deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 21:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'main' into cz-22020816-feedback

Browse Source
This commit is contained in:
Angela Fleischmann 2022-08-18 15:14:03 -06:00 committed by GitHub
commit 18ea0a4aa1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
21 changed files with 438 additions and 225 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
View File

@ -9,7 +9,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 06/06/2022
ms.date: 08/01/2022
---
# Policies in Policy CSP supported by HoloLens 2
@ -52,12 +52,18 @@ ms.date: 06/06/2022
- [Experience/AllowManualMDMUnenrollment](policy-csp-experience.md#experience-allowmanualmdmunenrollment)
- [MixedReality/AADGroupMembershipCacheValidityInDays](policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays)
- [MixedReality/AADGroupMembershipCacheValidityInDays](./policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays) <sup>9</sup>
- [MixedReality/AllowCaptivePortalBeforeSignIn](./policy-csp-mixedreality.md#mixedreality-allowcaptiveportalpeforesignin) <sup>Insider</sup>
- [MixedReality/AllowLaunchUriInSingleAppKiosk](./policy-csp-mixedreality.md#mixedreality-allowlaunchuriinsingleappkiosk)<sup>10</sup>
- [MixedReality/AutoLogonUser](./policy-csp-mixedreality.md#mixedreality-autologonuser) <sup>11</sup>
- [MixedReality/BrightnessButtonDisabled](./policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled) <sup>9</sup>
- [MixedReality/ConfigureMovingPlatform](policy-csp-mixedreality.md#mixedreality-configuremovingplatform) <sup>*[Feb. 2022 Servicing release](/hololens/hololens-release-notes#windows-holographic-version-21h2---february-2022-update)</sup>
- [MixedReality/DisallowNetworkConnectivityPassivePolling](./policy-csp-mixedreality.md#mixedreality-disablesisallownetworkconnectivitypassivepolling) <sup>Insider</sup>
- [MixedReality/FallbackDiagnostics](./policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics) <sup>9</sup>
- [MixedReality/HeadTrackingMode](policy-csp-mixedreality.md#mixedreality-headtrackingmode) <sup>9</sup>
- [MixedReality/ManualDownDirectionDisabled](policy-csp-mixedreality.md#mixedreality-manualdowndirectiondisabled) <sup>*[Feb. 2022 Servicing release](/hololens/hololens-release-notes#windows-holographic-version-21h2---february-2022-update)</sup>
- [MixedReality/MicrophoneDisabled](./policy-csp-mixedreality.md#mixedreality-microphonedisabled) <sup>9</sup>
- [MixedReality/SkipCalibrationDuringSetup](./policy-csp-mixedreality.md#mixedreality-skipcalibrationduringsetup) <sup>Insider</sup>
- [MixedReality/SkipTrainingDuringSetup](./policy-csp-mixedreality.md#mixedreality-skiptrainingduringsetup) <sup>Insider</sup>
- [MixedReality/VisitorAutoLogon](policy-csp-mixedreality.md#mixedreality-visitorautologon) <sup>10</sup>
- [MixedReality/VolumeButtonDisabled](./policy-csp-mixedreality.md#mixedreality-volumebuttondisabled) <sup>9</sup>
- [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery) <sup>9</sup>
@ -67,6 +73,7 @@ ms.date: 06/06/2022
- [Power/StandbyTimeoutOnBattery](./policy-csp-power.md#power-standbytimeoutonbattery) <sup>9</sup>
- [Power/StandbyTimeoutPluggedIn](./policy-csp-power.md#power-standbytimeoutpluggedin) <sup>9</sup>
- [Privacy/AllowInputPersonalization](policy-csp-privacy.md#privacy-allowinputpersonalization)
- [Privacy/DisablePrivacyExperience](./policy-csp-privacy.md#privacy-disableprivacyexperience) <sup>Insider</sup>
- [Privacy/LetAppsAccessAccountInfo](policy-csp-privacy.md#privacy-letappsaccessaccountinfo)
- [Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps](policy-csp-privacy.md#privacy-letappsaccessaccountinfo-forceallowtheseapps)
- [Privacy/LetAppsAccessAccountInfo_ForceDenyTheseApps](policy-csp-privacy.md#privacy-letappsaccessaccountinfo-forcedenytheseapps)
@ -96,6 +103,11 @@ ms.date: 06/06/2022
- [Settings/AllowVPN](policy-csp-settings.md#settings-allowvpn)
- [Settings/PageVisibilityList](./policy-csp-settings.md#settings-pagevisibilitylist) <sup>9</sup>
- [Speech/AllowSpeechModelUpdate](policy-csp-speech.md#speech-allowspeechmodelupdate)
- [Storage/AllowStorageSenseGlobal](policy-csp-storage.md#storage-allowstoragesenseglobal) <sup>Insider</sup>
- [Storage/AllowStorageSenseTemporaryFilesCleanup](policy-csp-storage.md#storage-allowstoragesensetemporaryfilescleanup) <sup>Insider</sup>
- [Storage/ConfigStorageSenseCloudContentDehydrationThreshold](policy-csp-storage.md#storage-configstoragesensecloudcontentdehydrationthreshold) <sup>Insider</sup>
- [Storage/ConfigStorageSenseDownloadsCleanupThreshold](policy-csp-storage.md#storage-configstoragesensedownloadscleanupthreshold) <sup>Insider</sup>
- [Storage/ConfigStorageSenseGlobalCadence](policy-csp-storage.md#storage-configstoragesenseglobalcadence) <sup>Insider</sup>
- [System/AllowCommercialDataPipeline](policy-csp-system.md#system-allowcommercialdatapipeline)
- [System/AllowLocation](policy-csp-system.md#system-allowlocation)
- [System/AllowStorageCard](policy-csp-system.md#system-allowstoragecard)
@ -140,6 +152,7 @@ Footnotes:
- 9 - Available in [Windows Holographic, version 20H2](/hololens/hololens-release-notes-2004#windows-holographic-version-20h2)
- 10 - Available in [Windows Holographic, version 21H1](/hololens/hololens-release-notes#windows-holographic-version-21h1)
- 11 - Available in [Windows Holographic, version 21H2](/hololens/hololens-release-notes#windows-holographic-version-21h2)
- Insider - Available in our current [HoloLens Insider builds](/hololens/hololens-insider).
## Related topics

