onboarding-packages) +- [Application installation](#application-installation) +- [Client configuration](#client-configuration) + ## Prerequisites and system requirements Before you get started, see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version. @@ -43,7 +48,7 @@ Download the installation and onboarding packages from Windows Defender Security Extract the contents of the .zip files: ```bash - mavel-macmini:Downloads test$ ls -l + ls -l total 721152 -rw-r--r-- 1 test staff 6185 Mar 15 10:45 WindowsDefenderATPOnboardingPackage.zip -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg @@ -87,7 +92,7 @@ If you did not enable Microsoft's driver during installation, then the applicati You can also run ```mdatp --health```. It reports if Real-Time Protection is enabled but not available: ```bash -mavel-mojave:~ testuser$ mdatp --health +mdatp --health ... realTimeProtectionAvailable : false realTimeProtectionEnabled : true @@ -107,7 +112,7 @@ In this case, you need to perform the following steps to enable Real-Time Protec 1. In Terminal, attempt to install the driver. (The operation will fail) ```bash - mavel-mojave:~ testuser$ sudo kextutil /Library/Extensions/wdavkext.kext + sudo kextutil /Library/Extensions/wdavkext.kext Kext rejected due to system policy: { URL = "file:///Library/StagedExtensions/Library/Extensions/wdavkext.kext/", ID = "com.microsoft.wdavkext" } Kext rejected due to system policy: { URL = "file:///Library/StagedExtensions/Library/Extensions/wdavkext.kext/", ID = "com.microsoft.wdavkext" } Diagnostics for /Library/Extensions/wdavkext.kext: @@ -120,13 +125,13 @@ In this case, you need to perform the following steps to enable Real-Time Protec 4. In Terminal, install the driver again. This time the operation will succeed: ```bash -mavel-mojave:~ testuser$ sudo kextutil /Library/Extensions/wdavkext.kext +sudo kextutil /Library/Extensions/wdavkext.kext ``` The banner should disappear from the Defender application, and ```mdatp --health``` should now report that Real-Time Protection is both enabled and available: ```bash -mavel-mojave:~ testuser$ mdatp --health +mdatp --health ... realTimeProtectionAvailable : true realTimeProtectionEnabled : true @@ -140,20 +145,20 @@ realTimeProtectionEnabled : true The client machine is not associated with orgId. Note that the *orgId* attribute is blank. ```bash - mavel-mojave:wdavconfig testuser$ mdatp --health orgId + mdatp --health orgId ``` 2. Install the configuration file on a client machine: ```bash - mavel-mojave:wdavconfig testuser$ python WindowsDefenderATPOnboarding.py + python WindowsDefenderATPOnboarding.py Generating /Library/Application Support/Microsoft/Defender/com.microsoft.wdav.atp.plist ... (You may be required to enter sudos password) ``` 3. Verify that the machine is now associated with your organization and reports a valid *orgId*: ```bash - mavel-mojave:wdavconfig testuser$ mdatp --health orgId + mdatp --health orgId E6875323-A6C0-4C60-87AD-114BBE7439B8 ``` diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md index 9565fa13e5..da2a6a8dcd 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md @@ -24,6 +24,12 @@ ms.topic: conceptual - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md) +This topic describes how to deploy Microsoft Defender ATP for Mac through Intune. A successful deployment requires the completion of all of the following steps: +- [Download installation and onboarding packages](#download-installation-and-onboarding-packages) +- [Client device setup](#client-device-setup) +- [Create System Configuration profiles](#create-system-configuration-profiles) +- [Publish application](#publish-application) + ## Prerequisites and system requirements Before you get started, see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version. @@ -122,7 +128,10 @@ Once the Intune changes are propagated to the enrolled devices, you can see them 2. Select **App type=Other/Line-of-business app**. 3. Select **file=wdav.pkg.intunemac**. Select **OK** to upload. 4. Select **Configure** and add the required information. -5. Use **macOS Sierra 10.12** as the minimum OS. Other settings can be any arbitrary value. +5. Use **macOS Sierra 10.12** as the minimum OS and set *Ignore app version* to **Yes**. Other settings can be any arbitrary value. + + > [!CAUTION] + > Failure to set *Ignore app version* to **Yes** impacts the ability of the application to receive updates through Microsoft AutoUpdate. See [Deploy updates for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-updates.md) for additional information about how the product is updated. ![Device status blade screenshot](images/MDATP_8_IntuneAppInfo.png) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md index 7105a86af8..44f2ed7150 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md @@ -24,6 +24,13 @@ ms.topic: conceptual - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md) +This topic describes how to deploy Microsoft Defender ATP for Mac through JAMF. A successful deployment requires the completion of all of the following steps: +- [Download installation and onboarding packages](#download-installation-and-onboarding-packages) +- [Create JAMF policies](#create-jamf-policies) +- [Client device setup](#client-device-setup) +- [Deployment](#deployment) +- [Check onboarding