diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index d9934af08a..224abb8ddd 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -34,6 +34,22 @@ "moniker_groups": [], "version": 0 }, + { + "docset_name": "eula-vsts", + "build_source_folder": "windows/eulas", + "build_output_subfolder": "eula-vsts", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, { "docset_name": "gdpr", "build_source_folder": "gdpr", diff --git a/browsers/edge/change-history-for-microsoft-edge.md b/browsers/edge/change-history-for-microsoft-edge.md index 9e46ff6659..3b39c63a9c 100644 --- a/browsers/edge/change-history-for-microsoft-edge.md +++ b/browsers/edge/change-history-for-microsoft-edge.md @@ -96,4 +96,4 @@ We have discontinued the **Configure Favorites** group policy, so use the [Provi |----------------------|-------------| |[Available Policies for Microsoft Edge](available-policies.md) | Added new policies and the Supported versions column for Windows 10 Insider Preview. | ---- \ No newline at end of file +--- diff --git a/browsers/edge/group-policies/index.yml b/browsers/edge/group-policies/index.yml index 4d51332890..702845c358 100644 --- a/browsers/edge/group-policies/index.yml +++ b/browsers/edge/group-policies/index.yml @@ -36,7 +36,7 @@ sections: - type: markdown - text: Some of the features in Microsoft Edge gives you the ability to set a custom URL for the New Tab page or Home button. Another new feature allows you to hide or show the Favorites bar, giving you more control over the favorites bar. Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. Group Policy objects (GPOs) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences. + text: Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. Group Policy objects (GPOs) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences. - items: diff --git a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md index ec591c5a09..ba4ea7df7e 100644 --- a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md +++ b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md @@ -12,7 +12,7 @@ ms.date: 10/25/2018 # Deploy Microsoft Edge kiosk mode ->Applies to: Microsoft Edge on Windows 10, version 1809 +>Applies to: Microsoft Edge on Windows 10, version 1809 In the Windows 10 October 2018 Update, we added the capability to use Microsoft Edge as a kiosk using [assigned access](https://docs.microsoft.com/en-us/windows-hardware/customize/enterprise/assigned-access) and also added new policies to enhance the kiosk experience. With assigned access, IT admins can create a tailored browsing experience locking down a Windows 10 device to only run as a single-app or multi-app kiosk. It also prevents users from accessing the file system and running executables or other apps from Microsoft Edge. @@ -323,4 +323,4 @@ In the following table, we show you the features available in both Microsoft Edg **\*Windows Defender Firewall**

