diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000000..9fb85ec49f --- /dev/null +++ b/.gitattributes @@ -0,0 +1,14 @@ +# Set the default behavior, in case people don't have core.autocrlf set. +* text=auto + +# Explicitly declare text files you want to always be normalized and converted +# to native line endings on checkout. +*.c text +*.h text + +# Declare files that will always have CRLF line endings on checkout. +*.sln text eol=crlf + +# Denote all files that are truly binary and should not be modified. +*.png binary +*.jpg binary \ No newline at end of file diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index f9d982e542..82a24ff791 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -34,6 +34,22 @@ "moniker_groups": [], "version": 0 }, + { + "docset_name": "eula-vsts", + "build_source_folder": "windows/eulas", + "build_output_subfolder": "eula-vsts", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, { "docset_name": "gdpr", "build_source_folder": "gdpr", @@ -508,14 +524,18 @@ "master": [ "Publish", "Pdf" + ], + "atp-api-danm": [ + "Publish", + "Pdf" ] }, "need_generate_pdf_url_template": true, - "need_generate_pdf": false, - "need_generate_intellisense": false, - "Targets": { + "targets": { "Pdf": { "template_folder": "_themes.pdf" } - } + }, + "need_generate_pdf": false, + "need_generate_intellisense": false } \ No newline at end of file diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 85b9e8d303..dc7228cc3e 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -1,6 +1,151 @@ { "redirections": [ { +"source_path": "windows/application-management/msix-app-packaging-tool-walkthrough.md", +"redirect_url": "https://docs.microsoft.com/windows/msix/mpt-overview", +"redirect_document_id": true +}, +{ +"source_path": "browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md", +"redirect_url": "https://docs.microsoft.com/microsoft-edge/deploy/emie-to-improve-compatibility", +"redirect_document_id": true +}, +{ +"source_path": "windows/deployment/update/windows-update-sources.md", +"redirect_url": "/windows/deployment/update/how-windows-update-works", +"redirect_document_id": true +}, +{ +"source_path": "browsers/edge/hardware-and-software-requirements.md", +"redirect_url": "https://docs.microsoft.com/microsoft-edge/deploy/about-microsoft-edge", +"redirect_document_id": true +}, +{ +"source_path": "browsers/edge/security-enhancements-microsoft-edge.md", +"redirect_url": "https://docs.microsoft.com/microsoft-edge/deploy/group-policies/security-privacy-management-gp", +"redirect_document_id": true +}, +{ +"source_path": "browsers/edge/new-policies.md", +"redirect_url": "https://docs.microsoft.com/microsoft-edge/deploy/change-history-for-microsoft-edge", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/intelligence/av-tests.md", +"redirect_url": "/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/information-protection/bitlocker/protect-bitlocker-from-pre-boot-attacks.md", +"redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-countermeasures", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/information-protection/bitlocker/types-of-attacks-for-volume-encryption-keys.md", +"redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-countermeasures", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/information-protection/bitlocker/choose-the-right-bitlocker-countermeasure.md", +"redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-countermeasures", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/intelligence/transparency-report.md", +"redirect_url": "/windows/security/threat-protection/intelligence/av-tests", +"redirect_document_id": true +}, +{ +"source_path": "windows/deployment/update/waas-windows-insider-for-business-aad.md", +"redirect_url": "https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-add", +"redirect_document_id": true +}, +{ +"source_path": "windows/deployment/update/waas-windows-insider-for-business-faq.md", +"redirect_url": "https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-get-started", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/identity-protection/how-hardware-based-containers-help-protect-windows.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/how-hardware-based-containers-help-protect-windows", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/hardware-protection/how-hardware-based-containers-help-protect-windows.md", +"redirect_url": "/windows/security/identity-protection/how-hardware-based-containers-help-protect-windows", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/hardware-protection/encrypted-hard-drive.md", +"redirect_url": "/windows/security/information-protection/encrypted-hard-drive", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/hardware-protection/secure-the-windows-10-boot-process.md", +"redirect_url": "/windows/security/information-protection/secure-the-windows-10-boot-process", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/hardware-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md", +"redirect_url": "/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/hardware-protection/tpm/change-the-tpm-owner-password.md", +"redirect_url": "/windows/security/information-protection/tpm/change-the-tpm-owner-password", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/hardware-protection/tpm/how-windows-uses-the-tpm.md", +"redirect_url": "/windows/security/information-protection/tpm/how-windows-uses-the-tpm", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/hardware-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md", +"redirect_url": "/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/hardware-protection/tpm/manage-tpm-commands.md", +"redirect_url": "/windows/security/information-protection/tpm/manage-tpm-commands", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/hardware-protection/tpm/manage-tpm-lockout.md", +"redirect_url": "/windows/security/information-protection/tpm/manage-tpm-lockout", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/hardware-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md", +"redirect_url": "/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/hardware-protection/tpm/tpm-fundamentals.md", +"redirect_url": "/windows/security/information-protection/tpm/tpm-fundamentals", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/hardware-protection/tpm/tpm-recommendations.md", +"redirect_url": "/windows/security/information-protection/tpm/tpm-recommendations", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/hardware-protection/tpm/trusted-platform-module-overview.md", +"redirect_url": "/windows/security/information-protection/tpm/trusted-platform-module-overview", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/hardware-protection/tpm/trusted-platform-module-services-group-policy-settings.md", +"redirect_url": "/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/hardware-protection/tpm/trusted-platform-module-top-node.md", +"redirect_url": "/windows/security/information-protection/tpm/trusted-platform-module-top-node", +"redirect_document_id": true +}, +{ "source_path": "windows/deployment/update/waas-windows-insider-for-business.md", "redirect_url": "/windows-insider/at-work-pro/wip-4-biz-get-started", "redirect_document_id": true @@ -5176,11 +5321,6 @@ "redirect_document_id": true }, { -"source_path": "windows/configuration/basic-level-windows-diagnostic-events-and-fields-1803.md", -"redirect_url": "/windows/configuration/basic-level-windows-diagnostic-events-and-fields", -"redirect_document_id": true -}, -{ "source_path": "windows/configuration/windows-diagnostic-data-1709.md", "redirect_url": "/windows/configuration/windows-diagnostic-data", "redirect_document_id": true @@ -5211,6 +5351,11 @@ "redirect_document_id": true }, { +"source_path": "windows/client-management/mdm/policy-csp-location.md", +"redirect_url": "/windows/client-management/mdm/policy-configuration-service-provider", +"redirect_document_id": false +}, +{ "source_path": "windows/keep-secure/add-apps-to-protected-list-using-custom-uri.md", "redirect_url": "/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune", "redirect_document_id": false @@ -5276,11 +5421,36 @@ "redirect_document_id": true }, { +"source_path": "devices/surface/manage-surface-dock-firmware-updates.md", +"redirect_url": "devices/surface/update", +"redirect_document_id": true +}, +{ "source_path": "devices/surface-hub/i-am-done-finishing-your-surface-hub-meeting.md", "redirect_url": "/surface-hub/finishing-your-surface-hub-meeting", "redirect_document_id": true }, { +"source_path": "devices/hololens/hololens-microsoft-layout-app.md", +"redirect_url": "/hololens/hololens-microsoft-dynamics-365-layout-app", +"redirect_document_id": true +}, +{ +"source_path": "devices/hololens/hololens-microsoft-dynamics-365-layout-app.md", +"redirect_url": "https://docs.microsoft.com/dynamics365/mixed-reality/layout/", +"redirect_document_id": true +}, +{ +"source_path": "devices/hololens/hololens-microsoft-remote-assist-app.md", +"redirect_url": "https://docs.microsoft.com/dynamics365/mixed-reality/remote-assist/", +"redirect_document_id": true +}, +{ +"source_path": "devices/hololens/hololens-public-preview-apps.md", +"redirect_url": "https://docs.microsoft.com/dynamics365/#pivot=mixed-reality-apps", +"redirect_document_id": true +}, +{ "source_path": "devices/surface-hub/provisioning-packages-for-certificates-surface-hub.md", "redirect_url": "/surface-hub/provisioning-packages-for-surface-hub", "redirect_document_id": true @@ -6556,6 +6726,26 @@ "redirect_document_id": true }, { +"source_path": "windows/configuration/kiosk-shared-pc.md", +"redirect_url": "/windows/configuration/kiosk-methods", +"redirect_document_id": true +}, +{ +"source_path": "windows/configuration/setup-kiosk-digital-signage.md", +"redirect_url": "/windows/configuration/kiosk-single-app", +"redirect_document_id": true +}, +{ +"source_path": "windows/configuration/multi-app-kiosk-xml.md", +"redirect_url": "/windows/configuration/kiosk-xml", +"redirect_document_id": true +}, +{ +"source_path": "windows/configuration/multi-app-kiosk-troubleshoot.md", +"redirect_url": "/windows/configuration/kiosk-troubleshoot", +"redirect_document_id": true +}, +{ "source_path": "windows/configure/lock-down-windows-10-to-specific-apps.md", "redirect_url": "/windows/configuration/lock-down-windows-10-to-specific-apps", "redirect_document_id": true @@ -6676,11 +6866,6 @@ "redirect_document_id": true }, { -"source_path": "windows/configuration/multi-app-kiosk-xml.md", -"redirect_url": "windows/configuration/kiosk-xml.md", -"redirect_document_id": true -}, -{ "source_path": "windows/configure/provisioning-uninstall-package.md", "redirect_url": "/windows/configuration/provisioning-packages/provisioning-uninstall-package", "redirect_document_id": true @@ -6736,6 +6921,11 @@ "redirect_document_id": true }, { +"source_path": "windows/configuration/start-taskbar-lockscreen.md", +"redirect_url": "/windows/configuration/windows-10-start-layout-options-and-policies", +"redirect_document_id": true +}, +{ "source_path": "windows/configure/stop-employees-from-using-the-windows-store.md", "redirect_url": "/windows/configuration/stop-employees-from-using-the-windows-store", "redirect_document_id": true @@ -13491,11 +13681,6 @@ "redirect_document_id": true }, { -"source_path": "windows/update/waas-windows-insider-for-business-faq.md", -"redirect_url": "/windows/deployment/update/waas-windows-insider-for-business-faq", -"redirect_document_id": true -}, -{ "source_path": "windows/update/waas-windows-insider-for-business.md", "redirect_url": "/windows/deployment/update/waas-windows-insider-for-business", "redirect_document_id": true @@ -13641,6 +13826,11 @@ "redirect_document_id": true }, { +"source_path": "windows/privacy/basic-level-windows-diagnostic-events-and-fields.md", +"redirect_url": "/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809", +"redirect_document_id": true +}, +{ "source_path": "windows/configuration/basic-level-windows-diagnostic-events-and-fields-1703.md", "redirect_url": "/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703", "redirect_document_id": true @@ -13705,5 +13895,15 @@ "redirect_url": "/education/windows/autopilot-reset", "redirect_document_id": true }, +{ +"source_path": "windows/deployment/windows-autopilot/windows-10-autopilot.md", +"redirect_url": "/windows/deployment/windows-autopilot/windows-autopilot", +"redirect_document_id": true +}, +{ +"source_path": "windows/privacy/manage-windows-endpoints.md", +"redirect_url": "/windows/privacy/manage-windows-1809-endpoints", +"redirect_document_id": true +} ] } diff --git a/README.md b/README.md index 01059ee91d..824a7c6d56 100644 --- a/README.md +++ b/README.md @@ -1,26 +1,3 @@ ## Microsoft Open Source Code of Conduct - This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). -For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. - -# Windows IT professional documentation - -Welcome! This repository houses the docs that are written for IT professionals for the following products: - -- [Windows 10](https://technet.microsoft.com/itpro/windows) -- [Internet Explorer 11](https://technet.microsoft.com/itpro/internet-explorer) -- [Microsoft Edge](https://technet.microsoft.com/itpro/microsoft-edge) -- [Surface](https://technet.microsoft.com/itpro/surface) -- [Surface Hub](https://technet.microsoft.com/itpro/surface-hub) -- [Windows 10 for Education](https://technet.microsoft.com/edu/windows) -- [HoloLens](https://technet.microsoft.com/itpro/hololens) -- [Microsoft Desktop Optimization Pack](https://technet.microsoft.com/itpro/mdop) - -## Contributing - -We actively merge contributions into this repository via [pull request](https://help.github.com/articles/using-pull-requests/) into the *master* branch. -If you are not a Microsoft employee, before you submit a pull request you must [sign a Contribution License Agreement](https://cla.microsoft.com/) to ensure that the community is free to use your submissions. -For more information on contributing, read our [contributions guide](CONTRIBUTING.md). - - -This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information, see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. +For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. \ No newline at end of file diff --git a/[!NOTE] b/[!NOTE] deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/browsers/edge/Index.md b/browsers/edge/Index.md deleted file mode 100644 index 214a02e1d0..0000000000 --- a/browsers/edge/Index.md +++ /dev/null @@ -1,72 +0,0 @@ ---- -description: Overview information about Microsoft Edge, the default browser for Windows 10. This topic includes links to other Microsoft Edge topics. -ms.assetid: 70377735-b2f9-4b0b-9658-4cf7c1d745bb -author: shortpatti -ms.prod: edge -ms.mktglfcycl: general -ms.sitesec: library -title: Microsoft Edge - Deployment Guide for IT Pros (Microsoft Edge for IT Pros) -ms.localizationpriority: high -ms.date: 10/16/2017 ---- - -# Microsoft Edge - Deployment Guide for IT Pros - -**Applies to:** - -- Windows 10 -- Windows 10 Mobile - ->Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare). - -Microsoft Edge is the new, default web browser for Windows 10, helping you to experience modern web standards, better performance, improved security, and increased reliability. Microsoft Edge also introduces new features like Web Note, Reading View, and Cortana that you can use along with your normal web browsing abilities. - -Microsoft Edge lets you stay up-to-date through the Microsoft Store and to manage your enterprise through Group Policy or your mobile device management (MDM) tools. - ->[!Note] ->For more information about the potential impact of using Microsoft Edge in a large organization, refer to the [Measuring the impact of Microsoft Edge](https://www.microsoft.com/itpro/microsoft-edge/technical-benefits) topic on the Microsoft Edge IT Center. - ->If you are looking for Internet Explorer 11 content, please visit the [Internet Explorer 11 (IE11)](https://docs.microsoft.com/en-us/internet-explorer/) area. - -## In this section - -| Topic | Description | -| -----------------------| ----------------------------------- | -|[Change history for Microsoft Edge](change-history-for-microsoft-edge.md) |Lists new and updated topics in the Microsoft Edge documentation for both Windows 10 and Windows 10 Mobile. | -|[Enterprise guidance about using Microsoft Edge and Internet Explorer 11](enterprise-guidance-using-microsoft-edge-and-ie11.md) |Guidance about how to use both Microsoft Edge and Internet Explorer 11 in your enterprise.| -| [Microsoft Edge requirements and language support](hardware-and-software-requirements.md) |Microsoft Edge is pre-installed on all Windows 10-capable devices that meet the minimum system requirements and are on the supported language list.| -| [Available policies for Microsoft Edge](available-policies.md) |Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings.

Group Policy objects (GPO's) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences. By using Group Policy and Intune, you can set up a policy setting once, and then copy that setting onto many computers. For example, you can set up multiple security settings in a GPO that's linked to a domain, and then apply all of those settings to every computer in the domain. | -| [Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md) |If you have specific web sites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the web sites will automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work properly with Microsoft Edge, you can set all intranet sites to automatically open using IE11.

Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11. | -| [Security enhancements for Microsoft Edge](security-enhancements-microsoft-edge.md) |Microsoft Edge is designed with significant security improvements over existing browsers, helping to defend people from increasingly sophisticated and prevalent web-based attacks against Windows. | -|[Microsoft Edge Frequently Asked Questions (FAQs)](microsoft-edge-faq.md)|Answering frequently asked questions about Microsoft Edge features, integration, support, and potential problems. - -## Interoperability goals and enterprise guidance - -Our primary goal is that your modern websites work in Microsoft Edge. To that end, we've made Microsoft Edge the default browser. - -However, if you're running web apps that continue to use: - -* ActiveX controls - -* x-ua-compatible headers - -* <meta> tags - -* Enterprise mode or compatibility view to address compatibility issues - -* legacy document modes - -You'll need to keep running them using IE11. If you don't have IE11 installed anymore, you can download it from the Microsoft Store or from the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956). Alternatively, you can also use Enterprise Mode with Microsoft Edge to transition only the sites that need these technologies to load in IE11. For info about Enterprise Mode and Edge, see [Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md). - -## Related topics - -- [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/download/details.aspx?id=55956) - -- [Total Economic Impact of Microsoft Edge: Forrester Study](https://www.microsoft.com/download/details.aspx?id=55847) - -- [Download Internet Explorer 11](https://go.microsoft.com/fwlink/p/?linkid=290956) - -- [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](https://go.microsoft.com/fwlink/p/?LinkId=760644) - -- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](https://go.microsoft.com/fwlink/p/?LinkId=760646) - diff --git a/browsers/edge/TOC.md b/browsers/edge/TOC.md index 9a9115a9ac..3314f77577 100644 --- a/browsers/edge/TOC.md +++ b/browsers/edge/TOC.md @@ -1,9 +1,33 @@ -#[Microsoft Edge - Deployment Guide for IT Pros](index.md) -##[Change history for Microsoft Edge](change-history-for-microsoft-edge.md) -##[Enterprise guidance about using Microsoft Edge and Internet Explorer 11](enterprise-guidance-using-microsoft-edge-and-ie11.md) -##[Microsoft Edge requirements and language support](hardware-and-software-requirements.md) -##[Available policies for Microsoft Edge](available-policies.md) -##[Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md) -##[Security enhancements for Microsoft Edge](security-enhancements-microsoft-edge.md) -##[Microsoft Edge Frequently Asked Questions (FAQs)](microsoft-edge-faq.md) +# [Microsoft Edge deployment for IT Pros](index.yml) + +## [System requirements and supported languages](about-microsoft-edge.md) + +## [Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md) + +## [Deploy Microsoft Edge kiosk mode](microsoft-edge-kiosk-mode-deploy.md) + +## [Group policies & configuration options](group-policies/index.yml) +### [Address bar](group-policies/address-bar-settings-gp.md) +### [Adobe Flash](group-policies/adobe-settings-gp.md) +### [Books Library](group-policies/books-library-management-gp.md) +### [Browser experience](group-policies/browser-settings-management-gp.md) +### [Developer tools](group-policies/developer-settings-gp.md) +### [Extensions](group-policies/extensions-management-gp.md) +### [Favorites](group-policies/favorites-management-gp.md) +### [Home button](group-policies/home-button-gp.md) +### [Interoperability and enterprise mode guidance](group-policies/interoperability-enterprise-guidance-gp.md) +### [Kiosk mode deployment in Microsoft Edge](microsoft-edge-kiosk-mode-deploy.md) +### [New Tab page](group-policies/new-tab-page-settings-gp.md) +### [Prelaunch Microsoft Edge and preload tabs](group-policies/prelaunch-preload-gp.md) +### [Search engine customization](group-policies/search-engine-customization-gp.md) +### [Security and privacy](group-policies/security-privacy-management-gp.md) +### [Start page](group-policies/start-pages-gp.md) +### [Sync browser](group-policies/sync-browser-settings-gp.md) +### [Telemetry and data collection](group-policies/telemetry-management-gp.md) + + +## [Change history for Microsoft Edge](change-history-for-microsoft-edge.md) + +## [Microsoft Edge Frequently Asked Questions (FAQs)](microsoft-edge-faq.md) + diff --git a/browsers/edge/hardware-and-software-requirements.md b/browsers/edge/about-microsoft-edge.md similarity index 82% rename from browsers/edge/hardware-and-software-requirements.md rename to browsers/edge/about-microsoft-edge.md index 307e1293de..deef9f2c1a 100644 --- a/browsers/edge/hardware-and-software-requirements.md +++ b/browsers/edge/about-microsoft-edge.md @@ -1,28 +1,29 @@ --- -description: Microsoft Edge is pre-installed on all Windows 10-capable devices that meet the minimum system requirements and are on the supported language list. -ms.assetid: 3c5bc4c4-1060-499e-9905-2504ea6dc6aa +title: Microsoft Edge system and language requirements +description: Overview information about Microsoft Edge, the default browser for Windows 10. This topic includes links to other Microsoft Edge topics. +ms.assetid: 70377735-b2f9-4b0b-9658-4cf7c1d745bb author: shortpatti ms.prod: edge -ms.mktglfcycl: support +ms.mktglfcycl: general +ms.topic: reference ms.sitesec: library -ms.pagetype: appcompat -title: Microsoft Edge requirements and language support (Microsoft Edge for IT Pros) +title: Microsoft Edge for IT Pros ms.localizationpriority: medium -ms.date: 07/27/2017 +ms.date: 10/02/2018 --- -# Microsoft Edge requirements and language support +# Microsoft Edge system and language requirements +>Applies to: Microsoft Edge on Windows 10 and Windows 10 Mobile ->Applies to: Windows 10, Windows 10 Mobile +Microsoft Edge is the new, default web browser for Windows 10, helping you to experience modern web standards, better performance, improved security, and increased reliability. Microsoft Edge lets you stay up-to-date through the Microsoft Store and to manage your enterprise through Group Policy or your mobile device management (MDM) tools. -Microsoft Edge is pre-installed on all Windows 10-capable devices that meet the minimum system requirements and are on the supported language list. +>[!IMPORTANT] +>The Long-Term Servicing Branch (LTSB) versions of Windows, including Windows Server 2016, don’t include Microsoft Edge or many other Universal Windows Platform (UWP) apps. Systems running the LTSB operating systems do not support these apps because their services get frequently updated with new functionality. For customers who require the LTSB for specialized devices, we recommend using Internet Explorer 11. ->[!NOTE] ->The Long-Term Servicing Branch (LTSB) versions of Windows, including Windows Server 2016, don't include Microsoft Edge or many other Universal Windows Platform (UWP) apps. These apps and their services are frequently updated with new functionality, and can't be supported on systems running the LTSB operating systems. For customers who require the LTSB for specialized devices, we recommend using Internet Explorer 11. ## Minimum system requirements -Some of the components in this table might also need additional system resources. Check the component's documentation for more information. +Some of the components might also need additional system resources. Check the component's documentation for more information. | Item | Minimum requirements | @@ -35,13 +36,14 @@ Some of the components in this table might also need additional system resources | Display | Super VGA (800 x 600) or higher-resolution monitor with 256 colors | | Graphics card | Microsoft DirectX 9 or later with Windows Display Driver Model (WDDM) 1.0 driver | | Peripherals | Internet connection and a compatible pointing device | - +---   ## Supported languages +Microsoft Edge supports all of the same languages as Windows 10 and you can use the [Microsoft Translator extension](https://www.microsoft.com/en-us/p/translator-for-microsoft-edge/9nblggh4n4n3) to translate foreign language web pages and text selections for 60+ languages. -Microsoft Edge supports all of the same languages as Windows 10, including: +If the extension does not work after install, restart Microsoft Edge. If the extension still does not work, provide feedback through the Feedback Hub. | Language | Country/Region | Code | @@ -156,12 +158,4 @@ Microsoft Edge supports all of the same languages as Windows 10, including: | Welsh | United Kingdom | cy-GB | | Wolof | Senegal | wo-SN | | Yoruba | Nigeria | yo-NG | - -  - -  - -  - - - +--- \ No newline at end of file diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md index 7c3c8a5909..e62e7d861d 100644 --- a/browsers/edge/available-policies.md +++ b/browsers/edge/available-policies.md @@ -1,656 +1,221 @@ --- -description: Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. +description: You can customize your organization’s browser settings in Microsoft Edge with Group Policy or Microsoft Intune, or other MDM service. When you do this, you set the policy once and then copy it onto many computers—that is, touch once, configure many. ms.assetid: 2e849894-255d-4f68-ae88-c2e4e31fa165 author: shortpatti ms.author: pashort -manager: elizapo +manager: dougkim ms.prod: edge ms.mktglfcycl: explore +ms.topic: reference ms.sitesec: library title: Group Policy and Mobile Device Management settings for Microsoft Edge (Microsoft Edge for IT Pros) ms.localizationpriority: medium -ms.date: 4/30/2018 +ms.date: 10/29/2018 --- # Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge -> Applies to: Windows 10, Windows 10 Mobile +> Applies to: Microsoft Edge on Windows 10 and Windows 10 Mobile -Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. Group Policy objects (GPOs) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences. +You can customize your organization’s browser settings in Microsoft Edge with Group Policy or Microsoft Intune, or other MDM service. When you do this, you set the policy once and then copy it onto many computers—that is, touch once, configure many. For example, you can set up multiple security settings in a Group Policy Object (GPO) linked to a domain, and then apply those settings to every computer in the domain. -By using Group Policy and Intune, you can set up a policy setting once, and then copy that setting onto many computers. For example, you can set up multiple security settings in a GPO that is linked to a domain, and then apply all of those settings to every computer in the domain. +Other policy settings in Microsoft Edge include allowing Adobe Flash content to play automatically, provision a favorites list, set default search engine, and more. You configure a Group Policy setting in the Administrative Templates folders, which are registry-based policy settings that Group Policy enforces. Group Policy stores these settings in a specific registry location, which users cannot change. Also, Group Policy-aware Windows features and applications look for these settings in the registry, and if found the policy setting gets used instead of the regular settings. -> [!NOTE] -> For more info about the tools you can use to change your Group Policy objects, see the Internet Explorer 11 topics, [Group Policy and the Group Policy Management Console (GPMC)](https://go.microsoft.com/fwlink/p/?LinkId=617921), [Group Policy and the Local Group Policy Editor](https://go.microsoft.com/fwlink/p/?LinkId=617922), [Group Policy and the Advanced Group Policy Management (AGPM)](https://go.microsoft.com/fwlink/p/?LinkId=617923), and [Group Policy and Windows PowerShell](https://go.microsoft.com/fwlink/p/?LinkId=617924). +**_You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor:_** + +      *Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\* +When you edit a Group Policy setting, you have the following configuration options: -Microsoft Edge works with the following Group Policy settings to help you manage your company's web browser configurations. The Group Policy settings are found in the Group Policy Editor in the following location: +- **Enabled** - writes the policy setting to the registry with a value that enables it. +- **Disabled** - writes the policy setting to the registry with a value that disables it. +- **Not configured** - leaves the policy setting undefined. Group Policy does not write the policy setting to the registry and has no impact on computers or users. + +Some policy settings have additional options you can configure. For example, if you want to set the default search engine, set the Start page, or configure the Enterprise Mode Site List, you would type the URL. -Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge\ ## Allow a shared books folder ->*Supported versions: Windows 10, version 1803*
->*Default setting: None* - -You can configure Microsoft Edge to store books from the Books Library to a default, shared folder for Windows, which decreases the amount of storage used by book files. When you enable this policy, Microsoft Edge downloads book files automatically to a common, shared folder, and prevents users from removing the book from the library. For this policy to work properly, users must be signed in with a school or work account. - -If you disable or don’t configure this policy, Microsoft Edge does not use a shared folder but downloads book files to a per-user folder for each user. - - - -**MDM settings in Microsoft Intune** -| | | -|---|---| -|MDM name |Browser/[UseSharedFolderForBooks](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-usesharedfolderforbooks) | -|Supported devices |Desktop | -|URI full path |./Vendor/MSFT/Policy/Config/Browser/UseSharedFolderForBooks | -|Data type |Integer | -|Allowed values | | - +[!INCLUDE [allow-shared-folder-books-include.md](includes/allow-shared-folder-books-include.md)] ## Allow Address bar drop-down list suggestions ->*Supported versions: Windows 10, version 1703 or later* +[!INCLUDE [allow-address-bar-suggestions-include.md](includes/allow-address-bar-suggestions-include.md)] -By default, Microsoft Edge shows the Address bar drop-down list and makes it available. If you want to minimize network connections from Microsoft Edge to Microsoft service, we recommend disabling this policy. Disabling this policy turns off the Address bar drop-down list functionality. - -When disabled, Microsoft Edge also disables the user-defined policy Show search and site suggestions as I type. Because the drop-down shows the search suggestions, this policy takes precedence over the [Configure search suggestions in Address bar](https://docs.microsoft.com/en-us/microsoft-edge/deploy/available-policies#configure-search-suggestions-in-address-bar) policy. - -**Microsoft Intune to manage your MDM settings** -| | | -|---|---| -|MDM name |Browser/[AllowAddressBarDropdown](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowaddressbardropdown) | -|Supported devices |Desktop | -|URI full path | ./Vendor/MSFT/Policy/Config/Browser/AllowAddressBarDropdown | -|Data type | Integer | -|Allowed values | | - - -## Allow Adobe Flash ->*Supported version: Windows 10* - -Adobe Flash is integrated with Microsoft Edge and updated via Windows Update. With this policy, you can configure Microsoft Edge to run Adobe Flash content or prevent Adobe Flash from running. - -**Microsoft Intune to manage your MDM settings** -| | | -|---|---| -|MDM name |[AllowFlash](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflash) | -|Supported devices |Desktop | -|URI full path | ./Vendor/MSFT/Policy/Config/Browser/AllowAdobeFlash | -|Data type | Integer | -|Allowed values | | +## Allow Adobe Flash +[!INCLUDE [allow-adobe-flash-include.md](includes/allow-adobe-flash-include.md)] ## Allow clearing browsing data on exit ->*Supported versions: Windows 10, version 1703* - -By default, Microsoft Edge does not clear the browsing data on exit, but users can configure the _Clear browsing data_ option in Settings. Browsing data includes information you entered in forms, passwords, and even the websites visited. Enable this policy if you want to clear the browsing data automatically each time Microsoft Edge closes. - - -**Microsoft Intune to manage your MDM settings** -| | | -|---|---| -|MDM name |[ClearBrowsingDataOnExit](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-clearbrowsingdataonexit) | -|Supported devices |Desktop | -|URI full path | ./Vendor/MSFT/Policy/Config/Browser/ClearBrowsingDataOnExit | -|Data type | Integer | -|Allowed values | | - +[!INCLUDE [allow-clearing-browsing-data-include.md](includes/allow-clearing-browsing-data-include.md)] ## Allow configuration updates for the Books Library ->*Supported versions: Windows 10, version 1803*
->*Default setting: Enabled or not configured* - -Microsoft Edge automatically retrieves the configuration data for the Books Library, when this policy is enabled or -not configured. If disabled, Microsoft Edge does not retrieve the Books configuration data. - -**MDM settings in Microsoft Intune** -| | | -|---|---| -|MDM name |Browser/[AllowConfigurationUpdateForBooksLibrary](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary) | -|Supported devices |Desktop | -|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowConfigurationUpdateForBooksLibrary | -|Data type |Integer | -|Allowed values | | - +[!INCLUDE [allow-config-updates-books-include.md](includes/allow-config-updates-books-include.md)] ## Allow Cortana ->*Supported versions: Windows 10, version 1607 or later* - -Cortana is integrated with Microsoft Edge, and when enabled, Cortana allows you to use the voice assistant on your device. If disabled, Cortana is not available for use, but you can search to find items on your device. - -**Microsoft Intune to manage your MDM settings** -| | | -|---|---| -|MDM name |[AllowCortana](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowcortana) | -|Supported devices |Mobile | -|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowCortana | -|Location |Computer Configuration\Administrative Templates\Windows Components\Search\AllowCortana | -|Data type | Integer | -|Allowed values | | +[!INCLUDE [allow-cortana-include.md](includes/allow-cortana-include.md)] ## Allow Developer Tools ->*Supported versions: Windows 10, version 1511 or later* - -F12 developer tools is a suite of tools to help you build and debug your webpage. By default, this policy is enabled making the F12 Developer Tools available to use. - -**Microsoft Intune to manage your MDM settings** -| | | -|---|---| -|MDM name |[AllowDeveloperTools](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdevelopertools) | -|Supported devices |Desktop | -|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowDeveloperTools | -|Data type | Integer | -|Allowed values | | +[!INCLUDE [allow-dev-tools-include.md](includes/allow-dev-tools-include.md)] ## Allow extended telemetry for the Books tab ->*Supported versions: Windows 10, version 1803*
->*Default setting: Disabled or not configured* - -If you enable this policy, both basic and additional diagnostic data is sent to Microsoft about the books you are -reading from Books in Microsoft Edge. By default, this policy is disabled or not configured and only basic -diagnostic data, depending on your device configuration, is sent to Microsoft. - -**MDM settings in Microsoft Intune** -| | | -|---|---| -|MDM name |Browser/[EnableExtendedBooksTelemetry](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry) | -|Supported devices |Desktop | -|URI full path |./Vendor/MSFT/Policy/Config/Browser/EnableExtendedBooksTelemetry | -|Data type |Integer | -|Allowed values | | - +[!INCLUDE [allow-ext-telemetry-books-tab-include.md](includes/allow-ext-telemetry-books-tab-include.md)] ## Allow Extensions ->*Supported versions: Windows 10, version 1607 or later* +[!INCLUDE [allow-extensions-include.md](includes/allow-extensions-include.md)] -If you enable this policy, you can personalize and add new features to Microsoft Edge with extensions. By default, this policy is enabled. If you want to prevent others from installing unwanted extensions, disable this policy. - -**Microsoft Intune to manage your MDM settings** -| | | -|---|---| -|MDM name |[AllowExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowextensions) | -|Supported devices |Desktop | -|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowExtensions | -|Data type | Integer | -|Allowed values | | +## Allow fullscreen mode +[!INCLUDE [allow-full-screen-include](includes/allow-full-screen-include.md)] ## Allow InPrivate browsing ->*Supported versions: Windows 10, version 1511 or later* - -InPrivate browsing, when enabled, prevents your browsing data is not saved on your device. Microsoft Edge deletes temporary data from your device after all your InPrivate tabs are closed. - -**Microsoft Intune to manage your MDM settings** -| | | -|---|---| -|MDM name |[AllowInPrivate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowinprivate) | -|Supported devices |Desktop
Mobile | -|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowInPrivate | -|Data type | Integer | -|Allowed values | | +[!INCLUDE [allow-inprivate-browsing-include.md](includes/allow-inprivate-browsing-include.md)] ## Allow Microsoft Compatibility List ->*Supported versions: Windows 10, version 1703 or later* +[!INCLUDE [allow-microsoft-compatibility-list-include.md](includes/allow-microsoft-compatibility-list-include.md)] -Microsoft Edge uses the compatibility list that helps websites with known compatibility issues display properly. When enabled, Microsoft Edge checks the list to determine if the website has compatibility issues during browser navigation. By default, this policy is enabled allowing periodic downloads and installation of updates. Visiting any site on the Microsoft compatibility list prompts the employee to use Internet Explorer 11, where the site renders as though it is in whatever version of IE is necessary for it to appear properly. If disabled, the compatibility list is not used. +## Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed +[!INCLUDE [allow-prelaunch-include](includes/allow-prelaunch-include.md)] +## Allow Microsoft Edge to load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed +[!INCLUDE [allow-tab-preloading-include](includes/allow-tab-preloading-include.md)] -**Microsoft Intune to manage your MDM settings** -| | | -|---|---| -|MDM name |[AllowMicrosoftCompatibilityList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowmicrosoftcompatibilitylist) | -|Supported devices |Desktop
Mobile | -|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowMicrosoftCompatibilityList | -|Data type | Integer | -|Allowed values | | +## Allow printing +[!INCLUDE [allow-printing-include.md](includes/allow-printing-include.md)] + +## Allow Saving History +[!INCLUDE [allow-saving-history-include.md](includes/allow-saving-history-include.md)] ## Allow search engine customization ->*Supported versions: Windows 10, version 1703 or later* +[!INCLUDE [allow-search-engine-customization-include.md](includes/allow-search-engine-customization-include.md)] -This policy setting allows search engine customization for domain-joined or MDM-enrolled devices only. For example, you can change the default search engine or add a new search engine. By default, this setting is enabled allowing you to add new search engines and change the default under Settings. If disabled, you cannot add search engines or change the default. - -For more information, see [Microsoft browser extension policy](https://docs.microsoft.com/en-us/legal/windows/agreements/microsoft-browser-extension-policy). - -**Microsoft Intune to manage your MDM settings** -| | | -|---|---| -|MDM name |[AllowSearchEngineCustomization](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchenginecustomization) | -|Supported devices |Desktop
Mobile | -|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowSearchEngineCustomization | -|Data type | Integer | -|Allowed values | | +## Allow sideloading of Extensions +[!INCLUDE [allow-sideloading-extensions-include.md](includes/allow-sideloading-extensions-include.md)] ## Allow web content on New Tab page ->*Supported versions: Windows 10* - -This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens the New Tab page. - -If you enable this setting, Microsoft Edge opens a new tab with the New Tab page. - -If you disable this setting, Microsoft Edge opens a new tab with a blank page. If you use this setting, employees can't change it. - -If you don't configure this setting, employees can choose how new tabs appears. - +[!INCLUDE [allow-web-content-new-tab-page-include.md](includes/allow-web-content-new-tab-page-include.md)] ## Always show the Books Library in Microsoft Edge ->*Supported versions: Windows 10, version 1709 or later* - -This policy settings specifies whether to always show the Books Library in Microsoft Edge. By default, this setting is disabled, which means the library is only visible in countries or regions where available. if enabled, the Books Library is always shown regardless of countries or region of activation. - -**Microsoft Intune to manage your MDM settings** -| | | -|---|---| -|MDM name |[AlwaysEnableBooksLibrary](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) | -|Supported devices |Desktop
Mobile | -|URI full path | ./Vendor/MSFT/Policy/Config/Browser/AlwaysEnableBooksLibrary | -|Data type | Integer | -|Allowed values | | +[!INCLUDE [always-enable-book-library-include.md](includes/always-enable-book-library-include.md)] ## Configure additional search engines ->*Supported versions: Windows 10, version 1703 or later* - -This policy setting, when enabled, lets you add up to five additional search engines. Employees cannot remove these search engines, but they can set any one as the default. By default, this setting is not configured and does not allow additional search engines to be added. If disabled, the search engines added are deleted. - -For each additional search engine, you add, specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/browser/search-provider-discovery/). - -This setting does not set the default search engine. For that, you must use the "Set default search engine" setting. - -**Microsoft Intune to manage your MDM settings** -| | | -|---|---| -|MDM name |[ConfigureAdditionalSearchEngines](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configureadditionalsearchengines) | -|Supported devices |Desktop
Mobile | -|URI full path |./Vendor/MSFT/Policy/Config/Browser/ConfigureAdditionalSearchEngines | -|Data type | Integer | -|Allowed values | | +[!INCLUDE [configure-additional-search-engines-include.md](includes/configure-additional-search-engines-include.md)] ## Configure Autofill ->*Supported versions: Windows 10* +[!INCLUDE [configure-autofill-include.md](includes/configure-autofill-include.md)] -This policy setting specifies whether AutoFill on websites is allowed. By default, this setting is not configured allowing you to choose whether or not to use AutoFill. If enabled, AutoFill is used. If disabled, AutoFill is not used. - -**Microsoft Intune to manage your MDM settings** -| | | -|---|---| -|MDM name |[AllowAutofill](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowautofill) | -|Supported devices |Desktop | -|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowAutofill | -|Data type | Integer | -|Allowed values | | +## Configure collection of browsing data for Microsoft 365 Analytics +[!INCLUDE [configure-browser-telemetry-for-m365-analytics-include](includes/configure-browser-telemetry-for-m365-analytics-include.md)] ## Configure cookies ->*Supported versions: Windows 10* - -This policy setting specifies whether cookies are allowed. By default, this setting is enabled with the Block all cookies and Block only 3rd-party cookies options available. If disabled or not configured, all cookies are allowed from all sites. - -**Microsoft Intune to manage your MDM settings** -| | | -|---|---| -|MDM name |[AllowCookies](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowcookies) | -|Supported devices |Desktop
Mobile | -|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowCookies | -|Data type | Integer | -|Allowed values | | +[!INCLUDE [configure-cookies-include.md](includes/configure-cookies-include.md)] ## Configure Do Not Track ->*Supported versions: Windows 10* - -This policy setting specifies whether Do Not Track requests to websites is allowed. By default, this setting is not configured allowing you to choose if to send tracking information. If enabled, Do Not Track requests are always sent to websites asking for tracking information. If disabled, Do Not Track requests are never sent. - -**Microsoft Intune to manage your MDM settings** -| | | -|---|---| -|MDM name |[AllowDoNotTrack](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdonottrack) | -|Supported devices |Desktop
Mobile | -|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowDoNotTrack | -|Data type | Integer | -|Allowed values | | - +[!INCLUDE [configure-do-not-track-include.md](includes/configure-do-not-track-include.md)] ## Configure Favorites ->*Supported versions: Microsoft Edge on Windows 10, version 1511 or later* -This policy setting lets you configure the default list of Favorites that appear for your employees. Employees can change their favorites by adding or removing items at any time. +[!INCLUDE [configure-favorites-include.md](includes/configure-favorites-include.md)] -If you enable this setting, you can configure what default Favorites appear for your employees. If this setting is enabled, you must also provide a list of Favorites in the Options section. This list is imported after your policy is deployed. +## Configure Favorites Bar +[!INCLUDE [configure-favorites-bar-include.md](includes/configure-favorites-bar-include.md)] -If you disable or don't configure this setting, employees will see the Favorites that they set in the Favorites hub. +## Configure Home Button +[!INCLUDE [configure-home-button-include.md](includes/configure-home-button-include.md)] +## Configure kiosk mode +[!INCLUDE [configure-microsoft-edge-kiosk-mode-include.md](includes/configure-microsoft-edge-kiosk-mode-include.md)] + +## Configure kiosk reset after idle timeout +[!INCLUDE [configure-edge-kiosk-reset-idle-timeout-include.md](includes/configure-edge-kiosk-reset-idle-timeout-include.md)] + +## Configure Open Microsoft Edge With +[!INCLUDE [configure-open-edge-with-include.md](includes/configure-open-edge-with-include.md)] ## Configure Password Manager ->*Supported versions: Windows 10* - -This policy setting specifies whether saving and managing passwords locally on the device is allowed. By default, this setting is enabled allowing you to save their passwords locally. If not configured, you can choose if to save and manage passwords locally. If disabled, saving and managing passwords locally is turned off. - -**Microsoft Intune to manage your MDM settings** -| | | -|---|---| -|MDM name |[AllowPasswordManager](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpasswordmanager) | -|Supported devices |Desktop
Mobile | -|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowPasswordManager | -|Data type | Integer | -|Allowed values | | +[!INCLUDE [configure-password-manager-include.md](includes/configure-password-manager-include.md)] ## Configure Pop-up Blocker ->*Supported versions: Windows 10* - -This policy setting specifies whether pop-up blocker is allowed or enabled. By default, pop-up blocker is turned on. If not configured, you can choose whether to turn on or turn off pop-up blocker. If disabled, pop-up blocker is turned off. - -**Microsoft Intune to manage your MDM settings** -| | | -|---|---| -|MDM name |[AllowPopups](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpopups) | -|Supported devices |Desktop | -|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowPopups | -|Data type | Integer | -|Allowed values | | +[!INCLUDE [configure-pop-up-blocker-include.md](includes/configure-pop-up-blocker-include.md)] ## Configure search suggestions in Address bar ->*Supported versions: Windows 10* - -This policy setting specifies whether search suggestions are allowed in the address bar. By default, this setting is not configured allowing you to choose whether search suggestions appear in the address bar. If enabled, search suggestions appear. If disabled, search suggestions do not appear. - -**Microsoft Intune to manage your MDM settings** -| | | -|---|---| -|MDM name |[AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchsuggestionsinaddressbar) | -|Supported devices |Desktop
Mobile | -|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowSearchSuggestionsinAddressBar | -|Data type | Integer | -|Allowed values | | +[!INCLUDE [configure-search-suggestions-address-bar-include.md](includes/configure-search-suggestions-address-bar-include.md)] ## Configure Start pages ->*Supported versions: Windows 10, version 1511 or later* - -This policy setting specifies your Start pages for domain-joined or MDM-enrolled devices. By default, this setting is disabled or not configured. Therefore, the Start page is the webpages specified in App settings. If enabled, you can configure one or more corporate Start pages. If enabling this setting, you must include URLs separating multiple pages by using XML-escaped characters < and >, for example, **<\support.contoso.com><\support.microsoft.com>**. - -**Microsoft Intune to manage your MDM settings** -| | | -|---|---| -|MDM name |[HomePages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-homepages) | -|Supported devices |Desktop | -|URI full path |./Vendor/MSFT/Policy/Config/Browser/HomePages | -|Data type |String | -|Allowed values |Configure the Start page (previously known as Home page) URLs for your you. | +[!INCLUDE [configure-start-pages-include.md](includes/configure-start-pages-include.md)] ## Configure the Adobe Flash Click-to-Run setting ->*Supported versions: Windows 10, version 1703 or later* - -This policy setting specifies whether you must take action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. By default, this setting is enabled. When the setting is enabled, you must click the content, Click-to-Run button, or have the site appear on an auto-allow list before the Adobe Flash content loads. If disabled, Adobe Flash loads and runs automatically. - -**Microsoft Intune to manage your MDM settings** -| | | -|---|---| -|MDM name |[AllowFlashClickToRun](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun) | -|Supported devices |Desktop | -|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowFlashClickToRun | -|Data type | Integer | -|Allowed values | | +[!INCLUDE [configure-adobe-flash-click-to-run-include.md](includes/configure-adobe-flash-click-to-run-include.md)] ## Configure the Enterprise Mode Site List ->*Supported versions: Windows 10* - -This policy setting lets you configure whether to use Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy apps. By default, this setting is disabled or not configured, which means the Enterprise Mode Site List is not used. In this case, you might experience compatibility problems while using legacy apps. If enabled, you must add the location to your site list in the **{URI}** box. when enabled, Microsoft Edge looks for the Enterprise Mode Site List XML file, which includes the sites and domains that need to be viewed using Internet Explorer 11 and Enterprise Mode. - ->[!Note] ->If there is a .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server has a different version number than the version in the cache container, the server file is used and stored in the cache container.