status](#check-onboarding-status) + ## Prerequisites and system requirements Before you get started, please see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version. @@ -57,7 +64,7 @@ Download the installation and onboarding packages from Windows Defender Security mavel-macmini:Downloads test$ ``` -## Create JAMF Policies +## Create JAMF policies You need to create a configuration profile and a policy to start deploying Microsoft Defender ATP for Mac to client devices. diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md index 59485467ff..8d774b3037 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md @@ -31,7 +31,7 @@ If you can reproduce a problem, please increase the logging level, run the syste 1. Increase logging level: ```bash - mavel-mojave:~ testuser$ mdatp --log-level verbose + mdatp --log-level verbose Creating connection to daemon Connection established Operation succeeded @@ -39,19 +39,18 @@ If you can reproduce a problem, please increase the logging level, run the syste 2. Reproduce the problem -3. Run `mdatp --diagnostic --create` to backup Microsoft Defender ATP's logs. The command will print out location with generated zip file. +3. Run `mdatp --diagnostic --create` to backup Microsoft Defender ATP's logs. The files will be stored inside of a .zip archive. This command will also print out the file path to the backup after the operation succeeds. ```bash - mavel-mojave:~ testuser$ mdatp --diagnostic --create + mdatp --diagnostic --create Creating connection to daemon Connection established - "/Library/Application Support/Microsoft/Defender/wdavdiag/d85e7032-adf8-434a-95aa-ad1d450b9a2f.zip" ``` 4. Restore logging level: ```bash - mavel-mojave:~ testuser$ mdatp --log-level info + mdatp --log-level info Creating connection to daemon Connection established Operation succeeded @@ -117,8 +116,3 @@ In the Microsoft Defender ATP portal, you'll see two categories of information: - Computer model - Processor architecture - Whether the device is a virtual machine - -## Known issues - -- Full Microsoft Defender ATP integration is not available yet. -- Centrally managed uninstall via Intune is still in development. As an alternative, manually uninstall Microsoft Defender ATP for Mac from each client device. diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md index 7b04e554d4..b9d60523ba 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md @@ -35,7 +35,6 @@ If you have any feedback that you would like to share, submit it by opening Micr ### Prerequisites -- Microsoft Defender ATP subscription - Access to the Microsoft Defender Security Center portal - Beginner-level experience in macOS and BASH scripting - Administrative privileges on the device (in case of manual deployment) @@ -50,13 +49,22 @@ If you have any feedback that you would like to share, submit it by opening Micr After you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints. -The following table lists the services and their associated URLs that your network must be able to connect to. You should ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an *allow* rule specifically for them: +The following table lists the services and their associated URLs that your network must be able to connect to. You should ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an *allow* rule specifically for them. -| Service | Description | URL | -| -------------- | ------------------------------------ | -------------------------------------------------------------------- | -| ATP | Advanced threat protection service | [https://x.cp.wd.microsoft.com](https://x.cp.wd.microsoft.com), [https://cdn.x.cp.wd.microsoft.com](https://cdn.x.cp.wd.microsoft.com) | +| Service location | DNS record | +| ---------------------------------------- | ----------------------- | +| Common URLs for all locations | x.cp.wd.microsoft.com
    cdn.x.cp.wd.microsoft.com
    eu-cdn.x.cp.wd.microsoft.com
    wu-cdn.x.cp.wd.microsoft.com
    *.blob.core.windows.net
    officecdn-microsoft-com.akamaized.net | +| European Union | europe.x.cp.wd.microsoft.com | +| United Kingdon | unitedkingdom.x.cp.wd.microsoft.com | +| United States | unitedstates.x.cp.wd.microsoft.com | -To test that a connection is not blocked, open [https://x.cp.wd.microsoft.com/api/report](https://x.cp.wd.microsoft.com/api/report) and [https://cdn.x.cp.wd.microsoft.com/ping]([https://cdn.x.cp.wd.microsoft.com/ping) in a browser. +Microsoft Defender ATP can discover a proxy server by using the following discovery methods: +- Web Proxy Auto-discovery Protocol (WPAD) +- Manual static proxy configuration + +If a proxy or firewall is blocking anonymous traffic, make sure that anonymous traffic is permitted in the previously listed URLs. + +To test that a connection is not blocked, open [https://x.cp.wd.microsoft.com/api/report](https://x.cp.wd.microsoft.com/api/report) and [https://cdn.x.cp.wd.microsoft.com/ping](https://cdn.x.cp.wd.microsoft.com/ping) in a browser. If you prefer the command line, you can also check the connection by running the following command in Terminal: @@ -100,6 +108,6 @@ Guidance for how to configure the product in enterprise environments is availabl ## Resources -- For more information about logging, uninstalling, or known issues, see the [Resources](microsoft-defender-atp-mac-resources.md) page. +- For more information about logging, uninstalling, or other topics, see the [Resources](microsoft-defender-atp-mac-resources.md) page. - [Privacy for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-privacy.