243
windows/client-management/mdm/policy-csp-mixedreality.md
View File

@ -22,6 +22,12 @@ manager: aaroncz
<dd>
<a href="#mixedreality-aadgroupmembershipcachevalidityindays">MixedReality/AADGroupMembershipCacheValidityInDays</a>
</dd>
<dd>
<a href="#mixedreality-allowcaptiveportalpeforesignin">MixedReality/AllowCaptivePortalBeforeSignIn</a>
</dd>
<dd>
<a href="#mixedreality-allowlaunchuriinsingleappkiosk">MixedReality/AllowLaunchUriInSingleAppKiosk</a>
</dd>
<dd>
<a href="#mixedreality-autologonuser">MixedReality/AutoLogonUser</a>
</dd>
@ -31,15 +37,27 @@ manager: aaroncz
<dd>
<a href="#mixedreality-configuremovingplatform">MixedReality/ConfigureMovingPlatform</a>
</dd>
<dd>
<a href="#mixedreality-disablesisallownetworkconnectivitypassivepolling">MixedReality/DisallowNetworkConnectivityPassivePolling</a>
</dd>
<dd>
<a href="#mixedreality-fallbackdiagnostics">MixedReality/FallbackDiagnostics</a>
</dd>
<dd>
<a href="#mixedreality-headtrackingmode">MixedReality/HeadTrackingMode</a>
</dd>
<dd>
<a href="#mixedreality-manualdowndirectiondisabled">MixedReality/ManualDownDirectionDisabled</a>
</dd>
<dd>
<a href="#mixedreality-microphonedisabled">MixedReality/MicrophoneDisabled</a>
</dd>
<dd>
<a href="#mixedreality-skipcalibrationduringsetup">MixedReality/SkipCalibrationDuringSetup</a>
</dd>
<dd>
<a href="#mixedreality-skiptrainingduringsetup">MixedReality/SkipTrainingDuringSetup</a>
</dd>
<dd>
<a href="#mixedreality-visitorautologon">MixedReality/VisitorAutoLogon</a>
</dd>
@ -79,7 +97,74 @@ Steps to use this policy correctly:
<hr/>
<!--Policy-->
<a href="" id="mixedreality-autologonuser"></a>**MixedReality/AutoLogonUser**
<a href="" id="mixedreality-allowcaptiveportalpeforesignin"></a>**MixedReality/AllowCaptivePortalBeforeSignIn**
<!--SupportedSKUs-->
|Windows Edition|Supported|
|--- |--- |
|HoloLens (first gen) Development Edition|No|
|HoloLens (first gen) Commercial Suite|No|
|HoloLens 2|Yes|
> [!NOTE]
> This feature is currently only available in [HoloLens Insider](/hololens/hololens-insider) builds.
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--Description-->
This new feature is an opt-in policy that IT Admins can enable to help with the setup of new devices in new areas or new users. When this policy is turned on it allows a captive portal on the sign-in screen, which allows a user to enter credentials to connect to the Wi-Fi access point. If enabled, sign in will implement similar logic as OOBE to display captive portal if necessary.
MixedReality/AllowCaptivePortalBeforeSignIn
The OMA-URI of new policy: `./Device/Vendor/MSFT/Policy/Config/MixedReality/AllowCaptivePortalBeforeSignIn`
Bool value
<!--/Description-->
<!--/SupportedSKUs-->
<!--Policy-->
<a href="" id="mixedreality-allowlaunchuriinsingleappkiosk"></a>**MixedReality/AllowLaunchUriInSingleAppKiosk**
<!--SupportedSKUs-->
|Windows Edition|Supported|
|--- |--- |
|HoloLens (first gen) Development Edition|No|
|HoloLens (first gen) Commercial Suite|No|
|HoloLens 2|Yes|
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--Description-->
This can be enabled to allow for other apps to be launched with in a single app Kiosk, which may be useful, for example, if you want to launch the Settings app to calibrate your device or change your Wi-fi.
By default, launching applications via Launcher API (Launcher Class (Windows.System) - Windows UWP applications) is disabled in single app kiosk mode. To enable applications to launch in single app kiosk mode on HoloLens devices, set the policy value to true.
The OMA-URI of policy: `./Device/Vendor/MSFT/Policy/Config/MixedReality/AllowLaunchUriInSingleAppKiosk`
Bool value
<!--/Description-->
<!--/SupportedSKUs-->
<!--Policy-->
<a href="" id="mixedreality-autologonuser"></a>**MixedReality/AutoLogonUser**
<!--SupportedSKUs-->
@ -90,7 +175,7 @@ Steps to use this policy correctly:
|HoloLens 2|Yes|
<!--/Description-->
This new AutoLogonUser policy controls whether a user will be automatically signed in. Some customers want to set up devices that are tied to an identity but don't want any sign-in experience. Imagine picking up a device and using remote assist immediately. Or have a benefit of being able to rapidly distribute HoloLens devices and enable their end users to speed up sign in.
This new AutoLogonUser policy controls whether a user will be automatically signed in. Some customers want to set up devices that are tied to an identity but don't want any sign-in experience. Imagine picking up a device and using remote assist immediately. Or have a benefit of being able to rapidly distribute HoloLens devices and enable their end users to speed up sign-in.
When the policy is set to a non-empty value, it specifies the email address of the auto log-on user. The specified user must sign in to the device at least once to enable autologon.
@ -101,7 +186,7 @@ Supported value is String.
- User with the same email address will have autologon enabled.
On a device where this policy is configured, the user specified in the policy will need to sign in at least once. Subsequent reboots of the device after the first sign in will have the specified user automatically signed in. Only a single autologon user is supported. Once enabled, the automatically signed-in user won't be able to sign out manually. To sign in as a different user, the policy must first be disabled.
On a device where this policy is configured, the user specified in the policy will need to sign in at least once. Subsequent reboots of the device after the first sign-in will have the specified user automatically signed in. Only a single autologon user is supported. Once enabled, the automatically signed-in user won't be able to sign out manually. To sign in as a different user, the policy must first be disabled.
> [!NOTE]
>
@ -204,7 +289,7 @@ The following list shows the supported values:
<!--/Scope-->
<!--Description-->
This policy controls the behavior of moving platform feature on Hololens 2, that is, whether it's turned off / on, or it can be toggled by a user. It should only be used by customers who intend to use Hololens 2 in moving environments with low dynamic motion. For background information, see [HoloLens 2 Moving Platform Mode | Microsoft Docs](/hololens/hololens2-moving-platform#:~:text=Why%20Moving%20Platform%20Mode%20is%20Necessary%20HoloLens%20needs%2csimilar%20pieces%20of%20information%20from%20two%20separate%20sources:).
This policy controls the behavior of moving platform feature on HoloLens 2, that is, whether it's turned off / on, or it can be toggled by a user. It should only be used by customers who intend to use HoloLens 2 in moving environments with low dynamic motion. For background information, see [HoloLens 2 Moving Platform Mode | Microsoft Docs](/hololens/hololens2-moving-platform#:~:text=Why%20Moving%20Platform%20Mode%20is%20Necessary%20HoloLens%20needs%2csimilar%20pieces%20of%20information%20from%20two%20separate%20sources:).
<!--/Description-->
@ -222,6 +307,42 @@ Supported value is Integer.
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="mixedreality-disablesisallownetworkconnectivitypassivepolling"></a>**MixedReality/DisallowNetworkConnectivityPassivePolling**
<!--SupportedSKUs-->
|Windows Edition|Supported|
|--- |--- |
|HoloLens (first gen) Development Edition|No|
|HoloLens (first gen) Commercial Suite|No|
|HoloLens 2|Yes|
<!--/SupportedSKUs-->
> [!NOTE]
> This feature is currently only available in [HoloLens Insider](/hololens/hololens-insider) builds.
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--Description-->
Windows Network Connectivity Status Indicator may get false positive Internet capable signal from passive polling. That may result in unexpected Wi-Fi adapter reset when device connects to an intranet only access point. Enabling this policy would avoid unexpected network interruptions caused by false positive NCSI passive polling.
The OMA-URI of new policy: `./Device/Vendor/MSFT/Policy/Config/MixedReality/DisallowNetworkConnectivityPassivePolling`
- Bool value
<!--/Description-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="mixedreality-fallbackdiagnostics"></a>**MixedReality/FallbackDiagnostics**
@ -309,6 +430,46 @@ The following list shows the supported values:
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="mixedreality-manualdowndirectiondisabled"></a>**MixedReality/ManualDownDirectionDisabled**
<!--SupportedSKUs-->
|Windows Edition|Supported|
|--- |--- |
|HoloLens (first gen) Development Edition|No|
|HoloLens (first gen) Commercial Suite|No|
|HoloLens 2|Yes|
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy controls whether the user can change down direction manually or not. If no down direction is set by the user, then an automatically calculated down direction is used by the system. This policy has no dependency on ConfigureMovingPlatform policy and they can be set independently.
The OMA-URI of new policy: `./Device/Vendor/MSFT/Policy/Config/MixedReality/ManualDownDirectionDisabled`
<!--/Description-->
<!--SupportedValues-->
Supported values:
- **False (Default)** - User can manually change down direction if they desire, otherwise down direction will be determined automatically based on the measured gravity vector.
- **True** - User cant manually change down direction and down direction will be always determined automatically based on the measured gravity vector.
<!--/SupportedValues-->
<!--Policy-->
<a href="" id="mixedreality-microphonedisabled"></a>**MixedReality/MicrophoneDisabled**
@ -352,6 +513,78 @@ The following list shows the supported values:
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="mixedreality-skipcalibrationduringsetup"></a>**MixedReality/SkipCalibrationDuringSetup**
<!--SupportedSKUs-->
|Windows Edition|Supported|
|--- |--- |
|HoloLens (first gen) Development Edition|No|
|HoloLens (first gen) Commercial Suite|No|
|HoloLens 2|Yes|
<!--/SupportedSKUs-->
> [!NOTE]
> This feature is currently only available in [HoloLens Insider](/hololens/hololens-insider) builds.
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--Description-->
Skips the calibration experience on HoloLens 2 devices when setting up a new user in the Out of Box Experience (OOBE) or when adding a new user to the device. The user will still be able to calibrate their device from the Settings app.
The OMA-URI of new policy: `./Device/Vendor/MSFT/Policy/Config/MixedReality/SkipCalibrationDuringSetup`
- Bool value
<!--/Description-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="mixedreality-skiptrainingduringsetup"></a>**MixedReality/SkipTrainingDuringSetup**
<!--SupportedSKUs-->
|Windows Edition|Supported|
|--- |--- |
|HoloLens (first gen) Development Edition|No|
|HoloLens (first gen) Commercial Suite|No|
|HoloLens 2|Yes|
<!--/SupportedSKUs-->
> [!NOTE]
> This feature is currently only available in [HoloLens Insider](/hololens/hololens-insider) builds.
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--Description-->
On HoloLens 2 devices, skips the training experience of interactions with the humming bird and start menu training when setting up a new user in the Out of Box Experience (OOBE) or when adding a new user to the device. The user will still be able to learn these movement controls from the Tips app.
The OMA-URI of new policy: `./Device/Vendor/MSFT/Policy/Config/MixedReality/SkipTrainingDuringSetup`
- Bool value
<!--/Description-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="mixedreality-volumebuttondisabled"></a>**MixedReality/VolumeButtonDisabled**
@ -442,4 +675,4 @@ The following list shows the supported values:
## Related topics
[Policy configuration service provider](policy-configuration-service-provider.md)
[Policy configuration service provider](policy-configuration-service-provider.md)