->If you already use a site list, enterprise mode continues to work during the 65-second wait; it just uses the existing site list instead of the new one. - -**Microsoft Intune to manage your MDM settings** -| | | -|---|---| -|MDM name |[EnterpriseModeSiteList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) | -|Supported devices |Desktop | -|URI full path |./Vendor/MSFT/Policy/Config/Browser/EnterpriseModeSiteList | -|Data type | String | -|Allowed values | | +[!INCLUDE [configure-enterprise-mode-site-list-include.md](includes/configure-enterprise-mode-site-list-include.md)] ## Configure Windows Defender SmartScreen ->*Supported versions: Windows 10* - -This policy setting specifies whether Windows Defender SmartScreen is allowed. By default, this setting is enabled or turned on, and you cannot turn it off. If disabled, Windows Defender SmartScreen is turned off, and you cannot turn it on. If not configured, you can choose whether to use Windows Defender SmartScreen. - -**Microsoft Intune to manage your MDM settings** -| | | -|---|---| -|MDM name |[AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) | -|Supported devices |Desktop
Mobile | -|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowSmartScreen | -|Data type | Integer | -|Allowed values | | +[!INCLUDE [configure-windows-defender-smartscreen-include.md](includes/configure-windows-defender-smartscreen-include.md)] ## Disable lockdown of Start pages ->*Supported versions: Windows 10, version 1703 or later* +[!INCLUDE [disable-lockdown-of-start-pages-include.md](includes/disable-lockdown-of-start-pages-include.md)] -This policy setting specifies whether the lockdown on the Start pages is disabled on domain-joined or MDM-enrolled devices. By default, this policy is enabled locking down the Start pages according to the settings specified in the Browser/HomePages policy. When enabled, users cannot change the Start pages. If disabled, users can modify the Start pages. - -**Microsoft Intune to manage your MDM settings** -| | | -|---|---| -|MDM name |[DisableLockdownOfStartPages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-disablelockdownofstartpages) | -|Supported devices |Desktop | -|URI full path |./Vendor/MSFT/Policy/Config/Browser/DisableLockdownOfStartPages | -|Data type | Integer | -|Allowed values | | - - ## Do not sync ->*Supported versions: Windows 10* - -This policy setting specifies whether you can use the Sync your Settings option to sync their settings to and from their device. By default, this setting is disabled or not configured, which means the Sync your Settings options are turned on, letting you pick what can sync on their device. If enabled, the Sync your Settings options are turned off and none of the Sync your Setting groups are synced on the device. You can use the Allow users to turn syncing on the option to turn the feature off by default, but to let the employee change this setting. For information about what settings are synced, see [About sync setting on Windows 10 devices](http://windows.microsoft.com/windows-10/about-sync-settings-on-windows-10-devices). - -**Microsoft Intune to manage your MDM settings** -| | | -|---|---| -|MDM name |[AllowSyncMySettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings) | -|Supported devices |Desktop | -|URI full path |./Vendor/MSFT/Policy/Config/Experience/AllowSyncMySettings | -|Location |Computer Configuration\Administrative Templates\Windows Components\sync your settings\Do not sync | -|Data type | Integer | -|Allowed values | | +[!INCLUDE [do-not-sync-include.md](includes/do-not-sync-include.md)] ## Do not sync browser settings ->*Supported versions: Windows 10* - -This policy setting specifies whether a browser group can use the Sync your Settings options to sync their information to and from their device. Settings include information like History and Favorites. By default, this setting is disabled or not configured, which means the Sync your Settings options are turned on, letting browser groups pick what can sync on their device. If enabled, the Sync your Settings options are turned off so that browser groups are unable to sync their settings and info. You can use the Allow users to turn browser syncing on option to turn the feature off by default, but to let the employee change this setting. - -**MDM settings in Microsoft Intune** -| | | -|---|---| -|MDM name |Experience/DoNotSynBrowserSettings | -|Supported devices |Desktop
Mobile | -|URI full path |./Vendor/MSFT/Policy/Config/Experience/DoNotSynBrowserSettings | -|Data type |Integer | -|Allowed values | | +[!INCLUDE [do-not-sync-browser-settings-include.md](includes/do-not-sync-browser-settings-include.md)] ## Keep favorites in sync between Internet Explorer and Microsoft Edge ->*Supported versions: Windows 10, version 1703 or later* - -This policy setting specifies whether favorites are kept in sync between Internet Explorer and Microsoft Edge. Changes to favorites in one browser are reflected in the other, including additions, deletions, modifications, and ordering. By default, this setting is disabled or not configured. When disabled or not configured, you cannot sync their favorites. If enabled, you can sync their favorites and stops Microsoft Edge favorites from syncing between connected Windows 10 devices. This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. - -**Microsoft Intune to manage your MDM settings** -| | | -|---|---| -|MDM name |[SyncFavoritesBetweenIEAndMicrosoftEdge](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-syncfavoritesbetweenieandmicrosoftedge) | -|Supported devices |Desktop | -|URI full path |./Vendor/MSFT/Policy/Config/Browser/SyncFavoritesBetweenIEAndMicrosoftEdge | -|Data type | Integer | -|Allowed values | | +[!INCLUDE [keep-fav-sync-ie-edge-include.md](includes/keep-fav-sync-ie-edge-include.md)] ## Prevent access to the about:flags page ->*Supported versions: Windows 10, version 1607 or later* - -This policy setting specifies whether you can access the about:flags page, which is used to change developer settings and to enable experimental features. By default, this setting is disabled or not configured, which means you can access the about:flags page. If enabled, you cannot access the about:flags page. - -**Microsoft Intune to manage your MDM settings** -| | | -|---|---| -|MDM name |[PreventAccessToAboutFlagsInMicrosoftEdge](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventaccesstoaboutflagsinmicrosoftedge) | -|Supported devices |Desktop | -|URI full path |./Vendor/MSFT/Policy/Config/Browser/PreventAccessToAboutFlagsInMicrosoftEdge | -|Data type | Integer | -|Allowed values | | +[!INCLUDE [prevent-access-about-flag-include.md](includes/prevent-access-about-flag-include.md)] ## Prevent bypassing Windows Defender SmartScreen prompts for files ->*Supported versions: Windows 10, version 1511 or later* - -This policy setting specifies whether you can override the Windows Defender SmartScreen warnings about downloading unverified files. By default, this setting is disabled or not configured (turned off), which means you can ignore the warnings and can continue the download process. If enabled (turned on), you cannot ignore the warnings and blocks them from downloading unverified files. - -**Microsoft Intune to manage your MDM settings** -| | | -|---|---| -|MDM name |[PreventSmartScreenPromptOverrideForFiles](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverrideforfiles) | -|Supported devices |Desktop
Mobile | -|URI full path | ./Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverrideForFiles | -|Data type | Integer | -|Allowed values | | +[!INCLUDE [prevent-bypassing-win-defender-files-include.md](includes/prevent-bypassing-win-defender-files-include.md)] ## Prevent bypassing Windows Defender SmartScreen prompts for sites ->*Supported versions: Windows 10, version 1511 or later* +[!INCLUDE [prevent-bypassing-win-defender-sites-include.md](includes/prevent-bypassing-win-defender-sites-include.md)] -This policy setting specifies whether you can override the Windows Defender SmartScreen warnings about potentially malicious websites. By default, this setting is disabled or not configured (turned off), which means you can ignore the warnings and allows them to continue to the site. If enabled (turned on), you cannot ignore the warnings and blocks them from continuing to the site. - -**Microsoft Intune to manage your MDM settings** -| | | -|---|---| -|MDM name |[PreventSmartScreenPromptOverride](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverride) | -|Supported devices |Desktop
Mobile | -|URI full path |./Vendor/MSFT/Policy/Config/Browser/PreventSmartscreenPromptOverride | -|Data type | Integer | -|Allowed values | | +## Prevent certificate error overrides +[!INCLUDE [prevent-certificate-error-overrides-include.md](includes/prevent-certificate-error-overrides-include.md)] ## Prevent changes to Favorites on Microsoft Edge ->*Supported versions: Windows 10, version 1709* - -This policy setting specifies whether you can add, import, sort, or edit the Favorites list in Microsoft Edge. By default, this setting is disabled or not configured (turned on), which means the Favorites list is not locked down and you can make changes to the Favorites list. If enabled, you cannot make changes to the Favorites list. Also, the Save a Favorite, Import settings, and the context menu items, such as Create a new folder, are turned off. - ->[!Important] ->Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops you from syncing their favorites between Internet Explorer and Microsoft Edge. - -**Microsoft Intune to manage your MDM settings** -| | | -|---|---| -|MDM name |[LockdownFavorites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) | -|Supported devices |Desktop
Mobile | -|URI full path |./Vendor/MSFT/Policy/Config/Browser/LockdownFavorites | -|Data type | Integer | -|Allowed values | | +[!INCLUDE [prevent-changes-to-favorites-include.md](includes/prevent-changes-to-favorites-include.md)] ## Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start ->*Supported versions: Windows 10, version 1703 or later* - -This policy setting specifies whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge. By default, this setting is disabled or not configured (turned off), which means Microsoft servers are contacted if a site is pinned. If enabled (turned on), Microsoft servers are not contacted if a site is pinned. - -**Microsoft Intune to manage your MDM settings** -| | | -|---|---| -|MDM name |[PreventLiveTileDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventlivetiledatacollection) | -|Supported devices |Desktop
Mobile | -|URI full path |./Vendor/MSFT/Policy/Config/Browser/PreventLiveTileDataCollection | -|Data type | Integer | -|Allowed values | | - +[!INCLUDE [prevent-live-tile-pinning-start-include](includes/prevent-live-tile-pinning-start-include.md)] ## Prevent the First Run webpage from opening on Microsoft Edge ->*Supported versions: Windows 10, version 1703 or later* +[!INCLUDE [prevent-first-run-webpage-open-include.md](includes/prevent-first-run-webpage-open-include.md)] -This policy setting specifies whether to enable or disable the First Run webpage. On the first explicit user-launch of Microsoft Edge, the First Run webpage hosted on microsoft.com opens automatically. This policy allows enterprises, such as those enrolled in a zero-emissions configuration, to prevent this page from opening. By default, this setting is disabled or not configured (turned off), which means you see the First Run page. If enabled (turned on), the you do not see the First Run page. +## Prevent turning off required extensions +[!INCLUDE [prevent-turning-off-required-extensions-include.md](includes/prevent-turning-off-required-extensions-include.md)] -**Microsoft Intune to manage your MDM settings** -| | | -|---|---| -|MDM name |[PreventFirstRunPage](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventfirstrunpage) | -|Supported devices |Desktop
Mobile | -|URI full path | ./Vendor/MSFT/Policy/Config/Browser/PreventFirstRunPage | -|Data type | Integer | -|Allowed values | | +## Prevent users from turning on browser syncing +[!INCLUDE [prevent-users-to-turn-on-browser-syncing-include](includes/prevent-users-to-turn-on-browser-syncing-include.md)] ## Prevent using Localhost IP address for WebRTC ->*Supported versions: Windows 10, version 1511 or later* - - -This policy setting specifies whether localhost IP address is visible or hidden while making phone calls to the WebRTC protocol. By default, this setting is disabled or not configured (turned off), which means the localhost IP address is visible. If enabled (turned on), localhost IP addresses are hidden. - -**Microsoft Intune to manage your MDM settings** -| | | -|---|---| -|MDM name |[PreventUsingLocalHostIPAddressForWebRTC](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventusinglocalhostipaddressforwebrtc) | -|Supported devices |Desktop | -|URI full path |./Vendor/MSFT/Policy/Config/Browser/PreventUsingLocalHostIPAddressForWebRTC | -|Data type | Integer | -|Allowed values | | +[!INCLUDE [prevent-localhost-address-for-webrtc-include.md](includes/prevent-localhost-address-for-webrtc-include.md)] ## Provision Favorites ->*Supported versions: Windows 10, version 1709* - -You can configure a default list of favorites that appear for your users in Microsoft Edge. - -If disabled or not configured, a default list of favorites is not defined in Microsoft Edge. In this case, users can customize the Favorites list, such as adding folders for organizing, adding, or removing favorites. - -If enabled, a default list of favorites is defined for users in Microsoft Edge. Users are not allowed to add, import, or change the Favorites list. In this case, the Save a Favorite, Import settings, and context menu options (such as Create a new folder) are turned off. - -To define a default list of favorites, you can export favorites from Microsoft Edge and use the HTML file for provisioning user machines. In HTML format, specify the URL which points to the file that has all the data for provisioning favorites. - -URL can be specified as: -- HTTP location: "SiteList"="http://localhost:8080/URLs.html" -- Local network: "SiteList"="\network\shares\URLs.html" -- Local file: "SiteList"="file:///c:\Users\\Documents\URLs.html" - ->[!Important] ->You can only enable either this policy or the Keep favorites in sync between Internet Explorer and Microsoft Edge policy, but not both. Enabling both stops you from syncing favorites between Internet Explorer and Microsoft Edge. - -**Microsoft Intune to manage your MDM settings** -| | | -|---|---| -|MDM name |[ProvisionFavorites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) | -|Supported devices |Desktop
Mobile | -|URI full path |./Vendor/MSFT/Policy/Config/Browser/ProvisionFavorites | -|Data type | String | - +[!INCLUDE [provision-favorites-include](includes/provision-favorites-include.md)] ## Send all intranet sites to Internet Explorer 11 ->*Supported versions: Windows 10* - - -This policy setting specifies whether to send intranet traffic to Internet Explorer 11. This setting should only be used if there are known compatibility problems with Microsoft Edge. By default, this setting is disabled or not configured (turned off), which means all websites, including intranet sites, open in Microsoft Edge. If enabled, all intranet sites are opened in Internet Explorer 11 automatically. - -**Microsoft Intune to manage your MDM settings** -| | | -|---|---| -|MDM name |[SendIntranetTraffictoInternetExplorer](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sendintranettraffictointernetexplorer) | -|Supported devices |Desktop | -|URI full path |./Vendor/MSFT/Policy/Config/Browser/SendIntranetTraffictoInternetExplorer | -|Data type | Integer | -|Allowed values | | +[!INCLUDE [send-all-intranet-sites-ie-include.md](includes/send-all-intranet-sites-ie-include.md)] ## Set default search engine ->*Supported versions: Windows 10, version 1703 or later* +[!INCLUDE [set-default-search-engine-include.md](includes/set-default-search-engine-include.md)] +## Set Home Button URL +[!INCLUDE [set-home-button-url-include](includes/set-home-button-url-include.md)] -This policy setting allows you to configure the default search engine for domain-joined or MDM-enrolled devices. By default, this setting is not configured, which means the default search engine is specified in App settings. In this case, you can change the default search engine at any time unless you disable the "Allow search engine customization" setting, which restricts any changes. If enabled, you can configure a default search engine for you. When enabled, you cannot change the default search engine. If disabled, the policy-set search engine will be removed, and, if it is the current default, the default will be set back to the factory Microsoft Edge search engine for the market. - -To set the default search engine, you must specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see Search provider discovery. If you'd like your you to use the default Microsoft Edge settings for each market, you can set the string to EDGEDEFAULT. If you'd like your you to use Microsoft Bing as the default search engine, you can set the string to EDGEBING. - -**Microsoft Intune to manage your MDM settings** -| | | -|---|---| -|MDM name |[SetDefaultSearchEngine](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setdefaultsearchengine) | -|Supported devices |Desktop
Mobile | -|URI full path |./Vendor/MSFT/Policy/Config/Browser/SetDefaultSearchEngine | -|Data type | Integer | -|Allowed values | | +## Set New Tab page URL +[!INCLUDE [set-new-tab-url-include.md](includes/set-new-tab-url-include.md)] ## Show message when opening sites in Internet Explorer ->*Supported versions: Windows 10, version 1607 and later* +[!INCLUDE [show-message-opening-sites-ie-include](includes/show-message-opening-sites-ie-include.md)] + +## Unlock Home Button +[!INCLUDE [unlock-home-button-include.md](includes/unlock-home-button-include.md)] -This policy setting specifies whether you see an additional page in Microsoft Edge when opening sites that are configured to open in Internet Explorer using the Enterprise Site List. By default, this policy is disabled, which means no additional page’s display. If enabled, you see an additional page. - -**Microsoft Intune to manage your MDM settings** -| | | -|---|---| -|MDM name |[ShowMessageWhenOpeningSitesInInternetExplorer](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-showmessagewhenopeningsitesininternetexplorer) | -|Supported devices |Desktop | -|URI full path |./Vendor/MSFT/Policy/Config/Browser/ShowMessageWhenOpeningSitesInInternetExplorer | -|Data type | Integer | -|Allowed values | | ## Related topics -* [Mobile Device Management (MDM) settings]( https://go.microsoft.com/fwlink/p/?LinkId=722885) +- [Mobile Device Management (MDM) settings](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider) +- [Group Policy and the Group Policy Management Console (GPMC)](https://go.microsoft.com/fwlink/p/?LinkId=617921) +- [Group Policy and the Local Group Policy Editor](https://go.microsoft.com/fwlink/p/?LinkId=617922) +- [Group Policy and the Advanced Group Policy Management (AGPM)](https://go.microsoft.com/fwlink/p/?LinkId=617923) +- [Group Policy and Windows PowerShell](https://go.microsoft.com/fwlink/p/?LinkId=617924). \ No newline at end of file diff --git a/browsers/edge/change-history-for-microsoft-edge.md b/browsers/edge/change-history-for-microsoft-edge.md index ea57180317..6d86a32508 100644 --- a/browsers/edge/change-history-for-microsoft-edge.md +++ b/browsers/edge/change-history-for-microsoft-edge.md @@ -1,19 +1,60 @@ --- title: Change history for Microsoft Edge (Microsoft Edge for IT Pros) -description: This topic lists new and updated topics in the Microsoft Edge documentation for Windows 10 and Windows 10 Mobile. +description: Discover what's new and updated in the Microsoft Edge for both Windows 10 and Windows 10 Mobile. ms.prod: edge +ms.topic: reference ms.mktglfcycl: explore ms.sitesec: library ms.localizationpriority: medium -ms.date: '' +manager: dougkim ms.author: pashort author: shortpatti +ms.date: 10/02/2018 --- # Change history for Microsoft Edge -This topic lists new and updated topics in the Microsoft Edge documentation for both Windows 10 and Windows 10 Mobile. +Discover what's new and updated in the Microsoft Edge for both Windows 10 and Windows 10 Mobile. -For a detailed feature list of what's in the current Microsoft Edge releases, the Windows Insider Preview builds, and what was introduced in previous releases, see the [Microsoft Edge changelog](https://developer.microsoft.com/microsoft-edge/platform/changelog/). + +# [2018](#tab/2018) + +## October 2018 + +The Microsoft Edge team introduces new group policies and MDM settings for Microsoft Edge on Windows 10. The new policies let you enable/disable +full-screen mode, printing, favorites bar, saving history. You can also prevent certificate error overrides, and configure the New Tab page, Home button, and startup options, as well as manage extensions. + +We have discontinued the **Configure Favorites** group policy, so use the [Provision Favorites](available-policies.md#provision-favorites) policy instead. + +>>You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy: +>> +>>      **Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\** + + + +| **New or updated** | **Group Policy** | **Description** | +|------------|-----------------|--------------------| +| New | [Allow fullscreen mode](group-policies/browser-settings-management-gp.md#allow-fullscreen-mode) | [!INCLUDE [allow-fullscreen-mode-shortdesc](shortdesc/allow-fullscreen-mode-shortdesc.md)] | +| New | [Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed](group-policies/prelaunch-preload-gp.md#allow-microsoft-edge-to-pre-launch-at-windows-startup-when-the-system-is-idle-and-each-time-microsoft-edge-is-closed) | [!INCLUDE [allow-prelaunch-shortdesc](shortdesc/allow-prelaunch-shortdesc.md)] | +| New | [Allow Microsoft Edge to load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed](group-policies/prelaunch-preload-gp.md#allow-microsoft-edge-to-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed) | [!INCLUDE [allow-tab-preloading-shortdesc](shortdesc/allow-tab-preloading-shortdesc.md)] | +| New | [Allow printing](group-policies/browser-settings-management-gp.md#allow-printing) | [!INCLUDE [allow-printing-shortdesc](shortdesc/allow-printing-shortdesc.md)] | +| New | [Allow Saving History](group-policies/browser-settings-management-gp.md#allow-saving-history) | [!INCLUDE [allow-saving-history-shortdesc](shortdesc/allow-saving-history-shortdesc.md)] | +| New | [Allow sideloading of Extensions](group-policies/extensions-management-gp.md#allow-sideloading-of-extensions) | [!INCLUDE [allow-sideloading-of-extensions-shortdesc](shortdesc/allow-sideloading-of-extensions-shortdesc.md)] | +| New | [Configure collection of browsing data for Microsoft 365 Analytics](group-policies/telemetry-management-gp.md#configure-collection-of-browsing-data-for-microsoft-365-analytics) | [!INCLUDE [configure-browser-telemetry-for-m365-analytics-shortdesc](shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md)] | +| New | [Configure Favorites Bar](group-policies/favorites-management-gp.md#configure-favorites-bar) | [!INCLUDE [configure-favorites-bar-shortdesc](shortdesc/configure-favorites-bar-shortdesc.md)] | +| New | [Configure Home Button](group-policies/home-button-gp.md#configure-home-button) | [!INCLUDE [configure-home-button-shortdesc](shortdesc/configure-home-button-shortdesc.md)] | +| New | [Configure kiosk mode](available-policies.md#configure-kiosk-mode) | [!INCLUDE [configure-kiosk-mode-shortdesc](shortdesc/configure-kiosk-mode-shortdesc.md)] | +| New | [Configure kiosk reset after idle timeout](available-policies.md#configure-kiosk-reset-after-idle-timeout) |[!INCLUDE [configure-kiosk-reset-after-idle-timeout-shortdesc](shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md)] | +| New | [Configure Open Microsoft Edge With](group-policies/start-pages-gp.md#configure-open-microsoft-edge-with) | [!INCLUDE [configure-open-microsoft-edge-with-shortdesc](shortdesc/configure-open-microsoft-edge-with-shortdesc.md)] | +| New | [Prevent certificate error overrides](group-policies/security-privacy-management-gp.md#prevent-certificate-error-overrides) | [!INCLUDE [prevent-certificate-error-overrides-shortdesc](shortdesc/prevent-certificate-error-overrides-shortdesc.md)] | +| New | [Prevent users from turning on browser syncing](group-policies/sync-browser-settings-gp.md#prevent-users-from-turning-on-browser-syncing) | [!INCLUDE [prevent-users-to-turn-on-browser-syncing-shortdesc](shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md)] | +| New | [Prevent turning off required extensions](group-policies/extensions-management-gp.md#prevent-turning-off-required-extensions) | [!INCLUDE [prevent-turning-off-required-extensions-shortdesc](shortdesc/prevent-turning-off-required-extensions-shortdesc.md)] | +| New | [Set Home Button URL](group-policies/home-button-gp.md#set-home-button-url) | [!INCLUDE [set-home-button-url-shortdesc](shortdesc/set-home-button-url-shortdesc.md)] | +| New | [Set New Tab page URL](group-policies/new-tab-page-settings-gp.md#set-new-tab-page-url) | [!INCLUDE [set-new-tab-url-shortdesc](shortdesc/set-new-tab-url-shortdesc.md)] | +| Updated | [Show message when opening sites in Internet Explorer](group-policies/interoperability-enterprise-guidance-gp.md#show-message-when-opening-sites-in-internet-explorer) | [!INCLUDE [show-message-when-opening-sites-in-ie-shortdesc](shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md)] | +| New | [Unlock Home Button](group-policies/home-button-gp.md#unlock-home-button) | [!INCLUDE [unlock-home-button-shortdesc](shortdesc/unlock-home-button-shortdesc.md)] | + + +# [2017](#tab/2017) ## September 2017 |New or changed topic | Description | @@ -25,23 +66,22 @@ For a detailed feature list of what's in the current Microsoft Edge releases, th |----------------------|-------------| |[Available Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](available-policies.md) |Added new Group Policy and MDM settings for the Windows Insider Program. Reformatted for easier readability outside of scrolling table. | + +# [2016](#tab/2016) + ## November 2016 |New or changed topic | Description | |----------------------|-------------| |[Browser: Microsoft Edge and Internet Explorer 11](enterprise-guidance-using-microsoft-edge-and-ie11.md) |Added the infographic image and a download link.| |[Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md) |Added a note about the 65 second wait before checking for a newer version of the site list .XML file. | |[Available policies for Microsoft Edge](available-policies.md) |Added notes to the Configure the Enterprise Mode Site List Group Policy and the EnterpriseModeSiteList MDM policy about the 65 second wait before checking for a newer version of the site list .XML file. | -|[Microsoft Edge - Deployment Guide for IT Pros](index.md) |Added a link to the Microsoft Edge infographic, helping you to evaluate the potential impact of using Microsoft Edge in your organization. | +|Microsoft Edge - Deployment Guide for IT Pros |Added a link to the Microsoft Edge infographic, helping you to evaluate the potential impact of using Microsoft Edge in your organization. | |[Browser: Microsoft Edge and Internet Explorer 11](enterprise-guidance-using-microsoft-edge-and-ie11.md) |Added a link to the Microsoft Edge infographic, helping you to evaluate the potential impact of using Microsoft Edge in your organization. | ## July 2016 |New or changed topic | Description | |----------------------|-------------| |[Microsoft Edge requirements and language support](hardware-and-software-requirements.md)| Updated to include a note about the Long Term Servicing Branch (LTSB). | - -## July 2016 -|New or changed topic | Description | -|----------------------|-------------| |[Enterprise guidance about using Microsoft Edge and Internet Explorer 11](enterprise-guidance-using-microsoft-edge-and-ie11.md) | Content moved from What's New section. | |[Available policies for Microsoft Edge](available-policies.md) |Updated | @@ -56,3 +96,5 @@ For a detailed feature list of what's in the current Microsoft Edge releases, th |New or changed topic | Description | |----------------------|-------------| |[Available Policies for Microsoft Edge](available-policies.md) | Added new policies and the Supported versions column for Windows 10 Insider Preview. | + +--- diff --git a/browsers/edge/docfx.json b/browsers/edge/docfx.json index b3be0aa999..42532b3fb2 100644 --- a/browsers/edge/docfx.json +++ b/browsers/edge/docfx.json @@ -9,7 +9,7 @@ ], "resource": [ { - "files": ["**/images/**", "**/*.json"], + "files": ["**/images/**"], "exclude": ["**/obj/**"] } ], diff --git a/browsers/edge/emie-to-improve-compatibility.md b/browsers/edge/emie-to-improve-compatibility.md index 3f8deb3963..5fa2461985 100644 --- a/browsers/edge/emie-to-improve-compatibility.md +++ b/browsers/edge/emie-to-improve-compatibility.md @@ -3,99 +3,58 @@ description: If you're having problems with Microsoft Edge, this topic tells how ms.assetid: 89c75f7e-35ca-4ca8-96fa-b3b498b53bE4 author: shortpatti ms.author: pashort -ms.prod: edge +ms.manager: dougkim +ms.prod: browser-edge +ms.topic: reference ms.mktglfcycl: support ms.sitesec: library ms.pagetype: appcompat title: Use Enterprise Mode to improve compatibility (Microsoft Edge for IT Pros) ms.localizationpriority: medium -ms.date: 04/15/2018 +ms.date: 10/24/2018 --- # Use Enterprise Mode to improve compatibility > Applies to: Windows 10 -If you have specific web sites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the web sites will automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work properly with Microsoft Edge, you can set all intranet sites to automatically open using IE11. +If you have specific websites and apps that have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the websites open in Internet Explorer 11 automatically. Additionally, if you know that your intranet sites aren't going to work correctly with Microsoft Edge, you can set all intranet sites to automatically open using IE11 with the **Send all intranet sites to IE** group policy. Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11. ->[!NOTE] ->If you want to use Group Policy to set Internet Explorer as your default browser, you can find the info here, [Set the default browser using Group Policy]( https://go.microsoft.com/fwlink/p/?LinkId=620714). -## Fix specific websites +[!INCLUDE [interoperability-goals-enterprise-guidance](../includes/interoperability-goals-enterprise-guidance.md)] -Microsoft Edge doesn't support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology. If you have websites or web apps that still use this technology and need IE11, you can add them to the Enterprise Mode site list, using the Enterprise Mode Site List Manager. +## Enterprise guidance +Microsoft Edge is the default browser experience for Windows 10 and Windows 10 Mobile. However, if you're running web apps that rely on ActiveX controls, continue using Internet Explorer 11 for the web apps to work correctly. If you don't have IE11 installed anymore, you can download it from the Microsoft Store or the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956). Also, if you use an earlier version of Internet Explorer, upgrade to IE11. -**To add sites to your list** +Windows 7, Windows 8, and Windows 10 support IE11 so that you can continue using legacy apps even as you migrate to Windows 10 and Microsoft Edge. -1. In the Enterprise Mode Site List Manager, click **Add**.

