deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 05:47:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #9051 from MicrosoftDocs/main

Browse Source 
10/31 OOB publish for 23H2 release
This commit is contained in:
Aaron Czechowski 2023-10-31 09:57:41 -07:00 committed by GitHub
commit 1a97388c79
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
22 changed files with 804 additions and 263 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
education/windows/federated-sign-in.md
View File

@ -13,20 +13,25 @@ ms.collection:
# Configure federated sign-in for Windows devices
Starting in Windows 11 SE, version 22H2 and Windows 11 Pro Edu/Education, version 22H2 with [KB5022913][KB-1], you can enable your users to sign-in using a federated identity provider (IdP) via web sign-in.\
This feature is called *federated sign-in*.\
Federated sign-in is a great way to simplify the sign-in process for your users: instead of having to remember a username and password defined in Microsoft Entra ID, they can sign-in using their existing credentials from the IdP. For example, students and educators can use QR code badges to sign-in.
Starting in Windows 11 SE, version 22H2 and Windows 11 Pro Edu/Education, version 22H2 with [KB5022913][KB-1], you can enable your users to sign-in using a federated identity provider (IdP) via a web sign-in experience.
Signing in with a federated identity can be a great way to simplify the sign-in process for your users: instead of having to remember a username and password defined in Microsoft Entra ID, they can sign-in using their existing credentials from the IdP. For example, students and educators can use QR code badges to sign-in.
## Benefits of federated sign-in
Federated sign-in enables students to sign-in in less time, and with less friction.
A federated sign-in experience enables students to sign-in in less time, and with less friction.
With fewer credentials to remember and a simplified sign-in process, students are more engaged and focused on learning.
There are two Windows features that enable a federated sign-in experience:
- *Federated sign-in*, which is designed for 1:1 student devices. For an optimal experience, you should not enable federated sign-in on shared devices
- *Web sign-in*, which provides a similar experience to *Federated sign-in*, and can be used for shared devices
> [!IMPORTANT]
> Currently, this feature is designed for 1:1 devices. For an optimal experience, you should not enable federated sign-in on shared devices.
> *Federated sign-in* and *Web sign-in* require different configurations, which are explained in this document.
## Prerequisites
To implement federated sign-in, the following prerequisites must be met:
To enable a federated sign-in experience, the following prerequisites must be met:
1. A Microsoft Entra tenant, with one or multiple domains federated to a third-party IdP. For more information, see [What is federation with Microsoft Entra ID?][AZ-1] and [Use a SAML 2.0 IdP for Single Sign On][AZ-4]
>[!NOTE]
@ -43,9 +48,9 @@ To implement federated sign-in, the following prerequisites must be met:
For more information about identity matching, see [Identity matching in Microsoft Entra ID](#identity-matching-in-azure-ad).
1. Licenses assigned to the Microsoft Entra user accounts. It's recommended to assign licenses to a dynamic group: when new users are provisioned in Microsoft Entra ID, the licenses are automatically assigned. For more information, see [Assign licenses to users by group membership in Microsoft Entra ID][AZ-2]
1. Enable federated sign-in on the Windows devices
1. Enable Federated sign-in or Web sign-in on the Windows devices, depending if the devices are shared or assigned to a single student
To use federated sign-in, the devices must have Internet access. This feature doesn't work without it, as the authentication is done over the Internet.
To use Federated sign-in or Web sign-in, the devices must have Internet access. These features don't work without it, as the authentication is done over the Internet.
> [!IMPORTANT]
> WS-Fed is the only supported federated protocol to join a device to Microsoft Entra ID. If you have a SAML 2.0 IdP, it's recommended to complete the Microsoft Entra join process using one of the following methods:
@ -54,25 +59,25 @@ To use federated sign-in, the devices must have Internet access. This feature do
[!INCLUDE [federated-sign-in](../../includes/licensing/federated-sign-in.md)]
Federated sign-in for student assigned (1:1) devices is supported on the following Windows editions and versions:
Federated sign-in is supported on the following Windows editions and versions:
- Windows 11 SE, version 22H2 and later
- Windows 11 Pro Edu/Education, version 22H2 with [KB5022913][KB-1]
Federated sign-in for shared devices is supported starting in Windows 11 SE/Pro Edu/Education, version 22H2 with [KB5026446][KB-2].
Web sign-in is supported starting in Windows 11 SE/Pro Edu/Education, version 22H2 with [KB5026446][KB-2].
## Configure federated sign-in
## Configure a federated sign-in experience
You can configure federated sign-in for student assigned (1:1) devices or student shared devices:
You can configure a federated sign-in experience for student assigned (1:1) devices or student shared devices:
- When federated sign-in is configured for **student assigned (1:1) devices**, the first user who signs in to the device with a federated identity becomes the *primary user*. The primary user is always displayed in the bottom left corner of the sign-in screen
- When federated sign-in is configured for **student shared devices**, there's no primary user. The sign-in screen displays, by default, the last user who signed in to the device
- When federated sign-in is configured for **student assigned (1:1) devices**, you use a Windows feature called *Federated sign-in*. The first user who signs in to the device with a federated identity becomes the *primary user*. The primary user is always displayed in the bottom left corner of the sign-in screen
- When federated sign-in is configured for **student shared devices**, you use a Windows feature called *Web sign-in*. With Web sign-in there's no primary user, and the sign-in screen displays, by default, the last user who signed in to the device
The configuration is different for each scenario, and is described in the following sections.
### Configure federated sign-in for student assigned (1:1) devices
### Configure Federated sign-in for student assigned (1:1) devices
To use web sign-in with a federated identity provider, your devices must be configured with different policies. Review the following instructions to configure your devices using either Microsoft Intune or a provisioning package (PPKG).
Review the following instructions to configure your devices using either Microsoft Intune or a provisioning package (PPKG).
#### [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune)
@ -98,7 +103,7 @@ Alternatively, you can configure devices using a [custom policy][INT-1] with the
#### [:::image type="icon" source="images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg)
To configure federated sign-in using a provisioning package, use the following settings:
To configure Federated sign-in using a provisioning package, use the following settings:
| Setting |
|--------|
@ -109,16 +114,16 @@ To configure federated sign-in using a provisioning package, use the following s
:::image type="content" source="images/federated-sign-in-settings-ppkg.png" alt-text="Screenshot of Custom policy showing the settings to be configured to enable federated sign-in" lightbox="images/federated-sign-in-settings-ppkg.png" border="true":::
Apply the provisioning package to the single-user devices that require federated sign-in.
Apply the provisioning package to the 1:1 devices that require Federated sign-in.
> [!IMPORTANT]
> There was an issue affecting Windows 11, version 22H2 when using provisioning packages during OOBE. The issue was fixed with the KB5020044 update. If you plan to configure federated sign-in with a provisioning package during OOBE, ensure that the devices have the update installed. For more information, see [KB5020044][KB-1].
---
### Configure federated sign-in for student shared devices
### Configure Web sign-in for student shared devices
To use web sign-in with a federated identity provider, your devices must be configured with different policies. Review the following instructions to configure your shared devices using either Microsoft Intune or a provisioning package (PPKG).
Review the following instructions to configure your shared devices using either Microsoft Intune or a provisioning package (PPKG).
#### [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune)
@ -146,7 +151,7 @@ Alternatively, you can configure devices using a [custom policy][INT-1] with the
#### [:::image type="icon" source="images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg)
To configure federated sign-in using a provisioning package, use the following settings:
To configure web sign-in using a provisioning package, use the following settings:
| Setting |
|--------|
@ -156,7 +161,7 @@ To configure federated sign-in using a provisioning package, use the following s
| <li> Path: **`Policies/Authentication/ConfigureWebSignInAllowedUrls`**<br>Value: Semicolon separated list of domains, for example: **`samlidp.clever.com;clever.com;mobile-redirector.clever.com`**|
| <li> Path: **`Policies/Authentication/ConfigureWebCamAccessDomainNames`**<br>Value: This setting is optional, and it should be configured if you need to use the webcam during the sign-in process. Specify the list of domains that are allowed to use the webcam during the sign-in process, separated by a semicolon. For example: **`clever.com`**|
Apply the provisioning package to the shared devices that require federated sign-in.
Apply the provisioning package to the shared devices that require web sign-in.
> [!IMPORTANT]
> There was an issue affecting Windows 11, version 22H2 when using provisioning packages during OOBE. The issue was fixed with the KB5020044 update. If you plan to configure federated sign-in with a provisioning package during OOBE, ensure that the devices have the update installed. For more information, see [KB5020044][KB-1].
@ -172,7 +177,7 @@ As users enter their username, they're redirected to the identity provider sign-
:::image type="content" source="./images/win-11-se-federated-sign-in.gif" alt-text="Screenshot of Windows 11 SE sign-in using federated sign-in through Clever and QR code badge, in a student assigned (1:1) device." border="false":::
> [!IMPORTANT]
> For student assigned (1:1) devices, once the policy is enabled, the first user who sign-in to the device will also set the disambiguation page to the identity provider domain on the device. This means that the device will be defaulting to that IdP. The user can exit the federated sign-in flow by pressing <kbd>Ctrl</kbd>+<kbd>Alt</kbd>+<kbd>Delete</kbd> to get back to the standard Windows sign-in screen.
> For student assigned (1:1) devices, once the policy is enabled, the first user who sign-in to the device will also set the disambiguation page to the identity provider domain on the device. This means that the device will be defaulting to that IdP. The user can exit the Federated sign-in flow by pressing <kbd>Ctrl</kbd>+<kbd>Alt</kbd>+<kbd>Delete</kbd> to get back to the standard Windows sign-in screen.
> The behavior is different for student shared devices, where the disambiguation page is always shown, unless preferred Microsoft Entra tenant name is configured.
## Important considerations