13
windows/deployment/TOC.yml
View File

@ -185,8 +185,9 @@
- name: Monitor Windows client updates
items:
- name: Monitor with Update Compliance (preview version)
href: update/update-compliance-v2-overview.md
items:
- name: Update Compliance overview
href: update/update-compliance-v2-overview.md
- name: Enable Update Compliance (preview)
items:
- name: Update Compliance prerequisites
@ -200,13 +201,13 @@
- name: Configure clients with Microsoft Endpoint Manager
href: update/update-compliance-v2-configuration-mem.md
- name: Use Update Compliance (preview)
items:
- name: Use Update Compliance
href: update/update-compliance-v2-use.md
items:
- name: Update Compliance workbook
href: update/update-compliance-v2-workbook.md
href: update/update-compliance-v2-workbook.md
- name: Software updates in the Microsoft admin center (preview)
href: update/update-status-admin-center.md
href: update/update-status-admin-center.md
- name: Use Update Compliance data
href: update/update-compliance-v2-use.md
- name: Feedback, support, and troubleshooting
href: update/update-compliance-v2-help.md
- name: Update Compliance schema reference (preview)

22
windows/deployment/update/includes/update-compliance-admin-center-permissions.md Normal file
View File

@ -0,0 +1,22 @@
---
author: mestew
ms.author: mstewart
manager: dougeby
ms.prod: w10
ms.collection: M365-modern-desktop
ms.topic: include
ms.date: 08/18/2022
ms.localizationpriority: medium
---
<!--This file is shared by updates/update-compliance-v2-enable.md and the update/update-status-admin-center.md articles. Headings may be driven by article context. -->
[Enabling Update Compliance](../update-compliance-v2-enable.md) requires access to the [Microsoft admin center software updates (preview) page](../update-status-admin-center.md) as does displaying Update Compliance data in the admin center. The following permissions are needed for access to the [Microsoft 365 admin center](https://admin.microsoft.com):
- To enable Update Compliance, edit Update Compliance configuration settings, and view the **Windows** tab in the **Software Updates** page:
- [Global Administrator role](/azure/active-directory/roles/permissions-reference#global-administrator)
- [Intune Administrator](/azure/active-directory/roles/permissions-reference#intune-administrator)
- To view the **Windows** tab in the **Software Updates** page:
- [Global Reader role](/azure/active-directory/roles/permissions-reference#global-reader)
> [!NOTE]
> These permissions for the Microsoft 365 admin center apply specifically to the **Windows** tab of the **Software Updates** page. For more information about the **Microsoft 365 Apps** tab, see [Microsoft 365 Apps updates in the admin center](/DeployOffice/updates/software-update-status).

23
windows/deployment/update/includes/update-compliance-onboard-admin-center.md Normal file
View File

@ -0,0 +1,23 @@
---
author: mestew
ms.author: mstewart
manager: dougeby
ms.prod: w10
ms.collection: M365-modern-desktop
ms.topic: include
ms.date: 08/18/2022
ms.localizationpriority: medium
---
<!--This file is shared by updates/update-compliance-v2-enable.md and the update/update-status-admin-center.md articles. Headings are driven by article context. -->
1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com/) and sign in.
1. Expand **Health**, then select **Software Updates**. You may need to use the **Show all** option to display **Health** in the navigation menu.
1. In the **Software Updates** page, select the **Windows** tab.
1. When you select the **Windows** tab for the first time, you'll be asked to **Configure Settings**. This tab is populated by data from [Update Compliance](../update-compliance-v2-overview.md). Verify or supply the following information about the settings for Update Compliance:
- The Azure subscription
- The Log Analytics workspace
1. The initial setup can take up to 24 hours. During this time, the **Windows** tab will display that it's **Waiting for Update Compliance data**.
1. After the initial setup is complete, the **Windows** tab will display your Update Compliance data in the charts.
> [!Tip]
> If you don't see an entry for **Software updates (preview)** in the menu, try going to this URL: [https://admin.microsoft.com/Adminportal/Home#/softwareupdates](https://admin.microsoft.com/Adminportal/Home#/softwareupdates).

62
windows/deployment/update/includes/update-compliance-script-error-codes.md Normal file
View File