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md index 3aae4bb7f2..55e8c6a5be 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md @@ -16,7 +16,7 @@ ms.reviewer: manager: dansimp --- -# Windows Defender Antivirus in Windows 10 and Windows Server 2016 +# Windows Defender Antivirus **Applies to:** @@ -42,23 +42,7 @@ You can configure and manage Windows Defender Antivirus with: >- Fast learning (including Block at first sight) >- Potentially unwanted application blocking -## What's new in Windows 10, version 1803 - -- The [block at first sight feature](configure-block-at-first-sight-windows-defender-antivirus.md) can now block non-portable executable files (such as JS, VBS, or macros) as well as executable files. -- The [Virus & threat protection area in the Windows Security app](windows-defender-security-center-antivirus.md) now includes a section for ransomware protection. It includes controlled folder access settings and ransomware recovery settings. - - -## What's new in Windows 10, version 1703 - -New features for Windows Defender Antivirus in Windows 10, version 1703 include: -- [Updates to how the block at first sight feature can be configured](configure-block-at-first-sight-windows-defender-antivirus.md) -- [The ability to specify the level of cloud-protection](specify-cloud-protection-level-windows-defender-antivirus.md) -- [Windows Defender Antivirus protection in the Windows Security app](windows-defender-security-center-antivirus.md) - -We've expanded this documentation library to cover end-to-end deployment, management, and configuration for Windows Defender Antivirus, and we've added some new guides that can help with evaluating and deploying Windows Defender AV in certain scenarios: -- [Evaluation guide for Windows Defender Antivirus](evaluate-windows-defender-antivirus.md) -- [Deployment guide for Windows Defender Antivirus in a virtual desktop infrastructure environment](deployment-vdi-windows-defender-antivirus.md) - +Check out [What's new in Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp), including new features and capabilities in Windows Defender Antivirus. ## Minimum system requirements diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md index c33eca6f6f..294b63f287 100644 --- a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md @@ -26,6 +26,14 @@ The [Microsoft Component Object Model (COM)](https://docs.microsoft.com/windows/ Prior to the Windows 10 1903 update, Windows Defender Application Control (WDAC) enforced a built-in allow list for COM object registration. While this mechanism works for most common application usage scenarios, customers have provided feedback that there are cases where additional COM objects need to be allowed. The 1903 update to Windows 10 introduces the ability to specify allowed COM objects via their GUID in the WDAC policy. +**NOTE**: To add this functionality to other versions of Windows 10, you can install the following or later updates: + +- Windows 10, 1809 June 18, 2019—KB4501371 (OS Build 17763.592) (https://support.microsoft.com/help/4501371/windows-10-update-kb4501371) +- Windows 10, 1803 June 18, 2019—KB4503288 (OS Build 17134.858) (https://support.microsoft.com/help/4503288/windows-10-update-kb4503288) +- Windows 10, 1709 June 18, 2019—KB4503281 (OS Build 16299.1237) (https://support.microsoft.com/help/4503281/windows-10-update-kb4503281) +- Windows 10, 1703 June 18, 2019—KB4503289 (OS Build 15063.1897) (https://support.microsoft.com/help/4503289/windows-10-update-kb4503289 +- Windows 10, 1607 June 18, 2019—KB4503294 (OS Build 14393.3053) (https://support.microsoft.com/help/4503294/windows-10-update-kb4503294) + ### Get COM object GUID Get GUID of application to allow in one of the following ways: diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md index 059828dc17..abc8820fab 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md @@ -77,3 +77,17 @@ Note that "ResetPolicyId" reverts a supplemental policy to a base policy, and re When merging, the policy type and ID of the leftmost/first policy specified is used. If the leftmost is a base policy with ID \, then regardless of what the GUIDS and types are for any subsequent policies, the merged policy will be a base policy with ID \. +### Deploying policies + +In order to deploy policies using the new multiple policy format you will need to: + +1. Ensure policies are copied to the right location + - Policies must be copied to this directory: C:\Windows\System32\CodeIntegrity\CiPolicies\Active +2. Binary policy files must have the correct name which takes the format {PolicyGUID}.cip + - Ensure that the name of the binary policy file is exactly the same as the PolicyID in the policy + - For example if the policy XML had the ID as {A6D7FBBF-9F6B-4072-BF37-693741E1D745} the correct name for the binary policy file would be {A6D7FBBF-9F6B-4072-BF37-693741E1D745}.cip +3. Reboot the system or use WMI to rebootlessly refresh the policy + +```powershell +Invoke-CimMethod -Namespace root\Microsoft\Windows\CI -ClassName PS_UpdateAndCompareCIPolicy -MethodName Update -Arguments @{FilePath = 