If you already have an existing site list, you can import it into the tool. After it's in the tool, the xml updates the list, checking **Open in IE** for each site. For info about importing the site list, see [Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](https://go.microsoft.com/fwlink/p/?LinkId=618322).

![Enterprise Mode Site List Manager with Open in IE box](images/emie_open_in_ie.png) +If you're having trouble deciding whether Microsoft Edge is right for your organization, then take a look at the infographic about the potential impact of using Microsoft Edge in an organization. -2. Type or paste the URL for the website that’s experiencing compatibility problems, like *<domain>*.com or *<domain>*.com/*<path>* into the **URL** box.

You don’t need to include the `http://` or `https://` designation. The tool will automatically try both versions during validation. +![Microsoft Edge infographic](images/microsoft-edge-infographic-sm.png)
+[Click to enlarge](img-microsoft-edge-infographic-lg.md)
+[Click to download image](https://www.microsoft.com/download/details.aspx?id=53892) -3. Type any comments about the website into the **Notes about URL** box.

Administrators can only see comments while they’re in this tool. -4. Click **Open in IE** next to the URL that should automatically open in IE11.

The path within a domain can require a different compatibility mode from the domain itself. For example, the domain might look fine in the default IE11 browser, but the path might have problems and require the use of Enterprise Mode. If you added the domain previously, your original compatibility choice is still selected. However, if the domain is new, Enterprise Mode is automatically selected. +|Microsoft Edge |IE11 | +|---------|---------| +|Microsoft Edge takes you beyond just browsing to actively engaging with the web through features like Web Note, Reading View, and Cortana.

|IE11 offers enterprises additional security, manageability, performance, backward compatibility, and modern standards support. | -5. Click **Save** to validate your website and to add it to the site list for your enterprise.

If your site passes validation, it’s added to the global compatibility list. If the site doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the site or ignore the validation problem and add it to your list anyway. -6. On the **File** menu, go to where you want to save the file, and then click **Save to XML**.

You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your Group Policy setting. For more info, see [Turn on Enterprise Mode and use a site list](https://go.microsoft.com/fwlink/p/?LinkId=618952). +## Configure the Enterprise Mode Site List +[Available policy options](includes/configure-enterprise-mode-site-list-include.md) -### Set up Microsoft Edge to use the Enterprise Mode site list - -You must turn on the **Configure the Enterprise Mode Site List** Group Policy setting before Microsoft Edge can use the Enterprise Mode site list. This Group Policy applies to both Microsoft Edge and IE11, letting Microsoft Edge switch to IE11 as needed, based on the Enterprise Mode site list. For more info about IE11 and Enterprise Mode, see [Enterprise Mode for Internet Explorer 11 (IE11)](https://go.microsoft.com/fwlink/p/?linkid=618377). - -> **Note**
-> If there’s an .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server file has a different version number than the version in the cache container, the server file is used and stored in the cache container.

If you’re already using a site list, enterprise mode continues to work during the 65 second wait; it just uses your existing site list instead of your new one. - -**To turn on Enterprise Mode using Group Policy** - -1. Open your Group Policy editor and go to the **Administrative Templates\\Windows Components\\Microsoft Edge\\Configure the Enterprise Mode Site List** policy.

Turning this setting on also requires you to create and store a site list.

![Local Group Policy Editor for using a site list](images/edge-emie-grouppolicysitelist.png) - -2. Click **Enabled**, and then in the **Options** area, type the location to your site list. - -3. Refresh your policy in your organization and then view the affected sites in Microsoft Edge.

The site shows a message in Microsoft Edge, saying that the page needs IE. At the same time, the page opens in IE11; in a new frame if it's not yet running, or in a new tab if it is. - -**To turn on Enterprise Mode using the registry** - -1. **To turn on Enterprise Mode for all users on the PC:** Open a registry editor, like regedit.exe and go to `HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\MicrosoftEdge\Main\EnterpriseMode`. - -2. Edit the `SiteList` registry key to point to where you want to keep your Enterprise Mode site list file. For example:

![Enterprise mode with site list in the registry](images/edge-emie-registrysitelist.png) - - - **HTTP location**: *“SiteList”=”http://localhost:8080/sites.xml”* - - - **Local network**: *"SiteList"="\\\\network\\shares\\sites.xml"* - - - **Local file**: *"SiteList"="file:///c:\\\\Users\\\\<user>\\\\Documents\\\\testList.xml"* - - All of your managed devices must have access to this location if you want them to be able to access and use Enterprise Mode and your site list. - -3. Refresh your policy in your organization and then view the affected sites in Microsoft Edge.

The site shows a message in Microsoft Edge, saying that the page needs IE. At the same time, the page opens in IE11; in a new frame if it's not yet running, or in a new tab if it is. - -## Fix your intranet sites - -You can add the **Send all intranet traffic over to Internet Explorer** Group Policy setting for Windows 10 so that all of your intranet sites open in IE11. This means that even if your employees are using Microsoft Edge, they will automatically switch to IE11 while viewing the intranet. - -> **Note**
-> If you want to use Group Policy to set IE as the default browser for Internet sites, you can find the info here, [Set the default browser using Group Policy]( https://go.microsoft.com/fwlink/p/?LinkId=620714). - -**To turn on Sends all intranet traffic over to Internet Explorer using Group Policy** - -1. Open your Group Policy editor and go to the `Administrative Templates\Windows Components\Microsoft Edge\Sends all intranet traffic over to Internet Explorer` setting. - - ![Local Group Policy Editor with setting to send all intranet traffic to IE11](images/sendintranettoie.png) - -2. Click **Enabled**. - -3. Refresh your policy in your organization and then view the affected sites in Microsoft Edge.

The site shows a message in Microsoft Edge, saying that the page needs IE. At the same time, the page opens in IE11; in a new frame if it's not yet running, or in a new tab if it is. ## Related topics -* [Blog: How Microsoft Edge and Internet Explorer 11 on Windows 10 work better together in the Enterprise](https://go.microsoft.com/fwlink/p/?LinkID=624035) -* [Enterprise Mode Site List Manager for Windows 7 and Windows 8.1 download](https://go.microsoft.com/fwlink/p/?LinkId=394378) -* [Enterprise Mode Site List Manager for Windows 10 download](https://go.microsoft.com/fwlink/?LinkId=746562) -* [Enterprise Mode for Internet Explorer 11 (IE11)](https://go.microsoft.com/fwlink/p/?linkid=618377) -* [Set the default browser using Group Policy]( https://go.microsoft.com/fwlink/p/?LinkId=620714) -  - - - +- [Blog: How Microsoft Edge and Internet Explorer 11 on Windows 10 work better together in the Enterprise](https://go.microsoft.com/fwlink/p/?LinkID=624035) +- [Enterprise Mode for Internet Explorer 11 (IE11)](https://go.microsoft.com/fwlink/p/?linkid=618377) +- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) +- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378) +- [Use the Enterprise Mode Site List Manager](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager) +- [Web Application Compatibility Lab Kit for Internet Explorer 11](https://technet.microsoft.com/browser/mt612809.aspx) +- [Download Internet Explorer 11](https://go.microsoft.com/fwlink/p/?linkid=290956) +- [Microsoft Edge - Deployment Guide for IT Pros](https://technet.microsoft.com/itpro/microsoft-edge/index) +- [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](https://go.microsoft.com/fwlink/p/?LinkId=760644) +- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](https://go.microsoft.com/fwlink/p/?LinkId=760646) +- [Internet Explorer 11 - FAQ for IT Pros](https://technet.microsoft.com/itpro/internet-explorer/ie11-faq/faq-for-it-pros-ie11) diff --git a/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md b/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md deleted file mode 100644 index 010a44e44b..0000000000 --- a/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: Microsoft Edge and Internet Explorer 11 (Microsoft Edge for IT Pros) -description: Enterprise guidance for using Microsoft Edge and Internet Explorer 11. -author: shortpatti -ms.prod: edge -ms.mktglfcycl: support -ms.sitesec: library -ms.pagetype: appcompat -ms.localizationpriority: medium -ms.date: 10/16/2017 ---- - -# Browser: Microsoft Edge and Internet Explorer 11 -**Microsoft Edge content applies to:** - -- Windows 10 -- Windows 10 Mobile - -**Internet Explorer 11 content applies to:** - -- Windows 10 - -## Enterprise guidance -Microsoft Edge is the default browser experience for Windows 10 and Windows 10 Mobile. However, if you're running web apps that need ActiveX controls, we recommend that you continue to use Internet Explorer 11 for them. If you don't have IE11 installed anymore, you can download it from the Microsoft Store or from the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956). - -We also recommend that you upgrade to IE11 if you're running any earlier versions of Internet Explorer. IE11 is supported on Windows 7, Windows 8.1, and Windows 10. So any legacy apps that work with IE11 will continue to work even as you migrate to Windows 10. - -If you're having trouble deciding whether Microsoft Edge is good for your organization, you can take a look at this infographic about the potential impact of using Microsoft Edge in an organization. - -![Microsoft Edge infographic](images/microsoft-edge-infographic-sm.png)
-[Click to enlarge](img-microsoft-edge-infographic-lg.md)
-[Click to download image](https://www.microsoft.com/download/details.aspx?id=53892) - -### Microsoft Edge -Microsoft Edge takes you beyond just browsing to actively engaging with the web through features like Web Note, Reading View, and Cortana. - -- **Web Note.** Microsoft Edge lets you annotate, highlight, and call things out directly on webpages. -- **Reading view.** Microsoft Edge lets you enjoy and print online articles in a distraction-free layout that's optimized for your screen size. While in reading view, you can also save webpages or PDF files to your reading list, for later viewing. -- **Cortana.** Cortana is automatically enabled on Microsoft Edge. Microsoft Edge lets you highlight words for more info and gives you one-click access to things like restaurant reservations and reviews, without leaving the webpage. -- **Compatibility and security.** Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or that are included on your Enterprise Mode Site List. You must use IE11 to run older, less secure technology, such as ActiveX controls. - -### IE11 -IE11 offers enterprises additional security, manageability, performance, backward compatibility, and modern standards support. - -- **Backward compatibility.** IE11 supports 9 document modes that include high-fidelity emulations for older versions of IE. -- **Modern web standards.** IE11 supports modern web technologies like HTML5, CSS3, and WebGL, which help to ensure today's modern websites and apps work just as well as your old, legacy websites and apps. -- **More secure.** IE11 was designed with security in mind and is more secure than older versions. Using security features like SmartScreen and Enhanced Protected Mode can help IE11 reduce your risk. -- **Faster.** IE11 is significantly faster than previous versions of Internet Explorer, taking advantage of network optimization and hardware-accelerated text, graphics, and JavaScript rendering. -- **Easier migration to Windows 10.** IE11 is the only version of IE that runs on Windows 7, Windows 8.1, and Windows 10. Upgrading to IE11 on Windows 7 can also help your organization support the next generation of software, services, and devices. -- **Administration.** IE11 can use the Internet Explorer Administration Kit (IEAK) 11 or MSIs for deployment, and includes more than 1,600 Group Policies and preferences for granular control. - -## Related topics -- [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/download/details.aspx?id=53892) -- [Web Application Compatibility Lab Kit for Internet Explorer 11](https://technet.microsoft.com/browser/mt612809.aspx) -- [Download Internet Explorer 11](http://windows.microsoft.com/internet-explorer/download-ie) -- [Microsoft Edge - Deployment Guide for IT Pros](https://technet.microsoft.com/itpro/microsoft-edge/index) -- [Internet Explorer 11 - Deployment Guide for IT Pros](https://technet.microsoft.com/itpro/internet-explorer/ie11-deploy-guide/index) -- [IEAK 11 - Internet Explorer Administration Kit 11 Users Guide](https://technet.microsoft.com/itpro/internet-explorer/ie11-ieak/index) -- [Internet Explorer 11 - FAQ for IT Pros](https://technet.microsoft.com/itpro/internet-explorer/ie11-faq/faq-for-it-pros-ie11) diff --git a/browsers/edge/group-policies/address-bar-settings-gp.md b/browsers/edge/group-policies/address-bar-settings-gp.md new file mode 100644 index 0000000000..b8b82b3882 --- /dev/null +++ b/browsers/edge/group-policies/address-bar-settings-gp.md @@ -0,0 +1,32 @@ +--- +title: Microsoft Edge - Address bar group policies +description: Microsoft Edge, by default, shows a list of search suggestions in the address bar. You can minimize network connections from Microsoft Edge to Microsoft services, hiding the functionality of the Address bar drop-down list. +services: +keywords: +ms.localizationpriority: medium +manager: dougkim +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.topic: reference +ms.prod: edge +ms.mktglfcycl: explore +ms.sitesec: library +--- + +# Address bar + +Microsoft Edge, by default, shows a list of search suggestions in the address bar. You can minimize network connections from Microsoft Edge to Microsoft services by hiding the functionality of the Address bar drop-down list. + +You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy: + +      **Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\** + + + +## Allow Address bar drop-down list suggestions +[!INCLUDE [allow-address-bar-suggestions-include.md](../includes/allow-address-bar-suggestions-include.md)] + +## Configure search suggestions in Address bar +[!INCLUDE [configure-search-suggestions-address-bar-include.md](../includes/configure-search-suggestions-address-bar-include.md)] + diff --git a/browsers/edge/group-policies/adobe-settings-gp.md b/browsers/edge/group-policies/adobe-settings-gp.md new file mode 100644 index 0000000000..3ad76e0397 --- /dev/null +++ b/browsers/edge/group-policies/adobe-settings-gp.md @@ -0,0 +1,34 @@ +--- +title: Microsoft Edge - Adobe Flash group policies +description: Adobe Flash Player still has a significant presence on the internet, such as digital ads. However, open standards, such as HTML5, provide many of the capabilities and functionalities becoming an alternative for content on the web. With Adobe no longer supporting Flash after 2020, Microsoft has started to phase out Flash from Microsoft Edge by adding the Configure the Adobe Flash Click-to-Run setting group policy giving you a way to control the list of websites that have permission to run Adobe Flash content. +services: +keywords: +ms.localizationpriority: medium +manager: dougkim +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.topic: reference +ms.prod: edge +ms.mktglfcycl: explore +ms.sitesec: library +--- + +# Adobe Flash + +Adobe Flash Player still has a significant presence on the internet, such as digital ads. However, open standards, such as HTML5, provide many of the capabilities and functionalities becoming an alternative for content on the web. With Adobe no longer supporting Flash after 2020, Microsoft has started to phase out Flash from Microsoft Edge by adding the [Configure the Adobe Flash Click-to-Run setting](#configure-the-adobe-flash-click-to-run-setting) group policy giving you a way to control the list of websites that have permission to run Adobe Flash content. + +To learn more about Microsoft’s plan for phasing out Flash from Microsoft Edge and Internet Explorer, see [The End of an Era — Next Steps for Adobe Flash]( https://blogs.windows.com/msedgedev/2017/07/25/flash-on-windows-timeline/#3Bcc3QjRw0l7XsZ4.97) (blog article). + + +You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy: + +      **Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\** + +## Allow Adobe Flash +[!INCLUDE [allow-adobe-flash-include.md](../includes/allow-adobe-flash-include.md)] + + +## Configure the Adobe Flash Click-to-Run setting +[!INCLUDE [configure-adobe-flash-click-to-run-include.md](../includes/configure-adobe-flash-click-to-run-include.md)] + diff --git a/browsers/edge/group-policies/books-library-management-gp.md b/browsers/edge/group-policies/books-library-management-gp.md new file mode 100644 index 0000000000..d2e9d6ea91 --- /dev/null +++ b/browsers/edge/group-policies/books-library-management-gp.md @@ -0,0 +1,36 @@ +--- +title: Microsoft Edge - Books Library group policies +description: Microsoft Edge decreases the amount of storage used by book files by downloading them to a shared folder. You can also allow Microsoft Edge to update the configuration data for the library automatically. +services: +keywords: +ms.localizationpriority: medium +manager: dougkim +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.topic: reference +ms.prod: edge +ms.mktglfcycl: explore +ms.sitesec: library +--- + +# Books Library + +Microsoft Edge decreases the amount of storage used by book files by downloading them to a shared folder in Windows. You can configure Microsoft Edge to update the configuration data for the library automatically or gather diagnostic data, such as usage data. + + +You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy: + +      **Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\** + +## Allow a shared books folder +[!INCLUDE [allow-shared-folder-books-include.md](../includes/allow-shared-folder-books-include.md)] + +## Allow configuration updates for the Books Library +[!INCLUDE [allow-config-updates-books-include.md](../includes/allow-config-updates-books-include.md)] + +## Allow extended telemetry for the Books tab +[!INCLUDE [allow-ext-telemetry-books-tab-include.md](../includes/allow-ext-telemetry-books-tab-include.md)] + +## Always show the Books Library in Microsoft Edge +[!INCLUDE [always-enable-book-library-include.md](../includes/always-enable-book-library-include.md)] \ No newline at end of file diff --git a/browsers/edge/group-policies/browser-settings-management-gp.md b/browsers/edge/group-policies/browser-settings-management-gp.md new file mode 100644 index 0000000000..2570cc3c69 --- /dev/null +++ b/browsers/edge/group-policies/browser-settings-management-gp.md @@ -0,0 +1,51 @@ +--- +title: Microsoft Edge - Browser experience group policies +description: Not only do the other Microsoft Edge group policies enhance the browsing experience, but we must also talk about some of the most common or somewhat common browsing experiences. For example, printing web content is a common browsing experience. However, if you want to prevent users from printing web content, Microsoft Edge has a group policy that allows you to prevent printing. +services: +keywords: +ms.localizationpriority: medium +manager: dougkim +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.topic: reference +ms.prod: edge +ms.mktglfcycl: explore +ms.sitesec: library +--- + +# Browser experience + +Not only do the other Microsoft Edge group policies enhance the browsing experience, but we also want to mention some of the other and common browsing experiences. For example, printing web content is a common browsing experience. However, if you want to prevent users from printing web content, Microsoft Edge has a group policy that allows you to prevent printing. The same goes for Pop-up Blocker; Microsoft Edge has a group policy that lets you prevent pop-up windows or let users choose to use Pop-up Blocker. You can use any one of the following group policies to continue enhancing the browsing experience for your users. + + + +You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy: + +      **Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\** + +## Allow clearing browsing data on exit +[!INCLUDE [allow-clearing-browsing-data-include](../includes/allow-clearing-browsing-data-include.md)] + +## Allow fullscreen mode +[!INCLUDE [allow-full-screen-include](../includes/allow-full-screen-include.md)] + +## Allow printing +[!INCLUDE [allow-printing-include](../includes/allow-printing-include.md)] + +## Allow Saving History +[!INCLUDE [allow-saving-history-include](../includes/allow-saving-history-include.md)] + +## Configure Autofill +[!INCLUDE [configure-autofill-include](../includes/configure-autofill-include.md)] + +## Configure Pop-up Blocker +[!INCLUDE [configure-pop-up-blocker-include](../includes/configure-pop-up-blocker-include.md)] + +## Do not sync +[!INCLUDE [do-not-sync-include](../includes/do-not-sync-include.md)] + +To learn about the policies to sync the browser settings, see [Sync browser settings](sync-browser-settings-gp.md). + + + diff --git a/browsers/edge/group-policies/developer-settings-gp.md b/browsers/edge/group-policies/developer-settings-gp.md new file mode 100644 index 0000000000..ca4870ac95 --- /dev/null +++ b/browsers/edge/group-policies/developer-settings-gp.md @@ -0,0 +1,29 @@ +--- +title: Microsoft Edge - Developer tools +description: Microsoft Edge, by default, allows users to use the F12 developer tools as well as access the about:flags page. You can prevent users from using the F12 developer tools or from accessing the about:flags page. +services: +keywords: +ms.localizationpriority: medium +managre: dougkim +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.topic: reference +ms.prod: edge +ms.mktglfcycl: explore +ms.sitesec: library +--- + +# Developer tools + +Microsoft Edge, by default, allows users to use the F12 developer tools as well as access the about:flags page. You can prevent users from using the F12 developer tools or from accessing the about:flags page. + +You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy: + +      **Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\** + +## Allow Developer Tools +[!INCLUDE [allow-dev-tools-include](../includes/allow-dev-tools-include.md)] + +## Prevent access to the about:flags page +[!INCLUDE [prevent-access-about-flag-include](../includes/prevent-access-about-flag-include.md)] diff --git a/browsers/edge/group-policies/extensions-management-gp.md b/browsers/edge/group-policies/extensions-management-gp.md new file mode 100644 index 0000000000..3a7fc2dfe5 --- /dev/null +++ b/browsers/edge/group-policies/extensions-management-gp.md @@ -0,0 +1,32 @@ +--- +title: Microsoft Edge - Extensions group policies +description: Currently, Microsoft Edge allows users to add or personalize, and uninstall extensions. You can prevent users from uninstalling extensions or sideloading of extensions, which does not prevent sideloading using Add-AppxPackage via PowerShell. Allowing sideloading of extensions installs and runs unverified extensions. +services: +keywords: +ms.localizationpriority: medium +manager: dougkim +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.topic: reference +ms.prod: edge +ms.mktglfcycl: explore +ms.sitesec: library +--- + +# Extensions + +Currently, Microsoft Edge allows users to add or personalize, and uninstall extensions. You can prevent users from uninstalling extensions or sideloading of extensions, which does not prevent sideloading using Add-AppxPackage via PowerShell. Allowing sideloading of extensions installs and runs unverified extensions. + +You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy: + +      **Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\** + +## Allow Extensions +[!INCLUDE [allow-extensions-include](../includes/allow-extensions-include.md)] + +## Allow sideloading of extensions +[!INCLUDE [allow-sideloading-extensions-include](../includes/allow-sideloading-extensions-include.md)] + +## Prevent turning off required extensions +[!INCLUDE [prevent-turning-off-required-extensions-include](../includes/prevent-turning-off-required-extensions-include.md)] diff --git a/browsers/edge/group-policies/favorites-management-gp.md b/browsers/edge/group-policies/favorites-management-gp.md new file mode 100644 index 0000000000..13c415afdf --- /dev/null +++ b/browsers/edge/group-policies/favorites-management-gp.md @@ -0,0 +1,38 @@ +--- +title: Microsoft Edge - Favorites group policies +description: Configure Microsoft Edge to either show or hide the favorites bar on all pages. Microsoft Edge hides the favorites bar by default but shows the favorites bar on the Start and New tab pages. Also, by default, the favorites bar toggle, in Settings, is set to Off but enabled allowing users to make changes. +services: +keywords: +ms.localizationpriority: medium +manager: dougkim +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.topic: reference +ms.prod: edge +ms.mktglfcycl: explore +ms.sitesec: library +--- + +# Favorites + +You can customize the favorites bar, for example, you can turn off features such as Save a Favorite and Import settings, and hide or show the favorites bar on all pages. Another customization you can make is provisioning a standard list of favorites, including folders, to appear in addition to the user’s favorites. If it’s important to keep the favorites in both IE11 and Microsoft Edge synced, you can turn on syncing where changes to the list of favorites in one browser reflect in the other. + +>[!TIP] +>You can find the Favorites under C:\\Users\\<_username_>\\Favorites. + +You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy: + +      **Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\** + +## Configure Favorites Bar +[!INCLUDE [configure-favorites-bar-include](../includes/configure-favorites-bar-include.md)] + +## Keep favorites in sync between Internet Explorer and Microsoft Edge +[!INCLUDE [keep-fav-sync-ie-edge-include](../includes/keep-fav-sync-ie-edge-include.md)] + +## Prevent changes to Favorites on Microsoft Edge +[!INCLUDE [prevent-changes-to-favorites-include](../includes/prevent-changes-to-favorites-include.md)] + +## Provision Favorites +[!INCLUDE [provision-favorites-include](../includes/provision-favorites-include.md)] \ No newline at end of file diff --git a/browsers/edge/group-policies/home-button-gp.md b/browsers/edge/group-policies/home-button-gp.md new file mode 100644 index 0000000000..3f22c2897d --- /dev/null +++ b/browsers/edge/group-policies/home-button-gp.md @@ -0,0 +1,46 @@ +--- +title: Microsoft Edge - Home button group policies +description: Microsoft Edge shows the home button, by default, and by clicking it the Start page loads. With the relevant Home button policies, you can configure the Home button to load the New tab page or a specific page. You can also configure Microsoft Edge to hide the home button. +manager: dougkim +ms.author: pashort +author: shortpatti +ms.date: 10/02/2018 +ms.localizationpriority: medium +ms.prod: edge +ms.mktglfcycl: explore +ms.sitesec: library +ms.topic: reference +--- + +# Home button + +Microsoft Edge shows the home button, by default, and by clicking it the Start page loads. With the relevant Home button policies, you can configure the Home button to load the New tab page or a specific page. You can also configure Microsoft Edge to hide the home button. + +## Relevant group policies + +- [Configure Home Button](#configure-home-button) +- [Set Home Button URL](#set-home-button-url) +- [Unlock Home Button](#unlock-home-button) + +You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy: + +      **Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\** + +## Configuration options + +![Show home button and load Start page or New Tab page](../images/home-button-start-new-tab-page-v4-sm.png) + +![Show home button and load custom URL](../images/home-buttom-custom-url-v4-sm.png) + +![Hide home button](../images/home-button-hide-v4-sm.png) + + +## Configure Home Button +[!INCLUDE [configure-home-button-include.md](../includes/configure-home-button-include.md)] + +## Set Home Button URL +[!INCLUDE [set-home-button-url-include](../includes/set-home-button-url-include.md)] + +## Unlock Home Button +[!INCLUDE [unlock-home-button-include.md](../includes/unlock-home-button-include.md)] + diff --git a/browsers/edge/group-policies/index.yml b/browsers/edge/group-policies/index.yml new file mode 100644 index 0000000000..6e7a2ccb42 --- /dev/null +++ b/browsers/edge/group-policies/index.yml @@ -0,0 +1,231 @@ +### YamlMime:YamlDocument + +documentType: LandingData + +title: Microsoft Edge group policies + +metadata: + + document_id: + + title: Microsoft Edge group policies + + description: Learn how to configure group policies in Microsoft Edge on Windows 10. + + text: Some of the features in Microsoft Edge gives you the ability to set a custom URL for the New Tab page or Home button. Another new feature allows you to hide or show the Favorites bar, giving you more control over the favorites bar. + + keywords: Microsoft Edge, Windows 10, Windows 10 Mobile + + ms.localizationpriority: medium + + author: shortpatti + + ms.author: pashort + + ms.date: 10/02/2018 + + ms.topic: article + + ms.devlang: na + +sections: + +- title: + +- items: + + - type: markdown + + text: Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. Group Policy objects (GPOs) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences. + +- items: + + - type: list + + style: cards + + className: cardsE + + columns: 3 + + items: + + - href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/address-bar-settings-gp + + html:

Learn how you can configure Microsoft Edge to show search suggestions in the address bar.

+ + image: + + src: https://docs.microsoft.com/media/common/i_http.svg + + title: Address bar + + - href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/adobe-settings-gp + + html:

Learn how you can configure Microsoft Edge to load Adobe Flash content automatically.

+ + image: + + src: https://docs.microsoft.com/media/common/i_setup.svg + + title: Adobe Flash + + - href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/books-library-management-gp + + html:

Learn how you can set up and use the books library, such as using a shared books folder for students and teachers.

+ + image: + + src: https://docs.microsoft.com/media/common/i_library.svg + + title: Books Library + + - href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/browser-settings-management-gp + + html:

Learn how you can customize the browser settings, such as printing and saving browsing history, plus more.

+ + image: + + src: https://docs.microsoft.com/media/common/i_management.svg + + title: Browser experience + + - href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/developer-settings-gp + + html:

Learn how configure Microsoft Edge for development and testing.

+ + image: + + src: https://docs.microsoft.com/media/common/i_config-tools.svg + + title: Developer tools + + - href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/extensions-management-gp + + html:

Learn how you can configure Microsoft Edge to either prevent or allow users to install and run unverified extensions.

+ + image: + + src: https://docs.microsoft.com/media/common/i_extensions.svg + + title: Extensions + + - href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/favorites-management-gp + + html:

Learn how you can provision a standard favorites list as well as keep the favorites lists in sync between IE11 and Microsoft Edge.

+ + image: + + src: https://docs.microsoft.com/media/common/i_link.svg + + title: Favorites + + - href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/home-button-gp + + html:

Learn how you can customize the home button or hide it.

+ + image: + + src: https://docs.microsoft.com/media/common/i_setup.svg + + title: Home button + + - href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/interoperability-enterprise-guidance-gp + + html:

Learn how you use Microsoft Edge and Internet Explorer together for a full browsing experience.

+ + image: + + src: https://docs.microsoft.com/media/common/i_management.svg + + title: Interoperability and enterprise guidance + + - href: https://docs.microsoft.com/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy + + html:

Learn how Microsoft Edge kiosk mode works with assigned access to let IT administrators create a tailored browsing experience designed for kiosk devices.

+ + image: + + src: https://docs.microsoft.com/media/common/i_categorize.svg + + title: Kiosk mode deployment in Microsoft Edge + + - href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/new-tab-page-settings-gp + + html:

Learn how to configure the New Tab page in Microsoft Edge.

+ + image: + + src: https://docs.microsoft.com/media/common/i_setup.svg + + title: New Tab page + + - href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/prelaunch-preload-gp + + html:

Learn how pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start up Microsoft Edge.

+ + image: + + src: https://docs.microsoft.com/media/common/i_setup.svg + + title: Prelaunch Microsoft Edge and preload tabs + + - href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/search-engine-customization-gp + + html:

Learn how you can set the default search engine and configure additional ones.

+ + image: + + src: https://docs.microsoft.com/media/common/i_search.svg + + title: Search engine customization + + - href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/security-privacy-management-gp + + html:

Learn how you can keep your environment and users safe from attacks.

+ + image: + + src: https://docs.microsoft.com/media/common/i_security-management.svg + + title: Security and privacy + + - href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/start-pages-gp + + html:

Learn how to configure the Start pages in Microsoft Edge.

+ + image: + + src: https://docs.microsoft.com/media/common/i_setup.svg + + title: Start page + + - href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/sync-browser-settings-gp + + html:

Learn how to you can prevent the "browser" group from syncing and prevent users from turning on the Sync your Settings toggle.

+ + image: + + src: https://docs.microsoft.com/media/common/i_sync.svg + + title: Sync browser + + - href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/telemetry-management-gp + + html:

Learn how you can configure Microsoft Edge to collect certain data.

+ + image: + + src: https://docs.microsoft.com/media/common/i_data-collection.svg + + title: Telemetry and data collection + + - href: https://docs.microsoft.com/microsoft-edge/deploy/available-policies + + html:

View all available group policies for Microsoft Edge on Windows 10.

+ + image: + + src: https://docs.microsoft.com/media/common/i_policy.svg + + title: All group policies diff --git a/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md b/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md new file mode 100644 index 0000000000..9e39200fe0 --- /dev/null +++ b/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md @@ -0,0 +1,78 @@ +--- +title: Microsoft Edge - Interoperability and enterprise mode guidance +description: Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or included on your Enterprise Mode Site List. If you are running web apps that continue to use ActiveX controls, x-ua-compatible headers, or legacy document modes, you need to keep running them in IE11. IE11 offers additional security, manageability, performance, backward compatibility, and modern standards support. +ms.localizationpriority: medium +manager: dougkim +ms.author: pashort +author: shortpatti +ms.date: 10/02/2018 +ms.prod: edge +ms.mktglfcycl: explore +ms.sitesec: library +ms.topic: reference +--- + +# Interoperability and enterprise mode guidance + +Microsoft Edge is the default browser experience for Windows 10 and Windows 10 Mobile. However, Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or included on your Enterprise Mode Site List. If you are running web apps that continue to use ActiveX controls, x-ua-compatible headers, or legacy document modes, you need to keep running them in IE11. IE11 offers additional security, manageability, performance, backward compatibility, and modern standards support. + +>[!TIP] +>If you are running an earlier version of Internet Explorer, we recommend upgrading to IE11, so that any legacy apps continue to work correctly. + +**Technology not supported by Microsoft Edge** + + +- ActiveX controls + +- Browser Helper Objects + +- VBScript + +- x-ua-compatible headers + +- \ tags + +- Legacy document modes + +If you have specific websites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the websites automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work correctly with Microsoft Edge, you can set all intranet sites to open using IE11 automatically. + +Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11. + +## Relevant group policies + + +1. [Configure the Enterprise Mode Site List](#configure-the-enterprise-mode-site-list) + +2. [Send all intranet sites to Internet Explorer 11](#send-all-intranet-sites-to-internet-explorer-11) + +3. [Show message when opening sites in Internet Explorer](#show-message-when-opening-sites-in-internet-explorer) + +4. [(IE11 policy) Send all sites not included in the Enterprise Mode Site List to Microsoft Edge](#ie11-policy-send-all-sites-not-included-in-the-enterprise-mode-site-list-to-microsoft-edge) + +You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy: + +      **Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\** + +## Configuration options + +![Use Enterprise Mode with Microsoft Edge to improve compatibility](../images/use-enterprise-mode-with-microsoft-edge-sm.png) + + +## Configure the Enterprise Mode Site List + +[!INCLUDE [configure-enterprise-mode-site-list-include](../includes/configure-enterprise-mode-site-list-include.md)] + + +## Send all intranet sites to Internet Explorer 11 + +[!INCLUDE [send-all-intranet-sites-ie-include](../includes/send-all-intranet-sites-ie-include.md)] + + +## Show message when opening sites in Internet Explorer + +[!INCLUDE [show-message-opening-sites-ie-include](../includes/show-message-opening-sites-ie-include.md)] + + +## (IE11 policy) Send all sites not included in the Enterprise Mode Site List to Microsoft Edge + +[!INCLUDE [ie11-send-all-sites-not-in-site-list-include](../includes/ie11-send-all-sites-not-in-site-list-include.md)] diff --git a/browsers/edge/group-policies/new-tab-page-settings-gp.md b/browsers/edge/group-policies/new-tab-page-settings-gp.md new file mode 100644 index 0000000000..b18871a3e6 --- /dev/null +++ b/browsers/edge/group-policies/new-tab-page-settings-gp.md @@ -0,0 +1,45 @@ +--- +title: Microsoft Edge - New Tab page group policies +description: Microsoft Edge loads the default New tab page by default. With the relevant New Tab policies, you can set a URL to load in the New Tab page and prevent users from making changes. You can also load a blank page instead or let the users choose what loads. +manager: dougkim +ms.author: pashort +author: shortpatti +ms.date: 10/02/2018 +ms.localizationpriority: medium +ms.prod: edge +ms.mktglfcycl: explore +ms.sitesec: library +ms.topic: reference +--- + + +# New Tab page + +Microsoft Edge loads the default New tab page by default. With the relevant New Tab policies, you can set a URL to load in the New Tab page and prevent users from making changes. You can also load a blank page instead or let the users choose what loads. + +>[!NOTE] +>New tab pages do not load while running InPrivate mode. + +## Relevant group policies + +- [Set New Tab page URL](#set-new-tab-page-url) +- [Allow web content on New Tab page](#allow-web-content-on-new-tab-page) + +You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy: + +      **Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\** + +## Configuration options + +![Load the default New Tab page](../images/load-default-new-tab-page-sm.png) + +![Load a blank page instead of the default New Tab page](../images/load-blank-page-not-new-tab-page-sm.png) + +![Let users choose what loads](../images/users-choose-new-tab-page-sm.png) + + +## Set New Tab page URL +[!INCLUDE [set-new-tab-url-include](../includes/set-new-tab-url-include.md)] + +## Allow web content on New Tab page +[!INCLUDE [allow-web-content-new-tab-page-include](../includes/allow-web-content-new-tab-page-include.md)] \ No newline at end of file diff --git a/browsers/edge/group-policies/prelaunch-preload-gp.md b/browsers/edge/group-policies/prelaunch-preload-gp.md new file mode 100644 index 0000000000..8baa1858bb --- /dev/null +++ b/browsers/edge/group-policies/prelaunch-preload-gp.md @@ -0,0 +1,42 @@ +--- +title: Microsoft Edge - Prelaunch and tab preload group policies +description: Microsoft Edge pre-launches as a background process during Windows startup when the system is idle waiting to be launched by the user. Pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start up Microsoft Edge. +manager: dougkim +ms.author: pashort +author: shortpatti +ms.date: 10/02/2018 +ms.localizationpriority: medium +ms.topic: reference +--- + +# Prelaunch Microsoft Edge and preload tabs in the background + +Microsoft Edge pre-launches as a background process during Windows startup when the system is idle waiting to be launched by the user. Pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start up Microsoft Edge. You can also configure Microsoft Edge to prevent Microsoft Edge from pre-launching. + +Additionally, Microsoft Edge preloads the Start and New Tab pages during Windows sign in, which minimizes the amount of time required to start Microsoft Edge and load a new tab. You can also configure Microsoft Edge to prevent preloading of tabs. + + +## Relevant group policies + +- [Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed](#allow-microsoft-edge-to-pre-launch-at-windows-startup-when-the-system-is-idle-and-each-time-microsoft-edge-is-closed) +- [Allow Microsoft Edge to load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed](#allow-microsoft-edge-to-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed) + +You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy: + +      **Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\** + +## Configuration options + +![Only preload the Start and New Tab pages during Windows startup](../images/preload-tabs-only-sm.png) + +![Prelauch Microsoft Edge and preload Start and New Tab pages](../images/prelaunch-edge-and-preload-tabs-sm.png) + +![Only prelaunch Microsoft Edge during Windows startup](../images/prelaunch-edge-only-sm.png) + + + +## Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed +[!INCLUDE [allow-prelaunch-include](../includes/allow-prelaunch-include.md)] + +## Allow Microsoft Edge to load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed +[!INCLUDE [allow-tab-preloading-include](../includes/allow-tab-preloading-include.md)] \ No newline at end of file diff --git a/browsers/edge/group-policies/search-engine-customization-gp.md b/browsers/edge/group-policies/search-engine-customization-gp.md new file mode 100644 index 0000000000..75677a0ec8 --- /dev/null +++ b/browsers/edge/group-policies/search-engine-customization-gp.md @@ -0,0 +1,39 @@ +--- +title: Microsoft Edge - Search engine customization group policies +description: Microsoft Edge, by default, uses the search engine specified in App settings, which lets users make changes. You can prevent users from making changes and still use the search engine specified in App settings by disabling the Allow search engine customization policy. You can also use the policy-set search engine specified in the OpenSearch XML file in which you can configure up to five additional search engines and setting any one of them as the default. +manager: dougkim +ms.author: pashort +author: shortpatti +ms.date: 10/02/2018 +ms.localizationpriority: medium +ms.topic: reference +--- + +# Search engine customization + +Microsoft Edge, by default, uses the search engine specified in App settings, which lets users make changes. You can prevent users from making changes and still use the search engine specified in App settings by disabling the Allow search engine customization policy. You can also use the policy-set search engine specified in the OpenSearch XML file in which you can configure up to five additional search engines and setting any one of them as the default. + +## Relevant group policies + +- [Set default search engine](#set-default-search-engine) +- [Allow search engine customization](#allow-search-engine-customization) +- [Configure additional search engines](#configure-additional-search-engines) + +You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy: + +      **Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\** + +## Configuration options + +![Set default search engine configurations](../images/set-default-search-engine-v4-sm.png) + + +## Set default search engine +[!INCLUDE [set-default-search-engine-include](../includes/set-default-search-engine-include.md)] + +## Allow search engine customization +[!INCLUDE [allow-search-engine-customization-include](../includes/allow-search-engine-customization-include.md)] + +## Configure additional search engines +[!INCLUDE [configure-additional-search-engines-include](../includes/configure-additional-search-engines-include.md)] + diff --git a/browsers/edge/group-policies/security-privacy-management-gp.md b/browsers/edge/group-policies/security-privacy-management-gp.md new file mode 100644 index 0000000000..cf137c8439 --- /dev/null +++ b/browsers/edge/group-policies/security-privacy-management-gp.md @@ -0,0 +1,72 @@ +--- +title: Microsoft Edge - Security and privacy group policies +description: Microsoft Edge helps to defend from increasingly sophisticated and prevalent web-based attacks against Windows. While most websites are safe, some sites have been designed to steal personal information or gain access to your system’s resources. +manager: dougkim +ms.author: pashort +author: shortpatti +ms.date: 10/02/2018 +ms.localizationpriority: medium +ms.topic: reference +--- + +# Security and privacy + +Microsoft Edge is designed with improved security in mind, helping to defend people from increasingly sophisticated and prevalent web-based attacks against Windows. Because Microsoft Edge is designed like a Universal Windows app, changing the browser to an app, it fundamentally changes the process model so that both the outer manager process and the different content processes all live within app container sandboxes. + +Microsoft Edge runs in 64-bit not just by default, but anytime it’s running on a 64-bit operating system. Because Microsoft Edge doesn’t support legacy ActiveX controls or 3rd-party binary extensions, there’s no longer a reason to run 32-bit processes on a 64-bit system. + +The value of running 64-bit all the time is that it strengthens Windows Address Space Layout Randomization (ASLR), randomizing the memory layout of the browser processes, making it much harder for attackers to hit precise memory locations. In turn, 64-bit processes make ASLR much more effective by making the address space exponentially larger and, therefore, more difficult for attackers to find sensitive memory components. + +For more details on the security features in Microsoft Edge, see [Help protect against web-based security threats](#help-protect-against-web-based-security-threats) below. + +You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy: + +      **Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\** + +## Configure cookies +[!INCLUDE [configure-cookies-include](../includes/configure-cookies-include.md)] + +## Configure Password Manager +[!INCLUDE [configure-password-manager-include](../includes/configure-password-manager-include.md)] + +## Configure Windows Defender SmartScreen +[!INCLUDE [configure-windows-defender-smartscreen-include](../includes/configure-windows-defender-smartscreen-include.md)] + +## Prevent bypassing Windows Defender SmartScreen prompts for files +[!INCLUDE [prevent-bypassing-win-defender-files-include](../includes/prevent-bypassing-win-defender-files-include.md)] + +## Prevent bypassing Windows Defender SmartScreen prompts for sites +[!INCLUDE [prevent-bypassing-win-defender-sites-include](../includes/prevent-bypassing-win-defender-sites-include.md)] + +## Prevent certificate error overrides +[!INCLUDE [prevent-certificate-error-overrides-include](../includes/prevent-certificate-error-overrides-include.md)] + +## Prevent using Localhost IP address for WebRTC +[!INCLUDE [prevent-localhost-address-for-webrtc-include](../includes/prevent-localhost-address-for-webrtc-include.md)] + + +## Help protect against web-based security threats + +While most websites are safe, some sites have been intentionally designed to steal sensitive and private information or gain access to your system’s resources. You can help protect against threats by using strong security protocols to ensure against such threats. + +Thieves use things like _phishing_ attacks to convince someone to enter personal information, such as a banking password, into a website that looks like a legitimate bank but isn't. Attempts to identify legitimate websites through the HTTPS lock symbol and the EV Cert green bar have met with only limited success since attackers are too good at faking legitimate experiences for many people to notice the difference. + +Another method thieves often use _hacking_ to attack a system through malformed content that exploits subtle flaws in the browser or various browser extensions. This exploit lets an attacker run code on a device, taking over a browsing session, and perhaps the entire device. + +Microsoft Edge addresses these threats to help make browsing the web a safer experience. + + +| Feature | Description | +|---|---| +| **[Windows Hello](https://blogs.windows.com/bloggingwindows/2015/03/17/making-windows-10-more-personal-and-more-secure-with-windows-hello/)** | Microsoft Edge is the first browser to natively support Windows Hello to authenticate the user and the website with asymmetric cryptography technology, powered by early implementation of the [Web Authentication (formerly FIDO 2.0 Web API) specification](https://w3c.github.io/webauthn/). | +| **Microsoft SmartScreen** | Defends against phishing by performing reputation checks on sites visited and blocking any sites that are thought to be a phishing site. SmartScreen also helps to defend against installing malicious software, drive-by attacks, or file downloads, even from trusted sites. Drive-by attacks are malicious web-based attacks that compromise your system by targeting security vulnerabilities in commonly used software and may be hosted on trusted sites. | +| **Certificate Reputation system** | Collects data about certificates in use, detecting new certificates and flagging fraudulent certificates automatically, and sends the data to Microsoft. The systems and tools in place include | +| **Microsoft EdgeHTML and modern web standards** | Microsoft Edge uses Microsoft EdgeHTML as the rendering engine. This engine focuses on modern standards letting web developers build and maintain a consistent site across all modern browsers. It also helps to defend against hacking through these security standards features:

**NOTE:** Both Microsoft Edge and Internet Explorer 11 support HSTS. | +| **Code integrity and image loading restrictions** | Microsoft Edge content processes support code integrity and image load restrictions, helping to prevent malicious DLLs from loading or injecting into the content processes. Only [properly signed images](https://blogs.windows.com/msedgedev/2015/11/17/microsoft-edge-module-code-integrity/) are allowed to load into Microsoft Edge. Binaries on remote devices (such as UNC or WebDAV) can’t load. | +| **Memory corruption mitigations** | Memory corruption attacks frequently happen to apps written in C or C++ don’t provide safety or buffer overflow protection. When an attacker provides malformed input to a program, the program’s memory becomes corrupt allowing the attacker to take control of the program. Although attackers have adapted and invented new ways to attack, we’ve responded with memory safety defenses, mitigating the most common forms of attack, including and especially [use-after-free (UAF)](https://cwe.mitre.org/data/definitions/416.html) vulnerabilities. | +| **Memory Garbage Collector (MemGC) mitigation** | MemGC replaces Memory Protector and helps to protect the browser from UAF vulnerabilities. MemGC frees up memory from the programmer and automating it. Only freeing memory when the automation detects no references left pointing to a given block of memory. | +| **Control Flow Guard** | Attackers use memory corruption attacks to gain control of the CPU program counter to jump to any code location they want. Control Flow Guard, a Microsoft Visual Studio technology, compiles checks around code that performs indirect jumps based on a pointer. Those jumps get restricted to function entry points with known addresses only making attacker take-overs must more difficult constraining where an attack jumps. | +| **All web content runs in an app container sandbox** |Microsoft Edge takes the sandbox even farther, running its content processes in containers not just by default, but all of the time. Microsoft Edge doesn’t support 3rd party binary extensions, so there is no reason for it to run outside of the container, making Microsoft Edge more secure. | +| **Extension model and HTML5 support** |Microsoft Edge does not support binary extensions because they can bring code and data into the browser’s processes without any protection. So if anything goes wrong, the entire browser itself can be compromised or go down. We encourage everyone to use our scripted HTML5-based extension model. For more info about the new extensions, see the [Microsoft Edge Developer Center](https://developer.microsoft.com/microsoft-edge/extensions/). | +| **Reduced attack surfaces** |Microsoft Edge does not support VBScript, JScript, VML, Browser Helper Objects, Toolbars, ActiveX controls, and [document modes](https://msdn.microsoft.com/library/jj676915.aspx). Many IE browser vulnerabilities only appear in legacy document modes, so removing support reduced attack surface making the browser more secure.