178
windows/client-management/mdm/clouddesktop-csp.md
View File

@ -4,7 +4,7 @@ description: Learn more about the CloudDesktop CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 10/23/2023
ms.date: 10/25/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -26,16 +26,72 @@ ms.topic: reference
The following list shows the CloudDesktop configuration service provider nodes:
- ./Device/Vendor/MSFT/CloudDesktop
- [BootToCloudPCEnhanced](#boottocloudpcenhanced)
- [EnableBootToCloudSharedPCMode](#enableboottocloudsharedpcmode)
<!-- CloudDesktop-Tree-End -->
<!-- Device-BootToCloudPCEnhanced-Begin -->
## BootToCloudPCEnhanced
<!-- Device-BootToCloudPCEnhanced-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- Device-BootToCloudPCEnhanced-Applicability-End -->
<!-- Device-BootToCloudPCEnhanced-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/CloudDesktop/BootToCloudPCEnhanced
```
<!-- Device-BootToCloudPCEnhanced-OmaUri-End -->
<!-- Device-BootToCloudPCEnhanced-Description-Begin -->
<!-- Description-Source-DDF -->
This node allows to configure different kinds of Boot to Cloud mode. Boot to cloud mode enables users to seamlessly sign-in to a Cloud PC. For using this feature, Cloud Provider application must be installed on the PC and the user must have a Cloud PC provisioned. This node supports the below options: 0. Not Configured. 1. Enable Boot to Cloud Shared PC Mode: Boot to Cloud Shared PC mode allows multiple users to sign-in on the device and use for shared purpose. 2. Enable Boot to Cloud Personal Mode (Cloud only): Personal mode allows user to sign-in on the device using various authentication mechanism configured by their organization (For ex. PIN, Biometrics etc). This mode preserves user personalization, including their profile picture and username in local machine, and facilitates fast account switching.
<!-- Device-BootToCloudPCEnhanced-Description-End -->
<!-- Device-BootToCloudPCEnhanced-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
> [!IMPORTANT]
> If BootToCloudPCEnhanced and EnableBootToCloudSharedPCMode are both configured, BootToCloudPCEnhanced is given priority and overrides EnableBootToCloudSharedPCMode.
<!-- Device-BootToCloudPCEnhanced-Editable-End -->
<!-- Device-BootToCloudPCEnhanced-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 0 |
<!-- Device-BootToCloudPCEnhanced-DFProperties-End -->
<!-- Device-BootToCloudPCEnhanced-AllowedValues-Begin -->
**Allowed values**:
| Value | Description |
|:--|:--|
| 0 (Default) | Not Configured. |
| 1 | Enable Boot to Cloud Shared PC Mode. |
| 2 | Enable Boot to Cloud Personal Mode (Cloud only). |
<!-- Device-BootToCloudPCEnhanced-AllowedValues-End -->
<!-- Device-BootToCloudPCEnhanced-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- Device-BootToCloudPCEnhanced-Examples-End -->
<!-- Device-BootToCloudPCEnhanced-End -->
<!-- Device-EnableBootToCloudSharedPCMode-Begin -->
## EnableBootToCloudSharedPCMode
> [!NOTE]
> This policy is deprecated and may be removed in a future release.
<!-- Device-EnableBootToCloudSharedPCMode-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [10.0.22631.2050] |
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- Device-EnableBootToCloudSharedPCMode-Applicability-End -->
<!-- Device-EnableBootToCloudSharedPCMode-OmaUri-Begin -->
@ -51,6 +107,8 @@ Setting this node to "true" configures boot to cloud for Shared PC mode. Boot to
<!-- Device-EnableBootToCloudSharedPCMode-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
> [!IMPORTANT]
> If BootToCloudPCEnhanced and EnableBootToCloudSharedPCMode are both configured, BootToCloudPCEnhanced is given priority and overrides EnableBootToCloudSharedPCMode.
<!-- Device-EnableBootToCloudSharedPCMode-Editable-End -->
<!-- Device-EnableBootToCloudSharedPCMode-DFProperties-Begin -->
@ -80,66 +138,86 @@ Setting this node to "true" configures boot to cloud for Shared PC mode. Boot to
<!-- CloudDesktop-CspMoreInfo-Begin -->
<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
## EnableBootToCloudSharedPCMode technical reference
## BootToCloudPCEnhanced technical reference
EnableBootToCloudSharedPCMode setting is used to configure **Boot to Cloud** feature for shared user mode. When you enable this setting, multiple policies are applied to achieve the intended behavior.
BootToCloudPCEnhanced is the setting used to configure **Boot to Cloud** feature either for shared mode or personal mode. When you enable this setting, multiple policies are applied to achieve the intended behavior. If you wish to customize the **Boot to Cloud** experience, you can utilize the [BootToCloudMode](policy-csp-clouddesktop.md#boottocloudmode) policy, which provides the flexibility to tailor the experience according to your requirements.
> [!NOTE]
> It is recommended not to set any of the policies enforced by this setting to different values, as these policies help provide a smooth UX experience for the **Boot to Cloud** feature for shared user mode.
> It is recommended not to set any of the policies enforced by this setting to different values, as these policies help provide a smooth UX experience for the **Boot to Cloud** feature for shared and personal mode.
### MDM Policies
### Boot to Cloud Shared PC Mode
When this mode is enabled, these MDM policies are applied for the Device scope (all users):
When the Shared PC mode is enabled by setting BootToCloudPCEnhanced value to 1:
| Setting | Value | Value Description |
|----------------------------------------------------------------------------------------------------------------------------|---------|-------------------------------------------------------------|
| [CloudDesktop/BootToCloudMode](policy-csp-clouddesktop.md#boottocloudmode) | 1 | Enable Boot to Cloud Desktop |
| [WindowsLogon/OverrideShellProgram](policy-csp-windowslogon.md#overrideshellprogram) | 1 | Apply Lightweight Shell |
| [ADMX_CredentialProviders/DefaultCredentialProvider](policy-csp-admx-credentialproviders.md#defaultcredentialprovider) | Enabled | Configures default credential provider to password provider |
| [ADMX_Logon/DisableExplorerRunLegacy_2](policy-csp-admx-logon.md#disableexplorerrunlegacy_2) | Enabled | Don't process the computer legacy run list |
| [TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode](policy-csp-textinput.md#enabletouchkeyboardautoinvokeindesktopmode) | 1 | When no keyboard is attached |
- Following MDM policies are applied for the Device scope (all users):
### Group Policies
| Setting | Value | Value Description |
|----------------------------------------------------------------------------------------------------------------------------|---------|-------------------------------------------------------------|
| [CloudDesktop/BootToCloudMode](policy-csp-clouddesktop.md#boottocloudmode) | 1 | Enable Boot to Cloud Desktop |
| [WindowsLogon/OverrideShellProgram](policy-csp-windowslogon.md#overrideshellprogram) | 1 | Apply Lightweight Shell |
| [ADMX_CredentialProviders/DefaultCredentialProvider](policy-csp-admx-credentialproviders.md#defaultcredentialprovider) | Enabled | Configures default credential provider to password provider |
| [ADMX_Logon/DisableExplorerRunLegacy_2](policy-csp-admx-logon.md#disableexplorerrunlegacy_2) | Enabled | Don't process the computer legacy run list |
| [TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode](policy-csp-textinput.md#enabletouchkeyboardautoinvokeindesktopmode) | 1 | When no keyboard is attached |
When this mode is enabled, these local group policies are configured for all users:
- Following local group policies are configured for all users:
| Policy setting | Status |
|------------------------------------------------------------------------------------------------------------------------|---------------------------------------|
| Security Settings/Local Policies/Security Options/User Account Control: Behavior of elevation prompt for standard user | Automatically deny elevation requests |
| Security Settings/Local Policies/Security Options/Interactive logon: Don't display last signed-in | Enabled |
| Control Panel/Personalization/Prevent enabling lock screen slide show | Enabled |
| System/Logon/Block user from showing account details on sign-in | Enabled |
| System/Logon/Enumerate local users on domain-joined computers | Disabled |
| System/Logon/Hide entry points for Fast User Switching | Enabled |
| System/Logon/Show first sign-in animation | Disabled |
| System/Logon/Turn off app notifications on the lock screen | Enabled |
| System/Logon/Turn off picture password sign-in | Enabled |
| System/Logon/Turn on convenience PIN sign-in | Disabled |
| Windows Components/App Package Deployment/Allow a Windows app to share application data between users | Enabled |
| Windows Components/Biometrics/Allow the use of biometrics | Disabled |
| Windows Components/Biometrics/Allow users to log on using biometrics | Disabled |
| Windows Components/Biometrics/Allow domain users to log on using biometrics | Disabled |
| Windows Components/File Explorer/Show lock in the user tile menu | Disabled |
| Windows Components/File History/Turn off File History | Enabled |
| Windows Components/OneDrive/Prevent the usage of OneDrive for file storage | Enabled |
| Windows Components/Windows Hello for Business/Use biometrics | Disabled |
| Windows Components/Windows Hello for Business/Use Windows Hello for Business | Disabled |
| Windows Components/Windows Logon Options/Sign-in and lock last interactive user automatically after a restart | Disabled |
| Windows Components/Microsoft Passport for Work | Disabled |
| System/Ctrl+Alt+Del Options/Remove Task Manager | Enabled |
| System/Ctrl+Alt+Del Options/Remove Change Password | Enabled |
| Start Menu and Taskbar/Notifications/Turn off toast notifications | Enabled |
| Start Menu and Taskbar/Notifications/Remove Notifications and Action Center | Enabled |
| System/Logon/Do not process the legacy run list | Enabled |
| Policy setting | Status |
|------------------------------------------------------------------------------------------------------------------------|---------------------------------------|
| Security Settings/Local Policies/Security Options/User Account Control: Behavior of elevation prompt for standard user | Automatically deny elevation requests |
| Security Settings/Local Policies/Security Options/Interactive logon: Don't display last signed-in | Enabled |
| Control Panel/Personalization/Prevent enabling lock screen slide show | Enabled |
| System/Logon/Block user from showing account details on sign-in | Enabled |
| System/Logon/Enumerate local users on domain-joined computers | Disabled |
| System/Logon/Hide entry points for Fast User Switching | Enabled |
| System/Logon/Show first sign-in animation | Disabled |
| System/Logon/Turn off app notifications on the lock screen | Enabled |
| System/Logon/Turn off picture password sign-in | Enabled |
| System/Logon/Turn on convenience PIN sign-in | Disabled |
| Windows Components/App Package Deployment/Allow a Windows app to share application data between users | Enabled |
| Windows Components/Biometrics/Allow the use of biometrics | Disabled |
| Windows Components/Biometrics/Allow users to log on using biometrics | Disabled |
| Windows Components/Biometrics/Allow domain users to log on using biometrics | Disabled |
| Windows Components/File Explorer/Show lock in the user tile menu | Disabled |
| Windows Components/File History/Turn off File History | Enabled |
| Windows Components/OneDrive/Prevent the usage of OneDrive for file storage | Enabled |
| Windows Components/Windows Hello for Business/Use biometrics | Disabled |
| Windows Components/Windows Hello for Business/Use Windows Hello for Business | Disabled |
| Windows Components/Windows Logon Options/Sign-in and lock last interactive user automatically after a restart | Disabled |
| Windows Components/Microsoft Passport for Work | Disabled |
| System/Ctrl+Alt+Del Options/Remove Task Manager | Enabled |
| System/Ctrl+Alt+Del Options/Remove Change Password | Enabled |
| Start Menu and Taskbar/Notifications/Turn off toast notifications | Enabled |
| Start Menu and Taskbar/Notifications/Remove Notifications and Action Center | Enabled |
| System/Logon/Do not process the legacy run list | Enabled |
### Registry
- Following registry changes are performed:
When this mode is enabled, these registry changes are performed:
| Registry setting | Status |
|----------------------------------------------------------------------------------------------|--------|
| Software\Policies\Microsoft\PassportForWork\Remote\Enabled (Phone sign-in/Use phone sign-in) | 0 |
| Software\Policies\Microsoft\PassportForWork\Enabled (Use Microsoft Passport for Work) | 0 |
| Registry setting | Status |
|----------------------------------------------------------------------------------------------|--------|
| Software\Policies\Microsoft\PassportForWork\Remote\Enabled (Phone sign-in/Use phone sign-in) | 0 |
| Software\Policies\Microsoft\PassportForWork\Enabled (Use Microsoft Passport for Work) | 0 |
### Boot to Cloud Personal Mode
When the Personal mode is enabled by setting BootToCloudPCEnhanced value to 2:
- Following MDM policies are applied for the Device scope (all users):
| Setting | Value | Value Description |
|----------------------------------------------------------------------------------------------------------------------------|---------|-------------------------------------------------------------|
| [CloudDesktop/BootToCloudMode](policy-csp-clouddesktop.md#boottocloudmode) | 1 | Enable Boot to Cloud Desktop |
| [WindowsLogon/OverrideShellProgram](policy-csp-windowslogon.md#overrideshellprogram) | 1 | Apply Lightweight Shell |
| [ADMX_Logon/DisableExplorerRunLegacy_2](policy-csp-admx-logon.md#disableexplorerrunlegacy_2) | Enabled | Don't process the computer legacy run list |
| [TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode](policy-csp-textinput.md#enabletouchkeyboardautoinvokeindesktopmode) | 1 | When no keyboard is attached |
- Following local group policies are configured for all users:
| Policy setting | Status |
|------------------------------------------------------------------------------------------------------------------------|---------------------------------------|
| System/Ctrl+Alt+Del Options/Remove Change Password | Enabled |
| Start Menu and Taskbar/Notifications/Turn off toast notifications | Enabled |
| Start Menu and Taskbar/Notifications/Remove Notifications and Action Center | Enabled |
| System/Logon/Do not process the legacy run list | Enabled |
<!-- CloudDesktop-CspMoreInfo-End -->
<!-- CloudDesktop-End -->

56
windows/client-management/mdm/clouddesktop-ddf-file.md
View File

@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 08/29/2023
ms.date: 10/25/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -45,11 +45,55 @@ The following XML file contains the device description framework (DDF) for the C
<MIME />
</DFType>
<MSFT:Applicability>
<MSFT:OsBuildVersion>22631.2050</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x30;0x31;0x7E;0x88;0xA1;0xA2;0xA4;0xA5;0xBC;0xBF;0xCD;</MSFT:EditionAllowList>
<MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
<MSFT:CspVersion>9.9</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x30;0x31;0x7E;0x87;0x88;0x88*;0xA1;0xA2;0xA4;0xA5;0xB4;0xBC;0xBD;0xBF;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>
<NodeName>BootToCloudPCEnhanced</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<DefaultValue>0</DefaultValue>
<Description>This node allows to configure different kinds of Boot to Cloud mode. Boot to cloud mode enables users to seamlessly sign-in to a Cloud PC. For using this feature, Cloud Provider application must be installed on the PC and the user must have a Cloud PC provisioned. This node supports the below options: 0. Not Configured. 1. Enable Boot to Cloud Shared PC Mode: Boot to Cloud Shared PC mode allows multiple users to sign-in on the device and use for shared purpose. 2. Enable Boot to Cloud Personal Mode (Cloud only): Personal mode allows user to sign-in on the device using various authentication mechanism configured by their organization (For ex. PIN, Biometrics etc). This mode preserves user personalization, including their profile picture and username in local machine, and facilitates fast account switching.</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>Boot to Cloud PC Enhanced</DFTitle>
<DFType>
<MIME />
</DFType>
<MSFT:Applicability>
<MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
<MSFT:CspVersion>9.9</MSFT:CspVersion>
</MSFT:Applicability>
<MSFT:AllowedValues ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>0</MSFT:Value>
<MSFT:ValueDescription>Not Configured</MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>1</MSFT:Value>
<MSFT:ValueDescription>Enable Boot to Cloud Shared PC Mode</MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>2</MSFT:Value>
<MSFT:ValueDescription>Enable Boot to Cloud Personal Mode (Cloud only)</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:AllowedValues>
</DFProperties>
</Node>
<Node>
<NodeName>EnableBootToCloudSharedPCMode</NodeName>
<DFProperties>
@ -74,6 +118,9 @@ The following XML file contains the device description framework (DDF) for the C
<DFType>
<MIME />
</DFType>
<MSFT:Applicability>
<MSFT:OsBuildVersion>88.8.88888</MSFT:OsBuildVersion>
</MSFT:Applicability>
<MSFT:AllowedValues ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>false</MSFT:Value>
@ -84,6 +131,7 @@ The following XML file contains the device description framework (DDF) for the C
<MSFT:ValueDescription>Boot to cloud shared pc mode enabled</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:AllowedValues>
<MSFT:Deprecated />
</DFProperties>
</Node>
</Node>

133
windows/client-management/mdm/personalization-csp.md
View File

@ -4,7 +4,7 @@ description: Learn more about the Personalization CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 08/10/2023
ms.date: 10/26/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -16,24 +16,147 @@ ms.topic: reference
<!-- Personalization-Begin -->
# Personalization CSP
[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
<!-- Personalization-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
The Personalization CSP can set the lock screen and desktop background images. Setting these policies also prevents the user from changing the image. You can also use the Personalization settings in a provisioning package.
The Personalization CSP can set the lock screen, desktop background images and company branding on sign-in screen ([BootToCloud mode](policy-csp-clouddesktop.md#boottocloudmode) only). Setting these policies also prevents the user from changing the image. You can also use the Personalization settings in a provisioning package.
> [!IMPORTANT]
> Personalization CSP is supported in Windows Enterprise and Education SKUs. It works in Windows Professional only when SetEduPolicies in [SharedPC CSP](sharedpc-csp.md) is set.
> Personalization CSP is supported in Windows Enterprise and Education SKUs. It works in Windows Professional only when SetEduPolicies in [SharedPC CSP](sharedpc-csp.md) is set, or when the device is configured in [Shared PC mode with BootToCloudPCEnhanced policy](clouddesktop-csp.md#boottocloudpcenhanced).
<!-- Personalization-Editable-End -->
<!-- Personalization-Tree-Begin -->
The following list shows the Personalization configuration service provider nodes:
- ./Vendor/MSFT/Personalization
- [CompanyLogoStatus](#companylogostatus)
- [CompanyLogoUrl](#companylogourl)
- [CompanyName](#companyname)
- [DesktopImageStatus](#desktopimagestatus)
- [DesktopImageUrl](#desktopimageurl)
- [LockScreenImageStatus](#lockscreenimagestatus)
- [LockScreenImageUrl](#lockscreenimageurl)
<!-- Personalization-Tree-End -->
<!-- Device-CompanyLogoStatus-Begin -->
## CompanyLogoStatus
<!-- Device-CompanyLogoStatus-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- Device-CompanyLogoStatus-Applicability-End -->
<!-- Device-CompanyLogoStatus-OmaUri-Begin -->
```Device
./Vendor/MSFT/Personalization/CompanyLogoStatus
```
<!-- Device-CompanyLogoStatus-OmaUri-End -->
<!-- Device-CompanyLogoStatus-Description-Begin -->
<!-- Description-Source-DDF -->
This represents the status of the Company Logo. 1 - Successfully downloaded or copied. 2 - Download/Copy in progress. 3 - Download/Copy failed. 4 - Unknown file type. 5 - Unsupported Url scheme. 6 - Max retry failed. This setting is currently available for boot to cloud shared pc mode only.
<!-- Device-CompanyLogoStatus-Description-End -->
<!-- Device-CompanyLogoStatus-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- Device-CompanyLogoStatus-Editable-End -->
<!-- Device-CompanyLogoStatus-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `int` |
| Access Type | Get |
<!-- Device-CompanyLogoStatus-DFProperties-End -->
<!-- Device-CompanyLogoStatus-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- Device-CompanyLogoStatus-Examples-End -->
<!-- Device-CompanyLogoStatus-End -->
<!-- Device-CompanyLogoUrl-Begin -->
## CompanyLogoUrl
<!-- Device-CompanyLogoUrl-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- Device-CompanyLogoUrl-Applicability-End -->
<!-- Device-CompanyLogoUrl-OmaUri-Begin -->
```Device
./Vendor/MSFT/Personalization/CompanyLogoUrl
```
<!-- Device-CompanyLogoUrl-OmaUri-End -->
<!-- Device-CompanyLogoUrl-Description-Begin -->
<!-- Description-Source-DDF -->
An http or https Url to a jpg, jpeg or png image that needs to be downloaded and used as the Company Logo or a file Url to a local image on the file system that needs to be used as the Company Logo. This setting is currently available for boot to cloud shared pc mode only.
<!-- Device-CompanyLogoUrl-Description-End -->
<!-- Device-CompanyLogoUrl-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- Device-CompanyLogoUrl-Editable-End -->
<!-- Device-CompanyLogoUrl-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- Device-CompanyLogoUrl-DFProperties-End -->
<!-- Device-CompanyLogoUrl-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- Device-CompanyLogoUrl-Examples-End -->
<!-- Device-CompanyLogoUrl-End -->
<!-- Device-CompanyName-Begin -->
## CompanyName
<!-- Device-CompanyName-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- Device-CompanyName-Applicability-End -->
<!-- Device-CompanyName-OmaUri-Begin -->
```Device
./Vendor/MSFT/Personalization/CompanyName
```
<!-- Device-CompanyName-OmaUri-End -->
<!-- Device-CompanyName-Description-Begin -->
<!-- Description-Source-DDF -->
The name of the company to be displayed on the sign-in screen. This setting is currently available for boot to cloud shared pc mode only.
<!-- Device-CompanyName-Description-End -->
<!-- Device-CompanyName-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- Device-CompanyName-Editable-End -->
<!-- Device-CompanyName-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
| Allowed Values | Regular Expression: `^.{1,30}$` |
<!-- Device-CompanyName-DFProperties-End -->
<!-- Device-CompanyName-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- Device-CompanyName-Examples-End -->
<!-- Device-CompanyName-End -->
<!-- Device-DesktopImageStatus-Begin -->
## DesktopImageStatus
@ -90,7 +213,7 @@ This represents the status of the DesktopImage. 1 - Successfully downloaded or c
<!-- Device-DesktopImageUrl-Description-Begin -->
<!-- Description-Source-DDF -->
A http or https Url to a jpg, jpeg or png image that needs to be downloaded and used as the Desktop Image or a file Url to a local image on the file system that needs to be used as the Desktop Image.
An http or https Url to a jpg, jpeg or png image that needs to be downloaded and used as the Desktop Image or a file Url to a local image on the file system that needs to be used as the Desktop Image.
<!-- Device-DesktopImageUrl-Description-End -->
<!-- Device-DesktopImageUrl-Editable-Begin -->
@ -168,7 +291,7 @@ This represents the status of the LockScreenImage. 1 - Successfully downloaded o
<!-- Device-LockScreenImageUrl-Description-Begin -->
<!-- Description-Source-DDF -->
A http or https Url to a jpg, jpeg or png image that neeeds to be downloaded and used as the Lock Screen Image or a file Url to a local image on the file system that needs to be used as the Lock Screen Image.
An http or https Url to a jpg, jpeg or png image that needs to be downloaded and used as the Lock Screen Image or a file Url to a local image on the file system that needs to be used as the Lock Screen Image.
<!-- Device-LockScreenImageUrl-Description-End -->
<!-- Device-LockScreenImageUrl-Editable-Begin -->

90
windows/client-management/mdm/personalization-ddf.md
View File

@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 06/02/2023
ms.date: 10/25/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -49,7 +49,7 @@ The following XML file contains the device description framework (DDF) for the P
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.16299</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node>
@ -146,6 +146,92 @@ The following XML file contains the device description framework (DDF) for the P
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>CompanyLogoUrl</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>A http or https Url to a jpg, jpeg or png image that neeeds to be downloaded and used as the Company Logo or a file Url to a local image on the file system that needs to be used as the Company Logo. This setting is currently available for boot to cloud shared pc mode only.</Description>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME />
</DFType>
<MSFT:Applicability>
<MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
<MSFT:CspVersion>2.0</MSFT:CspVersion>
</MSFT:Applicability>
<MSFT:AllowedValues ValueType="None">
</MSFT:AllowedValues>
</DFProperties>
</Node>
<Node>
<NodeName>CompanyLogoStatus</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>This represents the status of the Company Logo. 1 - Successfully downloaded or copied. 2 - Download/Copy in progress. 3 - Download/Copy failed. 4 - Unknown file type. 5 - Unsupported Url scheme. 6 - Max retry failed. This setting is currently available for boot to cloud shared pc mode only.</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME />
</DFType>
<MSFT:Applicability>
<MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
<MSFT:CspVersion>2.0</MSFT:CspVersion>
</MSFT:Applicability>
</DFProperties>
</Node>
<Node>
<NodeName>CompanyName</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>The name of the company to be displayed on the sign-in screen. This setting is currently available for boot to cloud shared pc mode only.</Description>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME />
</DFType>
<MSFT:Applicability>
<MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
<MSFT:CspVersion>2.0</MSFT:CspVersion>
</MSFT:Applicability>
<MSFT:AllowedValues ValueType="RegEx">
<MSFT:Value>^.{1,30}$</MSFT:Value>
</MSFT:AllowedValues>
</DFProperties>
</Node>
</Node>
</MgmtTree>
```