'C:\Windows\System32\CodeIntegrity\CiPolicies\Active\{A6D7FBBF-9F6B-4072-BF37-693741E1D745}.cip'} +``` diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md index 1f0c64f9c3..61a3e06b58 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md @@ -14,6 +14,9 @@ author: dansimp ms.date: 05/17/2018 --- +> [!NOTE] +> For WDAC enhancements see [Delivering major enhancements in Windows Defender Application Control with the Windows 10 May 2019 Update](https://www.microsoft.com/security/blog/2019/07/01/). + # Deploy Windows Defender Application Control policies by using Microsoft Intune **Applies to:** diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md index ac87bbc9ed..9d5715caa9 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md @@ -27,7 +27,7 @@ manager: dansimp >Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -Attack surface reduction rules help prevent behaviors malware often uses to infect computers with malicious code. You can set attack surface reduction rules for computers running Windows 10, versions 1704 and 1709 or later, Windows Server 2016 1803 or later, or Windows Server 2019. +Attack surface reduction rules help prevent behaviors malware often uses to infect computers with malicious code. You can set attack surface reduction rules for computers running Windows 10, versions 1709 and 1803 or later, Windows Server, version 1803 (Semi-Annual Channel) or later, or Windows Server 2019. To use attack surface reduction rules, you need a Windows 10 Enterprise license. If you have a Windows E5 license, it gives you the advanced management capabilities to power them. These include monitoring, analytics, and workflows available in [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), as well as reporting and configuration capabilities in the Microsoft 365 Security Center. These advanced capabilities aren't available with an E3 license or with Windows 10 Enterprise without subscription, but you can use attack surface reduction rule events in Event Viewer to help facilitate deployment. @@ -45,6 +45,19 @@ Triggered rules display a notification on the device. You can [customize the not For information about configuring attack surface reduction rules, see [Enable attack surface reduction rules](enable-attack-surface-reduction.md). +## Review attack surface reduction events in the Microsoft Security Center + +Microsoft Defender ATP provides detailed reporting into events and blocks as part of its alert investigation scenarios. + +You can query Microsoft Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender-exploit-guard.md), you can use Advanced hunting to see how controlled folder access settings could affect your environment. + +Here is an example query: + +``` +MiscEvents +| where ActionType startswith 'Asr' +``` + ## Review attack surface reduction events in Windows Event Viewer You can review the Windows event log to view events that are created when attack surface reduction rules fire: @@ -147,7 +160,7 @@ GUID: 75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84 Malware often uses JavaScript and VBScript scripts to launch other malicious apps. -Malware written in JavaScript or VBS often acts as a downloader to fetch and launch additional native payload from the Internet. This rule prevents scripts from launching downloaded content, helping to prevent malicious use of the scripts to spread malware and infect machines. This isn't a common line-of-business use, but line-of-business applications sometimes use scripts to download and launch installers. You can exclude scripts so they're allowed to run. +Malware written in JavaScript or VBS often acts as a downloader to fetch and launch additional native payload from the Internet. This rule prevents scripts from launching downloaded content, helping to prevent malicious use of the scripts to spread malware and infect machines. This isn't a common line-of-business use, but line-of-business applications sometimes use scripts to download and launch installers. >[!IMPORTANT] >File and folder exclusions don't apply to this attack surface reduction rule. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md index 0e744a0011..f6197a0a67 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md @@ -227,7 +227,7 @@ Data Execution Prevention (DEP) | System and app-level | DEP, EmulateAtlThun Force randomization for images (Mandatory ASLR) | System and app-level | ForceRelocateImages | Audit not available Randomize memory allocations (Bottom-Up ASLR) | System and app-level | BottomUp, HighEntropy | Audit not available Validate exception chains (SEHOP) | System and app-level | SEHOP, SEHOPTelemetry | Audit not available -Validate heap integrity | System and app-level | TerminateOnHeapError | Audit not available +Validate heap integrity | System and app-level | TerminateOnError | Audit not available Arbitrary code guard (ACG) | App-level only | DynamicCode | AuditDynamicCode Block low integrity images | App-level only | BlockLowLabel | AuditImageLoad Block remote images | App-level only | BlockRemoteImages | Audit not available diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md index 7d3b72d249..5652a45bd4 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md @@ -1,3 +1,4 @@ +--- ms.reviewer: title: Import custom views to see attack surface reduction events description: Use Windows Event Viewer to import individual views for each of