@ -0,0 +1,62 @@
---
author: mestew
ms.author: mstewart
manager: dougeby
ms.prod: w10
ms.collection: M365-modern-desktop
ms.topic: include
ms.date: 08/18/2022
ms.localizationpriority: medium
---
<!--This file is shared by updates/update-compliance-v2-configuration-script.md and the update/update-compliance-configuration-script.md articles. Headings are driven by article context. -->
|Error |Description |
|---------|---------|
| 1 | General unexpected error|
| 6 | Invalid CommercialID|
| 8 | Couldn't create registry key path to set up CommercialID|
| 9 | Couldn't write CommercialID at registry key path|
| 11 | Unexpected result when setting up CommercialID.|
| 12 | CheckVortexConnectivity failed, check Log output for more information.|
| 12 | Unexpected failure when running CheckVortexConnectivity.|
| 16 | Reboot is pending on device, restart device and restart script.|
| 17 | Unexpected exception in CheckRebootRequired.|
| 27 | Not system account. |
| 30 | Unable to disable Enterprise Auth Proxy. This registry value must be 0 for UTC to operate in an authenticated proxy environment.|
| 34 | Unexpected exception when attempting to check Proxy settings.|
| 35 | Unexpected exception when checking User Proxy.|
| 37 | Unexpected exception when collecting logs|
| 40 | Unexpected exception when checking and setting telemetry.|
| 41 | Unable to impersonate logged-on user.|
| 42 | Unexpected exception when attempting to impersonate logged-on user.|
| 43 | Unexpected exception when attempting to impersonate logged-on user.|
| 44 | Error when running CheckDiagTrack service.|
| 45 | DiagTrack.dll not found.|
| 48 | CommercialID isn't a GUID|
| 50 | DiagTrack service not running.|
| 51 | Unexpected exception when attempting to run Census.exe|
| 52 | Couldn't find Census.exe|
| 53 | There are conflicting CommercialID values.|
| 54 | Microsoft Account Sign In Assistant (MSA) Service disabled.|
| 55 | Failed to create new registry path for SetDeviceNameOptIn|
| 56 | Failed to create property for SetDeviceNameOptIn at registry path|
| 57 | Failed to update value for SetDeviceNameOptIn|
| 58 | Unexpected exception in SetrDeviceNameOptIn|
| 59 | Failed to delete LastPersistedEventTimeOrFirstBoot property at registry path when attempting to clean up OneSettings.|
| 60 | Failed to delete registry key when attempting to clean up OneSettings.|
| 61 | Unexpected exception when attempting to clean up OneSettings.|
| 62 | AllowTelemetry registry key isn't of the correct type REG_DWORD|
| 63 | AllowTelemetry isn't set to the appropriate value and it couldn't be set by the script.|
| 64 | AllowTelemetry isn't of the correct type REG_DWORD.|
| 66 | Failed to verify UTC connectivity and recent uploads.|
| 67 | Unexpected failure when verifying UTC CSP.|
| 91 | Failed to create new registry path for EnableAllowUCProcessing|
| 92 | Failed to create property for EnableAllowUCProcessing at registry path|
| 93 | Failed to update value for EnableAllowUCProcessing|
| 94 | Unexpected exception in EnableAllowUCProcessing|
| 95 | Failed to create new registry path for EnableAllowCommercialDataPipeline |
| 96 | Failed to create property for EnableAllowCommercialDataPipeline at registry path |
| 97 | Failed to update value for EnableAllowCommercialDataPipeline |
| 98 | Unexpected exception in EnableAllowCommercialDataPipeline |
| 99 | Device isn't Windows 10.|
| 100 | Device must be AADJ or hybrid AADJ to use Update Compliance |
| 101 | Check AADJ failed with unexpected exception |

2
windows/deployment/update/includes/update-compliance-verify-device-configuration.md
View File

@ -35,7 +35,7 @@ In some cases, you may need to manually verify the device configuration has the
1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**.
1. Under **View diagnostic data**, select **Open Diagnostic Data Viewer**.
1. When the Diagnostic Data Viewer opens, type `SoftwareUpdateClientTelemetry` in the search field. Verify the following items:
- The **EnrolledTenantID** field under **m365a** should equal the [CommercialID](../update-compliance-v2-enable.md#bkmk_id) of your Log Analytics workspace for Update Compliance.
- The **EnrolledTenantID** field under **m365a** should equal the `CommercialID` of your Log Analytics workspace for Update Compliance. `CommercialID` is no longer required for the [preview version of Updates Compliance](../update-compliance-v2-overview.md), but the value may still be listed in this field.
- The **MSP** field value under **protocol** should be either `16` or `18`.
- If you need to send this data to Microsoft Support, select **Export data**.

87
windows/deployment/update/update-compliance-configuration-script.md
View File

@ -40,7 +40,7 @@ This script's two primary files are `ConfigScript.ps1` and `RunConfig.bat`. You
Open `RunConfig.bat` and configure the following (assuming a first-run, with `runMode=Pilot`):
1. Define `logPath` to where you want the logs to be saved. Ensure that `runMode=Pilot`.
2. Set `commercialIDValue` to your Commercial ID.
2. Set `setCommercialID=true` and set the `commercialIDValue` to your [Commercial ID](update-compliance-get-started.md#get-your-commercialid).
3. Run the script.
4. Examine the logs for any issues. If there are no issues, then all devices with a similar configuration and network profile are ready for the script to be deployed with `runMode=Deployment`.
5. If there are issues, gather the logs and provide them to Support.
@ -48,87 +48,10 @@ Open `RunConfig.bat` and configure the following (assuming a first-run, with `ru
## Script errors
|Error |Description |
|---------|---------|
| 1 | General unexpected error|
| 6 | Invalid CommercialID|
| 8 | Couldn't create registry key path to setup CommercialID|
| 9 | Couldn't write CommercialID at registry key path|
| 11 | Unexpected result when setting up CommercialID.|
| 12 | CheckVortexConnectivity failed, check Log output for more information.|
| 12 | Unexpected failure when running CheckVortexConnectivity.|
| 16 | Reboot is pending on device, restart device and restart script.|
| 17 | Unexpected exception in CheckRebootRequired.|
| 27 | Not system account. |
| 30 | Unable to disable Enterprise Auth Proxy. This registry value must be 0 for UTC to operate in an authenticated proxy environment.|
| 34 | Unexpected exception when attempting to check Proxy settings.|
| 35 | Unexpected exception when checking User Proxy.|
| 37 | Unexpected exception when collecting logs|
| 40 | Unexpected exception when checking and setting telemetry.|
| 41 | Unable to impersonate logged-on user.|
| 42 | Unexpected exception when attempting to impersonate logged-on user.|
| 43 | Unexpected exception when attempting to impersonate logged-on user.|
| 44 | Error when running CheckDiagTrack service.|
| 45 | DiagTrack.dll not found.|
| 48 | CommercialID is not a GUID|
| 50 | DiagTrack service not running.|
| 51 | Unexpected exception when attempting to run Census.exe|
| 52 | Could not find Census.exe|
| 53 | There are conflicting CommercialID values.|
| 54 | Microsoft account (MSA) Sign In Assistant Service disabled.|
| 55 | Failed to create new registry path for SetDeviceNameOptIn|
| 56 | Failed to create property for SetDeviceNameOptIn at registry path|
| 57 | Failed to update value for SetDeviceNameOptIn|
| 58 | Unexpected exception in SetrDeviceNameOptIn|
| 59 | Failed to delete LastPersistedEventTimeOrFirstBoot property at registry path when attempting to clean up OneSettings.|
| 60 | Failed to delete registry key when attempting to clean up OneSettings.|
| 61 | Unexpected exception when attempting to clean up OneSettings.|
| 62 | AllowTelemetry registry key is not of the correct type REG_DWORD|
| 63 | AllowTelemetry is not set to the appropriate value and it could not be set by the script.|
| 64 | AllowTelemetry is not of the correct type REG_DWORD.|
| 66 | Failed to verify UTC connectivity and recent uploads.|
| 67 | Unexpected failure when verifying UTC CSP.|
| 91 | Failed to create new registry path for EnableAllowUCProcessing|
| 92 | Failed to create property for EnableAllowUCProcessing at registry path|
| 93 | Failed to update value for EnableAllowUCProcessing|
| 94 | Unexpected exception in EnableAllowUCProcessing|
| 95 | Failed to create new registry path for EnableAllowCommercialDataPipeline |
| 96 | Failed to create property for EnableAllowCommercialDataPipeline at registry path |
| 97 | Failed to update value for EnableAllowCommercialDataPipeline |
| 98 | Unexpected exception in EnableAllowCommercialDataPipeline |
| 99 | Device is not Windows 10.|
<!--Using include for script errors-->
[!INCLUDE [Update Compliance script error codes](./includes/update-compliance-script-error-codes.md)]
## Verify device configuration
In some cases, you may need to manually verify the device configuration has the `AllowUpdateComplianceProcessing` policy enabled. To verify the setting, use the following steps:
1. Download and enable the **Diagnostic Data Viewer**. For more information, see [Diagnostic Data Viewer overview](/windows/privacy/diagnostic-data-viewer-overview#install-and-use-the-diagnostic-data-viewer).
1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**.
1. Under **View diagnostic data**, select **On** for the following option:
- Windows 11: **Turn on the Diagnostic Data Viewer (uses up to 1 GB of hard drive space)**
- Windows 10: **Turn on this setting to see your data in the Diagnostic Data Viewer. (Setting uses up to 1GB of hard drive space.)**
1. Select **Open Diagnostic Data Viewer**.
- If the application isn't installed, select **Get** when you're asked to download the [Diagnostic Data Viewer from the Microsoft Store](https://www.microsoft.com/store/p/diagnostic-data-viewer/9n8wtrrsq8f7?rtc=1) page.
- If the application is already installed, it will open. You can either close the application before running a scan for software updates, or use the refresh button to fetch the new data after the scan is completed.
1. Check for software updates on the client device.
- Windows 11:
1. Go to **Start**, select **Settings** > **Windows Update**.
1. Select **Check for updates** then wait for the update check to complete.
- Windows 10:
1. Go to **Start**, select **Settings** > **Update & Security** > **Windows Update**.
1. Select **Check for updates** then wait for the update check to complete.
1. Run the **Diagnostic Data Viewer**.
1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**.
1. Under **View diagnostic data**, select **Open Diagnostic Data Viewer**.
1. When the Diagnostic Data Viewer opens, type `SoftwareUpdateClientTelemetry` in the search field. Verify the following items:
- The **EnrolledTenantID** field under **m365a** should equal the [CommercialID](update-compliance-get-started.md#get-your-commercialid) of your Log Analytics workspace for Update Compliance.
- The **MSP** field value under **protocol** should be either `16` or `18`.
- If you need to send this data to Microsoft Support, select **Export data**.
:::image type="content" alt-text="Screenshot of the Diagnostic Data Viewer displaying the data from SoftwareUpdateClientTelemetry. The export data option and the fields for MSP and EnrolledTenantID are outlined in red." source="./media/update-compliance-diagnostic-data-viewer.png" lightbox="./media/update-compliance-diagnostic-data-viewer.png":::
<!--Using include for verifying device configuration-->
[!INCLUDE [Endpoints for Update Compliance](./includes/update-compliance-verify-device-configuration.md)]:

19
windows/deployment/update/update-compliance-get-started.md
View File

@ -92,19 +92,22 @@ Once the solution is in place, you can leverage one of the following Azure roles
> [!NOTE]
> It is not currently supported to programmatically enroll to Update Compliance via the [Azure CLI](/cli/azure) or otherwise. You must manually add Update Compliance to your Azure subscription.
### Get your CommercialID
A CommercialID is a globally unique identifier assigned to a specific Log Analytics workspace. The CommercialID is copied to an MDM or Group Policy and is used to identify devices in your environment.
A `CommercialID` is a globally unique identifier assigned to a specific Log Analytics workspace. The `CommercialID` is copied to an MDM or Group Policy and is used to identify devices in your environment. The `Commercial ID` directs your clients to the Update Compliance solution in your Log Analytics workspace. You'll need this ID when you configure clients to send data to Update Compliance.
To find your CommercialID within Azure:
1. If needed, sign into the [Azure portal](https://portal.azure.com).
1. In the Azure portal, type **Log Analytics** in the search bar. As you begin typing, the list filters based on your input.
1. Select **Log Analytics workspaces**.
1. Select the Log Analytics workspace that you added the Update Compliance solution to.
1. Select **Solutions** from the Log Analytics workspace, then select **WaaSUpdateInsights(&lt;Log Analytics workspace name>)** to go to the summary page for the solution.
1. Select **Update Compliance Settings** from the **WaaSUpdateInsights(&lt;Log Analytics workspace name>)** summary page.
1. The **Commercial Id Key** is listed in the text box with an option to copy the ID. The **Commercial Id Key** is commonly referred to as the `CommercialID` or **Commercial ID** in Update Compliance.
1. Navigate to the **Solutions** tab for your workspace, and then select the **WaaSUpdateInsights** solution.
2. From there, select the Update Compliance Settings page on the navbar.
3. Your CommercialID is available in the settings page.
> [!Warning]
> Regenerate a Commercial ID only if your original ID can no longer be used. Regenerating a Commercial ID requires you to deploy the new commercial ID to your computers in order to continue to collect data and can result in data loss.
> [!IMPORTANT]
> Regenerate your CommercialID only if your original ID can no longer be used or if you want to completely reset your workspace. Regenerating your CommercialID cannot be undone and will result in you losing data for all devices that have the current CommercialID until the new CommercialID is deployed to devices.
## Enroll devices in Update Compliance

5
windows/deployment/update/update-compliance-v2-configuration-manual.md
View File

@ -17,7 +17,8 @@ ms.date: 06/06/2022
***(Applies to: Windows 11 & Windows 10)***
> [!Important]
> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
> - As of August 17, 2022, a new step needs to be taken to ensure access to the preview version of Update Compliance and the `CommercialID` is no longer required. For more information, see [Configure Update Compliance settings through the Microsoft 365 admin center](update-compliance-v2-enable.md#bkmk_admin-center).
> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
There are a number of requirements to consider when manually configuring devices for Update Compliance. These requirements can potentially change with newer versions of Windows client. The [Update Compliance configuration script](update-compliance-v2-configuration-script.md) will be updated when any configuration requirements change so only a redeployment of the script will be required.
@ -42,7 +43,6 @@ Each MDM Policy links to its documentation in the configuration service provider
| Policy | Data type | Value | Function |
|--------------------------|-|-|------------------------------------------------------------|
|**Provider/*ProviderID*/**[**CommercialID**](/windows/client-management/mdm/dmclient-csp#provider-providerid-commercialid) |String |[Your CommercialID](update-compliance-v2-enable.md#bkmk_id) |Identifies the device as belonging to your organization. |
|**System/**[**AllowTelemetry**](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) |Integer | 1 - Basic |Configures the maximum allowed diagnostic data to be sent to Microsoft. Individual users can still set this value lower than what the policy defines. For more information, see the following policy. |
|**System/**[**ConfigureTelemetryOptInSettingsUx**](/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinsettingsux) |Integer |1 - Disable Telemetry opt-in Settings | (in Windows 10, version 1803 and later) Determines whether users of the device can adjust diagnostic data to levels lower than the level defined by AllowTelemetry. We recommend that you disable this policy or the effective diagnostic data level on devices might not be sufficient. |
|**System/**[**AllowDeviceNameInDiagnosticData**](/windows/client-management/mdm/policy-csp-system#system-allowdevicenameindiagnosticdata) |Integer | 1 - Allowed | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or set to 0 (Disabled), Device Name will not be sent and won't be visible in Update Compliance, showing `#` instead. |
@ -55,7 +55,6 @@ All Group policies that need to be configured for Update Compliance are under **
| Policy | Value | Function |
|---------------------------|-|-----------------------------------------------------------|
|**Configure the Commercial ID** |[Your CommercialID](update-compliance-v2-enable.md#bkmk_id) | Identifies the device as belonging to your organization. |
|**Allow Telemetry** | 1 - Basic |Configures the maximum allowed diagnostic data to be sent to Microsoft. Individual users can still set this value lower than what the policy defines. For more information, see the **Configure telemetry opt-in setting user interface**. |
|**Configure telemetry opt-in setting user interface** | 1 - Disable diagnostic data opt-in Settings |(in Windows 10, version 1803 and later) Determines whether users of the device can adjust diagnostic data to levels lower than the level defined by AllowTelemetry. We recommend that you disable this policy, otherwise the effective diagnostic data level on devices might not be sufficient. |
|**Allow device name to be sent in Windows diagnostic data** | 1 - Enabled | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or Disabled, Device Name won't be sent and won't be visible in Update Compliance, showing `#` instead. |