To prevent access to unwanted websites on your kiosk device, use Windows Defender Firewall to configure a list of allowed websites, blocked websites or both. For more details, see [Windows Defender Firewall with Advanced Security Deployment](https://docs.microsoft.com/en-us/windows/security/identity-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide). ---- \ No newline at end of file +--- diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md index d6ea666402..c89dd26fab 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md +++ b/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md @@ -78,7 +78,7 @@ After your operating system is installed on the target computer, you need to cop 4. Rename the newly created item to *Copy Files* and move it up to the top of the **Postinstall** folder. -5. In the **Command Line** box enter the following text, `xcopy “%DEPLOYROOT%\$OEM$\$1” “%OSDisk%\” /yqe`. +5. In the **Command Line** box enter the following text, `xcopy "%DEPLOYROOT%\$OEM$\$1" "%OSDisk%\" /yqe`. 6. Click the **Apply** button to save your changes. diff --git a/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md index bd859900d1..b78d920f14 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md +++ b/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md @@ -8,7 +8,7 @@ ms.prod: ie11 ms.assetid: 3c77e9f3-eb21-46d9-b5aa-f9b2341cfefa title: Enterprise Mode and the Enterprise Mode Site List (Internet Explorer 11 for IT Pros) ms.sitesec: library -ms.date: 12/04/2017 +ms.date: 10/25/2018 --- @@ -25,17 +25,15 @@ ms.date: 12/04/2017 Internet Explorer and Microsoft Edge can work together to support your legacy web apps, while still defaulting to the higher bar for security and modern experiences enabled by Microsoft Edge. Working with multiple browsers can be difficult, particularly if you have a substantial number of internal sites. To help manage this dual-browser experience, we are introducing a new web tool specifically targeted towards larger organizations: the [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal). ## Available dual-browser experiences -Based on the size of your legacy web app dependency, determined by the data collected with [Windows Upgrade Analytics](https://blogs.windows.com/windowsexperience/2016/09/26/new-windows-10-and-office-365-features-for-the-secure-productive-enterprise/), there are several options from which you can choose to configure your enterprise browsing environment: +If you have specific websites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the websites automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work correctly with Microsoft Edge, you can set all intranet sites to open using IE11 automatically. -- Use Microsoft Edge as your primary browser. +Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11. -- Use Microsoft Edge as your primary browser and use Enterprise Mode to open sites in Internet Explorer 11 (IE11) that use IE proprietary technologies. +>[!TIP] +> If you are running an earlier version of Internet Explorer, we recommend upgrading to IE11, so that any legacy apps continue to work correctly. -- Use Microsoft Edge as your primary browser and open all intranet sites in IE11. +For Windows 10 and Windows 10 Mobile, Microsoft Edge is the default browser experience. However, Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or included on your Enterprise Mode Site List. -- Use IE11 as your primary browser and use Enterprise Mode to open sites in Microsoft Edge that use modern web technologies. - -For more info about when to use which option, and which option is best for you, see the [Continuing to make it easier for Enterprise customers to upgrade to Internet Explorer 11 — and Windows 10](https://blogs.windows.com/msedgedev/2015/11/23/windows-10-1511-enterprise-improvements) blog. ## What is Enterprise Mode? Enterprise Mode, a compatibility mode that runs on Internet Explorer 11 on Windows 10, Windows 8.1, and Windows 7 devices, lets websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8. Running in this mode helps to avoid many of the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer. diff --git a/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md b/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md index 79eae49171..534284d064 100644 --- a/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md +++ b/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md @@ -26,7 +26,7 @@ During installation, you must pick a version of IEAK 11, either **External** or ## Available features by version | Feature | Internal | External | -| ---------------------------------------- | --------------------------------------------- | ---------------------------------------------- | +| ---------------------------------------- | :---------------------------------------------: | :----------------------------------------------: | |Welcome screen | ![Available](https://docs.microsoft.com/en-us/microsoft-edge/deploy/images/148767.png) | ![Available](https://docs.microsoft.com/en-us/microsoft-edge/deploy/images/148767.png) | |File locations | ![Available](https://docs.microsoft.com/en-us/microsoft-edge/deploy/images/148767.png) | ![Available](https://docs.microsoft.com/en-us/microsoft-edge/deploy/images/148767.png) | |Platform selection | ![Available](https://docs.microsoft.com/en-us/microsoft-edge/deploy/images/148767.png) | ![Available](https://docs.microsoft.com/en-us/microsoft-edge/deploy/images/148767.png) | diff --git a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md index c62abeb7fa..46877db4de 100644 --- a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md +++ b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md @@ -99,7 +99,7 @@ If you have a single-forest on-premises deployment with Microsoft Exchange 2013 8. OPTIONAL: You can also allow your Surface Hub to make and receive public switched telephone network (PSTN) phone calls by enabling Enterprise Voice for your account. Enterprise Voice isn't a requirement for Surface Hub, but if you want PSTN dialing functionality for the Surface Hub client, here's how to enable it: ```PowerShell - Set-CsMeetingRoom -Identity HUB01 -DomainController DC-ND-001.contoso.com -LineURI “tel:+14255550555;ext=50555" -EnterpriseVoiceEnabled $true + Set-CsMeetingRoom -Identity HUB01 -DomainController DC-ND-001.contoso.com -LineURI "tel:+14255550555;ext=50555" -EnterpriseVoiceEnabled $true ``` Again, you need to replace the provided domain controller and phone number examples with your own information. The parameter value `$true` stays the same. diff --git a/devices/surface-hub/skype-hybrid-voice.md b/devices/surface-hub/skype-hybrid-voice.md index 4b3c12deab..5537a823c7 100644 --- a/devices/surface-hub/skype-hybrid-voice.md +++ b/devices/surface-hub/skype-hybrid-voice.md @@ -65,7 +65,7 @@ If you deployed Skype for Business Cloud PBX with one of the hybrid voice option If you haven’t created a compatible policy yet, use the following cmdlet (this one creates a policy called "Surface Hubs"). After it’s created, you can apply the same policy to other device accounts. ``` - $easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false + $easPolicy = New-MobileDeviceMailboxPolicy -Name "SurfaceHubs" -PasswordEnabled $false ``` After you have a compatible policy, then you will need to apply the policy to the device account. However, policies can only be applied to user accounts and not resource mailboxes. Run the following cmdlets to convert the mailbox into a user type, apply the policy, and then convert it back into a mailbox (you may need to re-enable the account and set the password again). diff --git a/devices/surface/surface-enterprise-management-mode.md b/devices/surface/surface-enterprise-management-mode.md index 2932bee71c..f102c5147a 100644 --- a/devices/surface/surface-enterprise-management-mode.md +++ b/devices/surface/surface-enterprise-management-mode.md @@ -191,6 +191,11 @@ For use with SEMM and Microsoft Surface UEFI Configurator, the certificate must ## Version History + +### Version 2.21.136.9 +* Add support to Surface Pro 6 +* Add support to Surface Laptop 2 + ### Version 2.14.136.0 * Add support to Surface Go diff --git a/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md b/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md index 73c49f7dbc..381ba2d8e1 100644 --- a/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md +++ b/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md @@ -50,7 +50,7 @@ Deployment of Microsoft Surface UEFI Manager is a typical application deployment The command to install Microsoft Surface UEFI Manager is: -`msiexec /i “SurfaceUEFIManagerSetup.msi” /q` +`msiexec /i "SurfaceUEFIManagerSetup.msi" /q` The command to uninstall Microsoft Surface UEFI Manager is: @@ -334,11 +334,11 @@ After your scripts are prepared to configure and enable SEMM on the client devic The SEMM Configuration Manager scripts will be added to Configuration Manager as a script application. The command to install SEMM with ConfigureSEMM.ps1 is: -`Powershell.exe -file “.\ConfigureSEMM.ps1”` +`Powershell.exe -file ".\ConfigureSEMM.ps1"` The command to uninstall SEMM with ResetSEMM.ps1 is: -`Powershell.exe -file “.\ResetSEMM.ps1”` +`Powershell.exe -file ".\ResetSEMM.ps1"` To add the SEMM Configuration Manager scripts to Configuration Manager as an application, use the following process: diff --git a/education/windows/TOC.md b/education/windows/TOC.md index 533981750f..1729553e5c 100644 --- a/education/windows/TOC.md +++ b/education/windows/TOC.md @@ -3,6 +3,7 @@ ## [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md) ## [Deployment recommendations for school IT administrators](edu-deployment-recommendations.md) ## [Set up Windows devices for education](set-up-windows-10.md) +### [What's new in Set up School PCs](set-up-school-pcs-whats-new.md) ### [Technical reference for the Set up School PCs app](set-up-school-pcs-technical.md) #### [Azure AD Join for school PCs](set-up-school-pcs-azure-ad-join.md) #### [Shared PC mode for school devices](set-up-school-pcs-shared-pc-mode.md) diff --git a/education/windows/enable-s-mode-on-surface-go-devices.md b/education/windows/enable-s-mode-on-surface-go-devices.md index de525d8e81..0ab31ad648 100644 --- a/education/windows/enable-s-mode-on-surface-go-devices.md +++ b/education/windows/enable-s-mode-on-surface-go-devices.md @@ -48,14 +48,14 @@ process](https://docs.microsoft.com/windows/deployment/windows-10-deployment-sce Copy ``` - - + + 1 @@ -94,14 +94,14 @@ Education customers who wish to avoid the additional overhead associated with Wi Copy ``` - - + + 1 diff --git a/education/windows/set-up-school-pcs-whats-new.md b/education/windows/set-up-school-pcs-whats-new.md new file mode 100644 index 0000000000..e942cf9a0a --- /dev/null +++ b/education/windows/set-up-school-pcs-whats-new.md @@ -0,0 +1,57 @@ +--- +title: What's new in the Windows Set up School PCs app +description: Find out about app updates and new features in Set up School PCs. +keywords: shared cart, shared PC, school, set up school pcs +ms.prod: w10 +ms.technology: Windows +ms.mktglfcycl: plan +ms.sitesec: library +ms.pagetype: edu +ms.localizationpriority: medium +author: lenewsad +ms.author: lanewsad +ms.date: 10/23/2018 +--- + +# What's new in Set up School PCs +Learn what’s new with the Set up School PCs app each week. Find out about new app features and functionality, and see updated screenshots. You'll also find information about past releases. + +## Week of October 15, 2018 + +The Set up School PCs app was updated with the following changes: + +### Three new setup screens added to the app +The following screens and functionality were added to the setup workflow. Select any screenname to view the relevant steps and screenshots in the Set Up School PCs docs. + +* [**Package name**](use-set-up-school-pcs-app.md#package-name): Customize a package name to make it easy to recognize it from your school's other packages. The name is generated by Azure Active Directory and appears as the filename and as the token name in Azure AD in the Azure portal. + +* [**Product