18
windows/deployment/update/create-deployment-plan.md
View File

@ -18,9 +18,9 @@ ms.date: 12/31/2017
# Create a deployment plan
A "service management" mindset means that the devices in your organization fall into a continuum, with the software update process being constantly planned, deployed, monitored, and optimized. And once you use this process for feature updates, quality updates become a lightweight procedure that is simple and fast to execute, ultimately increasing velocity.
A "service management" mindset means that the devices in your organization fall into a continuum, with the software update process being constantly planned, deployed, monitored, and optimized. Once you use this process for feature updates, quality updates become a lightweight procedure that is simple and fast to execute, ultimately increasing velocity.
When you move to a service management model, you need effective ways of rolling out updates to representative groups of devices. We've found that a ring-based deployment works well for us at Microsoft and many other organizations across the globe. Deployment rings in Windows client are similar to the deployment groups most organizations constructed for previous major revision upgrades. They're simply a method to separate devices into a deployment timeline.
When you move to a service management model, you need effective ways of rolling out updates to representative groups of devices. We've found that a ring-based deployment works well for us at Microsoft and many other organizations across the globe. Deployment rings in Windows clients are similar to the deployment groups most organizations constructed for previous major revision upgrades. They're simply a method to separate devices into a deployment timeline.
At the highest level, each ring comprises a group of users or devices that receive a particular update concurrently. For each ring, IT administrators set criteria to control deferral time or adoption (completion) that should be met before deployment to the next broader ring of devices or users can occur.
@ -43,10 +43,10 @@ There are no definite rules for exactly how many rings to have for your deployme
## Advancing between rings
There are basically two strategies for moving deployments from one ring to the next. One is service-based, the other project based.
There are basically two strategies for moving deployments from one ring to the next. One is service-based, the other project-based.
- "Red button" (service based): Assumes that content is good until proven bad. Content flows until an issue is discovered, at which point the IT administrator presses the "red button" to stop further distribution.
- Green button (project based): Assumes that content is bad until proven good. Once all validation has passed, the IT administrator presses the "green button" to push the content to the next ring.
- "Red button" (service-based): Assumes that content is good until proven bad. Content flows until an issue is discovered, at which point the IT administrator presses the "red button" to stop further distribution.
- "Green button" (project-based): Assumes that content is bad until proven good. Once all validation has passed, the IT administrator presses the "green button" to push the content to the next ring.
When it comes to deployments, having manual steps in the process usually impedes update velocity. A "red button" strategy is better when that is your goal.
@ -60,9 +60,9 @@ The purpose of the Preview ring is to evaluate the new features of the update. I
### Who goes in the Preview ring?
The Preview ring users are the most tech savvy and resilient people, who won't lose productivity if something goes wrong. In general, these users are IT pros, and perhaps a few people in the business organization.
The Preview ring users are the most tech-savvy and resilient people, who won't lose productivity if something goes wrong. In general, these users are IT pros, and perhaps a few people in the business organization.
During your plan and prepare phases, you should focus on the following activities:
During your plan and preparation phases, you should focus on the following activities:
- Work with Windows Insider Preview builds.
- Identify the features and functionality your organization can or wants to use.
@ -87,7 +87,7 @@ Analytics can help with defining a good Limited ring of representative devices a
The most important part of this phase is finding a representative sample of devices and applications across your network. If possible, all hardware and all applications should be represented. It's important that the people selected for this ring are using their devices regularly to generate the data you'll need to make a decision for broader deployment across your organization. The IT department, lab devices, and users with the most cutting-edge hardware usually don't have the applications or device drivers that are truly a representative sample of your network.
During your pilot and validate phases, you should focus on the following activities:
During your pilot and validation phases, you should focus on the following activities:
- Deploy new innovations.
- Assess and act if issues are encountered.
@ -104,7 +104,7 @@ Once the devices in the Limited ring have had a sufficient stabilization period,
In most businesses, the Broad ring includes the rest of your organization. Because of the work in the previous ring to vet stability and minimize disruption (with diagnostic data to support your decision), a broad deployment can occur relatively quickly.
> [!NOTE]
> In some instances, you might hold back on mission-critical devices (such as medical devices) until deployment in the Broad ring is complete. Get best practices and recommendations for deploying Windows client feature updates to mission critical-devices.
> In some instances, you might hold back on mission-critical devices (such as medical devices) until deployment in the Broad ring is complete. Get best practices and recommendations for deploying Windows client feature updates to mission-critical devices.
During the broad deployment phase, you should focus on the following activities:

6
windows/hub/index.yml
View File

@ -15,16 +15,16 @@ metadata:
author: paolomatarazzo
ms.author: paoloma
manager: aaroncz
ms.date: 09/26/2023
ms.date: 10/31/2023
highlightedContent:
items:
- title: Get started with Windows 11
itemType: get-started
url: /windows/whats-new/windows-11-overview
- title: Windows 11, version 22H2
- title: Windows 11, version 23H2
itemType: whats-new
url: /windows/whats-new/whats-new-windows-11-version-22H2
url: /windows/whats-new/whats-new-windows-11-version-23H2
- title: Windows 11, version 22H2 group policy settings reference
itemType: download
url: https://www.microsoft.com/en-us/download/details.aspx?id=104594

2
windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
View File

@ -27,7 +27,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
You can learn more about Windows functional and diagnostic data through these articles:
- [Required diagnostic events and fields for Windows 11, version 22H2](required-diagnostic-events-fields-windows-11-22H2.md)
- [Required diagnostic events and fields for Windows 11, versions 23H2 and 22H2](required-diagnostic-events-fields-windows-11-22H2.md)
- [Required diagnostic events and fields for Windows 11, version 21H2](required-windows-11-diagnostic-events-and-fields.md)
- [Required diagnostic events and fields for Windows 10: versions 22H2, 21H2, 21H1, 20H2, and 2004](required-windows-diagnostic-data-events-and-fields-2004.md)
- [Windows 10, version 1903 and Windows 10, version 1909 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)

2
windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
View File

@ -27,7 +27,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
You can learn more about Windows functional and diagnostic data through these articles:
- [Required diagnostic events and fields for Windows 11, version 22H2](required-diagnostic-events-fields-windows-11-22H2.md)
- [Required diagnostic events and fields for Windows 11, versions 23H2 and 22H2](required-diagnostic-events-fields-windows-11-22H2.md)
- [Required diagnostic events and fields for Windows 11, version 21H2](required-windows-11-diagnostic-events-and-fields.md)
- [Required diagnostic events and fields for Windows 10: versions 22H2, 21H2, 21H1, 20H2, and 2004](required-windows-diagnostic-data-events-and-fields-2004.md)
- [Windows 10, version 1903 and Windows 10, version 1909 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)