11
windows/deployment/update/update-compliance-v2-configuration-mem.md
View File

@ -17,7 +17,8 @@ ms.date: 06/06/2022
***(Applies to: Windows 11 & Windows 10 managed by [Microsoft Endpoint Manager](/mem/endpoint-manager-overview))***
> [!Important]
> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
> - As of August 17, 2022, a new step needs to be taken to ensure access to the preview version of Update Compliance and the `CommercialID` is no longer required. For more information, see [Configure Update Compliance settings through the Microsoft 365 admin center](update-compliance-v2-enable.md#bkmk_admin-center).
> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
This article is specifically targeted at configuring devices enrolled to [Microsoft Endpoint Manager](/mem/endpoint-manager-overview) for Update Compliance, within Microsoft Endpoint Manager itself. Configuring devices for Update Compliance in Microsoft Endpoint Manager breaks down to the following steps:
@ -36,13 +37,7 @@ Take the following steps to create a configuration profile that will set require
1. For **Template name**, select **Custom**, and then press **Create**.
1. You're now on the Configuration profile creation screen. On the **Basics** tab, give a **Name** and **Description**.
1. On the **Configuration settings** page, you'll be adding multiple OMA-URI Settings that correspond to the policies described in [Manually configuring devices for Update Compliance](update-compliance-v2-configuration-manual.md).
1. If you don't already have it, get your Commercial ID. For steps, see [Get your CommmercialID](update-compliance-v2-enable.md#bkmk_id).
1. Add a setting for **Commercial ID** with the following values:
- **Name**: Commercial ID
- **Description**: Sets the Commercial ID that corresponds to the Update Compliance Log Analytics workspace.
- **OMA-URI**: `./Vendor/MSFT/DMClient/Provider/ProviderID/CommercialID`
- **Data type**: String
- **Value**: *Set this value to your Commercial ID*
1. Add a setting configuring the **Windows Diagnostic Data level** for devices:
- **Name**: Allow Telemetry
- **Description**: Sets the maximum allowed diagnostic data to be sent to Microsoft, required for Update Compliance.

57
windows/deployment/update/update-compliance-v2-configuration-script.md
View File

@ -17,7 +17,8 @@ ms.date: 06/16/2022
***(Applies to: Windows 11 & Windows 10)***
> [!Important]
> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
> - As of August 17, 2022, a new step needs to be taken to ensure access to the preview version of Update Compliance and the `CommercialID` is no longer required. For more information, see [Configure Update Compliance settings through the Microsoft 365 admin center](update-compliance-v2-enable.md#bkmk_admin-center).
> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
The Update Compliance Configuration Script is the recommended method of configuring devices to send data to Microsoft for use with Update Compliance. The script configures the registry keys backing policies, ensures required services are running, and more. This script is a recommended complement to configuring the required policies documented in [Manually configured devices for Update Compliance](update-compliance-v2-configuration-manual.md), as it can provide feedback on whether there are any configuration issues outside of policies being configured.
@ -42,7 +43,7 @@ This script's two primary files are `ConfigScript.ps1` and `RunConfig.bat`. You
Open `RunConfig.bat` and configure the following (assuming a first-run, with `runMode=Pilot`):
1. Define `logPath` to where you want the logs to be saved. Ensure that `runMode=Pilot`.
1. Set `commercialIDValue` to your [Commercial ID](update-compliance-v2-enable.md#bkmk_id) for the Update Compliance solution.
1. Don't modify the [Commercial ID](update-compliance-get-started.md#get-your-commercialid) values since they're used for the earlier version of Update Compliance. Leave `setCommercialID=false` and the `commercialIDValue=Unknown`.
1. Run the script.
1. Examine the logs for any issues. If there are no issues, then all devices with a similar configuration and network profile are ready for the script to be deployed with `runMode=Deployment`.
1. If there are issues, gather the logs and provide them to Microsoft Support.
@ -54,55 +55,9 @@ Open `RunConfig.bat` and configure the following (assuming a first-run, with `ru
## Script errors
|Error |Description |
|---------|---------|
| 1 | General unexpected error|
| 6 | Invalid CommercialID|
| 8 | Couldn't create registry key path to set up CommercialID|
| 9 | Couldn't write CommercialID at registry key path|
| 11 | Unexpected result when setting up CommercialID.|
| 12 | CheckVortexConnectivity failed, check Log output for more information.|
| 12 | Unexpected failure when running CheckVortexConnectivity.|
| 16 | Reboot is pending on device, restart device and restart script.|
| 17 | Unexpected exception in CheckRebootRequired.|
| 27 | Not system account. |
| 30 | Unable to disable Enterprise Auth Proxy. This registry value must be 0 for UTC to operate in an authenticated proxy environment.|
| 34 | Unexpected exception when attempting to check Proxy settings.|
| 35 | Unexpected exception when checking User Proxy.|
| 37 | Unexpected exception when collecting logs|
| 40 | Unexpected exception when checking and setting telemetry.|
| 41 | Unable to impersonate logged-on user.|
| 42 | Unexpected exception when attempting to impersonate logged-on user.|
| 43 | Unexpected exception when attempting to impersonate logged-on user.|
| 44 | Error when running CheckDiagTrack service.|
| 45 | DiagTrack.dll not found.|
| 48 | CommercialID isn't a GUID|
| 50 | DiagTrack service not running.|
| 51 | Unexpected exception when attempting to run Census.exe|
| 52 | Couldn't find Census.exe|
| 53 | There are conflicting CommercialID values.|
| 54 | Microsoft Account Sign In Assistant (MSA) Service disabled.|
| 55 | Failed to create new registry path for SetDeviceNameOptIn|
| 56 | Failed to create property for SetDeviceNameOptIn at registry path|
| 57 | Failed to update value for SetDeviceNameOptIn|
| 58 | Unexpected exception in SetrDeviceNameOptIn|
| 59 | Failed to delete LastPersistedEventTimeOrFirstBoot property at registry path when attempting to clean up OneSettings.|
| 60 | Failed to delete registry key when attempting to clean up OneSettings.|
| 61 | Unexpected exception when attempting to clean up OneSettings.|
| 62 | AllowTelemetry registry key isn't of the correct type REG_DWORD|
| 63 | AllowTelemetry isn't set to the appropriate value and it couldn't be set by the script.|
| 64 | AllowTelemetry isn't of the correct type REG_DWORD.|
| 66 | Failed to verify UTC connectivity and recent uploads.|
| 67 | Unexpected failure when verifying UTC CSP.|
| 91 | Failed to create new registry path for EnableAllowUCProcessing|
| 92 | Failed to create property for EnableAllowUCProcessing at registry path|
| 93 | Failed to update value for EnableAllowUCProcessing|
| 94 | Unexpected exception in EnableAllowUCProcessing|
| 95 | Failed to create new registry path for EnableAllowCommercialDataPipeline |
| 96 | Failed to create property for EnableAllowCommercialDataPipeline at registry path |
| 97 | Failed to update value for EnableAllowCommercialDataPipeline |
| 98 | Unexpected exception in EnableAllowCommercialDataPipeline |
| 99 | Device isn't Windows 10.|
<!--Using include for script errors-->
[!INCLUDE [Update Compliance script error codes](./includes/update-compliance-script-error-codes.md)]
## Next steps