key**](use-set-up-school-pcs-app.md#product-key): Enter a product key to upgrade your current edition of Windows 10, or change the existing product key. + +* [**Personalization**](use-set-up-school-pcs-app.md#personalization): Upload images from your computer to customize how the lock screen and background appears on student devices. + +### Azure AD token expiration extended to 180 days +Packages now expire 180 days from the date you create them. + +### Updated apps with more helpful, descriptive text +We've updated the app's **Skip** buttons to clarify the intent of each action. You'll also see an **Exit** button on the last page of the app. + +### Option to keep existing device names +The [**Name these devices** screen](use-set-up-school-pcs-app.md#device-names) now gives you the option to keep the orginal or existing names of your student devices. + +### Skype and Messaging apps to be removed from student PCs by default +We've added the Skype and Messaging app to a selection of apps that are, by default, removed from student devices. + + +## Next steps +Learn more about setting up devices with the Set up School PCs app. +* [What's in my provisioning package?](set-up-school-pcs-provisioning-package.md) +* [Shared PC mode for schools](set-up-school-pcs-shared-pc-mode.md) +* [Set up School PCs technical reference](set-up-school-pcs-technical.md) +* [Set up Windows 10 devices for education](set-up-windows-10.md) + +When you're ready to create and apply your provisioning package, see [Use Set up School PCs app](use-set-up-school-pcs-app.md). + + + + + diff --git a/education/windows/take-a-test-multiple-pcs.md b/education/windows/take-a-test-multiple-pcs.md index 90429edde2..d2b40500d8 100644 --- a/education/windows/take-a-test-multiple-pcs.md +++ b/education/windows/take-a-test-multiple-pcs.md @@ -190,7 +190,7 @@ Set-AssignedAccess -AppUserModelId Microsoft.Windows.SecureAssessmentBrowser_cw5 12. Create a new **Action**. 13. Configure the action to **Start a program**. 14. In the **Program/script** field, enter **powershell**. -15. In the **Add arguments** field, enter **-file “”**. +15. In the **Add arguments** field, enter **-file ""**. 16. Click **OK**. 17. Navigate to the **Triggers** tab and create a new trigger. 18. Specify the trigger to be **On a schedule**. diff --git a/education/windows/use-set-up-school-pcs-app.md b/education/windows/use-set-up-school-pcs-app.md index 5d6878b988..ad1e1eb9e2 100644 --- a/education/windows/use-set-up-school-pcs-app.md +++ b/education/windows/use-set-up-school-pcs-app.md @@ -23,7 +23,7 @@ Set up School PCs also: * Utilizes Windows Update and maintenance hours to keeps student PCs up-to-date, without interfering with class time. * Locks down the student PC to prevent activity that isn't beneficial to their education. -This article describes how to fill out your school's information in the the Set up School PCs app. To learn more about the app's functionality, start with the [Technical reference for the Set up School PCs app](set-up-school-pcs-technical.md). +This article describes how to fill out your school's information in the Set up School PCs app. To learn more about the app's functionality, start with the [Technical reference for the Set up School PCs app](set-up-school-pcs-technical.md). ## Requirements Before you begin, make sure that you, your computer, and your school's network are configured with the following requirements. @@ -173,13 +173,14 @@ Setting selections vary based on the OS version you select. The example screensh The following table describes each setting and lists the applicable Windows 10 versions. To find out if a setting is available in your version of Windows 10, look for an *X* in the setting row and in the version column. -|Setting |1703|1709|1803|What happens if I select it? |Note| -|---------|---------|---------|---------|---------|---------| -|Remove apps pre-installed by the device manufacturer |X|X|X| Uninstalls apps that came loaded on the computer by the device's manufacturer. |Adds about 30 minutes to the provisioning process.| -|Allow local storage (not recommended for shared devices) |X|X|X| Lets students save files to the Desktop and Documents folder on the Student PC. |Not recommended if the device will be part of a shared cart or lab.| -|Optimize device for a single student, instead of a shared cart or lab |X|X|X|Optimizes the device for use by a single student, rather than many students. |Recommended option only if the device is not shared with other students in the school. Single-optimized accounts are set to expire, and require a signin, 180 days after setup. This setting increases the maximum PC storage to 100% of the available disk space. In this case, student accounts aren't deleted unless the account has been inactive for 180 days. | -|Let guests sign in to these PCs |X|X|X|Allows guests to use student PCs without a school account. |Common to use within a public, shared space, such as a library. Also used when a student loses their password. Adds a **Guest** account to the PC sign-in screen that anyone can sign in to.| -|Enable Autopilot Reset |Not available|X|X| Lets you remotely reset a student’s PC from the lock screen, apply the device’s original settings, and enroll it in device management (Azure AD and MDM). |Requires Windows 10, version 1709 and WinRE must be enabled on the PC. Setup will fail if both requirements aren't met.| +|Setting |1703|1709|1803|1809|What happens if I select it? |Note| +|---------|---------|---------|---------|---------|---------|---------| +|Remove apps pre-installed by the device manufacturer |X|X|X|X| Uninstalls apps that came loaded on the computer by the device's manufacturer. |Adds about 30 minutes to the provisioning process.| +|Allow local storage (not recommended for shared devices) |X|X|X|X| Lets students save files to the Desktop and Documents folder on the Student PC. |Not recommended if the device will be part of a shared cart or lab.| +|Optimize device for a single student, instead of a shared cart or lab |X|X|X|X|Optimizes the device for use by a single student, rather than many students. |Recommended option only if the device is not shared with other students in the school. Single-optimized accounts are set to expire, and require a signin, 180 days after setup. This setting increases the maximum PC storage to 100% of the available disk space. In this case, student accounts aren't deleted unless the account has been inactive for 180 days. | +|Let guests sign in to these PCs |X|X|X|X|Allows guests to use student PCs without a school account. |Common to use within a public, shared space, such as a library. Also used when a student loses their password. Adds a **Guest** account to the PC sign-in screen that anyone can sign in to.| +|Enable Autopilot Reset |Not available|X|X|X|Lets you remotely reset a student’s PC from the lock screen, apply the device’s original settings, and enroll it in device management (Azure AD and MDM). |Requires Windows 10, version 1709 and WinRE must be enabled on the PC. Setup will fail if both requirements aren't met.| +|Lock screen background|X|X|X|X|Change the default screen lock background to a custom image.|Click **Browse** to search for an image file on your computer. Accepted image formats are jpg, jpeg, and png.| After you've made your selections, click **Next**. @@ -200,7 +201,7 @@ Optionally, type in a 25-digit product key to: ![Example screenshot of the Set up School PC app, Product key screen, showing a value field, Next button, and Continue without change option.](images/1810_suspc_product_key.png) ### Take a Test -Set up the Take a Test app to give online quizzes and high-stakes assessments. During assessments,Windows locks down the student PC so that students can't access anything else on the device. +Set up the Take a Test app to give online quizzes and high-stakes assessments. During assessments, Windows locks down the student PC so that students can't access anything else on the device. 1. Select **Yes** to create a Take a Test button on the sign-in screens of your students' PCs. diff --git a/mdop/appv-v4/how-to-publish-a-virtual-application-on-the-client.md b/mdop/appv-v4/how-to-publish-a-virtual-application-on-the-client.md index 127d601503..4cc324ceb2 100644 --- a/mdop/appv-v4/how-to-publish-a-virtual-application-on-the-client.md +++ b/mdop/appv-v4/how-to-publish-a-virtual-application-on-the-client.md @@ -24,7 +24,7 @@ When you deploy Application Virtualization by using an electronic software distr 3. Run the following command on the computer: - `Msiexec.exe /I “packagename.msi” /q` + `Msiexec.exe /I "packagename.msi" /q` **To publish a package using Windows Installer and the package manifest** @@ -32,7 +32,7 @@ When you deploy Application Virtualization by using an electronic software distr 2. Run the following command on each user’s computer: - `Msiexec.exe /I “\\pathtomsi\packagename.msi” MODE=STREAMING OVERRIDEURL=”\\\\server\\share\\package.sft” LOAD=TRUE /q` + `Msiexec.exe /I "\\pathtomsi\packagename.msi" MODE=STREAMING OVERRIDEURL="\\\\server\\share\\package.sft" LOAD=TRUE /q` **Important**   For OVERRIDEURL all backslash characters must be escaped using a preceding backslash, or the OVERRIDEURL path will not be parsed correctly. Also, properties and values must be entered as uppercase except where the value is a path to a file. diff --git a/mdop/appv-v4/how-to-sequence-a-new-application-by-using-the-command-line.md b/mdop/appv-v4/how-to-sequence-a-new-application-by-using-the-command-line.md index d53dbdb068..14a90fff05 100644 --- a/mdop/appv-v4/how-to-sequence-a-new-application-by-using-the-command-line.md +++ b/mdop/appv-v4/how-to-sequence-a-new-application-by-using-the-command-line.md @@ -31,7 +31,7 @@ Use the following procedure to create a virtual application by using the command 3. At the command prompt, type the following command, replacing the text in quotation marks with your values: - `SFTSequencer /INSTALLPACKAGE:“pathtoMSI” /INSTALLPATH:“pathtopackageroot” /OUTPUTFILE:“pathtodestinationSPRJ”` + `SFTSequencer /INSTALLPACKAGE:"pathtoMSI" /INSTALLPATH:"pathtopackageroot" /OUTPUTFILE:"pathtodestinationSPRJ"` **Note**   You can specify additional parameters by using the command line, depending on the complexity of the application you are sequencing. For a complete list of parameters that are available for use with the App-V Sequencer, see [Sequencer Command-Line Parameters](sequencer-command-line-parameters.md). diff --git a/mdop/appv-v4/how-to-sequence-a-new-application-package-using-the-command-line.md b/mdop/appv-v4/how-to-sequence-a-new-application-package-using-the-command-line.md index 41a93aebcf..1c45f57281 100644 --- a/mdop/appv-v4/how-to-sequence-a-new-application-package-using-the-command-line.md +++ b/mdop/appv-v4/how-to-sequence-a-new-application-package-using-the-command-line.md @@ -31,7 +31,7 @@ Use the following procedure to create a virtual application by using the command 3. At the command prompt, type the following command, replacing the text in quotation marks with your values: - `SFTSequencer /INSTALLPACKAGE:“pathtoMSI” /INSTALLPATH:“pathtopackageroot” /OUTPUTFILE:“pathtodestinationSPRJ”` + `SFTSequencer /INSTALLPACKAGE:"pathtoMSI" /INSTALLPATH:"pathtopackageroot" /OUTPUTFILE:"pathtodestinationSPRJ"` **Note**   You can specify additional parameters by using the command line, depending on the complexity of the application you are sequencing. For a complete list of parameters that are available for use with the App-V Sequencer, see [Application Virtualization Sequencer Command Line](application-virtualization-sequencer-command-line.md). diff --git a/mdop/appv-v4/how-to-upgrade-a-sequenced-application-package-using-the-command-line.md b/mdop/appv-v4/how-to-upgrade-a-sequenced-application-package-using-the-command-line.md index 5e047bd025..ac16495e5e 100644 --- a/mdop/appv-v4/how-to-upgrade-a-sequenced-application-package-using-the-command-line.md +++ b/mdop/appv-v4/how-to-upgrade-a-sequenced-application-package-using-the-command-line.md @@ -24,7 +24,7 @@ Use the following procedure to upgrade a virtual application by using a command 3. At the command