It also means that it’s not as backward compatible. With this reduced backward compatibility, Microsoft Edge automatically falls back to Internet Explorer 11 for any apps that need backward compatibility. This fall back happens when you use the Enterprise Mode Site List. | +--- diff --git a/browsers/edge/group-policies/start-pages-gp.md b/browsers/edge/group-policies/start-pages-gp.md new file mode 100644 index 0000000000..55df08e642 --- /dev/null +++ b/browsers/edge/group-policies/start-pages-gp.md @@ -0,0 +1,42 @@ +--- +title: Microsoft Edge - Start pages group policies +description: Microsoft Edge loads the pages specified in App settings as the default Start pages. With the relevant Start pages policies, you can configure Microsoft Edge to load either the Start page, New tab page, previously opened pages, or a specific page or pages. You can also configure Microsoft Edge to prevent users from making changes. +manager: dougkim +ms.author: pashort +author: shortpatti +ms.localizationpriority: medium +ms.date: 10/02/2018 +ms.prod: edge +ms.mktglfcycl: explore +ms.sitesec: library +ms.topic: reference +--- + +# Start pages + +Microsoft Edge loads the pages specified in App settings as the default Start pages. With the relevant Start pages policies, you can configure Microsoft Edge to load either the Start page, New tab page, previously opened pages, or a specific page or pages. You can also configure Microsoft Edge to prevent users from making changes. + +## Relevant group policies + +- [Configure Open Microsoft Edge With](#configure-open-microsoft-edge-with) +- [Configure Start Pages](#configure-start-pages) +- [Disable Lockdown of Start pages](#disable-lockdown-of-start-pages) + +You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy: + +      **Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\** + +## Configuration options + +![Load URLs defined in Configure Start pages](../images/load-urls-defined-in-configure-open-edge-with-sm.png) + + +## Configure Open Microsoft Edge With +[!INCLUDE [configure-open-edge-with-include](../includes/configure-open-edge-with-include.md)] + +## Configure Start Pages +[!INCLUDE [configure-start-pages-include](../includes/configure-start-pages-include.md)] + +## Disable Lockdown of Start pages +[!INCLUDE [disable-lockdown-of-start-pages-include](../includes/disable-lockdown-of-start-pages-include.md)] + diff --git a/browsers/edge/group-policies/sync-browser-settings-gp.md b/browsers/edge/group-policies/sync-browser-settings-gp.md new file mode 100644 index 0000000000..aac83e87ca --- /dev/null +++ b/browsers/edge/group-policies/sync-browser-settings-gp.md @@ -0,0 +1,44 @@ +--- +title: Microsoft Edge - Sync browser settings +description: By default, the “browser” group syncs automatically between the user’s devices, letting users make changes. The “browser” group uses the Sync your Settings option in Settings to sync information like history and favorites. +manager: dougkim +ms.author: pashort +author: shortpatti +ms.date: 10/02/2018 +ms.localizationpriority: medium +ms.topic: reference +--- + +# Sync browser settings + + +By default, the “browser” group syncs automatically between the user’s devices, letting users make changes. The “browser” group uses the Sync your Settings option in Settings to sync information like history and favorites. You can configure Microsoft Edge to prevent the “browser” group from syncing and prevent users from turning on the _Sync your Settings_ toggle in Settings. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option in the Do not sync browser policy. + + +## Relevant policies +- [Do not sync browser settings](#do-not-sync-browser-settings) +- [Prevent users from turning on browser syncing](#prevent-users-from-turning-on-browser-syncing) + +You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy: + +      **Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\** + +## Configuration options + +![Sync browser settings automatically](../images/sync-browser-settings-automatically-sm.png) + +![Prevent syncing of browser settings](../images/prevent-syncing-browser-settings-sm.png) + + +### Verify the configuration +To verify the settings: +1. In the upper-right corner of Microsoft Edge, click **More** \(**...**\). +2. Click **Settings**. +3. Under Account, see if the setting is toggled on or off.

![Verify configuration](../images/sync-settings.PNG) + + +## Do not sync browser settings +[!INCLUDE [do-not-sync-browser-settings-include](../includes/do-not-sync-browser-settings-include.md)] + +## Prevent users from turning on browser syncing +[!INCLUDE [prevent-users-to-turn-on-browser-syncing-include](../includes/prevent-users-to-turn-on-browser-syncing-include.md)] \ No newline at end of file diff --git a/browsers/edge/group-policies/telemetry-management-gp.md b/browsers/edge/group-policies/telemetry-management-gp.md new file mode 100644 index 0000000000..c83cd2848c --- /dev/null +++ b/browsers/edge/group-policies/telemetry-management-gp.md @@ -0,0 +1,30 @@ +--- +title: Microsoft Edge - Telemetry and data collection group policies +description: Microsoft Edge gathers diagnostic data, intranet history, internet history, tracking information of sites visited, and Live Tile metadata. You can configure Microsoft Edge to collect all or none of this information. +manager: dougkim +ms.author: pashort +author: shortpatti +ms.date: 10/02/2018 +ms.localizationpriority: medium +ms.topic: reference +--- + +# Telemetry and data collection + +Microsoft Edge gathers diagnostic data, intranet history, internet history, tracking information of sites visited, and Live Tile metadata. You can configure Microsoft Edge to collect all or none of this information. + +You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy: + +      **Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\** + +## Allow extended telemetry for the Books tab +[!INCLUDE [allow-ext-telemetry-books-tab-include.md](../includes/allow-ext-telemetry-books-tab-include.md)] + +## Configure collection of browsing data for Microsoft 365 Analytics +[!INCLUDE [configure-browser-telemetry-for-m365-analytics-include](../includes/configure-browser-telemetry-for-m365-analytics-include.md)] + +## Configure Do Not Track +[!INCLUDE [configure-do-not-track-include.md](../includes/configure-do-not-track-include.md)] + +## Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start +[!INCLUDE [prevent-live-tile-pinning-start-include](../includes/prevent-live-tile-pinning-start-include.md)] \ No newline at end of file diff --git a/browsers/edge/images/148766.png b/browsers/edge/images/148766.png new file mode 100644 index 0000000000..cf568656a7 Binary files /dev/null and b/browsers/edge/images/148766.png differ diff --git a/browsers/edge/images/148767.png b/browsers/edge/images/148767.png new file mode 100644 index 0000000000..7f8b92a620 Binary files /dev/null and b/browsers/edge/images/148767.png differ diff --git a/browsers/edge/images/Picture1-sm.png b/browsers/edge/images/Picture1-sm.png new file mode 100644 index 0000000000..e5dddbd698 Binary files /dev/null and b/browsers/edge/images/Picture1-sm.png differ diff --git a/browsers/edge/images/Picture1.png b/browsers/edge/images/Picture1.png new file mode 100644 index 0000000000..a7cd8ea4a0 Binary files /dev/null and b/browsers/edge/images/Picture1.png differ diff --git a/browsers/edge/images/Picture2-sm.png b/browsers/edge/images/Picture2-sm.png new file mode 100644 index 0000000000..ad6cebca98 Binary files /dev/null and b/browsers/edge/images/Picture2-sm.png differ diff --git a/browsers/edge/images/Picture2.png b/browsers/edge/images/Picture2.png new file mode 100644 index 0000000000..665e3d2578 Binary files /dev/null and b/browsers/edge/images/Picture2.png differ diff --git a/browsers/edge/images/Picture5-sm.png b/browsers/edge/images/Picture5-sm.png new file mode 100644 index 0000000000..705fcecdd3 Binary files /dev/null and b/browsers/edge/images/Picture5-sm.png differ diff --git a/browsers/edge/images/Picture5.png b/browsers/edge/images/Picture5.png new file mode 100644 index 0000000000..9e11775911 Binary files /dev/null and b/browsers/edge/images/Picture5.png differ diff --git a/browsers/edge/images/Picture6-sm.png b/browsers/edge/images/Picture6-sm.png new file mode 100644 index 0000000000..1b020cf8fb Binary files /dev/null and b/browsers/edge/images/Picture6-sm.png differ diff --git a/browsers/edge/images/Picture6.png b/browsers/edge/images/Picture6.png new file mode 100644 index 0000000000..b5d9d8401d Binary files /dev/null and b/browsers/edge/images/Picture6.png differ diff --git a/browsers/edge/images/allow-shared-books-folder_sm.png b/browsers/edge/images/allow-shared-books-folder_sm.png new file mode 100644 index 0000000000..0eb5feb868 Binary files /dev/null and b/browsers/edge/images/allow-shared-books-folder_sm.png differ diff --git a/browsers/edge/images/allow-smart-screen-validation.PNG b/browsers/edge/images/allow-smart-screen-validation.PNG new file mode 100644 index 0000000000..f118ea8b9c Binary files /dev/null and b/browsers/edge/images/allow-smart-screen-validation.PNG differ diff --git a/browsers/edge/images/check-gn.png b/browsers/edge/images/check-gn.png new file mode 100644 index 0000000000..8aab16a59a Binary files /dev/null and b/browsers/edge/images/check-gn.png differ diff --git a/browsers/edge/images/config-enterprise-site-list.png b/browsers/edge/images/config-enterprise-site-list.png new file mode 100644 index 0000000000..82ffc30895 Binary files /dev/null and b/browsers/edge/images/config-enterprise-site-list.png differ diff --git a/browsers/edge/images/config-open-me-with-scenarios-tab.PNG b/browsers/edge/images/config-open-me-with-scenarios-tab.PNG new file mode 100644 index 0000000000..0e39d589d5 Binary files /dev/null and b/browsers/edge/images/config-open-me-with-scenarios-tab.PNG differ diff --git a/browsers/edge/images/enterprise-mode-value-data.png b/browsers/edge/images/enterprise-mode-value-data.png new file mode 100644 index 0000000000..9e9ece9c1a Binary files /dev/null and b/browsers/edge/images/enterprise-mode-value-data.png differ diff --git a/browsers/edge/images/home-buttom-custom-url-v4-sm.png b/browsers/edge/images/home-buttom-custom-url-v4-sm.png new file mode 100644 index 0000000000..dcacfdd7cf Binary files /dev/null and b/browsers/edge/images/home-buttom-custom-url-v4-sm.png differ diff --git a/browsers/edge/images/home-button-hide-v4-sm.png b/browsers/edge/images/home-button-hide-v4-sm.png new file mode 100644 index 0000000000..adf5961b64 Binary files /dev/null and b/browsers/edge/images/home-button-hide-v4-sm.png differ diff --git a/browsers/edge/images/home-button-start-new-tab-page-v4-sm.png b/browsers/edge/images/home-button-start-new-tab-page-v4-sm.png new file mode 100644 index 0000000000..5f4d97445d Binary files /dev/null and b/browsers/edge/images/home-button-start-new-tab-page-v4-sm.png differ diff --git a/browsers/edge/images/icon-thin-line-computer.png b/browsers/edge/images/icon-thin-line-computer.png new file mode 100644 index 0000000000..d7fc810e2f Binary files /dev/null and b/browsers/edge/images/icon-thin-line-computer.png differ diff --git a/browsers/edge/images/load-blank-page-not-new-tab-page-sm.png b/browsers/edge/images/load-blank-page-not-new-tab-page-sm.png new file mode 100644 index 0000000000..5cd776f936 Binary files /dev/null and b/browsers/edge/images/load-blank-page-not-new-tab-page-sm.png differ diff --git a/browsers/edge/images/load-default-new-tab-page-sm.png b/browsers/edge/images/load-default-new-tab-page-sm.png new file mode 100644 index 0000000000..3fd9b6b714 Binary files /dev/null and b/browsers/edge/images/load-default-new-tab-page-sm.png differ diff --git a/browsers/edge/images/load-urls-defined-in-configure-open-edge-with-sm.png b/browsers/edge/images/load-urls-defined-in-configure-open-edge-with-sm.png new file mode 100644 index 0000000000..f82383cb1d Binary files /dev/null and b/browsers/edge/images/load-urls-defined-in-configure-open-edge-with-sm.png differ diff --git a/browsers/edge/images/prelaunch-edge-and-preload-tabs-sm.png b/browsers/edge/images/prelaunch-edge-and-preload-tabs-sm.png new file mode 100644 index 0000000000..2e0c2caaa5 Binary files /dev/null and b/browsers/edge/images/prelaunch-edge-and-preload-tabs-sm.png differ diff --git a/browsers/edge/images/prelaunch-edge-only-sm.png b/browsers/edge/images/prelaunch-edge-only-sm.png new file mode 100644 index 0000000000..e5ae065226 Binary files /dev/null and b/browsers/edge/images/prelaunch-edge-only-sm.png differ diff --git a/browsers/edge/images/preload-tabs-only-sm.png b/browsers/edge/images/preload-tabs-only-sm.png new file mode 100644 index 0000000000..1ea5a5af23 Binary files /dev/null and b/browsers/edge/images/preload-tabs-only-sm.png differ diff --git a/browsers/edge/images/prevent-syncing-browser-settings-sm.png b/browsers/edge/images/prevent-syncing-browser-settings-sm.png new file mode 100644 index 0000000000..fb88466201 Binary files /dev/null and b/browsers/edge/images/prevent-syncing-browser-settings-sm.png differ diff --git a/browsers/edge/images/set-default-search-engine-v4-sm.png b/browsers/edge/images/set-default-search-engine-v4-sm.png new file mode 100644 index 0000000000..cf43642b65 Binary files /dev/null and b/browsers/edge/images/set-default-search-engine-v4-sm.png differ diff --git a/browsers/edge/images/sync-browser-settings-automatically-sm.png b/browsers/edge/images/sync-browser-settings-automatically-sm.png new file mode 100644 index 0000000000..ff9695d64c Binary files /dev/null and b/browsers/edge/images/sync-browser-settings-automatically-sm.png differ diff --git a/browsers/edge/images/sync-settings.PNG b/browsers/edge/images/sync-settings.PNG new file mode 100644 index 0000000000..5c72626abd Binary files /dev/null and b/browsers/edge/images/sync-settings.PNG differ diff --git a/browsers/edge/images/use-enterprise-mode-with-microsoft-edge-sm.png b/browsers/edge/images/use-enterprise-mode-with-microsoft-edge-sm.png new file mode 100644 index 0000000000..bc64f2dade Binary files /dev/null and b/browsers/edge/images/use-enterprise-mode-with-microsoft-edge-sm.png differ diff --git a/browsers/edge/images/users-choose-new-tab-page-sm.png b/browsers/edge/images/users-choose-new-tab-page-sm.png new file mode 100644 index 0000000000..21e7c7ea7f Binary files /dev/null and b/browsers/edge/images/users-choose-new-tab-page-sm.png differ diff --git a/browsers/edge/img-microsoft-edge-infographic-lg.md b/browsers/edge/img-microsoft-edge-infographic-lg.md index cb3a42f1b9..e9d8b67cc2 100644 --- a/browsers/edge/img-microsoft-edge-infographic-lg.md +++ b/browsers/edge/img-microsoft-edge-infographic-lg.md @@ -2,8 +2,6 @@ description: A full-sized view of the Microsoft Edge infographic. title: Full-sized view of the Microsoft Edge infographic ms.date: 11/10/2016 -ms.author: pashort -author: shortpatti --- Return to: [Browser: Microsoft Edge and Internet Explorer 11](enterprise-guidance-using-microsoft-edge-and-ie11.md)
diff --git a/browsers/edge/includes/allow-address-bar-suggestions-include.md b/browsers/edge/includes/allow-address-bar-suggestions-include.md new file mode 100644 index 0000000000..fef471693a --- /dev/null +++ b/browsers/edge/includes/allow-address-bar-suggestions-include.md @@ -0,0 +1,49 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
+>*Default setting: Enabled or not configured (Allowed)* + +[!INCLUDE [allow-address-bar-drop-down-shortdesc](../shortdesc/allow-address-bar-drop-down-shortdesc.md)] + + +### Supported values + + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Disabled |0 |0 |Prevented. Hide the Address bar drop-down list and disable the _Show search and site suggestions as I type_ toggle in Settings. |![Most restricted value](../images/check-gn.png) | +|Enabled or not configured **(default)** |1 |1 |Allowed. Show the Address bar drop-down list and make it available. | | +--- + +### ADMX info and settings + +#### ADMX info +- **GP English name:** Allow Address bar drop-down list suggestions +- **GP name:** AllowAddressBarDropdown +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[AllowAddressBarDropdown](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser\#browser-allowaddressbardropdown) +- **Supported devices:** Desktop +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowAddressBarDropdown +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\ServiceUI +- **Value name:** ShowOneBox +- **Value type:** REG_DWORD + + +### Related policies + +[Configure search suggestions in Address bar](../available-policies.md#configure-search-suggestions-in-address-bar): [!INCLUDE [configure-additional-search-engines-shortdesc](../shortdesc/configure-additional-search-engines-shortdesc.md)] + +