27
windows/deployment/update/update-compliance-v2-enable.md
View File

@ -16,18 +16,23 @@ ms.date: 06/06/2022
***(Applies to: Windows 11 & Windows 10)***
> [!Important]
> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
> - As of August 17, 2022, a new step needs to be taken to ensure access to the preview version of Update Compliance and the `CommercialID` is no longer required. For more information, see [Configure Update Compliance settings through the Microsoft 365 admin center](#bkmk_admin-center).
> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
After verifying the [prerequisites](update-compliance-v2-prerequisites.md) are met, you can start to set up Update Compliance. The two main steps for setting up the Update Compliance solution are:
1. [Add Update Compliance](#bkmk_add) to your Azure subscription. This step has the following two phases:
1. [Select or create a new Log Analytics workspace](#bkmk_workspace) for use with Update Compliance.
1. [Add the Update Compliance solution](#bkmk_solution) to the Log Analytics workspace.
1. [Configure Update Compliance](#bkmk_admin-center) from the Microsoft 365 admin center.
1. Configure the clients to send data to Update compliance. You can configure clients in the following three ways:
- Use a [script](update-compliance-v2-configuration-script.md)
- Use [Microsoft Endpoint Manager](update-compliance-v2-configuration-mem.md)
- Configure [manually](update-compliance-v2-configuration-manual.md)
> [!IMPORTANT]
> Update Compliance is a Windows service hosted in Azure that uses Windows diagnostic data. You should be aware that Update Compliance doesn't meet [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) requirements. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home). Update Compliance is available in the Azure Commercial cloud, but not available for GCC High or United States Department of Defense customers.
## <a name="bkmk_add"></a> Add Update Compliance to your Azure subscription
Before you configure clients to send data, you'll need to add the Update Compliance solution to your Azure subscription so the data can be received. First, you'll select or create a new Log Analytics workspace to use. Second, you'll add the Update Compliance solution to the workspace.
@ -63,27 +68,19 @@ Update Compliance is offered as an Azure Marketplace application that's linked t
> [!Note]
> - You can only map one tenant to one Log Analytics workspace. Mapping one tenant to multiple workspaces isn't supported.
> - If you change the Log Analytics workspace for Update Compliance, stale data will be displayed for about 24 hours until the new workspace is fully onboarded.
> - If you change the Log Analytics workspace for Update Compliance, stale data will be displayed for about 24 hours until the new workspace is fully onboarded. You will also need to reconfigure the Update Compliance settings in the Microsoft 365 admin center.
### <a name="bkmk_id"></a> Get the Commercial ID for the Update Compliance solution
### <a name="bkmk_admin-center"></a> Configure Update Compliance settings through the Microsoft 365 admin center
The **Commercial ID** directs your clients to the Update Compliance solution in your Log Analytics workspace. You'll need this ID when you configure clients to send data to Update Compliance.
Finish enabling Updates Compliance by configuring its settings through the Microsoft 365 admin center. Completing the Update Compliance configuration through the admin center removes needing to specify [`CommercialID`](update-compliance-get-started.md#get-your-commercialid), which was needed by the earlier version of Updates Compliance. This step is needed even if you enabled earlier previews of Update Compliance.
1. If needed, sign into the [Azure portal](https://portal.azure.com).
1. In the Azure portal, type **Log Analytics** in the search bar. As you begin typing, the list filters based on your input.
1. Select **Log Analytics workspaces**.
1. Select the Log Analytics workspace that you added the Update Compliance solution to.
1. Select **Solutions** from the Log Analytics workspace, then select **WaaSUpdateInsights(&lt;Log Analytics workspace name>)** to go to the summary page for the solution.
1. Select **Update Compliance Settings** from the **WaaSUpdateInsights(&lt;Log Analytics workspace name>)** summary page.
1. The **Commercial Id Key** is listed in the text box with an option to copy the ID. The **Commercial Id Key** is commonly referred to as the `CommercialID` or **Commercial ID** in Update Compliance.
> [!Warning]
> Regenerate a Commercial ID only if your original ID can no longer be used. Regenerating a Commercial ID requires you to deploy the new commercial ID to your computers in order to continue to collect data and can result in data loss.
<!--Using include for onboarding Update Compliance through the Microsoft 365 admin center-->
[!INCLUDE [Onboarding Update Compliance through the Microsoft 365 admin center](./includes/update-compliance-onboard-admin-center.md)]
## Next steps
Once you've added Update Compliance to a workspace in your Azure subscription, you'll need to configure any devices you want to monitor. Enroll devices into Update Compliance using any of the following methods:
Once you've added Update Compliance to a workspace in your Azure subscription and configured the settings through the Microsoft 365 admin center, you'll need to configure any devices you want to monitor. Enroll devices into Update Compliance using any of the following methods:
- [Configure clients with a script](update-compliance-v2-configuration-script.md)
- [Configure clients manually](update-compliance-v2-configuration-manual.md)

3
windows/deployment/update/update-compliance-v2-help.md
View File

@ -17,7 +17,8 @@ ms.date: 08/10/2022
***(Applies to: Windows 11 & Windows 10)***
> [!IMPORTANT]
> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
> - As of August 17, 2022, a new step needs to be taken to ensure access to the preview version of Update Compliance and the `CommercialID` is no longer required. For more information, see [Configure Update Compliance settings through the Microsoft 365 admin center](update-compliance-v2-enable.md#bkmk_admin-center).
> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
There are several resources that you can use to find help with Update Compliance. Whether you're just getting started or an experienced administrator, use the following resources when you need help with Update Compliance:

19
windows/deployment/update/update-compliance-v2-overview.md
View File

@ -16,25 +16,28 @@ ms.date: 08/09/2022
***(Applies to: Windows 11 & Windows 10)***
> [!Important]
> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
> - As of August 17, 2022, a new step needs to be taken to ensure access to the preview version of Update Compliance and the `CommercialID` is no longer required. For more information, see [Configure Update Compliance settings through the Microsoft 365 admin center](update-compliance-v2-enable.md#bkmk_admin-center).
> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
Update Compliance is a cloud-based solution that provides information about the compliance of your Azure Active Directory-joined devices with Windows updates. Update Compliance is offered through the [Azure portal](https://portal.azure.com), and it's included as part of the Windows 10 or Windows 11 prerequisite licenses. Update Compliance helps you:
- Monitor security, quality, and feature updates for Windows 11 and Windows 10 devices
- Report on devices with update compliance issues
- Review [Delivery Optimization](../do/waas-delivery-optimization.md) bandwidth savings across multiple content types
- Analyze and display your data in multiple ways
## Technical preview information for Update Compliance
The new version of Update Compliance is in technical preview. Some of the benefits of this new version include:
## Preview information for Update Compliance
The new version of Update Compliance is in preview. Some of the benefits of this new version include:
- Integration with [Windows Update for Business deployment service](deployment-service-overview.md) to enable per deployment reporting, monitoring, and troubleshooting.
- Compatibility with [Feature updates](/mem/intune/protect/windows-10-feature-updates) and [Expedite Windows quality updates](/mem/intune/protect/windows-10-expedite-updates) policies in Intune.
- A new **Alerts** data type to assist you with identifying devices that encounter issues during the update process. Error code information is provided to help troubleshoot update issues.
Currently, the technical preview contains the following features:
Currently, the preview contains the following features:
- [Update Compliance workbook](update-compliance-v2-workbook.md)
- Update Compliance status [charts in the Microsoft 365 admin](update-status-admin-center.md)
- Access to the following new [Update Compliance tables](update-compliance-v2-schema.md):
- UCClient
- UCClientReadinessStatus
@ -48,8 +51,10 @@ Currently, these new tables are available to all Updates Compliance users. They
:::image type="content" source="media/update-compliance-v2-query-table.png" alt-text="Screenshot of using a custom Kusto (KQL) query on Update Compliance data in Log Analytics." lightbox="media/update-compliance-v2-query-table.png":::
> [!IMPORTANT]
> Update Compliance is a Windows service hosted in Azure that uses Windows diagnostic data. You should be aware that Update Compliance doesn't meet [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) requirements. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home). Update Compliance is available in the Azure Commercial cloud, but not available for GCC High or United States Department of Defense customers.
## Limitations
Update Compliance is a Windows service hosted in Azure that uses Windows diagnostic data. You should be aware that Update Compliance doesn't meet [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) requirements. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home). Update Compliance is available in the Azure Commercial cloud, but not available for GCC High or United States Department of Defense customers.
## How Update Compliance works