prompt, type the following command, replacing the text in quotation marks with your values: - `SFTSequencer /UPGRADE:“pathtosourceSPRJ” /INSTALLPACKAGE:“pathtoUpgradeInstaller” /DECODEPATH:”pathtodecodefolder” /OUTPUTFILE:“pathtodestinationSPRJ”` + `SFTSequencer /UPGRADE:"pathtosourceSPRJ" /INSTALLPACKAGE:"pathtoUpgradeInstaller" /DECODEPATH:"pathtodecodefolder" /OUTPUTFILE:"pathtodestinationSPRJ"` **Note**   You can specify additional parameters by using the command line, depending on the complexity of the application you are upgrading. For a complete list of parameters that are available for use with the App-V Sequencer, see [Command-Line Parameters](command-line-parameters.md). diff --git a/mdop/appv-v4/how-to-upgrade-a-virtual-application-by-using-the-command-line.md b/mdop/appv-v4/how-to-upgrade-a-virtual-application-by-using-the-command-line.md index f73fde87c2..a2983eaa8f 100644 --- a/mdop/appv-v4/how-to-upgrade-a-virtual-application-by-using-the-command-line.md +++ b/mdop/appv-v4/how-to-upgrade-a-virtual-application-by-using-the-command-line.md @@ -24,7 +24,7 @@ Use the following procedure to upgrade a virtual application by using a command 3. At the command prompt, type the following command, replacing the text in quotation marks with your values: - `SFTSequencer /UPGRADE:“pathtosourceSPRJ” /INSTALLPACKAGE:“pathtoUpgradeInstaller” /DECODEPATH:”pathtodecodefolder” /OUTPUTFILE:“pathtodestinationSPRJ”` + `SFTSequencer /UPGRADE:"pathtosourceSPRJ" /INSTALLPACKAGE:"pathtoUpgradeInstaller" /DECODEPATH:"pathtodecodefolder" /OUTPUTFILE:"pathtodestinationSPRJ"` **Note**   You can specify additional parameters by using the command line, depending on the complexity of the application you are upgrading. For a complete list of parameters that are available for use with the App-V Sequencer, see [Sequencer Command-Line Parameters](sequencer-command-line-parameters.md). diff --git a/mdop/mbam-v25/how-to-move-the-mbam-25-databases.md b/mdop/mbam-v25/how-to-move-the-mbam-25-databases.md index 518233e7db..32c8fb82f3 100644 --- a/mdop/mbam-v25/how-to-move-the-mbam-25-databases.md +++ b/mdop/mbam-v25/how-to-move-the-mbam-25-databases.md @@ -145,13 +145,13 @@ Use Windows Explorer to move the **MBAM Compliance Status Database Data.bak** fi To automate this procedure, you can use Windows PowerShell to run a command that is similar to the following: ```powershell -Copy-Item “Z:\MBAM Recovery Database Data.bak” +Copy-Item "Z:\MBAM Recovery Database Data.bak" \\$SERVERNAME$\$DESTINATIONSHARE$ -Copy-Item “Z:\SQLServerInstanceCertificateFile” +Copy-Item "Z:\SQLServerInstanceCertificateFile" \\$SERVERNAME$\$DESTINATIONSHARE$ -Copy-Item “Z:\SQLServerInstanceCertificateFilePrivateKey” +Copy-Item "Z:\SQLServerInstanceCertificateFilePrivateKey" \\$SERVERNAME$\$DESTINATIONSHARE$ ``` @@ -253,16 +253,16 @@ Use the information in the following table to replace the values in the code exa Set-WebConfigurationProperty 'connectionStrings/add[@name="KeyRecoveryConnectionString"]' -PSPath "IIS:\sites\Microsoft Bitlocker Administration and - Monitoring\MBAMAdministrationService" -Name "connectionString" -Value “Data + Monitoring\MBAMAdministrationService" -Name "connectionString" -Value "Data Source=$SERVERNAME$\$SQLINSTANCENAME$;Initial Catalog=MBAM Recovery and - Hardware;Integrated Security=SSPI;” + Hardware;Integrated Security=SSPI;" Set-WebConfigurationProperty 'connectionStrings/add[\@name="Microsoft.Mbam.RecoveryAndHardwareDataStore.ConnectionString"]' -PSPath "IIS:\sites\Microsoft Bitlocker Administration and Monitoring\MBAMRecoveryAndHardwareService" -Name "connectionString" -Value "Data Source=$SERVERNAME$\$SQLINSTANCENAME$;Initial Catalog=MBAM Recovery - and Hardware;Integrated Security=SSPI;” + and Hardware;Integrated Security=SSPI;" ``` >[!Note] diff --git a/mdop/mbam-v25/how-to-move-the-mbam-25-reports.md b/mdop/mbam-v25/how-to-move-the-mbam-25-reports.md index 980c43f797..52af44d82d 100644 --- a/mdop/mbam-v25/how-to-move-the-mbam-25-reports.md +++ b/mdop/mbam-v25/how-to-move-the-mbam-25-reports.md @@ -72,7 +72,7 @@ To run the example Windows PowerShell scripts in this topic, you must update the 7. To automate this procedure, you can use Windows PowerShell to run a command on the Administration and Monitoring Server that is similar to the following code example. ``` syntax - PS C:\> Set-WebConfigurationProperty '/appSettings/add[@key="Microsoft.Mbam.Reports.Url"]' -PSPath "IIS:\\sites\Microsoft Bitlocker Administration and Monitoring\HelpDesk" -Name "Value" -Value “http://$SERVERNAME$/ReportServer[_$SRSINSTANCENAME$]/Pages/ReportViewer.aspx?/Microsoft+BitLocker+Administration+and+Monitoring/” + PS C:\> Set-WebConfigurationProperty '/appSettings/add[@key="Microsoft.Mbam.Reports.Url"]' -PSPath "IIS:\\sites\Microsoft Bitlocker Administration and Monitoring\HelpDesk" -Name "Value" -Value "http://$SERVERNAME$/ReportServer[_$SRSINSTANCENAME$]/Pages/ReportViewer.aspx?/Microsoft+BitLocker+Administration+and+Monitoring/" ``` Using the descriptions in the following table, replace the values in the code example with values that match your environment. diff --git a/mdop/mbam-v25/mbam-25-supported-configurations.md b/mdop/mbam-v25/mbam-25-supported-configurations.md index db4b4232a6..3ce208407b 100644 --- a/mdop/mbam-v25/mbam-25-supported-configurations.md +++ b/mdop/mbam-v25/mbam-25-supported-configurations.md @@ -1,13 +1,13 @@ --- title: MBAM 2.5 Supported Configurations description: MBAM 2.5 Supported Configurations -author: jamiejdt +author: shortpatti ms.assetid: ce689aff-9a55-4ae7-a968-23c7bda9b4d6 ms.pagetype: mdop, security ms.mktglfcycl: manage ms.sitesec: library ms.prod: w10 -ms.date: 03/30/2017 +ms.date: 10/24/2018 --- @@ -581,6 +581,16 @@ The MBAM server can be deployed in Azure Infrastructure as a Service (IaaS) on a The MBAM client is not supported on virtual machines and is also not supported on Azure IaaS. +## Service releases + +- [April 2016 hotfix](https://support.microsoft.com/en-us/help/3144445/april-2016-hotfix-rollup-for-microsoft-desktop-optimization-pack) +- [September 2016](https://support.microsoft.com/ms-my/help/3168628/september-2016-servicing-release-for-microsoft-desktop-optimization-pa) +- [December 2016](https://support.microsoft.com/en-us/help/3198158/december-2016-servicing-release-for-microsoft-desktop-optimization-pac) +- [March 2017](https://support.microsoft.com/en-ie/help/4014009/march-2017-servicing-release-for-microsoft-desktop-optimization-pack) +- [June 2017](https://support.microsoft.com/af-za/help/4018510/june-2017-servicing-release-for-microsoft-desktop-optimization-pack) +- [September 2017](https://support.microsoft.com/en-ie/help/4041137/september-2017-servicing-release-for-microsoft-desktop-optimization) +- [March 2018](https://support.microsoft.com/en-us/help/4074878/march-2018-servicing-release-for-microsoft-desktop-optimization-pack) +- [July 2018](https://support.microsoft.com/en-us/help/4340040/july-2018-servicing-release-for-microsoft-desktop-optimization-pack) ## Related topics diff --git a/mdop/uev-v2/configuring-ue-v-2x-with-system-center-configuration-manager-2012-both-uevv2.md b/mdop/uev-v2/configuring-ue-v-2x-with-system-center-configuration-manager-2012-both-uevv2.md index dfe7219fbe..112b193c14 100644 --- a/mdop/uev-v2/configuring-ue-v-2x-with-system-center-configuration-manager-2012-both-uevv2.md +++ b/mdop/uev-v2/configuring-ue-v-2x-with-system-center-configuration-manager-2012-both-uevv2.md @@ -158,7 +158,7 @@ It might be necessary to change the PowerShell execution policy to allow these s 3. Run this command on a machine running the ConfigMgr Admin Console: ``` syntax - C:\Program Files (x86)\Microsoft User Experience Virtualization\ConfigPack\UevAgentPolicyGenerator.exe –Site ABC –CabFilePath “C:\MyCabFiles\UevPolicyItem.cab” –ConfigurationFile “c:\AgentConfiguration.xml” + C:\Program Files (x86)\Microsoft User Experience Virtualization\ConfigPack\UevAgentPolicyGenerator.exe –Site ABC –CabFilePath "C:\MyCabFiles\UevPolicyItem.cab" –ConfigurationFile "c:\AgentConfiguration.xml" ``` 4. Import the CAB file using ConfigMgr console or PowerShell Import-CMConfigurationItem @@ -201,7 +201,7 @@ The result is a baseline CAB file that is ready for import into Configuration Ma 3. Add the command and parameters to the .bat file that will generate the baseline. The following example creates a baseline that distributes Notepad and Calculator: ``` syntax - C:\Program Files (x86)\Microsoft User Experience Virtualization\ConfigPack\UevTemplateBaselineGenerator.exe –Site “ABC” –TemplateFolder “C:\ProductionUevTemplates” –Register “MicrosoftNotepad.xml, MicrosoftCalculator.xml” –CabFilePath “C:\MyCabFiles\UevTemplateBaseline.cab” + C:\Program Files (x86)\Microsoft User Experience Virtualization\ConfigPack\UevTemplateBaselineGenerator.exe –Site "ABC" –TemplateFolder "C:\ProductionUevTemplates" –Register "MicrosoftNotepad.xml, MicrosoftCalculator.xml" –CabFilePath "C:\MyCabFiles\UevTemplateBaseline.cab" ``` 4. Run the .bat file to create UevTemplateBaseline.cab ready for import into Configuration Manager. diff --git a/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md b/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md index dc187289aa..f4a20fb696 100644 --- a/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md +++ b/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md @@ -21,7 +21,7 @@ Enter the **Get-AppvClientPackage** cmdlet to return a list of packages entitled For example: ```PowerShell -Get-AppvClientPackage –Name “ContosoApplication” -Version 2 +Get-AppvClientPackage –Name "ContosoApplication" -Version 2 ``` ## Add a package @@ -44,13 +44,13 @@ Use the **Publish-AppvClientPackage** cmdlet to publish a package that has been Enter the cmdlet with the application name to publish it to the user. ```PowerShell -Publish-AppvClientPackage “ContosoApplication” +Publish-AppvClientPackage "ContosoApplication" ``` To publish the application globally, just add the *-Global* parameter. ```Powershell -Publish-AppvClientPackage “ContosoApplication” -Global +Publish-AppvClientPackage "ContosoApplication" -Global ``` ## Publish a package to a specific user @@ -70,7 +70,7 @@ To use this parameter: For example: ```PowerShell -Publish-AppvClientPackage “ContosoApplication” -UserSID S-1-2-34-56789012-3456789012-345678901-2345 +Publish-AppvClientPackage "ContosoApplication" -UserSID S-1-2-34-56789012-3456789012-345678901-2345 ``` ## Add and publish a package @@ -90,7 +90,7 @@ Use the **Unpublish-AppvClientPackage** cmdlet to unpublish a package which has For example: ```PowerShell -Unpublish-AppvClientPackage “ContosoApplication” +Unpublish-AppvClientPackage "ContosoApplication" ``` ## Unpublish a package for a specific user @@ -110,7 +110,7 @@ To use this parameter: For example: ```PowerShell -Unpublish-AppvClientPackage “ContosoApplication” -UserSID S-1-2-34-56789012-3456789012-345678901-2345 +Unpublish-AppvClientPackage "ContosoApplication" -UserSID S-1-2-34-56789012-3456789012-345678901-2345 ``` ## Remove an existing package @@ -120,7 +120,7 @@ Use the **Remove-AppvClientPackage** cmdlet to remove a package from the compute For example: ```PowerShell -Remove-AppvClientPackage “ContosoApplication” +Remove-AppvClientPackage "ContosoApplication" ``` >[!NOTE] diff --git a/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md b/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md index a82855cb2a..42df49b2c7 100644 --- a/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md +++ b/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md @@ -45,7 +45,7 @@ This topic explains the following procedures: 2. Enable the connection group by typing the following command: - Enable-AppvClientConnectionGroup –name “Financial Applications” + Enable-AppvClientConnectionGroup –name "Financial Applications" When any virtual applications that are in the member packages are run on the target computer, they will run inside the connection group’s virtual environment and will be available to all the virtual applications in the other packages in the connection group. @@ -81,11 +81,11 @@ This topic explains the following procedures:

Enable-AppVClientConnectionGroup

-

Enable-AppVClientConnectionGroup “ConnectionGroupA” -UserSID S-1-2-34-56789012-3456789012-345678901-2345

+

Enable-AppVClientConnectionGroup "ConnectionGroupA" -UserSID S-1-2-34-56789012-3456789012-345678901-2345

Disable-AppVClientConnectionGroup

-

Disable-AppVClientConnectionGroup “ConnectionGroupA” -UserSID S-1-2-34-56789012-3456789012-345678901-2345

+

Disable-AppVClientConnectionGroup "ConnectionGroupA" -UserSID S-1-2-34-56789012-3456789012-345678901-2345

diff --git a/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md b/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md index febf5efcda..894c51e025 100644 --- a/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md +++ b/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md @@ -25,7 +25,7 @@ Use the following procedure to configure the App-V client configuration. `Set-AppVClientConfiguration $config` - `Set-AppVClientConfiguration –Name1 MyConfig –Name2 “xyz”` + `Set-AppVClientConfiguration –Name1 MyConfig –Name2 "xyz"` ## Have a suggestion for App-V? diff --git a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md index ec81e086de..6b9b5bfd9d 100644 --- a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md +++ b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md @@ -49,7 +49,7 @@ As indicated in the diagram, Microsoft continues to provide support for deep man With Windows 10, you can continue to use traditional OS deployment, but you can also “manage out of the box.” To transform new devices into fully-configured, fully-managed devices, you can: -- Avoid reimaging by using dynamic provisioning, enabled by a cloud-based device management services such as [Microsoft Autopilot] (https://docs.microsoft.com/en-us/windows/deployment/windows-10-auto-pilot) or [Microsoft Intune](https://docs.microsoft.com/intune/understand-explore/introduction-to-microsoft-intune). +- Avoid reimaging by using dynamic provisioning, enabled by a cloud-based device management services such as [Microsoft Autopilot](https://docs.microsoft.com/en-us/windows/deployment/windows-10-auto-pilot) or [Microsoft Intune](https://docs.microsoft.com/intune/understand-explore/introduction-to-microsoft-intune). - Create self-contained provisioning packages built with the [Windows Configuration Designer](https://technet.microsoft.com/itpro/windows/deploy/provisioning-packages). diff --git a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md index df7dcde18e..b1d8ac001f 100644 --- a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md +++ b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md @@ -693,8 +693,8 @@ PATCH https://graph.windows.net/contoso.com/devices/db7ab579-3759-4492-a03f-655c Authorization: Bearer eyJ0eXAiO……… Accept: application/json Content-Type: application/json -{ “isManaged”:true, - “isCompliant”:true +{ "isManaged":true, + "isCompliant":true } ``` diff --git a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md index 4d3c1904a5..d794478a6f 100644 --- a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md +++ b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md @@ -71,8 +71,8 @@ The following sample shows an OMA DM first package that contains a generic alert 1226 - com.microsoft:mdm.unenrollment.userrequest - int + com.microsoft:mdm.unenrollment.userrequest + int 1 diff --git a/windows/client-management/mdm/reboot-csp.md b/windows/client-management/mdm/reboot-csp.md index bfb5dfd307..77dea602cf 100644 --- a/windows/client-management/mdm/reboot-csp.md +++ b/windows/client-management/mdm/reboot-csp.md @@ -36,12 +36,14 @@ The following diagram shows the Reboot configuration service provider management

The supported operation is Get.