the features. @@ -179,6 +180,4 @@ Controlled folder access | Windows Defender (Operational) | 1127 | Blocked Contr Controlled folder access | Windows Defender (Operational) | 1128 | Audited Controlled folder access sector write block event Attack surface reduction | Windows Defender (Operational) | 5007 | Event when settings are changed Attack surface reduction | Windows Defender (Operational) | 1122 | Event when rule fires in Audit-mode - - Attack surface reduction | Windows Defender (Operational) | 1121 | Event when rule fires in Block-mode diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md index c5ee205c10..d701915788 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md @@ -45,6 +45,19 @@ Many of the features in the [Enhanced Mitigation Experience Toolkit (EMET)](http >[!WARNING] >Some security mitigation technologies may have compatibility issues with some applications. You should test exploit protection in all target use scenarios by using [audit mode](audit-windows-defender-exploit-guard.md) before deploying the configuration across a production environment or the rest of your network. +## Review exploit protection events in the Microsoft Security Center + +Microsoft Defender ATP provides detailed reporting into events and blocks as part of its alert investigation scenarios. + +You can query Microsoft Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender-exploit-guard.md), you can use Advanced hunting to see how exploit protection settings could affect your environment. + +Here is an example query: + +``` +MiscEvents +| where ActionType startswith 'ExploitGuard' and ActionType !contains 'NetworkProtection' +``` + ## Review exploit protection events in Windows Event Viewer You can review the Windows event log to see events that are created when exploit protection blocks (or audits) an app: diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md index d211891329..e4fccb655d 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md @@ -51,6 +51,13 @@ Microsoft Defender ATP provides detailed reporting into events and blocks as par You can query Microsoft Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender-exploit-guard.md), you can use Advanced hunting to see how network protection settings would affect your environment if they were enabled. +Here is an example query + +``` +MiscEvents +| where ActionType in ('ExploitGuardNetworkProtectionAudited','ExploitGuardNetworkProtectionBlocked') +``` + ## Review network protection events in Windows Event Viewer You can review the Windows event log to see events that are created when network protection blocks (or audits) access to a malicious IP or domain: diff --git a/windows/security/threat-protection/windows-security-configuration-framework/level-1-enterprise-basic-security.md b/windows/security/threat-protection/windows-security-configuration-framework/level-1-enterprise-basic-security.md index 2e88240751..60e0c1e82c 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/level-1-enterprise-basic-security.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/level-1-enterprise-basic-security.md @@ -250,7 +250,7 @@ Microsoft recommends using [the rings methodology](https://docs.microsoft.com/wi | Windows Components / Internet Explorer / Internet Control Panel / Security Page / Locked-Down Local Machine Zone | Java permissions | Disable Java | This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. Disable Java to prevent any applets from running. | | Windows Components / Internet Explorer / Internet Control Panel / Security Page / Locked-Down Restricted Sites Zone | Java permissions | Disable Java | This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. Disable Java to prevent any applets from running. | | Windows Components / Internet Explorer / Internet Control Panel / Security Page / Locked-Down Restricted Sites Zone | Turn on SmartScreen Filter scan | Enabled: Enable | Controls whether SmartScreen Filter scans pages in this zone for malicious content. | -| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Locked-Down Trusted Sites Zone | Java permissions | Enable | Allows you to configure policy settings according to the default for the selected security level, such Low, Medium, or High. | +| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Locked-Down Trusted Sites Zone | Java permissions | Disable Java | Allows you to configure policy settings according to the default for the selected security level, such Low, Medium, or High. | | Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Access data sources across domains | Enabled: Disable | This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). | | Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Allow active scripting | Disable | This policy setting allows you to manage whether script code on pages in the zone is run. | | Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Allow binary and script behaviors | Disable | This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached. | diff --git a/windows/security/threat-protection/windows-security-configuration-framework/level-2-enterprise-enhanced-security.md b/windows/security/threat-protection/windows-security-configuration-framework/level-2-enterprise-enhanced-security.md index 6cf7155a9a..3671675351 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/level-2-enterprise-enhanced-security.