2
windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md
View File

@ -27,7 +27,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
You can learn more about Windows functional and diagnostic data through these articles:
- [Required diagnostic events and fields for Windows 11, version 22H2](required-diagnostic-events-fields-windows-11-22H2.md)
- [Required diagnostic events and fields for Windows 11, versions 23H2 and 22H2](required-diagnostic-events-fields-windows-11-22H2.md)
- [Required diagnostic events and fields for Windows 11, version 21H2](required-windows-11-diagnostic-events-and-fields.md)
- [Required diagnostic events and fields for Windows 10: versions 22H2, 21H2, 21H1, 20H2, and 2004](required-windows-diagnostic-data-events-and-fields-2004.md)
- [Windows 10, version 1903 and Windows 10, version 1909 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)

2
windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
View File

@ -26,7 +26,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
You can learn more about Windows functional and diagnostic data through these articles:
- [Required diagnostic events and fields for Windows 11, version 22H2](required-diagnostic-events-fields-windows-11-22H2.md)
- [Required diagnostic events and fields for Windows 11, versions 23H2 and 22H2](required-diagnostic-events-fields-windows-11-22H2.md)
- [Required diagnostic events and fields for Windows 11, version 21H2](required-windows-11-diagnostic-events-and-fields.md)
- [Required diagnostic events and fields for Windows 10: versions 22H2, 21H2, 21H1, 20H2, and 2004](required-windows-diagnostic-data-events-and-fields-2004.md)
- [Windows 10, version 1903 and Windows 10, version 1909 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)

2
windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md
View File

@ -28,7 +28,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
You can learn more about Windows functional and diagnostic data through these articles:
- [Required diagnostic events and fields for Windows 11, version 22H2](required-diagnostic-events-fields-windows-11-22H2.md)
- [Required diagnostic events and fields for Windows 11, versions 23H2 and 22H2](required-diagnostic-events-fields-windows-11-22H2.md)
- [Required diagnostic events and fields for Windows 11, version 21H2](required-windows-11-diagnostic-events-and-fields.md)
- [Required diagnostic events and fields for Windows 10: versions 22H2, 21H2, 21H1, 20H2, and 2004](required-windows-diagnostic-data-events-and-fields-2004.md)
- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)

2
windows/privacy/changes-to-windows-diagnostic-data-collection.md
View File

@ -75,7 +75,7 @@ Customers who use services that depend on Windows diagnostic data, such as [Micr
> [!NOTE]
> The information in this section applies to the following versions of Windows:
> - Windows 10, versions 20H2, 21H2, 22H2, and newer
> - Windows 11, versions 21H2, 22H2, and newer
> - Windows 11, versions 21H2, 22H2, 23H2, and newer
Previously, IT admins could use policies (for example, the “Allow commercial data pipeline” policy) at the individual device level to enroll devices in the Windows diagnostic data processor configuration.

2
windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
View File

@ -336,7 +336,7 @@ Tenants with billing addresses in countries or regions in the Middle East and Af
> [!NOTE]
> The information in this section applies to the following versions of Windows:
> - Windows 10, versions 20H2, 21H2, 22H2, and newer
> - Windows 11, versions 21H2, 22H2, and newer
> - Windows 11, versions 21H2, 22H2, 23H2, and newer
Starting with the January 2023 preview cumulative update, how you enable the processor configuration option depends on the billing address of the Azure AD tenant to which your devices are joined.

374
windows/privacy/required-diagnostic-events-fields-windows-11-22H2.md
View File