**Schedule/Single** -

This node will execute a reboot at a scheduled date and time. Setting a null (empty) date will delete the existing schedule. The date and time value is ISO8601, and both the date and time are required. For example: 2015-12-15T07:36:25Z

+

This node will execute a reboot at a scheduled date and time. Setting a null (empty) date will delete the existing schedule. The date and time value is ISO8601, and both the date and time are required.
+Example to configure: 2018-10-25T18:00:00

The supported operations are Get, Add, Replace, and Delete.

**Schedule/DailyRecurrent** -

This node will execute a reboot each day at a scheduled time starting at the configured starting time and date. Setting a null (empty) date will delete the existing schedule. The date and time value is ISO8601, and both the date and time are required. The CSP will return the date time in the following format: 2018-06-29T10:00:00+01:00.

+

This node will execute a reboot each day at a scheduled time starting at the configured starting time and date. Setting a null (empty) date will delete the existing schedule. The date and time value is ISO8601, and both the date and time are required. The CSP will return the date time in the following format: 2018-06-29T10:00:00+01:00.
+Example to configure: 2018-10-25T18:00:00

The supported operations are Get, Add, Replace, and Delete.

diff --git a/windows/client-management/mdm/wifi-csp.md b/windows/client-management/mdm/wifi-csp.md index 6b41bfb9d2..d19d79eaec 100644 --- a/windows/client-management/mdm/wifi-csp.md +++ b/windows/client-management/mdm/wifi-csp.md @@ -7,13 +7,13 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 06/28/2018 +ms.date: 10/24/2018 --- # WiFi CSP > [!WARNING] -> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. +> Some information relates to pre-released products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. The WiFi configuration service provider provides the functionality to add or delete Wi-Fi networks on a Windows device. The configuration service provider accepts SyncML input and converts it to a network profile that is installed on the device. This profile enables the device to connect to the Wi-Fi network when it is in range. diff --git a/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md b/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md index 9234ee8d90..e047635740 100644 --- a/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md +++ b/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md @@ -88,8 +88,8 @@ The following Windows PowerShell commands demonstrate how you can call the listA listAumids # Get a list of AUMIDs for an account named “CustomerAccount”: -listAumids(“CustomerAccount”) +listAumids("CustomerAccount") # Get a list of AUMIDs for all accounts on the device: -listAumids(“allusers”) +listAumids("allusers") ``` diff --git a/windows/configuration/wcd/wcd-calling.md b/windows/configuration/wcd/wcd-calling.md index dd7a6057aa..cde8d098c0 100644 --- a/windows/configuration/wcd/wcd-calling.md +++ b/windows/configuration/wcd/wcd-calling.md @@ -86,7 +86,7 @@ ResetCallForwarding | When set to **True**, user is provided with an option to r ShowCallerIdNetworkDefaultSetting | Indicates whether the network default setting can be allowed for outgoing caller ID. ShowVideoCallingSwitch | Use to specify whether to show the video capability sharing switch on the mobile device's Settings screen. ShowVideoCapabilitySwitch | Configure the phone settings to show the video capability sharing switch. -SupressVideoCallingChargesDialog | Configure the phone settings CPL to supress the video calling charges dialog. +SupressVideoCallingChargesDialog | Configure the phone settings CPL to suppress the video calling charges dialog. UssdExclusionList | List used to exclude predefined USSD entries, allowing the number to be sent as standard DTMF tones instead. Set UssdExclusionList to the list of desired exclusions, separated by semicolons. For example, setting the value to 66;330 will override 66 and 330. Leading zeros are specified by using F. For example, to override code 079, set the value to F79. If you set UssdExclusionList, you must set IgnoreUssdExclusions as well. Otherwise, the list will be ignored. See [List of USSD codes](#list-of-ussd-codes) for values. WiFiCallingOperatorName | Enter the operator name to be shown when the phone is using WiFi calling. If you don't set a value for WiFiCallingOperatorName, the device will always display **SIMServiceProviderName Wi-Fi**, where *SIMServiceProviderName* is a string that corresponds to the SPN for the SIM on the device. If the service provider name in the SIM is not set, only **Wi-Fi** will be displayed. diff --git a/windows/configuration/windows-spotlight.md b/windows/configuration/windows-spotlight.md index aaf7da1a9a..b4166fbbf4 100644 --- a/windows/configuration/windows-spotlight.md +++ b/windows/configuration/windows-spotlight.md @@ -73,7 +73,7 @@ Windows Spotlight is enabled by default. Windows 10 provides Group Policy and mo - In addition to the specific policy settings for Windows Spotlight, administrators can replace Windows Spotlight with a selected image using the Group Policy setting **Computer Configuration** > **Administrative Templates** > **Control Panel** > **Personalization** > **Force a specific default lock screen image**. + In addition to the specific policy settings for Windows Spotlight, administrators can replace Windows Spotlight with a selected image using the Group Policy setting **Computer Configuration** > **Administrative Templates** > **Control Panel** > **Personalization** > **Force a specific default lock screen image** (Windows 10 Enterprise and Education). >[!TIP] >If you want to use a custom lock screen image that contains text, see [Resolution for custom lock screen image](#resolution-for-custom-lock-screen-image). diff --git a/windows/deployment/deploy-windows-to-go.md b/windows/deployment/deploy-windows-to-go.md index 2e2da9aa71..fbc54619d1 100644 --- a/windows/deployment/deploy-windows-to-go.md +++ b/windows/deployment/deploy-windows-to-go.md @@ -906,7 +906,7 @@ foreach ($disk in $Disks) <# If a domain name was provided to the script, we will create a random computer name - and perform an offline domain join for the device. With this command we also supress the + and perform an offline domain join for the device. With this command we also suppress the Add User OOBE screen. #> if ($DomainName) diff --git a/windows/deployment/windows-autopilot/existing-devices.md b/windows/deployment/windows-autopilot/existing-devices.md index 3f06543ea7..1457f0b172 100644 --- a/windows/deployment/windows-autopilot/existing-devices.md +++ b/windows/deployment/windows-autopilot/existing-devices.md @@ -1,5 +1,5 @@ --- -title: Windows Autopilot for existind devices +title: Windows Autopilot for existing devices description: Listing of Autopilot scenarios keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune ms.prod: w10 diff --git a/windows/eulas/TOC.yml b/windows/eulas/TOC.yml new file mode 100644 index 0000000000..b5ef71ac32 --- /dev/null +++ b/windows/eulas/TOC.yml @@ -0,0 +1,2 @@ +- name: Index + href: index.md \ No newline at end of file diff --git a/windows/eulas/breadcrumb/toc.yml b/windows/eulas/breadcrumb/toc.yml new file mode 100644 index 0000000000..61d8fca61e --- /dev/null +++ b/windows/eulas/breadcrumb/toc.yml @@ -0,0 +1,3 @@ +- name: Docs + tocHref: / + topicHref: / \ No newline at end of file diff --git a/windows/eulas/docfx.json b/windows/eulas/docfx.json new file mode 100644 index 0000000000..ff3ab96c92 --- /dev/null +++ b/windows/eulas/docfx.json @@ -0,0 +1,47 @@ +{ + "build": { + "content": [ + { + "files": [ + "**/*.md", + "**/*.yml" + ], + "exclude": [ + "**/obj/**", + "**/includes/**", + "_themes/**", + "_themes.pdf/**", + "README.md", + "LICENSE", + "LICENSE-CODE", + "ThirdPartyNotices" + ] + } + ], + "resource": [ + { + "files": [ + "**/*.png", + "**/*.jpg" + ], + "exclude": [ + "**/obj/**", + "**/includes/**", + "_themes/**", + "_themes.pdf/**" + ] + } + ], + "overwrite": [], + "externalReference": [], + "globalMetadata": { + "breadcrumb_path": "/windows/eulas/breadcrumb/toc.json", + "extendBreadcrumb": true, + "feedback_system": "None" + }, + "fileMetadata": {}, + "template": [], + "dest": "eula-vsts", + "markdownEngineName": "markdig" + } +} \ No newline at end of file diff --git a/windows/eulas/index.md b/windows/eulas/index.md new file mode 100644 index 0000000000..2eb00343d3 --- /dev/null +++ b/windows/eulas/index.md @@ -0,0 +1,12 @@ +--- +title: Windows 10 - Testing in live +description: What are Windows, UWP, and Win32 apps +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: mobile +ms.author: elizapo +author: lizap +ms.localizationpriority: medium +--- +# Testing non-editability diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md index c4ddccad00..e17f824edc 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md @@ -22,7 +22,7 @@ ms.date: 08/19/2018 You are ready to configure device registration for your hybrid environment. Hybrid Windows Hello for Business deployment needs device registration to enable proper device authentication. > [!NOTE] -> Before proceeding, you should familiarize yourself with device regisration concepts such as: +> Before proceeding, you should familiarize yourself with device registration concepts such as: > * Azure AD registered devices > * Azure AD joined devices > * Hybrid Azure AD joined devices @@ -48,4 +48,4 @@ Next, follow the guidance on the [How to configure hybrid Azure Active Directory 4. [Configure Directory Synchronization](hello-hybrid-key-trust-dirsync.md) 5. Configure Azure Device Registration (*You are here*) 6. [Configure Windows Hello for Business settings](hello-hybrid-key-whfb-settings.md) -7. [Sign-in and Provision](hello-hybrid-key-whfb-provision.md) \ No newline at end of file +7. [Sign-in and Provision](hello-hybrid-key-whfb-provision.md) diff --git a/windows/security/threat-protection/intelligence/images/se-labs.png b/windows/security/threat-protection/intelligence/images/se-labs.png new file mode 100644 index 0000000000..41bdc75e8a Binary files /dev/null and b/windows/security/threat-protection/intelligence/images/se-labs.png differ diff --git a/windows/security/threat-protection/intelligence/images/se-labs2.PNG b/windows/security/threat-protection/intelligence/images/se-labs2.PNG new file mode 100644 index 0000000000..630109a897 Binary files /dev/null and b/windows/security/threat-protection/intelligence/images/se-labs2.PNG differ diff --git a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md index e984e5abab..5f2f3fbb28 100644 --- a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md +++ b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md @@ -17,7 +17,7 @@ ms.date: 09/05/2018 We want to be transparent and have gathered top industry reports that demonstrate our enterprise antivirus capabilities. Note that these tests only provide results for antivirus and do not test for additional security protections. -In the real world, millions of devices are protected from cyberattacks every day, sometimes [milliseconds after a campaign starts](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign?ocid=cx-docs-avreports). Windows Defender AV is part of the [next generation](https://www.youtube.com/watch?v=Xy3MOxkX_o4) Windows Defender Advanced Threat Protection ([Windows Defender ATP](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=cx-docs-avreports)) security stack which addresses the latest and most sophisticated threats today. In many cases, customers might not even know they were protected. That's because Windows Defender AV detects and stops malware at first sight by using [machine learning](https://cloudblogs.microsoft.com/microsoftsecure/2018/06/07/machine-learning-vs-social-engineering?ocid=cx-docs-avreports), [artificial intelligence](https://cloudblogs.microsoft.com/microsoftsecure/2018/02/14/how-artificial-intelligence-stopped-an-emotet-outbreak?ocid=cx-docs-avreports), behavioral analysis, and other advanced technologies. +In the real world, millions of devices are protected from cyberattacks every day, sometimes [milliseconds after a campaign starts](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign?ocid=cx-docs-avreports). Windows Defender Antivirus is part of the [next generation](https://www.youtube.com/watch?v=Xy3MOxkX_o4) Windows Defender Advanced Threat Protection ([Windows Defender ATP](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=cx-docs-avreports)) security stack which addresses the latest and most sophisticated threats today. In many cases, customers might not even know they were protected. That's because Windows Defender Antivirus detects and stops malware at first sight by using [machine learning](https://cloudblogs.microsoft.com/microsoftsecure/2018/06/07/machine-learning-vs-social-engineering?ocid=cx-docs-avreports), [artificial intelligence](https://cloudblogs.microsoft.com/microsoftsecure/2018/02/14/how-artificial-intelligence-stopped-an-emotet-outbreak?ocid=cx-docs-avreports), behavioral analysis, and other advanced technologies. > [!TIP] > Learn why [Windows Defender Antivirus is the most deployed in the enterprise](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/22/why-windows-defender-antivirus-is-the-most-deployed-in-the-enterprise?ocid=cx-docs-avreports). @@ -27,20 +27,19 @@ In the real world, millions of devices are protected from cyberattacks every day ## AV-TEST: Perfect protection score of 6.0/6.0 in the latest test - The AV-TEST Product Review and Certification Report tests on three categories: protection, performance, and usability. The scores listed below are for the Protection category which has two scores: Real-World Testing and the AV-TEST reference set (known as "Prevalent Malware"). ### May-June 2018 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/june-2018/microsoft-windows-defender-antivirus-4.12-182374/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2v60I?ocid=cx-docs-avreports) **Latest** - Windows Defender AV achieved an overall Protection score of 6.0/6.0, detecting 100% of 5,790 malware samples. With the latest results, Windows Defender AV has achieved 100% on 10 of the 12 most recent antivirus tests (combined "Real-World" and "Prevalent malware"). + Windows Defender Antivirus achieved an overall Protection score of 6.0/6.0, detecting 100% of 5,790 malware samples. With the latest results, Windows Defender Antivirus has achieved 100% on 10 of the 12 most recent antivirus tests (combined "Real-World" and "Prevalent malware"). ### March-April 2018 AV-TEST Business User test: [Protection score 5.5/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/april-2018/microsoft-windows-defender-antivirus-4.12-181574/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA?ocid=cx-docs-avreports) - Windows Defender AV achieved an overall Protection score of 5.5/6.0, missing 2 out of 5,680 malware samples (0.035% miss rate). + Windows Defender Antivirus achieved an overall Protection score of 5.5/6.0, missing 2 out of 5,680 malware samples (0.035% miss rate). ### January-February 2018 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/february-2018/microsoft-windows-defender-antivirus-4.12-180674/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE27O5A?ocid=cx-docs-avreports) -Windows Defender AV achieved an overall Protection score of 6.0/6.0, with 5,105 malware samples tested. +Windows Defender Antivirus achieved an overall Protection score of 6.0/6.0, with 5,105 malware samples tested. ||| |---|---| @@ -66,12 +65,28 @@ This test, as defined by AV-Comparatives, attempts to assess the effectiveness o This test, as defined by AV-Comparatives, attempts to assesses a security program’s ability to protect a system against infection by malicious files before, during or after execution. [Historical AV-Comparatives Microsoft tests](https://www.av-comparatives.org/vendors/microsoft/) +