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/level-2-enterprise-enhanced-security.md @@ -83,7 +83,6 @@ than the process in level 1. |---------|----------------|--------------|-------------| | Start Menu and Taskbar / Notifications | Turn off toast notifications on the lock screen | Enabled | Turns off toast notifications on the lock screen. | | Windows Components / Cloud Content | Do not suggest third-party content in the Windows spotlight | Enabled | Windows spotlight features like lock screen spotlight, suggested apps in Start menu or Windows tips will no longer suggest apps and content from third-party software publishers | -| Windows Components / Internet Explorer | Turn on the auto-complete feature for user names and passwords on forms | Disabled | This AutoComplete feature can remember and suggest User names and passwords on Forms. If you enable this setting, the user cannot change "User name and passwords on forms" or "prompt me to save passwords". The Auto Complete feature for User names and passwords on Forms will be turned on. You have to decide whether to select "prompt me to save passwords". If you disable this setting the user cannot change "User name and passwords on forms" or "prompt me to save passwords". The Auto Complete feature for User names and passwords on Forms is turned off. The user also cannot opt to be prompted to save passwords. If you do not configure this setting, the user has the freedom of turning on Auto complete for User name and passwords on forms and the option of prompting to save passwords. To display this option, the users open the Internet Options dialog box, click the Contents Tab and click the Settings button. | ### Services diff --git a/windows/security/threat-protection/windows-security-configuration-framework/level-3-enterprise-high-security.md b/windows/security/threat-protection/windows-security-configuration-framework/level-3-enterprise-high-security.md index e7cc86bf0e..d1673ce03b 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/level-3-enterprise-high-security.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/level-3-enterprise-high-security.md @@ -53,6 +53,11 @@ a level of security commensurate with the risks facing targeted organizations. M | Windows Components / Internet Explorer / Internet Control Panel / Security Page | Intranet Sites: Include all network paths (UNCs) | Disabled | This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone. | | Windows Components / Microsoft Edge | Configure Password Manager | Disabled | This policy setting lets you decide whether employees can save their passwords locally using Password Manager. By default, Password Manager is turned on. if you enable this setting, employees can use Password Manager to save their passwords locally. If you disable this setting employees can't use Password Manager to save their passwords locally. If you don't configure this setting employees can choose whether to use Password Manager to save their passwords locally. | +### User Policies +| Feature | Policy Setting | Policy Value | Description | +|----------|-----------------|---------------|--------------| +| Windows Components / Internet Explorer | Turn on the auto-complete feature for user names and passwords on forms | Disabled | This AutoComplete feature can remember and suggest User names and passwords on Forms. If you enable this setting, the user cannot change "User name and passwords on forms" or "prompt me to save passwords". The Auto Complete feature for User names and passwords on Forms will be turned on. You have to decide whether to select "prompt me to save passwords". If you disable this setting the user cannot change "User name and passwords on forms" or "prompt me to save passwords". The Auto Complete feature for User names and passwords on Forms is turned off. The user also cannot opt to be prompted to save passwords. If you do not configure this setting, the user has the freedom of turning on Auto complete for User name and passwords on forms and the option of prompting to save passwords. To display this option, the users open the Internet Options dialog box, click the Contents Tab and click the Settings button. | + ## Controls The controls enforced in level 3 implement complex security configuration and controls. diff --git a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-configuration-framework.md b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-configuration-framework.md index e9ada36273..fd0c3af5a7 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-configuration-framework.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-configuration-framework.md @@ -71,6 +71,6 @@ Security controls which don't support an audit mode should be deployed gradually Security controls which support an audit mode can be deployed using the following methodology: -1. Audit - enable the control in audit mode, and gasther audit data in a centralized location +1. Audit - enable the control in audit mode, and gather audit data in a centralized location 2. Review - review the audit data to assess potential impact (both positive and negative) and configure any exemptions from the security control you need to configure 3. Enforce - deploy the configuration of any exemptions and convert the control to enforce mode