@ -1,6 +1,6 @@
---
description: Learn more about the Windows 11, version 22H2 diagnostic data gathered.
title: Required diagnostic events and fields for Windows 11, version 22H2
description: Learn more about the diagnostic data gathered for Windows 11, versions 23H2 and 22H2.
title: Required diagnostic events and fields for Windows 11, versions 23H3 and 22H2
keywords: privacy, telemetry
ms.prod: windows-client
ms.technology: itpro-privacy
@ -8,15 +8,15 @@ localizationpriority: high
author: DHB-MSFT
ms.author: danbrown
manager: laurawi
ms.date: 09/26/2023
ms.date: 10/31/2023
ms.topic: reference
---
# Required diagnostic events and fields for Windows 11, versions 23H2 and 22H2
# Required diagnostic events and fields for Windows 11, version 22H2
**Applies to**
**Applies to**
- Windows 11, version 23H2
- Windows 11, version 22H2
Required diagnostic data gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Microsoft Store.
@ -199,13 +199,14 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockAdd
This event sends blocking data about any compatibility blocking entries on the system that are not directly related to specific applications or devices, to help keep Windows up to date.
This event sends blocking data about any compatibility blocking entries on the system that aren't directly related to specific applications or devices, to help keep Windows up to date.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
The following fields are available:
- **AppraiserVersion** The version of the appraiser file generating the events.
- **SdbEntries** Deprecated in RS3.
### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockRemove
@ -221,13 +222,14 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeAdd
This event sends compatibility database information about entries requiring reinstallation after an upgrade on the system that are not keyed by either applications or devices, to help keep Windows up to date.
This event sends compatibility database information about entries requiring reinstallation after an upgrade on the system that aren't keyed by either applications or devices, to help keep Windows up to date.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
The following fields are available:
- **AppraiserVersion** The version of the appraiser file generating the events.
- **SdbEntries** Deprecated in RS3.
### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosAdd
@ -239,6 +241,7 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic
The following fields are available:
- **AppraiserVersion** The version of the Appraiser file generating the events.
- **SdbEntries** Deprecated in RS3.
### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosStartSync
@ -273,14 +276,14 @@ The following fields are available:
- **AssociatedDriverWillNotMigrate** Will the driver associated with this plug-and-play device migrate?
- **BlockAssociatedDriver** Should the driver associated with this PNP device be blocked?
- **BlockingDevice** Is this PNP device blocking upgrade?
- **BlockUpgradeIfDriverBlocked** Is the PNP device both boot critical and does not have a driver included with the OS?
- **BlockUpgradeIfDriverBlocked** Is the PNP device both boot critical and doesn't have a driver included with the OS?
- **BlockUpgradeIfDriverBlockedAndOnlyActiveNetwork** Is this PNP device the only active network device?
- **DisplayGenericMessage** Will a generic message be shown during Setup for this PNP device?
- **DisplayGenericMessageGated** Indicates whether a generic message will be shown during Setup for this PNP device.
- **DriverAvailableInbox** Is a driver included with the operating system for this PNP device?
- **DriverAvailableOnline** Is there a driver for this PNP device on Windows Update?
- **DriverAvailableUplevel** Is there a driver on Windows Update or included with the operating system for this PNP device?
- **DriverBlockOverridden** Is there is a driver block on the device that has been overridden?
- **DriverBlockOverridden** Is there a driver block on the device that has been overridden?
- **NeedsDismissAction** Will the user would need to dismiss a warning during Setup for this device?
- **NotRegressed** Does the device have a problem code on the source OS that is no better than the one it would have on the target OS?
- **SdbDeviceBlockUpgrade** Is there an SDB block on the PNP device that blocks upgrade?
@ -311,7 +314,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoBlockAdd
This event sends compatibility decision data about blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up to date.
This event sends compatibility decision data about blocking entries on the system that aren't keyed by either applications or devices, to help keep Windows up to date.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@ -350,7 +353,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveAdd
This event sends compatibility decision data about non-blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up to date.
This event sends compatibility decision data about non-blocking entries on the system that aren't keyed by either applications or devices, to help keep Windows up to date.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@ -396,7 +399,7 @@ The following fields are available:
- **NeedsInstallPostUpgradeData** Will the file have a notification after upgrade to install a replacement for the app?
- **NeedsNotifyPostUpgradeData** Should a notification be shown for this file after upgrade?
- **NeedsReinstallPostUpgradeData** Will the file have a notification after upgrade to reinstall the app?
- **SdbReinstallUpgrade** The file is tagged as needing to be reinstalled after upgrade in the compatibility database (but is not blocking upgrade).
- **SdbReinstallUpgrade** The file is tagged as needing to be reinstalled after upgrade in the compatibility database (but isn't blocking upgrade).
### Microsoft.Windows.Appraiser.General.DecisionSModeStateAdd
@ -498,7 +501,7 @@ The following fields are available:
- **BinaryType** A binary type. Example: UNINITIALIZED, ZERO_BYTE, DATA_ONLY, DOS_MODULE, NE16_MODULE, PE32_UNKNOWN, PE32_I386, PE32_ARM, PE64_UNKNOWN, PE64_AMD64, PE64_ARM64, PE64_IA64, PE32_CLR_32, PE32_CLR_IL, PE32_CLR_IL_PREFER32, PE64_CLR_64.
- **BinFileVersion** An attempt to clean up FileVersion at the client that tries to place the version into 4 octets.
- **BinProductVersion** An attempt to clean up ProductVersion at the client that tries to place the version into 4 octets.
- **BoeProgramId** If there is no entry in Add/Remove Programs, this is the ProgramID that is generated from the file metadata.
- **BoeProgramId** If there's no entry in Add/Remove Programs, this is the ProgramID that is generated from the file metadata.
- **CompanyName** The company name of the vendor who developed this file.
- **FileId** A hash that uniquely identifies a file.
- **FileVersion** The File version field from the file metadata under Properties -&gt; Details.
@ -939,10 +942,10 @@ The following fields are available:
- **PCFP** An ID for the system calculated by hashing hardware identifiers.
- **PerfBackoff** Indicates if the run was invoked with logic to stop running when a user is present. Helps to understand why a run may have a longer elapsed time than normal.
- **PerfBackoffInsurance** Indicates if appraiser is running without performance backoff because it has run with perf backoff and failed to complete several times in a row.
- **RunAppraiser** Indicates if Appraiser was set to run at all. If this if false, it is understood that data events will not be received from this device.
- **RunAppraiser** Indicates if Appraiser was set to run at all. If this if false, it's understood that data events won't be received from this device.
- **RunDate** The date that the diagnostic data run was stated, expressed as a filetime.
- **RunGeneralTel** Indicates if the generaltel.dll component was run. Generaltel collects additional diagnostic data on an infrequent schedule and only from machines at diagnostic data levels higher than Basic.
- **RunOnline** Indicates if appraiser was able to connect to Windows Update and theefore is making decisions using up-to-date driver coverage information.
- **RunOnline** Indicates if appraiser was able to connect to Windows Update and therefore is making decisions using up-to-date driver coverage information.
- **RunResult** The hresult of the Appraiser diagnostic data run.
- **ScheduledUploadDay** The day scheduled for the upload.
- **SendingUtc** Indicates whether the Appraiser client is sending events during the current diagnostic data run.
@ -956,7 +959,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.WmdrmAdd
This event sends data about the usage of older digital rights management on the system, to help keep Windows up to date. This data does not indicate the details of the media using the digital rights management, only whether any such files exist. Collecting this data was critical to ensuring the correct mitigation for customers, and should be able to be removed once all mitigations are in place.
This event sends data about the usage of older digital rights management on the system, to help keep Windows up to date. This data doesn't indicate the details of the media using the digital rights management, only whether any such files exist. Collecting this data was critical to ensuring the correct mitigation for customers, and should be able to be removed once all mitigations are in place.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@ -968,7 +971,7 @@ The following fields are available:
- **WmdrmApiResult** Raw value of the API used to gather DRM state.
- **WmdrmCdRipped** Indicates if the system has any files encrypted with personal DRM, which was used for ripped CDs.
- **WmdrmIndicators** WmdrmCdRipped OR WmdrmPurchased.
- **WmdrmInUse** WmdrmIndicators AND dismissible block in setup was not dismissed.
- **WmdrmInUse** WmdrmIndicators AND dismissible block in setup wasn't dismissed.
- **WmdrmNonPermanent** Indicates if the system has any files with non-permanent licenses.
- **WmdrmPurchased** Indicates if the system has any files with permanent licenses.
@ -995,7 +998,7 @@ The following fields are available:
- **AzureOSIDPresent** Represents the field used to identify an Azure machine.
- **AzureVMType** Represents whether the instance is Azure VM PAAS, Azure VM IAAS or any other VMs.
- **CDJType** Represents the type of cloud domain joined for the machine.
- **CommercialId** Represents the GUID for the commercial entity which the device is a member of.  Will be used to reflect insights back to customers.
- **CommercialId** Represents the GUID for the commercial entity that the device is a member of.  Will be used to reflect insights back to customers.
- **ContainerType** The type of container, such as process or virtual machine hosted.
- **EnrollmentType** Defines the type of MDM enrollment on the device.
- **HashedDomain** The hashed representation of the user domain used for login.
@ -1007,7 +1010,7 @@ The following fields are available:
- **MDMServiceProvider** A hash of the specific MDM authority, such as Microsoft Intune, that is managing the device.
- **MPNId** Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID
- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an enterprise Configuration Manager environment.
- **ServerFeatures** Represents the features installed on a Windows   Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
- **ServerFeatures** Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
- **SystemCenterID** The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier
@ -1018,7 +1021,7 @@ This event sends data about the memory on the device, including ROM and RAM. The
The following fields are available:
- **TotalPhysicalRAM** Represents the physical memory (in MB).
- **TotalVisibleMemory** Represents the memory that is not reserved by the system.
- **TotalVisibleMemory** Represents the memory that isn't reserved by the system.
### Census.Network
@ -1028,8 +1031,8 @@ This event sends data about the mobile and cellular network used by the device (
The following fields are available:
- **CellularModemHWInstanceId0** HardwareInstanceId of the embedded Mobile broadband modem, as reported and used by PnP system to identify the WWAN modem device in Windows system. Empty string (null string) indicates that this property is unknown for telemetry.
- **IMEI0** Represents the International Mobile Station Equipment Identity. This number is usually unique and used by the mobile operator to distinguish different phone hardware. Microsoft does not have access to mobile operator billing data so collecting this data does not expose or identify the user. The two fields represent phone with dual sim coverage.
- **IMEI1** Represents the International Mobile Station Equipment Identity. This number is usually unique and used by the mobile operator to distinguish different phone hardware. Microsoft does not have access to mobile operator billing data so collecting this data does not expose or identify the user. The two fields represent phone with dual sim coverage.
- **IMEI0** Represents the International Mobile Station Equipment Identity. This number is usually unique and used by the mobile operator to distinguish different phone hardware. Microsoft doesn't have access to mobile operator billing data so collecting this data doesn't expose or identify the user. The two fields represent phone with dual sim coverage.
- **IMEI1** Represents the International Mobile Station Equipment Identity. This number is usually unique and used by the mobile operator to distinguish different phone hardware. Microsoft doesn't have access to mobile operator billing data so collecting this data doesn't expose or identify the user. The two fields represent phone with dual sim coverage.
- **MCC0** Represents the Mobile Country Code (MCC). It used with the Mobile Network Code (MNC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
- **MCC1** Represents the Mobile Country Code (MCC). It used with the Mobile Network Code (MNC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
- **MNC0** Retrieves the Mobile Network Code (MNC). It used with the Mobile Country Code (MCC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
@ -1046,7 +1049,7 @@ The following fields are available:
### Census.OS
This event sends data about the operating system such as the version, locale, update service configuration, when and how it was originally installed, and whether it is a virtual device. The data collected with this event is used to help keep Windows secure and up to date.
This event sends data about the operating system such as the version, locale, update service configuration, when and how it was originally installed, and whether it's a virtual device. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
@ -1063,7 +1066,7 @@ The following fields are available:
- **IsPortableOperatingSystem** Retrieves whether OS is running Windows-To-Go
- **IsSecureBootEnabled** Retrieves whether Boot chain is signed under UEFI.
- **LanguagePacks** The list of language packages installed on the device.
- **LicenseStateReason** Retrieves why (or how) a system is licensed or unlicensed. The HRESULT may indicate an error code that indicates a key blocked error, or it may indicate that we are running an OS License granted by the MS store.
- **LicenseStateReason** Retrieves why (or how) a system is licensed or unlicensed. The HRESULT may indicate an error code that indicates a key blocked error, or it may indicate that we're running an OS License granted by the MS store.
- **OA3xOriginalProductKey** Retrieves the License key stamped by the OEM to the machine.
- **OSEdition** Retrieves the version of the current OS.
- **OSInstallType** Retrieves a numeric description of what install was used on the device i.e. clean, upgrade, refresh, reset, etc
@ -1080,7 +1083,7 @@ The following fields are available:
- **ServiceMachinePort** Retrieves the port of the KMS host used for anti-piracy.
- **ServiceProductKeyID** Retrieves the License key of the KMS
- **SharedPCMode** Returns Boolean for devices that have enabled the configuration EnableSharedPCMode.
- **Signature** Retrieves if it is a signature machine sold by Microsoft store.
- **Signature** Retrieves if it's a signature machine sold by Microsoft store.
- **SLICStatus** Whether a SLIC table exists on the device.
- **SLICVersion** Returns OS type/version from SLIC table.
@ -1148,12 +1151,6 @@ The following fields are available:
- **Language** String containing the incompatible language pack detected.
### MicrosoftWindowsCodeIntegrityTraceLoggingProvider.CodeIntegrityHvciSysprepHvciAlreadyEnabled
This event fires when HVCI is already enabled so no need to continue auto-enablement.
## Common data extensions
### Common Data Extensions.app
@ -1192,7 +1189,7 @@ Describes the device-related fields.
The following fields are available:
- **deviceClass** The device classification. For example, Desktop, Server, or Mobile.
- **localId** A locally-defined unique ID for the device. This is not the human-readable device name. Most likely equal to the value stored at HKLM\Software\Microsoft\SQMClient\MachineId
- **localId** A locally-defined unique ID for the device. This isn't the human-readable device name. Most likely equal to the value stored at HKLM\Software\Microsoft\SQMClient\MachineId
- **make** Device manufacturer.
- **model** Device model.
@ -1262,7 +1259,7 @@ The following fields are available:
- **authId** This is an ID of the user associated with this event that is deduced from a token such as a Microsoft Account ticket or an XBOX token.
- **locale** The language and region.
- **localId** Represents a unique user identity that is created locally and added by the client. This is not the user's account ID.
- **localId** Represents a unique user identity that is created locally and added by the client. This isn't the user's account ID.
### Common Data Extensions.utc
@ -1285,7 +1282,7 @@ The following fields are available:
- **popSample** Represents the effective sample rate for this event at the time it was generated by a client.
- **providerGuid** The ETW provider ID associated with the provider name.
- **raId** Represents the ETW Related ActivityId. Logged via TraceLogging or directly via ETW.
- **seq** Represents the sequence field used to track absolute order of uploaded events. It is an incrementing identifier for each event added to the upload queue. The Sequence helps track how many events were fired and how many events were uploaded and enables identification of data lost during upload and de-duplication of events on the ingress server.
- **seq** Represents the sequence field used to track absolute order of uploaded events. It's an incrementing identifier for each event added to the upload queue. The Sequence helps track how many events were fired and how many events were uploaded and enables identification of data lost during upload and de-duplication of events on the ingress server.
- **sqmId** The Windows SQM (Software Quality Metrics—a precursor of Windows 10 Diagnostic Data collection) device identifier.
- **stId** Represents the Scenario Entry Point ID. This is a unique GUID for each event in a diagnostic scenario. This used to be Scenario Trigger ID.
- **wcmp** The Windows Shell Composer ID.
@ -1316,6 +1313,7 @@ The following fields are available:
- **uts** A bit field, with 2 bits being assigned to each user ID listed in xid. This field is omitted if all users are retail accounts.
- **xid** A list of base10-encoded XBOX User IDs.
## Common data fields
### Ms.Device.DeviceInventoryChange
@ -1330,7 +1328,6 @@ The following fields are available:
- **objectType** Indicates the object type that the event applies to.
- **syncId** A string used to group StartSync, EndSync, Add, and Remove operations that belong together. This field is unique by Sync period and is used to disambiguate in situations where multiple agents perform overlapping inventories for the same object.
## Component-based servicing events
### CbsServicingProvider.CbsCapabilitySessionFinalize
@ -1357,11 +1354,11 @@ The following fields are available:
### CbsServicingProvider.CbsLateAcquisition
This event sends data to indicate if some Operating System packages could not be updated as part of an upgrade, to help keep Windows up to date.
This event sends data to indicate if some Operating System packages couldn't be updated as part of an upgrade, to help keep Windows up to date.
The following fields are available:
- **Features** The list of feature packages that could not be updated.
- **Features** The list of feature packages that couldn't be updated.
- **RetryID** The ID identifying the retry attempt to update the listed packages.
@ -1440,12 +1437,12 @@ The following fields are available:
### TelClientSynthetic.AbnormalShutdown_0
This event sends data about boot IDs for which a normal clean shutdown was not observed. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
This event sends data about boot IDs for which a normal clean shutdown wasn't observed. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
The following fields are available:
- **AbnormalShutdownBootId** BootId of the abnormal shutdown being reported by this event.
- **AbsCausedbyAutoChk** This flag is set when AutoCheck forces a device restart to indicate that the shutdown was not an abnormal shutdown.
- **AbsCausedbyAutoChk** This flag is set when AutoCheck forces a device restart to indicate that the shutdown wasn't an abnormal shutdown.
- **AcDcStateAtLastShutdown** Identifies if the device was on battery or plugged in.
- **BatteryLevelAtLastShutdown** The last recorded battery level.
- **BatteryPercentageAtLastShutdown** The battery percentage at the last shutdown.