\ No newline at end of file diff --git a/browsers/edge/includes/allow-adobe-flash-include.md b/browsers/edge/includes/allow-adobe-flash-include.md new file mode 100644 index 0000000000..c3965dd477 --- /dev/null +++ b/browsers/edge/includes/allow-adobe-flash-include.md @@ -0,0 +1,42 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10*
+>*Default setting: Enabled or not configured (Allowed)* + +[!INCLUDE [allow-adobe-flash-shortdesc](../shortdesc/allow-adobe-flash-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description | +|---|:---:|:---:|---| +|Disabled |0 |0 |Prevented | +|Enabled **(default)** |1 |1 |Allowed | +--- + +### ADMX info and settings + +#### ADMX info +- **GP English name:** Allow Adobe Flash +- **GP name:** AllowFlash +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[AllowFlash](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser\#browser-allowflash) +- **Supported devices:** Desktop +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowAdobeFlash +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Addons +- **Value name:** FlashPlayerEnabled +- **Value type:** REG_DWORD + +
diff --git a/browsers/edge/includes/allow-clearing-browsing-data-include.md b/browsers/edge/includes/allow-clearing-browsing-data-include.md new file mode 100644 index 0000000000..a3bd064c75 --- /dev/null +++ b/browsers/edge/includes/allow-clearing-browsing-data-include.md @@ -0,0 +1,44 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
+>*Default setting: Disabled or not configured (Prevented)* + +[!INCLUDE [allow-clearing-browsing-data-on-exit-shortdesc](../shortdesc/allow-clearing-browsing-data-on-exit-shortdesc.md)] + +### Supported values + + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Disabled or not configured **(default)** |0 |0 |Prevented. Users can configure the _Clear browsing data_ option in Settings. | | +|Enabled |1 |1 |Allowed. Clear the browsing data upon exit automatically. |![Most restricted value](../images/check-gn.png) | +--- + + +### ADMX info and settings + +#### ADMX info +- **GP English name:** Allow clearing browsing data on exit +- **GP name:** AllowClearingBrowsingDataOnExit +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[ClearBrowsingDataOnExit](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser\#browser-clearbrowsingdataonexit) +- **Supported devices:** Desktop +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ClearBrowsingDataOnExit +- **Data type:** Integer + +#### Registry +- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Privacy +- **Value name:** ClearBrowsingHistoryOnExit +- **Value type:** REG_DWORD + +
\ No newline at end of file diff --git a/browsers/edge/includes/allow-config-updates-books-include.md b/browsers/edge/includes/allow-config-updates-books-include.md new file mode 100644 index 0000000000..21454f87b9 --- /dev/null +++ b/browsers/edge/includes/allow-config-updates-books-include.md @@ -0,0 +1,46 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10, version 1803 or later*
+>*Default setting: Enabled or not configured (Allowed)* + +[!INCLUDE [allow-configuration-updates-for-books-library-shortdesc](../shortdesc/allow-configuration-updates-for-books-library-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Disabled |0 |0 |Prevented. |![Most restricted value](../images/check-gn.png) | +|Enabled or not configured
**(default)** |1 |1 |Allowed. Microsoft Edge updates the configuration data for the Books Library automatically. | | +--- + +### ADMX info and settings + +#### ADMX info +- **GP English name:** Allow configuration updates for the Books Library +- **GP name:** AllowConfigurationUpdateForBooksLibrary +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[AllowConfigurationUpdateForBooksLibrary](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary) +- **Supported devices:** Desktop +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowConfigurationUpdateForBooksLibrary +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\BooksLibrary +- **Value name:** AllowConfigurationUpdateForBooksLibrary +- **Value type:** REG_DWORD + +### Related topics + +[!INCLUDE [man-connections-win-comp-services-shortdesc-include](man-connections-win-comp-services-shortdesc-include.md)] + +
diff --git a/browsers/edge/includes/allow-cortana-include.md b/browsers/edge/includes/allow-cortana-include.md new file mode 100644 index 0000000000..867850d83f --- /dev/null +++ b/browsers/edge/includes/allow-cortana-include.md @@ -0,0 +1,43 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10*
+>*Default setting: Enabled (Allowed)* + +[!INCLUDE [allow-cortana-shortdesc](../shortdesc/allow-cortana-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Disabled |0 |0 |Prevented. Users can still search to find items on their device. |![Most restricted value](../images/check-gn.png) | +|Enabled
**(default)** |1 |1 |Allowed. | | +--- + +### ADMX info and settings + +#### ADMX info +- **GP English name:** Allow Cortana +- **GP name:** AllowCortana +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Experience/[AllowCortana](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowcortana) +- **Supported devices:** Mobile +- **URI full path:** ./Vendor/MSFT/Policy/Config/Experience/AllowCortana +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\Software\Policies\Microsoft\Windows\Windows Search +- **Value name:** AllowCortana +- **Value type:** REG_DWORD + +
+ diff --git a/browsers/edge/includes/allow-dev-tools-include.md b/browsers/edge/includes/allow-dev-tools-include.md new file mode 100644 index 0000000000..b335926754 --- /dev/null +++ b/browsers/edge/includes/allow-dev-tools-include.md @@ -0,0 +1,44 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10, version 1511 or later*
+>*Default setting: Enabled (Allowed)* + +[!INCLUDE [allow-developer-tools-shortdesc](../shortdesc/allow-developer-tools-shortdesc.md)] + + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Disabled |0 |0 |Prevented |![Most restricted value](../images/check-gn.png) | +|Enabled |1 |1 |Allowed | | +--- + + +### ADMX info and settings + +#### ADMX info +- **GP English name:** Allow Developer Tools +- **GP name:** AllowDeveloperTools +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[AllowDeveloperTools](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowdevelopertools) +- **Supported devices:** Desktop +- **URI full Path:** ./Vendor/MSFT/Policy/Config/Browser/AllowDeveloperTools +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\F12 +- **Value name:** AllowDeveloperTools +- **Value type:** REG_DWORD + +
\ No newline at end of file diff --git a/browsers/edge/includes/allow-enable-book-library-include.md b/browsers/edge/includes/allow-enable-book-library-include.md new file mode 100644 index 0000000000..ec76df7f79 --- /dev/null +++ b/browsers/edge/includes/allow-enable-book-library-include.md @@ -0,0 +1,41 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10, version 1709 or later*
+>*Default setting: Disabled or not configured* + +[!INCLUDE [always-show-books-library-shortdesc](../shortdesc/always-show-books-library-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Disabled or not configured
**(default)** |0 |0 |Show the Books Library only in countries or regions where supported. |![Most restricted value](../images/check-gn.png) | +|Enabled |1 |1 |Show the Books Library, regardless of the device’s country or region. | | +--- +### ADMX info and settings + +#### ADMX info +- **GP English name:** Always show the Books Library in Microsoft Edge +- **GP name:** AlwaysEnableBooksLibrary +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[Browser/AlwaysEnableBooksLibrary](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) +- **Supported devices:** Desktop and Mobile +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AlwaysEnableBooksLibrary +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main +- **Value name:** AlwaysEnableBooksLibrary +- **Value type:** REG_DWORD + +
diff --git a/browsers/edge/includes/allow-ext-telemetry-books-tab-include.md b/browsers/edge/includes/allow-ext-telemetry-books-tab-include.md new file mode 100644 index 0000000000..f078711142 --- /dev/null +++ b/browsers/edge/includes/allow-ext-telemetry-books-tab-include.md @@ -0,0 +1,43 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10, version 1803 or later*
+>*Default setting: Disabled or not configured (Gather and send only basic diagnostic data)* + +[!INCLUDE [allow-extended-telemetry-for-books-tab-shortdesc](../shortdesc/allow-extended-telemetry-for-books-tab-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Disabled or not configured
**(default)** |0 |0 |Gather and send only basic diagnostic data. |![Most restricted value](../images/check-gn.png) | +|Enabled |1 |1 |Gather all diagnostic data. For this policy to work correctly, you must set the diagnostic data in _Settings > Diagnostics & feedback_ to **Full**. | | +--- + +### ADMX info and settings + +#### ADMX info +- **GP English name:** Allow extended telemetry for the Books tab +- **GP name:** EnableExtendedBooksTelemetry +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** [Browser/EnableExtendedBooksTelemetry](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry) +- **Supported devices:** Desktop and Mobile +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/EnableExtendedBooksTelemetry +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\BooksLibrary +- **Value name:** EnableExtendedBooksTelemetry +- **Value type:** REG_DWORD + + +
diff --git a/browsers/edge/includes/allow-extensions-include.md b/browsers/edge/includes/allow-extensions-include.md new file mode 100644 index 0000000000..bb9b65ea2c --- /dev/null +++ b/browsers/edge/includes/allow-extensions-include.md @@ -0,0 +1,46 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10, version 1607 or later*
+>*Default setting: Enabled or not configured (Allowed)* + +[!INCLUDE [allow-extensions-shortdesc](../shortdesc/allow-extensions-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description | +|---|:---:|:---:|---| +|Disabled |0 |0 |Prevented | +|Enabled or not configured
**(default)** |1 |1 |Allowed | +--- + +### ADMX info and settings + +#### ADMX info +- **GP English name:** Allow Extensions +- **GP name:** AllowExtensions +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[AllowExtensions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowextensions) +- **Supported devices:** Desktop +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowExtensions +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Extensions +- **Value name:** ExtensionsEnabled +- **Value type:** REG_DWORD + +### Related topics + +[!INCLUDE [microsoft-browser-extension-policy-shortdesc](../shortdesc/microsoft-browser-extension-policy-shortdesc.md)] + +
\ No newline at end of file diff --git a/browsers/edge/includes/allow-full-screen-include.md b/browsers/edge/includes/allow-full-screen-include.md new file mode 100644 index 0000000000..6cbfe544bd --- /dev/null +++ b/browsers/edge/includes/allow-full-screen-include.md @@ -0,0 +1,44 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + + +>*Supported versions: Microsoft Edge on Windows 10, version 1809*
+>*Default setting: Enabled or not configured (Allowed)* + + +[!INCLUDE [allow-fullscreen-mode-shortdesc](../shortdesc/allow-fullscreen-mode-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Disabled |0 |0 |Prevented |![Most restricted value](../images/check-gn.png) | +|Enabled
**(default)** |1 |1 |Allowed | | +--- + +### ADMX info and settings + +#### ADMX info +- **GP English name:** Allow fullscreen mode +- **GP name:** AllowFullScreenMode +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[AllowFullscreen](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowfullscreenmode) +- **Supported devices:** Desktop +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowFullscreen +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main +- **Value name:** AllowFullScreenMode +- **Value type:** REG_DWORD + +
diff --git a/browsers/edge/includes/allow-inprivate-browsing-include.md b/browsers/edge/includes/allow-inprivate-browsing-include.md new file mode 100644 index 0000000000..77339e72ef --- /dev/null +++ b/browsers/edge/includes/allow-inprivate-browsing-include.md @@ -0,0 +1,44 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10, version 1511 or later*
+>*Default setting: Enabled or not configured (Allowed)* + + +[!INCLUDE [allow-inprivate-browsing-shortdesc](../shortdesc/allow-inprivate-browsing-shortdesc.md)] + + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Disabled |0 |0 |Prevented |![Most restricted value](../images/check-gn.png) | +|Enabled or not configured
**(default)** |1 |1 |Allowed | | +--- + +### ADMX info and settings + +#### ADMX info +- **GP English name:** Allow InPrivate browsing +- **GP name:** AllowInPrivate +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[AllowInPrivate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowinprivate) +- **Supported devices:** Desktop and Mobile +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowInPrivate +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main +- **Value name:** AllowInPrivate +- **Value type:** REG_DWORD + +
diff --git a/browsers/edge/includes/allow-microsoft-compatibility-list-include.md b/browsers/edge/includes/allow-microsoft-compatibility-list-include.md new file mode 100644 index 0000000000..bbc6aad2d2 --- /dev/null +++ b/browsers/edge/includes/allow-microsoft-compatibility-list-include.md @@ -0,0 +1,42 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10, version 1607 or later*
+>*Default setting: Enabled or not configured (Allowed)* + +[!INCLUDE [allow-microsoft-compatibility-list-shortdesc](../shortdesc/allow-microsoft-compatibility-list-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Disabled |0 |0 |Prevented |![Most restricted value](../images/check-gn.png) | +|Enabled or not configured
**(default)** |1 |1 |Allowed | | +--- + +### ADMX info and settings + +#### ADMX info +- **GP English name:** Allow Microsoft Compatibility List +- **GP name:** AllowCVList +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[AllowMicrosoftCompatibilityList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowmicrosoftcompatibilitylist) +- **Supported devices:** Desktop and Mobile +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowMicrosoftCompatibilityList +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\BrowserEmulation +- **Value name:** MSCompatibilityMode +- **Value type:** REG_DWORD + +
diff --git a/browsers/edge/includes/allow-prelaunch-include.md b/browsers/edge/includes/allow-prelaunch-include.md new file mode 100644 index 0000000000..7f1d10363c --- /dev/null +++ b/browsers/edge/includes/allow-prelaunch-include.md @@ -0,0 +1,44 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + + +>*Supported versions: Microsoft Edge on Windows 10, version 1809*
+>*Default setting: Enabled or not configured (Allowed)* + +[!INCLUDE [allow-prelaunch-shortdesc](../shortdesc/allow-prelaunch-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Disabled |0 |0 |Prevented |![Most restrictive value](../images/check-gn.png) | +|Enabled or not configured
**(default)** |1 |1 |Allowed | | +--- + + +### ADMX info and settings + +#### ADMX info +- **GP English name:** Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed +- **GP name:** AllowPreLaunch +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[AllowPrelaunch](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowprelaunch) +- **Supported devices:** Desktop +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowPrelaunch +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\ +- **Value name:** AllowPrelaunch +- **Value type:** REG_DWORD + +
\ No newline at end of file diff --git a/browsers/edge/includes/allow-printing-include.md b/browsers/edge/includes/allow-printing-include.md new file mode 100644 index 0000000000..c489b9ebdd --- /dev/null +++ b/browsers/edge/includes/allow-printing-include.md @@ -0,0 +1,42 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10, version 1809*
+>*Default setting: Enabled or not configured (Allowed)* + +[!INCLUDE [allow-printing-shortdesc](../shortdesc/allow-printing-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Disabled |0 |0 |Prevented |![Most restrictive value](../images/check-gn.png) | +|Enabled or not configured
**(default)** |1 |1 |Allowed | | +--- + +### ADMX info and settings + +#### ADMX info +- **GP English name:** Allow printing +- **GP name:** AllowPrinting +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[AllowPrinting](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowprinting) +- **Supported devices:** Desktop +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowPrinting +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main +- **Value name:** AllowPrinting +- **Value type:** REG_DWORD + +
\ No newline at end of file diff --git a/browsers/edge/includes/allow-saving-history-include.md b/browsers/edge/includes/allow-saving-history-include.md new file mode 100644 index 0000000000..cc495aac9e --- /dev/null +++ b/browsers/edge/includes/allow-saving-history-include.md @@ -0,0 +1,44 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + + +>*Supported versions: Microsoft Edge on Windows 10, version 1809*
+>*Default setting: Enabled or not configured (Allowed)* + +[!INCLUDE [allow-saving-history-shortdesc](../shortdesc/allow-saving-history-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Disabled |0 |0 |Prevented |![Most restricted value](../images/check-gn.png) | +|Enabled or not configured
**(default)** |1 |1 |Allowed | | +--- + +### ADMX info and settings + +#### ADMX info +- **GP English name:** Allow Saving History +- **GP name:** AllowSavingHistory +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[AllowSavingHistory](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsavinghistory) +- **Supported devices:** Desktop +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowSavingHistory +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main +- **Value name:** AllowSavingHistory +- **Value type:** REG_DWORD + + +
\ No newline at end of file diff --git a/browsers/edge/includes/allow-search-engine-customization-include.md b/browsers/edge/includes/allow-search-engine-customization-include.md new file mode 100644 index 0000000000..cc3137fa52 --- /dev/null +++ b/browsers/edge/includes/allow-search-engine-customization-include.md @@ -0,0 +1,56 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
+>*Default setting: Enabled or not configured (Allowed)* + +[!INCLUDE [allow-search-engine-customization-shortdesc](../shortdesc/allow-search-engine-customization-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Disabled |0 |0 |Prevented |![Most restricted value](../images/check-gn.png) | +|Enabled or not configured
**(default)** |1 |1 |Allowed | | +--- + +### ADMX info and settings + +##### ADMX info +- **GP English name:** Allow search engine customization +- **GP name:** AllowSearchEngineCustomization +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[AllowSearchEngineCustomization](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsearchenginecustomization) +- **Supported devices:** Desktop and Mobile +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowSearchEngineCustomization +- **Data type:** Integer + + +#### Registry settings +- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Protected +- **Value name:** AllowSearchEngineCustomization +- **Value type:** REG_DWORD + + +### Related policies + +- [Set default search engine](../available-policies.md#set-default-search-engine): [!INCLUDE [set-default-search-engine-shortdesc](../shortdesc/set-default-search-engine-shortdesc.md)] + +- [Configure additional search engines](../available-policies.md#configure-additional-search-engines): [!INCLUDE [configure-additional-search-engines-shortdesc](../shortdesc/configure-additional-search-engines-shortdesc.md)] + +### Related topics + +- [!INCLUDE [man-connections-win-comp-services-shortdesc-include](man-connections-win-comp-services-shortdesc-include.md)] + +- [!INCLUDE [search-provider-discovery-shortdesc-include](search-provider-discovery-shortdesc-include.md)] + +
\ No newline at end of file diff --git a/browsers/edge/includes/allow-shared-folder-books-include.md b/browsers/edge/includes/allow-shared-folder-books-include.md new file mode 100644 index 0000000000..d4b813968c --- /dev/null +++ b/browsers/edge/includes/allow-shared-folder-books-include.md @@ -0,0 +1,49 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10, version 1803*
+>*Default setting: Disabled or not configured (Not allowed)* + +[!INCLUDE [allow-a-shared-books-folder-shortdesc](../shortdesc/allow-a-shared-books-folder-shortdesc.md)] + + + +### Supported values +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Disabled or not configured
**(default)** |0 |0 |Prevented. Microsoft Edge downloads book files to a per-user folder for each user. |![Most restricted value](../images/check-gn.png) | +|Enabled |1 |1 |Allowed. Microsoft Edge downloads book files to a shared folder. For this policy to work correctly, you must also enable the **Allow a Windows app to share application data between users** group policy, which you can find:

**Computer Configuration\\Administrative Templates\\Windows Components\\App Package Deployment\\**

Also, the users must be signed in with a school or work account.| | +--- + +![Allow a shared books folder](../images/allow-shared-books-folder_sm.png) + +### ADMX info and settings + +#### ADMX info +- **GP English name:** Allow a shared Books folder +- **GP name:** UseSharedFolderForBooks +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[UseSharedFolderForBooks](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-usesharedfolderforbooks) +- **Supported devices:** Desktop +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/UseSharedFolderForBooks +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\BooksLibrary +- **Value name:** UseSharedFolderForBooks +- **Value type:** REG_DWORD + +### Related policies + +**Allow a Windows app to share application data between users:** [!INCLUDE [allow-windows-app-to-share-data-users-shortdesc](../shortdesc/allow-windows-app-to-share-data-users-shortdesc.md)] + +

diff --git a/browsers/edge/includes/allow-sideloading-extensions-include.md b/browsers/edge/includes/allow-sideloading-extensions-include.md new file mode 100644 index 0000000000..b0575c853b --- /dev/null +++ b/browsers/edge/includes/allow-sideloading-extensions-include.md @@ -0,0 +1,52 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10, version 1809*
+>*Default setting: Enabled (Allowed)* + +[!INCLUDE [allow-sideloading-of-extensions-shortdesc](../shortdesc/allow-sideloading-of-extensions-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Disabled or not configured |0 |0 |Prevented. Disabling does not prevent sideloading of extensions using Add-AppxPackage via PowerShell. To prevent this, you must enable the **Allows development of Windows Store apps and installing them from an integrated development environment (IDE)** group policy, which you can find:

**Computer Configuration\\Administrative Templates\\Windows Components\\App Package Deployment\\**

For the MDM setting, set the **ApplicationManagement/AllowDeveloperUnlock** policy to 1 (enabled). |![Most restricted value](../images/check-gn.png) | +|Enabled
**(default)** |1 |1 |Allowed. | | +--- + +### ADMX info and settings + +#### ADMX info +- **GP English name:** Allow sideloading of Extensions +- **GP name:** AllowSideloadingOfExtensions +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[AllowSideloadingExtensions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsideloadingofextensions) +- **Supported devices:** Desktop +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowSideloadingExtensions +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Extensions +- **Value name:** AllowSideloadingOfExtensions +- **Value type:** REG_DWORD + +### Related policies + +- [Allows development of Windows Store apps and installing them from an integrated development environment (IDE)](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowdeveloperunlock): When you enable this policy and the **Allow all trusted apps to install** policy, you allow users to develop Windows Store apps and install them directly from an IDE. + +- [Allow all trusted apps to install](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowalltrustedapps): When you enable this policy, you can manage the installation of trusted line-of-business (LOB) or developer-signed Windows Store apps. + +### Related topics + +[Enable your device for development](https://docs.microsoft.com/windows/uwp/get-started/enable-your-device-for-development): Access development features, along with other developer-focused settings to make it possible for you to develop, test, and debug apps. Learn how to configure your environment for development, the difference between Developer Mode and sideloading, and the security risks of Developer mode. + +

\ No newline at end of file diff --git a/browsers/edge/includes/allow-tab-preloading-include.md b/browsers/edge/includes/allow-tab-preloading-include.md new file mode 100644 index 0000000000..c62d262521 --- /dev/null +++ b/browsers/edge/includes/allow-tab-preloading-include.md @@ -0,0 +1,42 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10, version 1802*
+>*Default setting: Enabled or not configured (Allowed)* + +[!INCLUDE [allow-tab-preloading-shortdesc](../shortdesc/allow-tab-preloading-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Disabled |0 |0 |Prevented. |![Most restricted value](../images/check-gn.png) | +|Enabled or not configured
**(default)** |1 |1 |Allowed. Preload Start and New Tab pages. | | +--- + +### ADMX info and settings + +#### ADMX info +- **GP English name:** Allow Microsoft Edge to load the Start and New Tab pages in the background at Windows startup and each time Microsoft Edge is closed +- **GP name:** AllowTabPreloading +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[AllowTabPreloading](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowtabpreloading) +- **Supported devices:** Desktop +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowTabPreloading +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\TabPreloader +- **Value name:** AllowTabPreloading +- **Value type:** REG_DWORD + +
diff --git a/browsers/edge/includes/allow-web-content-new-tab-page-include.md b/browsers/edge/includes/allow-web-content-new-tab-page-include.md new file mode 100644 index 0000000000..cdd5bb2adc --- /dev/null +++ b/browsers/edge/includes/allow-web-content-new-tab-page-include.md @@ -0,0 +1,47 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 11/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10*
+>*Default setting: Enabled (the default New Tab page loads)* + + +[!INCLUDE [allow-web-content-on-new-tab-page-shortdesc](../shortdesc/allow-web-content-on-new-tab-page-shortdesc.md)] + + +### Supported values + +|Group Policy |MDM |Registry |Description | +|---|:---:|:---:|---| +|Disabled |0 |0 |Load a blank page instead of the default New Tab page and prevent users from making changes. | +|Enabled or not configured **(default)** |1 |1 |Load the default New Tab page and the users make changes. | +--- + +### ADMX info and settings + +#### ADMX info +- **GP English name:** Allow web content on New Tab page +- **GP name:** AllowWebContentOnNewTabPage +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[AllowWebContentOnNewTabPage](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage) +- **Supported devices:** Desktop +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowWebContentOnNewTabPage +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\ServiceUI +- **Value name:** AllowWebContentOnNewTabPage +- **Value type:** REG_DWORD + +### Related policies +[Set New Tab page URL](../available-policies.md#set-new-tab-page-url): [!INCLUDE [set-new-tab-url-shortdesc](../shortdesc/set-new-tab-url-shortdesc.md)] + +
\ No newline at end of file diff --git a/browsers/edge/includes/always-enable-book-library-include.md b/browsers/edge/includes/always-enable-book-library-include.md new file mode 100644 index 0000000000..16ee156803 --- /dev/null +++ b/browsers/edge/includes/always-enable-book-library-include.md @@ -0,0 +1,43 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10, version 1709 or later*
+>*Default setting: Disabled or not configured* + + +[!INCLUDE [always-show-books-library-shortdesc](../shortdesc/always-show-books-library-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Disabled or not configured
**(default)** |0 |0 |Show the Books Library only in countries or regions where supported. |![Most restricted value](../images/check-gn.png) | +|Enabled |1 |1 |Show the Books Library, regardless of the device’s country or region. | | +--- + +### ADMX info and settings + +#### ADMX info +- **GP English name:** Always show the Books Library in Microsoft Edge +- **GP name:** AlwaysEnableBooksLibrary +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[AlwaysEnableBooksLibrary](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) +- **Supported devices:** Desktop and Mobile +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AlwaysEnableBooksLibrary +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main +- **Value name:** AlwaysEnableBooksLibrary +- **Value type:** REG_DWORD + +
diff --git a/browsers/edge/includes/configure-additional-search-engines-include.md b/browsers/edge/includes/configure-additional-search-engines-include.md new file mode 100644 index 0000000000..cd5341cd46 --- /dev/null +++ b/browsers/edge/includes/configure-additional-search-engines-include.md @@ -0,0 +1,55 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
+>*Default setting: Disabled or not configured (Prevented)* + +[!INCLUDE [configure-additional-search-engines-shortdesc](../shortdesc/configure-additional-search-engines-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Disabled or not configured
**(default)** |0 |0 |Prevented. Use the search engine specified in App settings.

If you enabled this policy and now want to disable it, all previously configured search engines get removed. |![Most restricted value](../images/check-gn.png) | +|Enabled |1 |1 |Allowed. Add up to five additional search engines and set any one of them as the default.