+

+ +![SE Labs Logo](./images/se-labs2.png) + +## SE Labs: Total accuracy rating of AAA in the latest test + +SE Labs tests a range of solutions used by products and services to detect and/or protect against attacks, including endpoint software, network appliances, and cloud services. + +### Enterprise Endpoint Protection July - September 2018: [AAA award](https://selabs.uk/download/enterprise/epp/2018/jul-sep-2018-enterprise.pdf) **pdf** + +Microsoft's next-gen protection was named as one of the most effective products, stopping all public and targeted attacks. It showcased its ability to block malicious URLs, deal with exploits, and classify legitimate apps and websites correctly. + +### Enterprise Endpoint Protection April - June 2018: [AAA award](https://selabs.uk/download/enterprise/epp/2018/apr-jun-2018-enterprise.pdf) **pdf** + +Microsoft's next-gen protection was named as one of the most effective products, stopping all targeted attacks and the vast majority of public threats. ## To what extent are tests representative of protection in the real world? -It is important to remember that Microsoft sees a wider and broader set of threats beyond what’s tested in the antivirus evaluations highlighted above. Windows Defender AV encounters ~200 million samples every month, and the typical antivirus test consists of between 100-5,000 samples. The vastness of the malware landscape makes it extremely difficult to evaluate the quality of protection against real world threats. +It is important to remember that Microsoft sees a wider and broader set of threats beyond what’s tested in the antivirus evaluations highlighted above. Windows Defender Antivirus encounters ~200 million samples every month, and the typical antivirus test consists of between 100-5,000 samples. The vastness of the malware landscape makes it extremely difficult to evaluate the quality of protection against real world threats. -The capabilities within [Windows Defender ATP](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=cx-docs-avreports) also provide [additional layers of protection](https://cloudblogs.microsoft.com/microsoftsecure/2017/12/11/detonating-a-bad-rabbit-windows-defender-antivirus-and-layered-machine-learning-defenses?ocid=cx-docs-avreports) that are not factored into industry tests. These technologies address some of the latest and most sophisticated threats. Isolating AV from the rest of Windows Defender ATP creates a partial picture of how our security stack operates in the real world. For example, attack surface reduction and endpoint detection & response capabilities can help prevent malware from getting onto devices in the first place. We have proven that Windows Defender ATP components [catch samples that Windows Defender AV missed](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA?ocid=cx-docs-avreports) in these industry tests, which is more representative of how effectively our security suite protects customers in the real world. +The capabilities within [Windows Defender ATP](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=cx-docs-avreports) also provide [additional layers of protection](https://cloudblogs.microsoft.com/microsoftsecure/2017/12/11/detonating-a-bad-rabbit-windows-defender-antivirus-and-layered-machine-learning-defenses?ocid=cx-docs-avreports) that are not factored into industry tests. These technologies address some of the latest and most sophisticated threats. Isolating AV from the rest of Windows Defender ATP creates a partial picture of how our security stack operates in the real world. For example, attack surface reduction and endpoint detection & response capabilities can help prevent malware from getting onto devices in the first place. We have proven that Windows Defender ATP components [catch samples that Windows Defender Antivirus missed](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA?ocid=cx-docs-avreports) in these industry tests, which is more representative of how effectively our security suite protects customers in the real world. Using independent tests, customers can view one aspect of their security suite but can't assess the complete protection of all the security features. Microsoft is highly engaged in working with several independent testers to evolve security testing to focus on the end-to-end security stack. In the meantime, customers can evaluate Windows Defender Advanced Threat Protection in their own networks by signing up for a [90-day trial of Windows Defender ATP](https://www.microsoft.com/windowsforbusiness/windows-atp?ocid=cx-docs-avreports), or [enabling Preview features on existing tenants](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection?ocid=cx-docs-avreports). diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md index 59c2b970da..a1880dbc92 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md @@ -11,7 +11,7 @@ ms.pagetype: security ms.localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 10/02/2018 +ms.date: 10/25/2018 --- @@ -23,13 +23,13 @@ ms.date: 10/02/2018 **Use Microsoft Intune to configure scanning options** -See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-configure) and [Windows Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-windows-10#windows-defender-antivirus) for more details. +See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure) and [Windows Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#windows-defender-antivirus) for more details. **Use Configuration Manager to configure scanning options:** -See [How to create and deploy antimalware policies: Scan settings]( https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#scan-settings) for details on configuring System Center Configuration Manager (current branch). +See [How to create and deploy antimalware policies: Scan settings](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#scan-settings) for details on configuring System Center Configuration Manager (current branch). **Use Group Policy to configure scanning options** @@ -58,7 +58,7 @@ Specify the level of subfolders within an archive folder to scan | Scan > Specif Configure low CPU priority for scheduled scans | Scan > Configure low CPU priority for scheduled scans | Disabled | Not available >[!NOTE] ->By default, quick scans run on mounted removable devices, such as USB drives. +>If real-time protection is enabled, files are scanned before they are accessed and executed. The scanning scope includes all files, including those on mounted removable devices such as USB drives. **Use PowerShell to configure scanning options** @@ -66,7 +66,7 @@ See [Manage Windows Defender Antivirus with PowerShell cmdlets](use-powershell-c **Use WMI to configure scanning options** -For using WMI classes, see [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/en-us/library/dn439477(v=vs.85).aspx). +For using WMI classes, see [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx). ### Email scanning limitations diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md index 74a365a6b4..cc74d3e88b 100644 --- a/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md @@ -114,6 +114,17 @@ Use the search bar to look for specific timeline events. Harness the power of us Filtering by event type allows you to define precise queries so that you see events with a specific focus. For example, you can search for a file name, then filter the results to only see Process events matching the search criteria or to only view file events, or even better: to view only network events over a period of time to make sure no suspicious outbound communications go unnoticed. + +>[!NOTE] +> For firewall events to be displayed, you'll need to enable the audit policy, see [Audit Filtering Platform connection](https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-filtering-platform-connection). +>Firewall covers the following events: +>- [5025](https://docs.microsoft.com/windows/security/threat-protection/auditing/event-5025) - firewall service stopped +>- [5031](https://docs.microsoft.com/windows/security/threat-protection/auditing/event-5031) - application blocked from accepting incoming connections on the network +>- [5157](https://docs.microsoft.com/windows/security/threat-protection/auditing/event-5157) - blocked connection + + + + - **User account** – Click the drop-down button to filter the machine timeline by the following user associated events: - Logon users - System diff --git a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md index 34c1292d77..52d6e869ad 100644 --- a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md @@ -11,7 +11,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: medium -ms.date: 04/24/2018 +ms.date: 10/26/2018 --- # Pull Windows Defender ATP alerts using REST API @@ -41,6 +41,9 @@ The _Client credential flow_ uses client credentials to authenticate against the Use the following method in the Windows Defender ATP API to pull alerts in JSON format. +>[!NOTE] +>Only alerts with a status as "new" are pulled. Alerts that are "in progress" or "resolved" will not be pulled. + ## Before you begin - Before calling the Windows Defender ATP endpoint to pull alerts, you'll need to enable the SIEM integration application in Azure Active Directory (AAD). For more information, see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md). diff --git a/windows/security/threat-protection/windows-platform-common-criteria.md b/windows/security/threat-protection/windows-platform-common-criteria.md index 1be7c7a0fb..8371aff1a9 100644 --- a/windows/security/threat-protection/windows-platform-common-criteria.md +++ b/windows/security/threat-protection/windows-platform-common-criteria.md @@ -18,14 +18,14 @@ Microsoft is committed to optimizing the security of its products and services. The Security Target describes security functionality and assurance measures used to evaluate Windows. - - [Microsoft Windows 10 (Fall Creators Update)](http://download.microsoft.com/download/B/6/A/B6A5EC2C-6351-4FB9-8FF1-643D4BD5BE6E/Windows%2010%201709%20GP%20OS%20Security%20Target.pdf) - - [Microsoft Windows 10 (Creators Update)](http://download.microsoft.com/download/e/8/b/e8b8c42a-a0b6-4ba1-9bdc-e704e8289697/windows%2010%20version%201703%20gp%20os%20security%20target%20-%20public%20\(january%2016,%202018\)\(final\)\(clean\).pdf) - - [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](http://download.microsoft.com/download/1/c/3/1c3b5ab0-e064-4350-a31f-48312180d9b5/st_vid10823-st.pdf) - - [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](http://download.microsoft.com/download/1/5/e/15eee6d3-f2a8-4441-8cb1-ce8c2ab91c24/windows%2010%20anniversary%20update%20mdf%20security%20target%20-%20public%20\(april%203%202017\).docx) - - [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](http://download.microsoft.com/download/f/8/c/f8c1c2a4-719c-48ae-942f-9fd3ce5b238f/windows%2010%20au%20and%20server%202016%20gp%20os%20security%20target%20-%20public%20\(december%202%202016\)%20\(clean\).docx) - - [Windows 10 (Anniversary Update) and Windows Server 2016 IPsec VPN Client](http://download.microsoft.com/download/b/f/5/bf59e430-e57b-462d-8dca-8ac3c93cfcff/windows%2010%20anniversary%20update%20ipsec%20vpn%20client%20security%20target%20-%20public%20\(december%2029%202016\)%20\(clean\).docx) - - [Microsoft Windows 10 IPsec VPN Client](http://download.microsoft.com/download/3/7/2/372beb03-b1ed-4bb6-9b9b-b8f43afc570d/st_vid10746-st.pdf) - - [Microsoft Windows 10 November 2015 Update with Surface Book](http://download.microsoft.com/download/a/c/2/ac2a6ed8-4d2f-4f48-a9bf-f059d6c9af38/windows%2010%20mdf3%20security%20target%20-%20public%20\(june%2022%202016\)\(final\).docx) + - [Microsoft Windows 10 (Fall Creators Update)](https://download.microsoft.com/download/B/6/A/B6A5EC2C-6351-4FB9-8FF1-643D4BD5BE6E/Windows%2010%201709%20GP%20OS%20Security%20Target.pdf) + - [Microsoft Windows 10 (Creators Update)](https://download.microsoft.com/download/e/8/b/e8b8c42a-a0b6-4ba1-9bdc-e704e8289697/windows%2010%20version%201703%20gp%20os%20security%20target%20-%20public%20\(january%2016,%202018\)\(final\)\(clean\).pdf) + - [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](https://download.microsoft.com/download/1/c/3/1c3b5ab0-e064-4350-a31f-48312180d9b5/st_vid10823-st.pdf) + - [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](https://download.microsoft.com/download/1/5/e/15eee6d3-f2a8-4441-8cb1-ce8c2ab91c24/windows%2010%20anniversary%20update%20mdf%20security%20target%20-%20public%20\(april%203%202017\).docx) + - [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](https://download.microsoft.com/download/f/8/c/f8c1c2a4-719c-48ae-942f-9fd3ce5b238f/windows%2010%20au%20and%20server%202016%20gp%20os%20security%20target%20-%20public%20\(december%202%202016\)%20\(clean\).docx) + - [Windows 