@ -1486,7 +1483,7 @@ The following fields are available:
- **PowerButtonPressLastPowerWatchdogStage** Progress while the monitor is being turned on.
- **PowerButtonPressPowerWatchdogArmed** Indicates whether or not the watchdog for the monitor was active at the time of the last power button press.
- **ShutdownDeviceType** Identifies who triggered a shutdown. Is it because of battery, thermal zones, or through a Kernel API.
- **SleepCheckpoint** Provides the last checkpoint when there is a failure during a sleep transition.
- **SleepCheckpoint** Provides the last checkpoint when there's a failure during a sleep transition.
- **SleepCheckpointSource** Indicates whether the source is the EFI variable or bootstat file.
- **SleepCheckpointStatus** Indicates whether the checkpoint information is valid.
- **StaleBootStatData** Identifies if the data from bootstat is stale.
@ -1514,26 +1511,26 @@ The following fields are available:
### TelClientSynthetic.AuthorizationInfo_Startup
This event is fired by UTC at startup to signal what data we are allowed to collect. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
This event is fired by UTC at startup to signal what data we're allowed to collect. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
The following fields are available:
- **CanAddMsaToMsTelemetry** True if we can add MSA PUID and CID to telemetry, false otherwise.
- **CanCollectAnyTelemetry** True if we are allowed to collect partner telemetry, false otherwise.
- **CanCollectClearUserIds** True if we are allowed to collect clear user IDs, false if we can only collect omitted IDs.
- **CanCollectAnyTelemetry** True if we're allowed to collect partner telemetry, false otherwise.
- **CanCollectClearUserIds** True if we're allowed to collect clear user IDs, false if we can only collect omitted IDs.
- **CanCollectCoreTelemetry** True if we can collect CORE/Basic telemetry, false otherwise.
- **CanCollectHeartbeats** True if we can collect heartbeat telemetry, false otherwise.
- **CanCollectOsTelemetry** True if we can collect diagnostic data telemetry, false otherwise.
- **CanCollectWindowsAnalyticsEvents** True if we can collect Windows Analytics data, false otherwise.
- **CanIncludeDeviceNameInDiagnosticData** True if we are allowed to add the device name to diagnostic data, false otherwise.
- **CanIncludeDeviceNameInDiagnosticData** True if we're allowed to add the device name to diagnostic data, false otherwise.
- **CanPerformDiagnosticEscalations** True if we can perform diagnostic escalation collection, false otherwise.
- **CanPerformSiufEscalations** True if we can perform System Initiated User Feedback escalation collection, false otherwise.
- **CanReportScenarios** True if we can report scenario completions, false otherwise.
- **CanReportUifEscalations** True if we can perform User Initiated Feedback escalation collection, false otherwise.
- **CanUseAuthenticatedProxy** True if we can use an authenticated proxy to send data, false otherwise.
- **IsProcessorMode** True if it is Processor Mode, false otherwise.
- **IsProcessorMode** True if it's Processor Mode, false otherwise.
- **PreviousPermissions** Bitmask of previous telemetry state.
- **TransitionFromEverythingOff** True if we are transitioning from all telemetry being disabled, false otherwise.
- **TransitionFromEverythingOff** True if we're transitioning from all telemetry being disabled, false otherwise.
### TelClientSynthetic.ConnectivityHeartBeat_0
@ -1601,7 +1598,7 @@ The following fields are available:
- **VortexHttpAttempts** Number of attempts to contact Vortex.
- **VortexHttpFailures4xx** Number of 400-499 error codes received from Vortex.
- **VortexHttpFailures5xx** Number of 500-599 error codes received from Vortex.
- **VortexHttpResponseFailures** Number of Vortex responses that are not 2XX or 400.
- **VortexHttpResponseFailures** Number of Vortex responses that aren't 2XX or 400.
- **VortexHttpResponsesWithDroppedEvents** Number of Vortex responses containing at least 1 dropped event.
@ -1625,7 +1622,7 @@ The following fields are available:
### Microsoft.Windows.DriverInstall.NewDevInstallDeviceEnd
This event sends data about the driver installation once it is completed. The data collected with this event is used to help keep Windows up to date and performing properly.
This event sends data about the driver installation once it's completed. The data collected with this event is used to help keep Windows up to date and performing properly.
The following fields are available:
@ -1667,7 +1664,7 @@ The following fields are available:
### Microsoft.Windows.FaultReporting.AppCrashEvent
This event sends data about crashes for both native and managed applications, to help keep Windows up to date. The data includes information about the crashing process and a summary of its exception record. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the crash to the Watson service, and the WER event will contain the same ReportID (see field 14 of crash event, field 19 of WER event) as the crash event for the crash being reported. AppCrash is emitted once for each crash handled by WER (e.g. from an unhandled exception or FailFast or ReportException). Note that Generic Watson event types (e.g. from PLM) that may be considered crashes\" by a user DO NOT emit this event.
This event sends data about crashes for both native and managed applications, to help keep Windows up to date. The data includes information about the crashing process and a summary of its exception record. It doesn't contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the crash to the Watson service, and the WER event will contain the same ReportID (see field 14 of crash event, field 19 of WER event) as the crash event for the crash being reported. AppCrash is emitted once for each crash handled by WER (e.g. from an unhandled exception or FailFast or ReportException). Note that Generic Watson event types (e.g. from PLM) that may be considered crashes\" by a user DO NOT emit this event.
The following fields are available:
@ -1677,7 +1674,7 @@ The following fields are available:
- **AppVersion** The version of the app that has crashed.
- **ExceptionCode** The exception code returned by the process that has crashed.
- **ExceptionOffset** The address where the exception had occurred.
- **Flags** Flags indicating how reporting is done. For example, queue the report, do not offer JIT debugging, or do not terminate the process after reporting.
- **Flags** Flags indicating how reporting is done. For example, queue the report, don't offer JIT debugging, or don't terminate the process after reporting.
- **FriendlyAppName** The description of the app that has crashed, if different from the AppName. Otherwise, the process name.
- **IsFatal** True/False to indicate whether the crash resulted in process termination.
- **ModName** Exception module name (e.g. bar.dll).
@ -1731,7 +1728,7 @@ The following fields are available:
### Microsoft.Windows.HangReporting.AppHangEvent
This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on PC devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (e.g. PLM/RM/EM) as Watson Generics and will not produce AppHang events.
This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It doesn't contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on PC devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (e.g. PLM/RM/EM) as Watson Generics and will not produce AppHang events.
The following fields are available:
@ -1750,13 +1747,38 @@ The following fields are available:
- **TargetAsId** The sequence number for the hanging process.
- **TypeCode** Bitmap describing the hang type.
- **WaitingOnAppName** If this is a cross process hang waiting for an application, this has the name of the application.
- **WaitingOnAppVersion** If this is a cross process hang, this has the version of the application for which it is waiting.
- **WaitingOnPackageFullName** If this is a cross process hang waiting for a package, this has the full name of the package for which it is waiting.
- **WaitingOnAppVersion** If this is a cross process hang, this has the version of the application for which it's waiting.
- **WaitingOnPackageFullName** If this is a cross process hang waiting for a package, this has the full name of the package for which it's waiting.
- **WaitingOnPackageRelativeAppId** If this is a cross process hang waiting for a package, this has the relative application id of the package.
## Holographic events
### Microsoft.Windows.Analog.HydrogenCompositor.ExclusiveMode_Entered
This event sends data indicating the start of augmented reality application experience. The data collected with this event is used to keep Windows performing properly.
The following fields are available:
- **SessionID** Unique value for each attempt.
- **TargetAsId** The sequence number for the process.
- **windowInstanceId** Unique value for each window instance.
### Microsoft.Windows.Analog.HydrogenCompositor.ExclusiveMode_Leave
This event sends data indicating the end of augmented reality application experience. The data collected with this event is used to keep Windows performing properly.
The following fields are available:
- **EventHistory** Unique number of event history.
- **ExternalComponentState** State of external component.
- **LastEvent** Unique number of last event.
- **SessionID** Unique value for each attempt.
- **TargetAsId** The sequence number for the process.
- **windowInstanceId** Unique value for each window instance.
### Microsoft.Windows.Analog.Spectrum.TelemetryHolographicSpaceCreated
This event indicates the state of Windows holographic scene. The data collected with this event is used to keep Windows performing properly.
@ -1821,7 +1843,7 @@ The following fields are available:
### Microsoft.Windows.Inventory.Core.AmiTelCacheChecksum
This event captures basic checksum data about the device inventory items stored in the cache for use in validating data completeness for Microsoft.Windows.Inventory.Core events. The fields in this event may change over time, but they will always represent a count of a given object. The data collected with this event is used to keep Windows performing properly.
This event captures basic checksum data about the device inventory items stored in the cache for use in validating data completeness for Microsoft.Windows.Inventory.Core events. The fields in this event may change over time, but they'll always represent a count of a given object. The data collected with this event is used to keep Windows performing properly.
The following fields are available:
@ -2124,6 +2146,23 @@ The following fields are available:
- **ServiceName** The name of the driver or service attached to the device.
### Microsoft.Windows.Kernel.Power.AbnormalShutdown
This event provides diagnostic information of the most recent abnormal shutdown.
The following fields are available:
- **BootEnvironment** Errors from boot environment.
- **BootStatValid** Status of bootstat file.
- **Bugcheck** Bugcheck information.
- **CrashDump** Crash dump information.
- **CurrentBootId** ID of this boot.
- **FirmwareReset** System reset by firmware.
- **LastShutdownBootId** BootID of last shutdown.
- **LongPowerButtonHold** Long power button hold information.
- **SystemStateTransition** State transition information.
- **Watchdog** Watchdog information.
## Microsoft Edge events
### Aria.af397ef28e484961ba48646a5d38cf54.Microsoft.WebBrowser.Installer.EdgeUpdate.Ping
@ -2133,7 +2172,7 @@ This Ping event sends a detailed inventory of software and hardware information
The following fields are available:
- **appAp** Any additional parameters for the specified application. Default: ''.
- **appAppId** The GUID that identifies the product. Compatible clients must transmit this attribute. Please see the wiki for additional information. Default: undefined.
- **appAppId** The GUID that identifies the product. Compatible clients must transmit this attribute. Default: undefined.
- **appBrandCode** The brand code under which the product was installed, if any. A brand code is a short (4-character) string used to identify installations that took place as a result of partner deals or website promotions. Default: ''.
- **appChannel** An integer indicating the channel of the installation (i.e. Canary or Dev).
- **appClientId** A generalized form of the brand code that can accept a wider range of values and is used for similar purposes. Default: ''.
@ -2141,15 +2180,15 @@ The following fields are available:
- **appCohortHint** A machine-readable enum indicating that the client has a desire to switch to a different release cohort. The exact legal values are app-specific and should be shared between the server and app implementations. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''.
- **appCohortName** A stable non-localized human-readable enum indicating which (if any) set of messages the app should display to the user. For example, an app with a cohort Name of 'beta' might display beta-specific branding to the user. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''.
- **appConsentState** Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited.
- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (e.g. send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value is not known. Please see the wiki for additional information. Default: '-2'.
- **appExperiments** A key/value list of experiment identifiers. Experiment labels are used to track membership in different experimental groups, and may be set at install or update time. The experiments string is formatted as a semicolon-delimited concatenation of experiment label strings. An experiment label string is an experiment Name, followed by the '=' character, followed by an experimental label value. For example: 'crdiff=got_bsdiff;optimized=O3'. The client should not transmit the expiration date of any experiments it has, even if the server previously specified a specific expiration date. Default: ''.
- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (e.g. send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value isn't known. Default: '-2'.
- **appExperiments** A key/value list of experiment identifiers. Experiment labels are used to track membership in different experimental groups, and may be set at install or update time. The experiments string is formatted as a semicolon-delimited concatenation of experiment label strings. An experiment label string is an experiment Name, followed by the '=' character, followed by an experimental label value. For example: 'crdiff=got_bsdiff;optimized=O3'. The client shouldn't transmit the expiration date of any experiments it has, even if the server previously specified a specific expiration date. Default: ''.
- **appInstallTime** The product install time in seconds. '0' if unknown. Default: '-1'.
- **appInstallTimeDiffSec** The difference between the current time and the install date in seconds. '0' if unknown. Default: '-1'.
- **appLang** The language of the product install, in IETF BCP 47 representation. Default: ''.
- **appLastLaunchTime** The time when browser was last launched.
- **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. Please see the wiki for additional information. Default: '0.0.0.0'.
- **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. Default: '0.0.0.0'.
- **appPingEventAppSize** The total number of bytes of all downloaded packages. Default: '0'.
- **appPingEventDoneBeforeOOBEComplete** Indicates whether the install or update was completed before Windows Out of the Box Experience ends. 1 means event completed before OOBE finishes; 0 means event was not completed before OOBE finishes; -1 means the field does not apply.
- **appPingEventDoneBeforeOOBEComplete** Indicates whether the install or update was completed before Windows Out of the Box Experience ends. 1 means event completed before OOBE finishes; 0 means event wasn't completed before OOBE finishes; -1 means the field doesn't apply.
- **appPingEventDownloadMetricsCdnCCC** ISO 2 character country or region code that matches to the country or region updated binaries are delivered from. E.g.: US.
- **appPingEventDownloadMetricsCdnCID** Numeric value used to internally track the origins of the updated binaries. For example, 2.
- **appPingEventDownloadMetricsDownloadedBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'.
@ -2161,31 +2200,31 @@ The following fields are available:
- **appPingEventDownloadMetricsUrl** For events representing a download, the CDN URL provided by the update server for the client to download the update, the URL is controlled by Microsoft servers and always maps back to either *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''.
- **appPingEventDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'.
- **appPingEventErrorCode** The error code (if any) of the operation, encoded as a signed, base-10 integer. Default: '0'.
- **appPingEventEventResult** An enum indicating the result of the event. Please see the wiki for additional information. Default: '0'.
- **appPingEventEventType** An enum indicating the type of the event. Compatible clients MUST transmit this attribute. Please see the wiki for additional information.
- **appPingEventEventResult** An enum indicating the result of the event. Default: '0'.
- **appPingEventEventType** An enum indicating the type of the event. Compatible clients MUST transmit this attribute.
- **appPingEventExtraCode1** Additional numeric information about the operation's result, encoded as a signed, base-10 integer. Default: '0'.
- **appPingEventInstallTimeMs** For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'.
- **appPingEventNumBytesDownloaded** The number of bytes downloaded for the specified application. Default: '0'.
- **appPingEventPackageCacheResult** Whether there is an existing package cached in the system to update or install. 1 means that there's a cache hit under the expected key, 2 means there's a cache hit under a different key, 0 means that there's a cache miss. -1 means the field does not apply.
- **appPingEventPackageCacheResult** Whether there's an existing package cached in the system to update or install. 1 means that there's a cache hit under the expected key, 2 means there's a cache hit under a different key, 0 means that there's a cache miss. -1 means the field doesn't apply.
- **appPingEventSequenceId** An id that uniquely identifies particular events within one requestId. Since a request can contain multiple ping events, this field is necessary to uniquely identify each possible event.
- **appPingEventSourceUrlIndex** For events representing a download, the position of the download URL in the list of URLs supplied by the server in a "urls" tag.
- **appPingEventUpdateCheckTimeMs** For events representing an entire update flow, the time elapsed between the start of the update check and the end of the update check, in milliseconds. Sent in events that have an event type of '2' and '3' only. Default: '0'.
- **appReferralHash** The hash of the referral code used to install the product. '0' if unknown. Default: '0'.
- **appUpdateCheckIsUpdateDisabled** The state of whether app updates are restricted by group policy. True if updates have been restricted by group policy or false if they have not.
- **appUpdateCheckTargetVersionPrefix** A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The server should not return an update instruction to a version number that does not match the prefix or complete version number. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it is not a lexical prefix (for example, '1.2.3' must match '1.2.3.4' but must not match '1.2.34'). Default: ''.
- **appUpdateCheckIsUpdateDisabled** The state of whether app updates are restricted by group policy. True if updates have been restricted by group policy or false if they haven't.
- **appUpdateCheckTargetVersionPrefix** A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The server shouldn't return an update instruction to a version number that doesn't match the prefix or complete version number. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it isn't a lexical prefix (for example, '1.2.3' must match '1.2.3.4' but must not match '1.2.34'). Default: ''.
- **appUpdateCheckTtToken** An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request should be sent over SSL or another secure protocol. Default: ''.
- **appVersion** The version of the product install. Please see the wiki for additional information. Default: '0.0.0.0'.
- **appVersion** The version of the product install. Default: '0.0.0.0'.
- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
- **eventType** A string indicating the type of the event. Please see the wiki for additional information.
- **eventType** A string indicating the type of the event.
- **expETag** An identifier representing all service applied configurations and experiments when current update happens. Used for testing only.
- **hwDiskType** Devices hardware disk type.
- **hwHasAvx** '1' if the client's hardware supports the AVX instruction set. '0' if the client's hardware does not support the AVX instruction set. '-1' if unknown. Default: '-1'.
- **hwHasSse** '1' if the client's hardware supports the SSE instruction set. '0' if the client's hardware does not support the SSE instruction set. '-1' if unknown. Default: '-1'.
- **hwHasSse2** '1' if the client's hardware supports the SSE2 instruction set. '0' if the client's hardware does not support the SSE2 instruction set. '-1' if unknown. Default: '-1'.
- **hwHasSse3** '1' if the client's hardware supports the SSE3 instruction set. '0' if the client's hardware does not support the SSE3 instruction set. '-1' if unknown. Default: '-1'.