14
windows/deployment/update/update-compliance-v2-prerequisites.md
View File

@ -16,8 +16,8 @@ ms.date: 06/30/2022
***(Applies to: Windows 11 & Windows 10)***
> [!Important]
> - As of August 17, 2022, a new step needs to be taken to ensure access to the preview version of Update Compliance and the CommercialID is no longer required. For more information, see [Configure Update Compliance settings through the Microsoft 365 admin center](update-compliance-v2-enable.md#bkmk_admin-center).
> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
> - Update Compliance is a Windows service hosted in Azure that uses Windows diagnostic data. You should be aware that Update Compliance doesn't meet [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) requirements. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home). Update Compliance is available in the Azure Commercial cloud, but not available for GCC High or United States Department of Defense customers.
## Update Compliance prerequisites
@ -66,15 +66,9 @@ For more information about what's included in different diagnostic levels, see [
> [!NOTE]
> Enrolling into Update Compliance from the [Azure CLI](/cli/azure) or enrolling programmatically another way currently isn't supported. You must manually add Update Compliance to your Azure subscription.
## Microsoft 365 admin center permissions (currently optional)
When you use the [Microsoft admin center software updates (preview) page](update-status-admin-center.md) with Update Compliance, the following permissions are also needed:
- To configure settings and view the **Software Updates** page:
- [Global Administrator role](/azure/active-directory/roles/permissions-reference#global-administrator)
- [Intune Administrator](/azure/active-directory/roles/permissions-reference#intune-administrator)
- To view the **Software Updates** page:
- [Global Reader role](/azure/active-directory/roles/permissions-reference#global-reader)
## Microsoft 365 admin center permissions
<!--Using include Microsoft 365 admin center permissions-->
[!INCLUDE [Update Compliance script error codes](./includes/update-compliance-admin-center-permissions.md)]
## Log Analytics prerequisites

3
windows/deployment/update/update-compliance-v2-schema.md
View File

@ -16,7 +16,8 @@ ms.date: 06/06/2022
***(Applies to: Windows 11 & Windows 10)***
> [!Important]
> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
> - As of August 17, 2022, a new step needs to be taken to ensure access to the preview version of Update Compliance and the `CommercialID` is no longer required. For more information, see [Configure Update Compliance settings through the Microsoft 365 admin center](update-compliance-v2-enable.md#bkmk_admin-center).
> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
When the visualizations provided in the default experience don't fulfill your reporting needs, or if you need to troubleshoot issues with devices, it's valuable to understand the schema for Update Compliance and have a high-level understanding of the capabilities of [Azure Monitor log queries](/azure/azure-monitor/log-query/query-language) to power additional dashboards, integration with external data analysis tools, automated alerting, and more.

4
windows/deployment/update/update-compliance-v2-use.md
View File

@ -1,8 +1,8 @@
---
title: Use the Update Compliance (preview) solution
title: Use the Update Compliance (preview) data
ms.reviewer:
manager: dougeby
description: How to use the Update Compliance (preview) solution.
description: How to use the Update Compliance (preview) data.
ms.prod: w10
author: mestew
ms.author: mstewart

3
windows/deployment/update/update-compliance-v2-workbook.md
View File

@ -16,7 +16,8 @@ ms.date: 08/10/2022
***(Applies to: Windows 11 & Windows 10)***
> [!IMPORTANT]
> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
> - As of August 17, 2022, a new step needs to be taken to ensure access to the preview version of Update Compliance and the `CommercialID` is no longer required. For more information, see [Configure Update Compliance settings through the Microsoft 365 admin center](update-compliance-v2-enable.md#bkmk_admin-center).
> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
[Update Compliance](update-compliance-v2-overview.md) presents information commonly needed by updates administrators in an easy to use format. Update Compliance uses [Azure Workbooks](/azure/azure-monitor/visualize/workbooks-getting-started) to give you a visual representation of your compliance data. The workbook is broken down into three tab sections:

25
windows/deployment/update/update-status-admin-center.md
View File

@ -30,15 +30,9 @@ The **Software updates** page has following tabs to assist you in monitoring upd
:::image type="content" source="media/37063317-admin-center-software-updates.png" alt-text="Screenshot of the Microsoft 365 admin center displaying the software updates page with the Windows tab selected." lightbox="media/37063317-admin-center-software-updates.png":::
## Prerequisites
- [Update Compliance](update-compliance-v2-overview.md) needs to be enabled with clients sending data to the solution
- An appropriate role assigned for the [Microsoft 365 admin center](https://admin.microsoft.com)
- To configure settings and view the **Software Updates** page:
- [Global Administrator role](/azure/active-directory/roles/permissions-reference#global-administrator)
- [Intune Administrator](/azure/active-directory/roles/permissions-reference#intune-administrator)
- To view the **Software Updates** page:
- [Global Reader role](/azure/active-directory/roles/permissions-reference#global-reader)
## Permissions
<!--Using include Microsoft 365 admin center permissions-->
[!INCLUDE [Update Compliance script error codes](./includes/update-compliance-admin-center-permissions.md)]
## Limitations
@ -47,18 +41,9 @@ Update Compliance is a Windows service hosted in Azure that uses Windows diagnos
## Get started
1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com/) and sign in.
1. Expand **Health**, then select **Software Updates**. You may need to use the **Show all** option to display **Health** in the navigation menu.
1. In the **Software Updates** page, select the **Windows** tab.
1. When you select the **Windows** tab for the first time, you'll be asked to **Configure Settings**. This tab is populated by data from [Update Compliance](update-compliance-v2-overview.md). Verify or supply the following information about the settings for Update Compliance:
- The Azure subscription
- The Log Analytics workspace
1. The initial setup can take up to 24 hours. During this time, the **Windows** tab will display that it's **Waiting for Update Compliance data**.
1. After the initial setup is complete, the **Windows** tab will display your Update Compliance data in the charts.
> [!Tip]
> If you don't see an entry for **Software updates (preview)** in the menu, try going to this URL: [https://admin.microsoft.com/Adminportal/Home#/softwareupdates](https://admin.microsoft.com/Adminportal/Home#/softwareupdates).
<!--Using include for onboarding Update Compliance through the Microsoft 365 admin center-->
[!INCLUDE [Onboarding Update Compliance through the Microsoft 365 admin center](./includes/update-compliance-onboard-admin-center.md)]
## The Windows tab

6
windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
View File

@ -18,10 +18,10 @@ ms.date: 02/24/2021
- Windows 10
- Windows 11
- Cloud only, Hybrid, and On-premises only Windows Hello for Business deployments
- Hybrid and On-premises Windows Hello for Business deployments
- Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices
Windows Hello for Business supports using a certificate deployed to a Windows Hello for Business container as a supplied credential to establish a remote desktop connection to a server or another device. This functionality is not supported for key trust deployments. This feature takes advantage of the redirected smart card capabilities of the remote desktop protocol. Windows Hello for Business key trust can be used with [Windows Defender Remote Credential Guard](../remote-credential-guard.md) to establish a remote desktop protocol connection.
Windows Hello for Business supports using a certificate deployed to a Windows Hello for Business container as a supplied credential to establish a remote desktop connection to a server or another device. This feature takes advantage of the redirected smart card capabilities of the remote desktop protocol. Windows Hello for Business key trust can be used with [Windows Defender Remote Credential Guard](../remote-credential-guard.md) to establish a remote desktop protocol connection.
Microsoft continues to investigate supporting using keys trust for supplied credentials in a future release.
@ -29,7 +29,7 @@ Microsoft continues to investigate supporting using keys trust for supplied cred
**Requirements**
- Cloud only, Hybrid, and On-premises only Windows Hello for Business deployments
- Hybrid and On-premises Windows Hello for Business deployments
- Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices
- Biometric enrollments
- Windows 10, version 1809 or later