10 (Anniversary Update) and Windows Server 2016 IPsec VPN Client](https://download.microsoft.com/download/b/f/5/bf59e430-e57b-462d-8dca-8ac3c93cfcff/windows%2010%20anniversary%20update%20ipsec%20vpn%20client%20security%20target%20-%20public%20\(december%2029%202016\)%20\(clean\).docx) + - [Microsoft Windows 10 IPsec VPN Client](https://download.microsoft.com/download/3/7/2/372beb03-b1ed-4bb6-9b9b-b8f43afc570d/st_vid10746-st.pdf) + - [Microsoft Windows 10 November 2015 Update with Surface Book](https://download.microsoft.com/download/a/c/2/ac2a6ed8-4d2f-4f48-a9bf-f059d6c9af38/windows%2010%20mdf3%20security%20target%20-%20public%20\(june%2022%202016\)\(final\).docx) - [Microsoft Windows 10 Mobile with Lumia 950, 950 XL, 550, 635, and Windows 10 with Surface Pro 4](https://www.niap-ccevs.org/st/st_vid10677-st.pdf) - [Windows 10 and Windows Server 2012 R2](http://www.commoncriteriaportal.org/files/epfiles/st_windows10.pdf) - [Windows 10](https://www.niap-ccevs.org/st/st_vid10677-st.pdf) @@ -54,29 +54,29 @@ These documents describe how to configure Windows to replicate the configuration **Windows 10, Windows 10 Mobile, Windows Server 2016, Windows Server 2012 R2** - - [Microsoft Windows 10 (Fall Creators Update)](http://download.microsoft.com/download/5/D/2/5D26F473-0FCE-4AC4-9065-6AEC0FE5B693/Windows%2010%201709%20GP%20OS%20Administrative%20Guide.pdf) - - [Microsoft Windows 10 (Creators Update)](http://download.microsoft.com/download/e/9/7/e97f0c7f-e741-4657-8f79-2c0a7ca928e3/windows%2010%20cu%20gp%20os%20operational%20guidance%20\(jan%208%202017%20-%20public\).pdf) - - [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](http://download.microsoft.com/download/d/c/4/dc40b5c8-49c2-4587-8a04-ab3b81eb6fc4/st_vid10823-agd.pdf) - - [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](http://download.microsoft.com/download/4/c/1/4c1f4ea4-2d66-4232-a0f5-925b2bc763bc/windows%2010%20au%20operational%20guidance%20\(16%20mar%202017\)\(clean\).docx) - - [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](http://download.microsoft.com/download/b/5/2/b52e9081-05c6-4895-91a3-732bfa0eb4da/windows%2010%20au%20and%20server%202016%20gp%20os%20operational%20guidance%20\(final\).docx) - - [Windows 10 (Anniversary Update) and Windows Server 2016 IPsec VPN Client Operational Guidance](http://download.microsoft.com/download/2/c/c/2cc8f929-233e-4a40-b673-57b449680984/windows%2010%20au%20and%20server%202016%20ipsec%20vpn%20client%20operational%20guidance%20\(21%20dec%202016\)%20\(public\).docx) - - [Microsoft Windows 10 IPsec VPN Client](http://download.microsoft.com/download/3/3/f/33fa01dd-b380-46e1-833f-fd85854b4022/st_vid10746-agd.pdf) - - [Microsoft Windows 10 November 2015 Update with Surface Book Administrative Guide](http://download.microsoft.com/download/3/2/c/32c6fa02-b194-478f-a0f6-0215b47d0f40/windows%2010%20mdf3%20mobile%20device%20pp%20operational%20guidance%20\(may%2027,%202016\)\(public\).docx) - - [Microsoft Windows 10 Mobile and Windows 10 Administrative Guide](http://download.microsoft.com/download/2/d/c/2dce3435-9328-48e2-9813-c2559a8d39fa/microsoft%20windows%2010%20and%20windows%2010%20mobile%20guidance.pdf) - - [Windows 10 and Windows Server 2012 R2 Administrative Guide](http://download.microsoft.com/download/0/f/d/0fd33c9a-98ac-499e-882f-274f80f3d4f0/microsoft%20windows%2010%20and%20server%202012%20r2%20gp%20os%20guidance.pdf) - - [Windows 10 Common Criteria Operational Guidance](http://download.microsoft.com/download/d/6/f/d6fb4cec-f0f2-4d00-ab2e-63bde3713f44/windows%2010%20mobile%20device%20operational%20guidance.pdf) + - [Microsoft Windows 10 (Fall Creators Update)](https://download.microsoft.com/download/5/D/2/5D26F473-0FCE-4AC4-9065-6AEC0FE5B693/Windows%2010%201709%20GP%20OS%20Administrative%20Guide.pdf) + - [Microsoft Windows 10 (Creators Update)](https://download.microsoft.com/download/e/9/7/e97f0c7f-e741-4657-8f79-2c0a7ca928e3/windows%2010%20cu%20gp%20os%20operational%20guidance%20\(jan%208%202017%20-%20public\).pdf) + - [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](https://download.microsoft.com/download/d/c/4/dc40b5c8-49c2-4587-8a04-ab3b81eb6fc4/st_vid10823-agd.pdf) + - [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](https://download.microsoft.com/download/4/c/1/4c1f4ea4-2d66-4232-a0f5-925b2bc763bc/windows%2010%20au%20operational%20guidance%20\(16%20mar%202017\)\(clean\).docx) + - [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](https://download.microsoft.com/download/b/5/2/b52e9081-05c6-4895-91a3-732bfa0eb4da/windows%2010%20au%20and%20server%202016%20gp%20os%20operational%20guidance%20\(final\).docx) + - [Windows 10 (Anniversary Update) and Windows Server 2016 IPsec VPN Client Operational Guidance](https://download.microsoft.com/download/2/c/c/2cc8f929-233e-4a40-b673-57b449680984/windows%2010%20au%20and%20server%202016%20ipsec%20vpn%20client%20operational%20guidance%20\(21%20dec%202016\)%20\(public\).docx) + - [Microsoft Windows 10 IPsec VPN Client](https://download.microsoft.com/download/3/3/f/33fa01dd-b380-46e1-833f-fd85854b4022/st_vid10746-agd.pdf) + - [Microsoft Windows 10 November 2015 Update with Surface Book Administrative Guide](https://download.microsoft.com/download/3/2/c/32c6fa02-b194-478f-a0f6-0215b47d0f40/windows%2010%20mdf3%20mobile%20device%20pp%20operational%20guidance%20\(may%2027,%202016\)\(public\).docx) + - [Microsoft Windows 10 Mobile and Windows 10 Administrative Guide](https://download.microsoft.com/download/2/d/c/2dce3435-9328-48e2-9813-c2559a8d39fa/microsoft%20windows%2010%20and%20windows%2010%20mobile%20guidance.pdf) + - [Windows 10 and Windows Server 2012 R2 Administrative Guide](https://download.microsoft.com/download/0/f/d/0fd33c9a-98ac-499e-882f-274f80f3d4f0/microsoft%20windows%2010%20and%20server%202012%20r2%20gp%20os%20guidance.pdf) + - [Windows 10 Common Criteria Operational Guidance](https://download.microsoft.com/download/d/6/f/d6fb4cec-f0f2-4d00-ab2e-63bde3713f44/windows%2010%20mobile%20device%20operational%20guidance.pdf) **Windows 8.1 and Windows Phone 8.1** - - [Microsoft Surface Pro 3 Common Criteria Mobile Operational Guidance](http://download.microsoft.com/download/b/e/3/be365594-daa5-4af3-a6b5-9533d61eae32/surface%20pro%203%20mobile%20operational%20guidance.docx) - - [Windows 8.1 and Windows Phone 8.1 CC Supplemental Admin Guide](http://download.microsoft.com/download/b/0/e/b0e30225-5017-4241-ac0a-6c40bc8e6714/mobile%20operational%20guidance.docx) + - [Microsoft Surface Pro 3 Common Criteria Mobile Operational Guidance](https://download.microsoft.com/download/b/e/3/be365594-daa5-4af3-a6b5-9533d61eae32/surface%20pro%203%20mobile%20operational%20guidance.docx) + - [Windows 8.1 and Windows Phone 8.1 CC Supplemental Admin Guide](https://download.microsoft.com/download/b/0/e/b0e30225-5017-4241-ac0a-6c40bc8e6714/mobile%20operational%20guidance.docx) **Windows 8, Windows RT, and Windows Server 2012** - - [Windows 8 and Windows Server 2012](http://download.microsoft.com/download/6/0/b/60b27ded-705a-4751-8e9f-642e635c3cf3/microsoft%20windows%208%20windows%20server%202012%20common%20criteria%20supplemental%20admin%20guidance.docx) - - [Windows 8 and Windows RT](http://download.microsoft.com/download/8/6/e/86e8c001-8556-4949-90cf-f5beac918026/microsoft%20windows%208%20microsoft%20windows%20rt%20common%20criteria%20supplemental%20admin.docx) - - [Windows 8 and Windows Server 2012 BitLocker](http://download.microsoft.com/download/0/8/4/08468080-540b-4326-91bf-f2a33b7e1764/administrative%20guidance%20for%20software%20full%20disk%20encryption%20clients.pdf) - - [Windows 8, Windows RT, and Windows Server 2012 IPsec VPN Client](http://download.microsoft.com/download/a/9/f/a9fd7e2d-023b-4925-a62f-58a7f1a6bd47/microsoft%20windows%208%20windows%20server%202012%20supplemental%20admin%20guidance%20ipsec%20vpn%20client.docx) + - [Windows 8 and Windows Server 2012](https://download.microsoft.com/download/6/0/b/60b27ded-705a-4751-8e9f-642e635c3cf3/microsoft%20windows%208%20windows%20server%202012%20common%20criteria%20supplemental%20admin%20guidance.docx) + - [Windows 8 and Windows RT](https://download.microsoft.com/download/8/6/e/86e8c001-8556-4949-90cf-f5beac918026/microsoft%20windows%208%20microsoft%20windows%20rt%20common%20criteria%20supplemental%20admin.docx) + - [Windows 8 and Windows Server 2012 BitLocker](https://download.microsoft.com/download/0/8/4/08468080-540b-4326-91bf-f2a33b7e1764/administrative%20guidance%20for%20software%20full%20disk%20encryption%20clients.pdf) + - [Windows 8, Windows RT, and Windows Server 2012 IPsec VPN Client](https://download.microsoft.com/download/a/9/f/a9fd7e2d-023b-4925-a62f-58a7f1a6bd47/microsoft%20windows%208%20windows%20server%202012%20supplemental%20admin%20guidance%20ipsec%20vpn%20client.docx) **Windows 7 and Windows Server 2008 R2** @@ -130,14 +130,14 @@ These documents describe how to configure Windows to replicate the configuration An Evaluation Technical Report (ETR) is a report submitted to the Common Criteria certification authority for how Windows complies with the claims made in the Security Target. A Certification / Validation Report provides the results of the evaluation by the validation team. - - [Microsoft Windows 10 (Fall Creators Update)](http://download.microsoft.com/download/2/C/2/2C20D013-0610-4047-B2FA-516819DFAE0A/Windows%2010%201709%20GP%20OS%20Certification%20Report.pdf) - - [Microsoft Windows 10 (Creators Update)](http://download.microsoft.com/download/3/2/c/32cdf627-dd23-4266-90ff-2f9685fd15c0/2017-49%20inf-2218%20cr.pdf) - - [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](http://download.microsoft.com/download/a/3/3/a336f881-4ac9-4c79-8202-95289f86bb7a/st_vid10823-vr.pdf) - - [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](http://download.microsoft.com/download/f/2/f/f2f7176e-34f4-4ab0-993c-6606d207bb3c/st_vid10752-vr.pdf) - - [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](http://download.microsoft.com/download/5/4/8/548cc06e-c671-4502-bebf-20d38e49b731/2016-36-inf-1779.pdf) - - [Windows 10 (Anniversary Update) and Windows Server 2016 IPsec VPN Client](http://download.microsoft.com/download/2/0/a/20a8e686-3cd9-43c4-a22a-54b552a9788a/st_vid10753-vr.pdf) - - [Microsoft Windows 10 IPsec VPN Client](http://download.microsoft.com/download/9/b/6/9b633763-6078-48aa-b9ba-960da2172a11/st_vid10746-vr.pdf) - - [Microsoft Windows 10 November 2015 Update with Surface Book](http://download.microsoft.com/download/d/c/b/dcb7097d-1b9f-4786-bb07-3c169fefb579/st_vid10715-vr.pdf) + - [Microsoft Windows 10 (Fall Creators Update)](https://download.microsoft.com/download/2/C/2/2C20D013-0610-4047-B2FA-516819DFAE0A/Windows%2010%201709%20GP%20OS%20Certification%20Report.pdf) + - [Microsoft Windows 10 (Creators Update)](https://download.microsoft.com/download/3/2/c/32cdf627-dd23-4266-90ff-2f9685fd15c0/2017-49%20inf-2218%20cr.pdf) + - [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](https://download.microsoft.com/download/a/3/3/a336f881-4ac9-4c79-8202-95289f86bb7a/st_vid10823-vr.pdf) + - [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](https://download.microsoft.com/download/f/2/f/f2f7176e-34f4-4ab0-993c-6606d207bb3c/st_vid10752-vr.pdf) + - [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](https://download.microsoft.com/download/5/4/8/548cc06e-c671-4502-bebf-20d38e49b731/2016-36-inf-1779.pdf) + - [Windows 10 (Anniversary Update) and Windows Server 2016 IPsec VPN Client](https://download.microsoft.com/download/2/0/a/20a8e686-3cd9-43c4-a22a-54b552a9788a/st_vid10753-vr.pdf) + - [Microsoft Windows 10 IPsec VPN Client](https://download.microsoft.com/download/9/b/6/9b633763-6078-48aa-b9ba-960da2172a11/st_vid10746-vr.pdf) + - [Microsoft Windows 10 November 2015 Update with Surface Book](https://download.microsoft.com/download/d/c/b/dcb7097d-1b9f-4786-bb07-3c169fefb579/st_vid10715-vr.pdf) - [Microsoft Windows 10 Mobile with Lumia 950, 950 XL, 550, 635, and Windows 10 with Surface Pro 4](https://www.niap-ccevs.org/st/st_vid10694-vr.pdf) - [Windows 10 and Windows Server 2012 R2](https://www.commoncriteriaportal.org/files/epfiles/cr_windows10.pdf) - [Windows 10](https://www.niap-ccevs.org/st/st_vid10677-vr.pdf) @@ -165,5 +165,5 @@ An Evaluation Technical Report (ETR) is a report submitted to the Common Criteri ## Other Common Criteria Related Documents - - [Identifying Windows XP and Windows Server 2003 Common Criteria Certified Requirements for the NIST Special Publication 800-53](http://download.microsoft.com/download/a/9/6/a96d1dfc-2bd4-408d-8d93-e0ede7529691/xpws03_ccto800-53.doc) + - [Identifying Windows XP and Windows Server 2003 Common Criteria Certified Requirements for the NIST Special Publication 800-53](https://download.microsoft.com/download/a/9/6/a96d1dfc-2bd4-408d-8d93-e0ede7529691/xpws03_ccto800-53.doc)