- **hwHasSse41** '1' if the client's hardware supports the SSE4.1 instruction set. '0' if the client's hardware does not support the SSE4.1 instruction set. '-1' if unknown. Default: '-1'.
- **hwHasSse42** '1' if the client's hardware supports the SSE4.2 instruction set. '0' if the client's hardware does not support the SSE4.2 instruction set. '-1' if unknown. Default: '-1'.
- **hwHasSsse3** '1' if the client's hardware supports the SSSE3 instruction set. '0' if the client's hardware does not support the SSSE3 instruction set. '-1' if unknown. Default: '-1'.
- **hwHasAvx** '1' if the client's hardware supports the AVX instruction set. '0' if the client's hardware doesn't support the AVX instruction set. '-1' if unknown. Default: '-1'.
- **hwHasSse** '1' if the client's hardware supports the SSE instruction set. '0' if the client's hardware doesn't support the SSE instruction set. '-1' if unknown. Default: '-1'.
- **hwHasSse2** '1' if the client's hardware supports the SSE2 instruction set. '0' if the client's hardware doesn't support the SSE2 instruction set. '-1' if unknown. Default: '-1'.
- **hwHasSse3** '1' if the client's hardware supports the SSE3 instruction set. '0' if the client's hardware doesn't support the SSE3 instruction set. '-1' if unknown. Default: '-1'.
- **hwHasSse41** '1' if the client's hardware supports the SSE4.1 instruction set. '0' if the client's hardware doesn't support the SSE4.1 instruction set. '-1' if unknown. Default: '-1'.
- **hwHasSse42** '1' if the client's hardware supports the SSE4.2 instruction set. '0' if the client's hardware doesn't support the SSE4.2 instruction set. '-1' if unknown. Default: '-1'.
- **hwHasSsse3** '1' if the client's hardware supports the SSSE3 instruction set. '0' if the client's hardware doesn't support the SSSE3 instruction set. '-1' if unknown. Default: '-1'.
- **hwLogicalCpus** Number of logical CPUs of the device.
- **hwPhysmemory** The physical memory available to the client, truncated down to the nearest gibibyte. '-1' if unknown. This value is intended to reflect the maximum theoretical storage capacity of the client, not including any hard drive or paging to a hard drive or peripheral. Default: '-1'.
- **isMsftDomainJoined** '1' if the client is a member of a Microsoft domain. '0' otherwise. Default: '0'.
@ -2206,26 +2245,10 @@ The following fields are available:
- **requestRequestId** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha request. Each request attempt should have (with high probability) a unique request id. Default: ''.
- **requestSessionCorrelationVectorBase** A client generated random MS Correlation Vector base code used to correlate the update session with update and CDN servers. Default: ''.
- **requestSessionId** A randomly-generated (uniformly distributed) GUID. Each single update flow (e.g. update check, update application, event ping sequence) should have (with high probability) a single unique session ID. Default: ''.
- **requestTestSource** Either '', 'dev', 'qa', 'prober', 'auto', or 'ossdev'. Any value except '' indicates that the request is a test and should not be counted toward normal metrics. Default: ''.
- **requestTestSource** Either '', 'dev', 'qa', 'prober', 'auto', or 'ossdev'. Any value except '' indicates that the request is a test and shouldn't be counted toward normal metrics. Default: ''.
- **requestUid** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha user. Each request attempt SHOULD have (with high probability) a unique request id. Default: ''.
### Microsoft.Edge.Crashpad.HangEvent
This event sends simple Product and Service Performance data on a hanging/frozen Microsoft Edge browser process to help mitigate future instances of the hang.
The following fields are available:
- **app_name** The name of the hanging process.
- **app_session_guid** Encodes the boot session, process, and process start time.
- **app_version** The version of the hanging process.
- **client_id_hash** Hash of the browser client id to help identify the installation.
- **etag** Identifier to help identify running browser experiments.
- **hang_source** Identifies how the hang was detected.
- **process_type** The type of the hanging browser process, for example, gpu-process, renderer, etc.
- **stack_hash** A hash of the hanging stack. Currently not used or set to zero.
## OneSettings events
### Microsoft.Windows.OneSettingsClient.Status
@ -2242,7 +2265,7 @@ The following fields are available:
### Microsoft.Windows.Shell.Oobe.ZDP.ZdpTaskCancelled
This event is the result of an attempt to cancel ZDP task.
This event is the result of an attempt to cancel ZDP task
The following fields are available:
@ -2252,30 +2275,20 @@ The following fields are available:
## Other events
### Microsoft.Windows.Analog.HydrogenCompositor.ExclusiveMode_Entered
### Microsoft.Edge.Crashpad.HangEvent
This event sends data indicating the start of augmented reality application experience. The data collected with this event is used to keep Windows performing properly.
This event sends simple Product and Service Performance data on a hanging/frozen Microsoft Edge browser process to help mitigate future instances of the hang.
The following fields are available:
- **SessionID** Unique value for each attempt.
- **TargetAsId** The sequence number for the process.
- **windowInstanceId** Unique value for each window instance.
### Microsoft.Windows.Analog.HydrogenCompositor.ExclusiveMode_Leave
This event sends data indicating the end of augmented reality application experience. The data collected with this event is used to keep Windows performing properly.
The following fields are available:
- **EventHistory** Unique number of event history.
- **ExternalComponentState** State of external component.
- **LastEvent** Unique number of last event.
- **SessionID** Unique value for each attempt.
- **TargetAsId** The sequence number for the process.
- **windowInstanceId** Unique value for each window instance.
- **app_name** The name of the hanging process.
- **app_session_guid** Encodes the boot session, process, and process start time.
- **app_version** The version of the hanging process.
- **client_id_hash** Hash of the browser client id to help identify the installation.
- **etag** Identifier to help identify running browser experiments.
- **hang_source** Identifies how the hang was detected.
- **process_type** The type of the hanging browser process, for example, gpu-process, renderer, etc.
- **stack_hash** A hash of the hanging stack. Currently not used or set to zero.
### Microsoft.Windows.Defender.Engine.Maps.Heartbeat
@ -2302,6 +2315,77 @@ The following fields are available:
- **SignatureRing** Signature ring used for deployments
- **SigVersion** Version of signature VDMs
### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantStartState
This event marks the start of an Update Assistant State. The data collected with this event is used to help keep Windows up to date.
The following fields are available:
- **CV** The correlation vector.
- **GlobalEventCounter** The global event counter for all telemetry on the device.
- **UpdateAssistantStateDownloading** True at the start Downloading.
- **UpdateAssistantStateInitializingApplication** True at the start of the state InitializingApplication.
- **UpdateAssistantStateInitializingStates** True at the start of InitializingStates.
- **UpdateAssistantStateInstalling** True at the start of Installing.
- **UpdateAssistantStatePostInstall** True at the start of PostInstall.
- **UpdateAssistantVersion** Current package version of UpdateAssistant.
### MicrosoftWindowsCodeIntegrityTraceLoggingProvider.CodeIntegrityHvciSysprepHvciAlreadyEnabled
This event fires when HVCI is already enabled so no need to continue auto-enablement.
### ShellWNSRegistration.SLSChannelRegistrationFailed
This event is logged when the upload of a channel URI to the SLS service fails.
The following fields are available:
- **baseData** JSON blob.
- **baseType** PartB schema type.
- **RetryAttempt** The retry attempt number for attempting to open and register the channel.
- **RetryTimeInMilliseconds** The amount of time taken to retry the channel request in milliseconds.
### ShellWNSRegistration.SLSChannelRegistrationSuccess
This event is logged when a channel URI is successfully uploaded to the SLS service.
The following fields are available:
- **RegistrationPayload** JSON payload containing Channel Uri and other data uploaded to SLS.
- **RetryAttempts** The retry attempt number for attempting to open and register the channel.
- **RetryTimeInMilliseconds** The amount of time taken to retry the channel request in milliseconds.
- **TitleId** TitleId for which channel is uploaded.
### ShellWNSRegistration.WNSChannelRequestFailed
This event is logged when a Channel Request fails. Contains error code and AppUserModelId for which channel was requested.
The following fields are available:
- **baseData** JSON blob.
- **baseType** PartB schema type.
- **RetryAttempt** The retry attempt number for attempting to open and register the channel.
- **RetryTimeInMilliseconds** The amount of time taken to retry the channel request in milliseconds.
### ShellWNSRegistration.WNSChannelRequestSuccess
This event is triggered immediately following the completion of a Channel Request API call. Contains channel URI and AppUserModelId for which channel was requested.
The following fields are available:
- **AppUserModelId** Unique identifier for app requesting a channel.
- **ChannelUri** Channel URI returned by WNS.
- **RetryAttempt** The retry attempt number for attempting to open and register the channel.
- **RetryTimeInMilliseconds** The amount of time taken to retry the channel request in milliseconds.
## Privacy consent logging events
### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentCompleted
@ -2320,13 +2404,13 @@ The following fields are available:
### Microsoft.Windows.Setup.WinSetupMon.ProtectionViolation
This event provides information about move or deletion of a file or a directory which is being monitored for data safety during feature updates. The data collected with this event is used to help keep Windows up to date.
This event provides information about move or deletion of a file or a directory that is being monitored for data safety during feature updates. The data collected with this event is used to help keep Windows up to date.
The following fields are available:
- **Path** Path to the file or the directory which is being moved or deleted.
- **Process** Path to the process which is requesting the move or the deletion.
- **SessionId** Identifier to correlate this component's telemetry with that of others.
- **Path** Path to the file or the directory that is being moved or deleted.
- **Process** Path to the process that is requesting the move or the deletion.
- **SessionId** Identifier to correlate this component's telemetry with that of others.
- **TargetPath** (Optional) If the operation is a move, the target path to which the file or directory is being moved.
@ -2337,7 +2421,7 @@ Provides details about error in the functioning of upgrade data safety monitorin
The following fields are available:
- **Message** Text string describing the error condition.
- **SessionId** Identifier to correlate this component's telemetry with that of others.
- **SessionId** Identifier to correlate this component's telemetry with that of others.
- **Status** NTSTATUS code related to the error.
@ -2526,24 +2610,6 @@ The following fields are available:
- **UpdateAttempted** Indicates if installation of the current update has been attempted before.
## Update Assistant events
### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantStartState
This event marks the start of an Update Assistant State. The data collected with this event is used to help keep Windows up to date.
The following fields are available:
- **CV** The correlation vector.
- **GlobalEventCounter** The global event counter for all telemetry on the device.
- **UpdateAssistantStateDownloading** True at the start Downloading.
- **UpdateAssistantStateInitializingApplication** True at the start of the state InitializingApplication.
- **UpdateAssistantStateInitializingStates** True at the start of InitializingStates.
- **UpdateAssistantStateInstalling** True at the start of Installing.
- **UpdateAssistantStatePostInstall** True at the start of PostInstall.
- **UpdateAssistantVersion** Current package version of UpdateAssistant.
## Update events
### Update360Telemetry.FellBackToDownloadingAllPackageFiles
@ -2695,7 +2761,7 @@ The following fields are available:
### Update360Telemetry.UpdateAgentMitigationSummary
This event sends a summary of all the update agent mitigations available for an this update. The data collected with this event is used to help keep Windows secure and up to date.
This event sends a summary of all the update agent mitigations available for an update. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
@ -2755,7 +2821,7 @@ The following fields are available:
- **FlightId** Unique ID for the flight (test instance version).
- **IsSuspendable** Indicates whether the update has the ability to be suspended and resumed at the time of reboot. When the machine is rebooted and the update is in middle of Predownload or Install and Setup.exe is running, this field is TRUE, if not its FALSE.
- **ObjectId** The unique value for each Update Agent mode.
- **Reason** Indicates the HResult why the machine could not be suspended. If it is successfully suspended, the result is 0.
- **Reason** Indicates the HResult why the machine couldn't be suspended. If it's successfully suspended, the result is 0.
- **RelatedCV** The correlation vector value generated from the latest USO (Update Service Orchestrator) scan.
- **ScenarioId** The ID of the update scenario.
- **SessionId** The ID of the update attempt.
@ -2804,7 +2870,7 @@ The following fields are available:
- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled.
- **TestId** ID that uniquely identifies a group of events.
- **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as the clientId.
@ -2826,7 +2892,7 @@ The following fields are available:
- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT
- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
- **State** Exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
- **State** Exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled.
- **TestId** ID that uniquely identifies a group of events.
- **WuId** Windows Update client ID.
@ -2848,7 +2914,7 @@ The following fields are available:
- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
- **Setup360Scenario** The Setup360 flow type, Example: Boot, Media, Update, MCT.
- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled.
- **TestId** A string to uniquely identify a group of events.
- **WuId** Windows Update client ID.
@ -2930,7 +2996,7 @@ The following fields are available:
- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors.
- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled.
- **TestId** A string to uniquely identify a group of events.
- **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as the clientId.
@ -2977,8 +3043,8 @@ The following fields are available:
- **remediationSummary** Result of each operation performed on a device to fix an invalid state or configuration that's preventing the device from getting updates. For example, if Windows Update service is turned off, the fix is to turn the it back on.
- **usingBackupFeatureAssessment** Relying on backup feature assessment.
- **usingBackupQualityAssessment** Relying on backup quality assessment.
- **usingCachedFeatureAssessment** WaaS Medic run did not get OS build age from the network on the previous run.
- **usingCachedQualityAssessment** WaaS Medic run did not get OS revision age from the network on the previous run.
- **usingCachedFeatureAssessment** WaaS Medic run didn't get OS build age from the network on the previous run.
- **usingCachedQualityAssessment** WaaS Medic run didn't get OS revision age from the network on the previous run.
- **uusVersion** The version of the UUS package.
- **versionString** Version of the WaaSMedic engine.
- **waasMedicRunMode** Indicates whether this was a background regular run of the medic or whether it was triggered by a user launching Windows Update Troubleshooter.
@ -3120,7 +3186,7 @@ The following fields are available:
### Microsoft.Windows.StoreAgent.Telemetry.EndSearchUpdatePackages
This event is sent after searching for update packages to install. It is used to help keep Windows up-to-date and secure.
This event is sent after searching for update packages to install. It's used to help keep Windows up-to-date and secure.
The following fields are available:
@ -3225,7 +3291,7 @@ The following fields are available:
### Microsoft.Windows.StoreAgent.Telemetry.StateTransition
Products in the process of being fulfilled (installed or updated) are maintained in a list. This event is sent any time there is a change in a product's fulfillment status (pending, working, paused, cancelled, or complete), to help keep Windows up to date and secure.
Products in the process of being fulfilled (installed or updated) are maintained in a list. This event is sent any time there's a change in a product's fulfillment status (pending, working, paused, canceled, or complete), to help keep Windows up to date and secure.
The following fields are available:
@ -3348,12 +3414,12 @@ The following fields are available:
### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentAnalysisSummary
This event collects information regarding the state of devices and drivers on the system following a reboot after the install phase of the new device manifest UUP (Unified Update Platform) update scenario which is used to install a device manifest describing a set of driver packages. The data collected with this event is used to help keep Windows secure and up to date.
This event collects information regarding the state of devices and drivers on the system following a reboot after the install phase of the new device manifest UUP (Unified Update Platform) update scenario that is used to install a device manifest describing a set of driver packages. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
- **activated** Whether the entire device manifest update is considered activated and in use.
- **analysisErrorCount** The number of driver packages that could not be analyzed because errors occurred during analysis.
- **analysisErrorCount** The number of driver packages that couldn't be analyzed because errors occurred during analysis.
- **flightId** Unique ID for each flight.
- **missingDriverCount** The number of driver packages delivered by the device manifest that are missing from the system.
- **missingUpdateCount** The number of updates in the device manifest that are missing from the system.
@ -3364,8 +3430,8 @@ The following fields are available:
- **sessionId** Unique value for each update session.
- **summary** A summary string that contains basic information about driver packages that are part of the device manifest and any devices on the system that those driver packages match.
- **summaryAppendError** A Boolean indicating if there was an error appending more information to the summary string.
- **truncatedDeviceCount** The number of devices missing from the summary string because there is not enough room in the string.
- **truncatedDriverCount** The number of driver packages missing from the summary string because there is not enough room in the string.
- **truncatedDeviceCount** The number of devices missing from the summary string because there isn't enough room in the string.
- **truncatedDriverCount** The number of driver packages missing from the summary string because there isn't enough room in the string.
- **unpublishedCount** How many drivers packages that were delivered by the device manifest that are still unpublished and unavailable to be used on devices.
- **updateId** The unique ID for each update.
@ -3506,12 +3572,12 @@ This event is fired when the Download stage is paused.
The following fields are available:
- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found.
- **CallerName** Name of application making the Windows Update request. Used to identify context of request.
- **ClassificationId** Classification identifier of the update content.
- **DownloadPriority** Indicates the priority of the download activity.
- **EventType** Indicates the purpose of the event - whether because scan started, succeeded, failed, etc.
- **FlightId** Secondary status code for certain scenarios where StatusCode was not specific enough.
- **FlightId** Secondary status code for certain scenarios where StatusCode wasn't specific enough.
- **HandlerInfo** Blob of Handler related information.
- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
- **Props** Commit Props {MergedUpdate}
@ -3524,13 +3590,11 @@ The following fields are available:
### Microsoft.Windows.Update.WUClientExt.UpdateMetadataIntegrityGeneral
Ensures Windows Updates are secure and complete. Event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack
The following fields are available:
Ensures Windows Updates are secure and complete. Event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack.
- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request.
- **EndpointUrl** Ensures Windows Updates are secure and complete. Event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack.
- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode wasn't specific enough.
- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce
- **RawMode** Raw unparsed mode string from the SLS response. May be null if not applicable.
- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc)

2
windows/privacy/required-windows-11-diagnostic-events-and-fields.md
View File

@ -28,7 +28,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
You can learn more about Windows functional and diagnostic data through these articles:
- [Required diagnostic events and fields for Windows 11, version 22H2](required-diagnostic-events-fields-windows-11-22H2.md)
- [Required diagnostic events and fields for Windows 11, versions 23H2 and 22H2](required-diagnostic-events-fields-windows-11-22H2.md)
- [Required diagnostic events and fields for Windows 10: versions 22H2, 21H2, 21H1, 20H2, and 2004](required-windows-diagnostic-data-events-and-fields-2004.md)
- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)

2
windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md
View File

@ -32,7 +32,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
You can learn more about Windows functional and diagnostic data through these articles:
- [Required diagnostic events and fields for Windows 11, version 22H2](required-diagnostic-events-fields-windows-11-22H2.md)
- [Required diagnostic events and fields for Windows 11, versions 23H2 and 22H2](required-diagnostic-events-fields-windows-11-22H2.md)
- [Required diagnostic events and fields for Windows 11, version 21H2](required-windows-11-diagnostic-events-and-fields.md)
- [Windows 10, version 1903 and Windows 10, version 1909 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)

2
windows/privacy/toc.yml
View File

@ -15,7 +15,7 @@
href: Microsoft-DiagnosticDataViewer.md
- name: Required Windows diagnostic data events and fields
items:
- name: Windows 11, version 22H2
- name: Windows 11, versions 23H2 and 22H2
href: required-diagnostic-events-fields-windows-11-22H2.md
- name: Windows 11, version 21H2
href: required-windows-11-diagnostic-events-and-fields.md

1
windows/privacy/windows-diagnostic-data.md
View File

@ -15,6 +15,7 @@ ms.topic: reference
# Windows 10, version 1709 and later and Windows 11 optional diagnostic data
Applies to:
- Windows 11, version 23H2
- Windows 11, version 22H2
- Windows 11, version 21H2
- Windows 10, version 22H2

2
windows/whats-new/TOC.yml
View File

@ -15,6 +15,8 @@
href: temporary-enterprise-feature-control.md
- name: What's new in Windows 11, version 22H2
href: whats-new-windows-11-version-22h2.md
- name: What's new in Windows 11, version 23H2
href: whats-new-windows-11-version-23h2.md
- name: Windows 10
expanded: true
items:

13
windows/whats-new/index.yml
View File

@ -20,7 +20,7 @@ metadata:
landingContent:
- title: Windows 11
- title: Windows 11 planning
linkLists:
- linkListType: overview
links:
@ -35,9 +35,18 @@ landingContent:
- text: Windows commercial licensing overview
url: windows-licensing.md
- title: Windows 11
linkLists:
- linkListType: whats-new
links:
- text: What's new in Windows 11, version 22H2
url: whats-new-windows-11-version-22h2.md
- text: What's new in Windows 11, version 23H2
url: whats-new-windows-11-version-23h2.md
- title: Windows 10
linkLists:
- linkListType: overview
- linkListType: whats-new
links:
- text: What's new in Windows 10, version 22H2
url: whats-new-windows-10-version-22h2.md

125
windows/whats-new/whats-new-windows-11-version-23H2.md Normal file
View File

@ -0,0 +1,125 @@
---
title: What's new in Windows 11, version 23H2 for IT pros
description: Learn more about what's new in Windows 11 version 23H2, including servicing updates, Windows Subsystem for Linux, the latest CSPs, and more.
manager: aaroncz
ms.prod: windows-client
ms.author: mstewart
author: mestew
ms.localizationpriority: medium
ms.topic: conceptual
ms.collection:
- highpri
- tier2
ms.technology: itpro-fundamentals
ms.date: 10/31/2023
appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11, version 23H2</a>
---
# What's new in Windows 11, version 23H2
<!--6681501-->
Windows 11, version 23H2 is a feature update for Windows 11. It includes all features and fixes in previous cumulative updates to Windows 11, version 22H2. This article lists the new and updated features IT Pros should know.
Windows 11, version 23H2 follows the [Windows 11 servicing timeline](/lifecycle/faq/windows#windows-11):
- **Windows 11 Pro**: Serviced for 24 months from the release date.
- **Windows 11 Enterprise**: Serviced for 36 months from the release date.
Devices updating from Windows 11, version 22H2 use an enablement package. Most the files for the 23H2 update already exist on Windows 11, version 22H2 devices that have installed a recent monthly security update. Many of the new features have already been enabled on Windows 11, version 22H2 clients. However, some features are just in an inactive and dormant state because they are under [temporary enterprise feature control](temporary-enterprise-feature-control.md). These new features remain dormant until they're turned on through the enablement package, a small, quick-to-install switch that activates all of the Windows 11, version 23H2 features.
Windows 11, version 23H2 is available through Windows Server Update Services (including Configuration Manager), Windows Update for Business, and the Volume Licensing Service Center (VLSC). For more information, see [How to get the Windows 11, version 23H2 update](https://blogs.windows.com/windowsexperience/?p=178531). Review the [Windows 11, version 23H2 Windows IT Pro blog post](https://aka.ms/new-in-23H2) to discover information about available deployment resources such as the [Windows Deployment Kit (Windows ADK)](/windows-hardware/get-started/adk-install).
To learn more about the status of the update rollout, known issues, and new information, see [Windows release health](/windows/release-health/).
## Features no longer under temporary enterprise control
[Temporary enterprise feature control](temporary-enterprise-feature-control.md) temporarily turns off certain features that were introduced during monthly cumulative updates for managed Windows 11, version 22H2 devices. For the purposes of temporary enterprise control, a system is considered managed if it's configured to get updates from Windows Update for Business or [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus). Clients that get updates from Microsoft Configuration Manager and Microsoft Intune are considered managed since their updates ultimately come from WSUS or Windows Updates for Business.
When a manged Windows 11, version 22H2 device installs version 23H2, the following features will no longer under be under temporary enterprise feature control:
| Feature | KB article where the feature was introduced |
|---|---|
| Touch-optimized taskbar for 2-in-1 devices <!--8092554, WIP.25197--> | [February 28, 2023 - KB5022913](https://support.microsoft.com/kb/5022913) |
| Selecting **Uninstall** for a Win32 app from the right-click menu uses the **Installed Apps** page in **Settings** rather than **Programs and Features** under the **Control Panel** <!--8092554, WIP.25300-->| [September 2023 - KB5030310](https://support.microsoft.com/kb/5030310) |
| Windows Spotlight provides a minimized experience, opportunities to learn more about each image, and allows users to preview images at full screen.<!--8092554, WIP.23511 & WIP.25281, AllowWindowsSpotlight-->| [September 2023 - KB5030310](https://support.microsoft.com/kb/5030310) |
| Copilot in Windows <!--8092554, WIP.23493 -->| [September 2023 - KB5030310](https://support.microsoft.com/kb/5030310) |
| [Dev Home](/windows/dev-home/) <!--8092554, WIP.23506-->| [September 2023 - KB5030310](https://support.microsoft.com/kb/5030310) |
| [Dev Drive](/windows/dev-drive/) <!--8092554, WIP.23466-->| [September 2023 - KB5030310](https://support.microsoft.com/kb/5030310) |
## Features added to Windows 11 since version 22H2
Starting with Windows 11, version 22H2, new features and enhancements were introduced periodically to provide continuous innovation for Windows 11. These features and enhancements use the normal update servicing channels you're already familiar with. At first, new features are introduced with an optional nonsecurity preview release and gradually rolled out to clients. These new features are released later as part of a monthly security update release. For more information about continuous innovation, see [Update release cycle for Windows clients](/windows/deployment/update/release-cycle#continuous-innovation-for-windows-11) Some of the features were released within the past year's continuous innovation updates and carry forward into the 23H2 annual feature update include:
### Passkeys in Windows
<!--8138341-->
Windows provides a native experience for passkey management. You can use the Settings app to view and manage passkeys saved for apps or websites. For more information, see [Support for passkeys in Windows](/windows/security/identity-protection/passkeys).
### Windows passwordless experience
<!--8138336-->
Windows passwordless experience is a security policy that promotes a user experience without passwords on Microsoft Entra joined devices.
When the policy is enabled, certain Windows authentication scenarios don't offer users the option to use a password, helping organizations and preparing users to gradually move away from passwords. For more information, see [Windows passwordless experience](/windows/security/identity-protection/passwordless-experience/).
### Web sign-in for Windows
<!--8344016-->
You can enable a web-based sign-in experience on Microsoft Entra joined devices, unlocking new sign-in options and capabilities. For more information, see [Web sign-in for Windows](/windows/security/identity-protection/web-sign-in).
### Declared configuration protocol
<!--7771694 -->
**Declared configuration protocol** is a new protocol for device configuration management that's based on a desired state model and uses OMA-DM SyncML protocol. It allows the server to provide the device with a collection of settings for a specific scenario, and the device to handle the configuration request and maintain its state. For more information, see [What is the declared configuration protocol](/windows/client-management/declared-configuration).
### Education themes
<!--7771679-->
You can deploy education themes to your devices. The education themes are designed for students using devices in a school. For more information, see [Configure education themes for Windows 11](/education/windows/edu-themes).
### Temporary enterprise feature control
<!--7790977-->
Controls were added to temporarily turn off certain features that were introduced during monthly cumulative updates for managed Windows 11, version 22H2 devices. For more information, see [Temporary enterprise feature control](temporary-enterprise-feature-control.md).
### Multi-app kiosk
<!--6444738-->
You can configure a multi-app kiosk, which displays a customized start menu of allowed apps. For more information, see [Set up a multi-app kiosk on Windows 11 devices](/windows/configuration/lock-down-windows-11-to-specific-apps).
### Copilot in Windows
<!--8138371-->
Copilot in Windows provides centralized generative AI assistance to your users right from the Windows desktop. For more information, see [Manage Copilot in Windows](/windows/client-management/manage-windows-copilot).
### Windows Hello for Business authentication improvement
<!--7771685-->
Peripheral face and fingerprint sensors can be used for Windows Hello for Business authentication on devices where Enhanced Sign-in Security (Secure Biometrics) has been enabled at the factory. Previously this functionality was blocked. For more information, see [Common questions about Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-faq).
### LAPS native integration
<!--6399966-->
Use Windows Local Administrator Password Solution (LAPS) to regularly rotate and manage local administrator account passwords. For more information, see [Local Administrator Password Solution (LAPS)](/windows-server/identity/laps/laps-overview)
### Federated sign-in
<!--7593916, 7593946-->
You can sign into Windows using a federated identity, which simplifies the experience for students. For example, students and educators can use QR code badges to sign-in. This feature is designed specifically for Education editions of Windows. For more information, see [Configure federated sign-in for Windows devices](/education/windows/federated-sign-in).
### Customize Windows 11 taskbar buttons
<!--07525381-->
[Policies to customize Windows 11 taskbar buttons](/windows/configuration/supported-csp-taskbar-windows#csp-policies-to-customize-windows-11-taskbar-buttons) were added to provide you with more control over the taskbar search experience across your organization.
### Braille displays
<!--7579823-->
The compatibility of braille displays was expanded. Braille displays work seamlessly and reliably across multiple screen readers, improving the end user experience. We also added support for new braille displays and new braille input and output languages in Narrator. For more information, see [Accessibility information for IT professionals](/windows/configuration/windows-accessibility-for-ITPros).
### Dev Drive
Dev Drive is a new form of storage volume available to improve performance for key developer workloads. For more information, see [Set up a Dev Drive on Windows 11](/windows/dev-drive/).
### Additional features
<!--kb5019509 items and notable items for IT pros from other updates-->
- **Tabs for File Explorer**: File Explorer includes tabs to help you organize your File Explorer sessions.
- **Taskbar overflow menu**: The taskbar offers an entry point to a menu that shows all of your overflowed apps in one spot.
- **Suggested actions**: Copied text in certain formats, such as phone numbers or dates, offer suggested actions such as calling the number or adding the event to your calendar.
- **Task Manager enhancements**: Process filtering, theme settings, and the ability to opt out of efficiency mode notification were added to Task Manager.
- **Narrator improvements**: Scripting functionality was added to Narrator. Narrator includes more natural voices. <!--8138352, 8138357-->
### In-box apps
- **Microsoft Teams**: Chat is being removed from the Microsoft Teams in-box app. Teams will no longer be pinned to the taskbar for enterprise editions of Windows 11, version 23H2 or later. To identify the appx package: `Get-AppxPackage -Name MicrosoftTeams` <!--8349096-->
- **Dev Home**: Dev Home is a new app that provides a central location for developers to start building, testing, and deploying Windows apps. For more information, see [Dev Home](/windows/dev-home/). To identify the appx package: `Get-AppxPackage -Name Microsoft.Windows.DevHome`