For each search engine added you must specify a link to the OpenSearch XML file that contains, at a minimum, the short name and URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/browser/search-provider-discovery/). | | +--- + +### ADMX info and settings +#### ADMX info +- **GP English name:** Configure additional search engines +- **GP name:** ConfigureAdditionalSearchEngines +- **GP element:** ConfigureAdditionalSearchEngines_Prompt +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[ConfigureAdditionalSearchEngines](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configureadditionalsearchengines) +- **Supported devices:** Desktop and Mobile +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureAdditionalSearchEngines +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\OpenSearch +- **Value name:** ConfigureAdditionalSearchEngines +- **Value type:** REG_SZ + +### Related policies + +- [Set default search engine](../available-policies.md\#set-default-search-engine): [!INCLUDE [set-default-search-engine-shortdesc](../shortdesc/set-default-search-engine-shortdesc.md)] + +- [Allow search engine customization](../available-policies.md#allow-search-engine-customization): [!INCLUDE [allow-search-engine-customization-shortdesc](../shortdesc/allow-search-engine-customization-shortdesc.md)] + + +### Related topics + +- [!INCLUDE [microsoft-browser-extension-policy-shortdesc](../shortdesc/microsoft-browser-extension-policy-shortdesc.md)] + +- [Search provider discovery](https://docs.microsoft.com/microsoft-edge/dev-guide/browser/search-provider-discovery): Rich search integration is built into the Microsoft Edge address bar, including search suggestions, results from the web, your browsing history, and favorites. + +

\ No newline at end of file diff --git a/browsers/edge/includes/configure-adobe-flash-click-to-run-include.md b/browsers/edge/includes/configure-adobe-flash-click-to-run-include.md new file mode 100644 index 0000000000..3011317313 --- /dev/null +++ b/browsers/edge/includes/configure-adobe-flash-click-to-run-include.md @@ -0,0 +1,42 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
+>*Default setting: Enabled or not configured (Does not load content automatically)* + +[!INCLUDE [configure-adobe-flash-click-to-run-setting-shortdesc](../shortdesc/configure-adobe-flash-click-to-run-setting-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Disabled |0 |0 |Load and run Adobe Flash content automatically. | | +|Enabled or not configured
**(default)** |1 |1 |Do not load or run Adobe Flash content and require action from the user. |![Most restricted value](../images/check-gn.png) | +--- + +### ADMX info and settings + +#### ADMX info +- **GP English name:** Configure the Adobe Flash Click-to-Run setting +- **GP name:** AllowFlashClickToRun +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[AllowFlashClickToRun](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun) +- **Supported devices:** Desktop +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowFlashClickToRun +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Security +- **Value name:** FlashClickToRunMode +- **Value type:** REG_DWORD + +
\ No newline at end of file diff --git a/browsers/edge/includes/configure-autofill-include.md b/browsers/edge/includes/configure-autofill-include.md new file mode 100644 index 0000000000..bd717cc583 --- /dev/null +++ b/browsers/edge/includes/configure-autofill-include.md @@ -0,0 +1,42 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10*
+>*Default setting: Not configured (Blank)* + +[!INCLUDE [configure-autofill-shortdesc](../shortdesc/configure-autofill-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Not configured
**(default)** | Blank |Blank |Users can choose to use Autofill. | | +|Disabled | 0 | no | Prevented. |![Most restricted value](../images/check-gn.png) | +|Enabled |1 |yes | Allowed. | | +--- + +### ADMX info and settings +#### ADMX info +- **GP English name:** Configure Autofill +- **GP name:** AllowAutofill +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[AllowAutofill](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser\#browser-allowautofill) +- **Supported devices:** Desktop +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowAutofill +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main +- **Value name:** Use FormSuggest +- **Value type:** REG_SZ + +
diff --git a/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md b/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md new file mode 100644 index 0000000000..f4c4360129 --- /dev/null +++ b/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md @@ -0,0 +1,62 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10, version 1809*
+>*Default setting: Disabled or not configured (No data collected or sent)* + +[!INCLUDE [configure-browser-telemetry-for-m365-analytics-shortdesc](../shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md)] + + +>[!IMPORTANT] +>For this policy to work, enable the **Allow Telemetry** group policy with the _Enhanced_ option and enable the **Configure the Commercial ID** group policy by providing the Commercial ID. +> +>You can find these policies in the following location of the Group Policy Editor: +> +>**Computer Configuration\\Administrative Templates\\Windows Components\\Data Collection and Preview Builds\\** +> + + +### Supported values + + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Disabled or not configured
**(default)** |0 |0 |No data collected or sent |![Most restricted value](../images/check-gn.png) | +|Enabled |1 |1 |Send intranet history only | | +|Enabled |2 |2 |Send Internet history only | | +|Enabled |3 |3 |Send both intranet and Internet history | | +--- + + +### ADMX info and settings +#### ADMX info +- **GP English name:** Configure collection of browsing data for Microsoft 365 Analytics +- **GP name:** ConfigureTelemetryForMicrosoft365Analytics +- **GP element:** ZonesListBox +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + + +#### MDM settings +- **MDM name:** Browser/[ConfigureTelemetryForMicrosoft365Analytics](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configuretelemetryformicrosoft365analytics) +- **Supported devices:** Desktop +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureTelemetryForMicrosoft365Analytics +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection +- **Value name:** MicrosoftEdgeDataOptIn +- **Value type:** REG_DWORD + +### Related policies +- Allow Telemetry: Allows Microsoft to run diagnostics on the device and troubleshoot. The default setting for Allow Telemetry is set to _Enhanced_ (2 for MDM). + +- Configure the Commercial ID: Define the Commercial ID used to associate the device's telemetry data as belonging to a given organization. + +
diff --git a/browsers/edge/includes/configure-cookies-include.md b/browsers/edge/includes/configure-cookies-include.md new file mode 100644 index 0000000000..5ef992f09e --- /dev/null +++ b/browsers/edge/includes/configure-cookies-include.md @@ -0,0 +1,43 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10*
+>*Default setting: Disabled or not configured (Allow all cookies from all sites)* + +[!INCLUDE [configure-cookies-shortdesc](../shortdesc/configure-cookies-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Enabled |0 |0 |Block all cookies from all sites. |![Most restricted value](../images/check-gn.png) | +|Enabled |1 |1 |Block only coddies from third party websites. | | +|Disabled or not configured
**(default)** |2 |2 |Allow all cookies from all sites. | | +--- + +### ADMX info and settings +#### ADMX info +- **GP English name:** Configure cookies +- **GP name:** Cookies +- **GP element:** CookiesListBox +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[AllowCookies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser\#browser-allowcookies) +- **Supported devices:** Desktop and Mobile +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowCookies +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main +- **Value name:** Cookies +- **Value type:** REG_DWORD + +
\ No newline at end of file diff --git a/browsers/edge/includes/configure-do-not-track-include.md b/browsers/edge/includes/configure-do-not-track-include.md new file mode 100644 index 0000000000..4e77fdadf8 --- /dev/null +++ b/browsers/edge/includes/configure-do-not-track-include.md @@ -0,0 +1,42 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10*
+>*Default setting: Not configured (Do not send tracking information)* + +[!INCLUDE [configure-do-not-track-shortdesc](../shortdesc/configure-do-not-track-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Not configured
**(default)** |Blank |Blank |Do not send tracking information but let users choose to send tracking information to sites they visit. | | +|Disabled |0 |0 |Never send tracking information. | | +|Enabled |1 |1 |Send tracking information. |![Most restricted value](../images/check-gn.png) | +--- + +### ADMX info and settings +#### ADMX info +- **GP English name:** Configure Do Not Track +- **GP name:** AllowDoNotTrack +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[AllowDoNotTrack](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowdonottrack) +- **Supported devices:** Desktop and Mobile +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowDoNotTrack +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main +- **Value name:** DoNotTrack +- **Value type:** REG_DWORD + +
\ No newline at end of file diff --git a/browsers/edge/includes/configure-edge-kiosk-reset-idle-timeout-include.md b/browsers/edge/includes/configure-edge-kiosk-reset-idle-timeout-include.md new file mode 100644 index 0000000000..2fa8b095e5 --- /dev/null +++ b/browsers/edge/includes/configure-edge-kiosk-reset-idle-timeout-include.md @@ -0,0 +1,54 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + + +>*Supported versions: Microsoft Edge on Windows 10, version 1809*
+>*Default setting: 5 minutes* + +[!INCLUDE [configure-kiosk-reset-after-idle-timeout-shortdesc](../shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md)] + +You must set the Configure kiosk mode policy to enabled (1 - InPrivate public browsing) and configure Microsoft Edge as a single-app in assigned access for this policy to take effect; otherwise, Microsoft Edge ignores this setting. To learn more about assigned access and kiosk configuration, see [Configure kiosk and shared devices running Windows desktop editions](https://docs.microsoft.com/windows/configuration/kiosk-shared-pc). + +### Supported values + +- **Any integer from 1-1440 (5 minutes is the default)** – The time in minutes from the last user activity before Microsoft Edge kiosk mode resets to the default kiosk configuration. A confirmation dialog displays for the user to cancel or continue and automatically continues after 30 seconds. + +- **0** – No idle timer. + +### ADMX info and settings +#### ADMX info +- **GP English name:** Configure kiosk reset after idle timeout +- **GP name:** ConfigureKioskResetAfterIdleTimeout +- **GP element:** ConfigureKioskResetAfterIdleTimeout_TextBox +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout) +- **Supported devices:** Desktop +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\KioskMode +- **Value name:**ConfigureKioskResetAfterIdleTimeout +- **Value type:** REG_DWORD + + + +### Related policies + +[Configure kiosk mode](../available-policies.md#configure-kiosk-mode): [!INCLUDE [configure-kiosk-mode-shortdesc](../shortdesc/configure-kiosk-mode-shortdesc.md)] + + + +### Related topics +[Deploy Microsoft Edge kiosk mode](../microsoft-edge-kiosk-mode-deploy.md): Microsoft Edge kiosk mode works with assigned access to allow IT administrators, to create a tailored browsing experience designed for kiosk devices. In this deployment guidance, you learn about the different Microsoft Edge kiosk mode types to help you determine what configuration is best suited for your kiosk device. You also learn about the other group policies to help you enhance the how to set up your Microsoft Edge kiosk mode experience. + +
\ No newline at end of file diff --git a/browsers/edge/includes/configure-enterprise-mode-site-list-include.md b/browsers/edge/includes/configure-enterprise-mode-site-list-include.md new file mode 100644 index 0000000000..aeb849adf4 --- /dev/null +++ b/browsers/edge/includes/configure-enterprise-mode-site-list-include.md @@ -0,0 +1,57 @@ + + + +>*Supported versions: Microsoft Edge on Windows 10*
+>*Default setting: Disabled or not configured* + + +[!INCLUDE [configure-enterprise-mode-site-list-shortdesc](../shortdesc/configure-enterprise-mode-site-list-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description | +|---|:---:|:---:|---| +|Disabled or not configured
**(default)** |0 |0 |Turned off. Microsoft Edge does not check the Enterprise Mode Site List, and in this case, users might experience problems while using legacy apps. | +|Enabled |1 |1 |Turned on. Microsoft Edge checks the Enterprise Mode Site List if configured. If an XML file exists in the cache container, IE11 waits 65 seconds and then checks the local cache for a new version from the server. If the server has a different version, Microsoft Edge uses the server file and stores it in the cache container. If you already use a site list, Enterprise Mode continues to work during the 65 seconds, but uses the existing file. To add the location to your site list, enter it in the **{URI}** box.

For details on how to configure the Enterprise Mode Site List, see [Interoperability and enterprise guidance](../group-policies/interoperability-enterprise-guidance-gp.md). | +--- + +### ADMX info and settings + +#### ADMX info +- **GP English name:** Configure the Enterprise Mode Site List +- **GP name:** EnterpriseModeSiteList +- **GP element:** EnterSiteListPrompt +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[EnterpriseModeSiteList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) +- **Supported devices:** Desktop and Mobile +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/EnterpriseModeSiteList +- **Data type:** String + +#### Registry settings +- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main\EnterpriseMode +- **Value name:** SiteList +- **Value type:** REG_SZ + +### Related Policies + +[Show message opening sites in IE](../available-policies.md#show-message-when-opening-sites-in-internet-explorer): [!INCLUDE +[show-message-when-opening-sites-in-ie-shortdesc](../shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md)] + +### Related topics + +- [Use Enterprise Mode to improve compatibility](https://docs.microsoft.com/microsoft-edge/deploy/emie-to-improve-compatibility). If you have specific websites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the websites automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work correctly with Microsoft Edge, you can set all intranet sites to open using IE11 automatically. Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11. + +- [Use the Enterprise Mode Site List Manager](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager). You can use IE11 and the Enterprise Mode Site List Manager to add individual website domains and domain paths and to specify whether the site renders using Enterprise Mode or the default mode. + +- [Enterprise Mode for Internet Explorer 11](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11). Learn how to set up and use Enterprise Mode and the Enterprise Mode Site List Manager in your company. + +- [Enterprise Mode and the Enterprise Mode Site List](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode). Internet Explorer and Microsoft Edge can work together to support your legacy web apps, while still defaulting to the higher bar for security and modern experiences enabled by Microsoft Edge. Working with multiple browsers can be difficult, particularly if you have a substantial number of internal sites. To help manage this dual-browser experience, we are introducing a new web tool targeted explicitly towards larger organizations: the [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal). + +- [Enterprise Mode and the Enterprise Mode Site List XML file](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode#enterprise-mode-and-the-enterprise-mode-site-list-xml-file). The Enterprise Mode Site List is an XML document that specifies a list of sites, their compat mode, and their intended browser. When you use the Enterprise Mode Site List Manager schema v.2, you can automatically start a webpage using a specific browser. In the case of IE11, the webpage can also launch in a specific compat mode, so it always renders correctly. Your users can quickly view this site list by typing about:compat in either Microsoft Edge or IE11. + + + +

\ No newline at end of file diff --git a/browsers/edge/includes/configure-favorites-bar-include.md b/browsers/edge/includes/configure-favorites-bar-include.md new file mode 100644 index 0000000000..a5350ca9aa --- /dev/null +++ b/browsers/edge/includes/configure-favorites-bar-include.md @@ -0,0 +1,46 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10, version 1809*
+>*Default setting: Not configured (Hidden but shown on the Start and New Tab pages)* + + +[!INCLUDE [allow-favorites-bar-shortdesc](../shortdesc/configure-favorites-bar-shortdesc.md)] + + +### Supported values + + +|Group Policy |MDM |Registry |Description | +|---|:---:|:---:|---| +|Not configured **(default)** |Blank |Blank |Hidden but shown on the Start and New Tab pages.

Favorites Bar toggle (in Settings) = **Off** and enabled letting users make changes. | +|Disabled |0 |0 |Hidden on all pages.

| +|Enabled |1 |1 |Shown on all pages. | + +--- + +### ADMX info and settings +#### ADMX info +- **GP English name:** Configure Favorites Bar +- **GP name:** ConfigureFavoritesBar +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[ConfigureFavoritesBar](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar) +- **Supported devices:** Desktop and Mobile +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureFavoritesBar +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main +- **Value name:** ConfigureFavoritesBar +- **Value type:** REG_DWORD + +
\ No newline at end of file diff --git a/browsers/edge/includes/configure-favorites-include.md b/browsers/edge/includes/configure-favorites-include.md new file mode 100644 index 0000000000..5287150eea --- /dev/null +++ b/browsers/edge/includes/configure-favorites-include.md @@ -0,0 +1,12 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>Discontinued in the Windows 10 October 2018 Update. Use the **[Provision Favorites](../available-policies.md#provision-favorites)** group policy instead. + +
\ No newline at end of file diff --git a/browsers/edge/includes/configure-home-button-include.md b/browsers/edge/includes/configure-home-button-include.md new file mode 100644 index 0000000000..eaaa4f7af4 --- /dev/null +++ b/browsers/edge/includes/configure-home-button-include.md @@ -0,0 +1,58 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/28/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10, version 1809*
+>*Default setting: Disabled or not configured (Show home button and load the Start page)* + + +[!INCLUDE [configure-home-button-shortdesc](../shortdesc/configure-home-button-shortdesc.md)] + + +### Supported values + +|Group Policy |MDM |Registry |Description | +|---|:---:|:---:|---| +|Disabled or not configured
**(default)** |0 |0 |Load the Start page. | +|Enabled |1 |1 |Load the New Tab page. | +|Enabled |2 |2 |Load the custom URL defined in the Set Home Button URL policy. | +|Enabled |3 |3 |Hide the home button. | +--- + + +>[!TIP] +>If you want to make changes to this policy:
  1. Enable the **Unlock Home Button** policy.
  2. Make changes to the **Configure Home Button** policy or **Set Home Button URL** policy.
  3. Disable the **Unlock Home Button** policy.
+ + +### ADMX info and settings +#### ADMX info +- **GP English name:** Configure Home Button +- **GP name:** ConfigureHomeButton +- **GP element:** ConfigureHomeButtonDropdown +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[ConfigureHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) +- **Supported devices:** Desktop and Mobile +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings +- **Value name:** ConfigureHomeButton +- **Value type:** REG_DWORD + +### Related policies + +- [Set Home Button URL](../available-policies.md#set-home-button-url): [!INCLUDE [set-home-button-url-shortdesc](../shortdesc/set-home-button-url-shortdesc.md)] + +- [Unlock Home Button](../available-policies.md#unlock-home-button): [!INCLUDE [unlock-home-button-shortdesc](../shortdesc/unlock-home-button-shortdesc.md)] + + +
diff --git a/browsers/edge/includes/configure-kiosk-mode-supported-values-include.md b/browsers/edge/includes/configure-kiosk-mode-supported-values-include.md new file mode 100644 index 0000000000..98e3d163d0 --- /dev/null +++ b/browsers/edge/includes/configure-kiosk-mode-supported-values-include.md @@ -0,0 +1,13 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/27/2018 +ms.prod: edge +ms:topic: include +--- + +| | | +|---|---| +| **Single-app**

![thumbnail](../images/Picture1-sm.png)

**Digital/interactive signage**

Displays a specific site in full-screen mode, running Microsoft Edge InPrivate protecting user data.

**Policy setting** = Not configured (0 default)

|

 

![thumbnail](../images/Picture2-sm.png)

**Public browsing**

Runs a limited multi-tab version of Microsoft Edge, protecting user data. Microsoft Edge is the only app users can use on the device, preventing them from customizing Microsoft Edge. Users can only browse publically or end their browsing session.

The single-app public browsing mode is the only kiosk mode that has an **End session** button. Microsoft Edge also resets the session after a specified time of user inactivity. Both restart Microsoft Edge and clear the user’s session.

_**Example.**_ A public library or hotel concierge desk are two examples of public browsing that provides access to Microsoft Edge and other apps.

**Policy setting** = Enabled (1) | +| **Multi-app**

![thumbnail](../images/Picture5-sm.png)

**Normal browsing**

Runs a full-version of Microsoft Edge with all browsing features and preserves the user data and state between sessions.

Some features may not work depending on what other apps you have configured in assigned access. For example, installing extensions or books from the Microsoft store are not allowed if the store is not available. Also, if Internet Explorer 11 is set up in assigned access, you can enable [EnterpriseModeSiteList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support.

**Policy setting** = Not configured (0 default) |

 

![thumbnail](../images/Picture6-sm.png)

**Public browsing**

Runs a multi-tab version of Microsoft Edge InPrivate with a tailored experience for kiosks that runs in full-screen mode. Users can open and close Microsoft Edge and launch other apps if allowed by assigned access. Instead of an End session button to clear their browsing session, the user closes Microsoft Edge normally.

In this configuration, Microsoft Edge can interact with other applications. For example, if Internet Explorer 11 is set up in multi-app assigned access, you can enable [EnterpriseModeSiteList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support.

_**Example.**_ A public library or hotel concierge desk are two examples of public browsing that provides access to Microsoft Edge and other apps.

**Policy setting** = Enabled (1) | +--- \ No newline at end of file diff --git a/browsers/edge/includes/configure-microsoft-edge-kiosk-mode-include.md b/browsers/edge/includes/configure-microsoft-edge-kiosk-mode-include.md new file mode 100644 index 0000000000..197b2c1f1a --- /dev/null +++ b/browsers/edge/includes/configure-microsoft-edge-kiosk-mode-include.md @@ -0,0 +1,49 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/27/2018 +ms.prod: edge +ms:topic: include +--- + + + +>*Supported versions: Microsoft Edge on Windows 10, version 1809*
+>*Default setting: Not configured* + +[!INCLUDE [configure-kiosk-mode-shortdesc](../shortdesc/configure-kiosk-mode-shortdesc.md)] + +For this policy to work, you must configure Microsoft Edge in assigned access; otherwise, Microsoft Edge ignores the settings in this policy. To learn more about assigned access and kiosk configuration, see [Configure kiosk and shared devices running Windows desktop editions](https://aka.ms/E489vw). + +### Supported values + +[!INCLUDE [configure-kiosk-mode-supported-values-include](configure-kiosk-mode-supported-values-include.md)] + + +### ADMX info and settings +#### ADMX info +- **GP English name:** Configure kiosk mode +- **GP name:** ConfigureKioskMode +- **GP element:** ConfigureKioskMode_TextBox +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[ConfigureKioskMode](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode) +- **Supported devices:** Desktop +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\KioskMode +- **Value name:** ConfigureKioskMode +- **Value type:** REG_SZ + +### Related policies +[Configure kiosk reset after idle timeout](../available-policies.md#configure-kiosk-reset-after-idle-timeout): [!INCLUDE [configure-kiosk-reset-after-idle-timeout-shortdesc](../shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md)] + + +### Related topics +[Deploy Microsoft Edge kiosk mode](../microsoft-edge-kiosk-mode-deploy.md): Microsoft Edge kiosk mode works with assigned access to allow IT administrators, to create a tailored browsing experience designed for kiosk devices. In this deployment guidance, you learn about the different Microsoft Edge kiosk mode types to help you determine what configuration is best suited for your kiosk device. You also learn about the other group policies to help you enhance the how to set up your Microsoft Edge kiosk mode experience. + +

\ No newline at end of file diff --git a/browsers/edge/includes/configure-open-edge-with-include.md b/browsers/edge/includes/configure-open-edge-with-include.md new file mode 100644 index 0000000000..35c21d3076 --- /dev/null +++ b/browsers/edge/includes/configure-open-edge-with-include.md @@ -0,0 +1,65 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + + +>*Supported versions: Microsoft Edge on Windows 10, version 1809*
+>*Default setting: Enabled (A specific page or pages)* + +[!INCLUDE [configure-open-microsoft-edge-with-shortdesc](../shortdesc/configure-open-microsoft-edge-with-shortdesc.md)] + +**Version 1703 or later:**
If you don't want to send traffic to Microsoft, use the \ value, which honors both domain and non domain-joined devices when it's the only configured URL. + +**version 1809:**
When you enable this policy (Configure Open Microsoft Edge With) and select an option, and also enable the Configure Start Pages policy, Microsoft Edge ignores the Configure Start Page policy.

+ +### Supported values + +|Group Policy |MDM |Registry |Description | +|---|:---:|:---:|---| +|Not configured |Blank |Blank |If you don't configure this policy and you enable the Disable Lockdown of Start Pages policy, users can change or customize the Start page. | +|Enabled |0 |0 |Load the Start page. | +|Enabled |1 |1 |Load the New Tab page. | +|Enabled |2 |2 |Load the previous pages. | +|Enabled
**(default)** |3 |3 |Load a specific page or pages. | +--- + + +>[!TIP] +>If you want to make changes to this policy:

  1. Set the **Disabled Lockdown of Start Pages** policy to not configured.
  2. Make changes to the **Configure Open Microsoft With** policy.
  3. Enable the **Disabled Lockdown of Start Pages** policy.
+ + + +### ADMX info and settings +#### ADMX info +- **GP English name:** Configure Open Microsoft Edge With +- **GP name:** ConfigureOpenMicrosoftEdgeWith +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[ConfigureOpenEdgeWith](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith) +- **Supported devices:** Desktop +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureOpenEdgeWith +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings +- **Value name:** ConfigureOpenEdgeWith +- **Value type:** REG_DWORD + +### Related policies + +- [Configure Start pages](../available-policies.md#configure-start-pages): [!INCLUDE [configure-start-pages-shortdesc](../shortdesc/configure-start-pages-shortdesc.md)] + +- [Disable lockdown of Start pages](../available-policies.md#disable-lockdown-of-start-pages): [!INCLUDE [disable-lockdown-of-start-pages-shortdesc](../shortdesc/disable-lockdown-of-start-pages-shortdesc.md)] + + + + + +--- \ No newline at end of file diff --git a/browsers/edge/includes/configure-password-manager-include.md b/browsers/edge/includes/configure-password-manager-include.md new file mode 100644 index 0000000000..463baf4185 --- /dev/null +++ b/browsers/edge/includes/configure-password-manager-include.md @@ -0,0 +1,46 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10*
+>*Default setting: Enabled (Allowed/users can change the setting)* + +[!INCLUDE [configure-password-manager-shortdesc](../shortdesc/configure-password-manager-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Not configured |Blank |Blank |Users can choose to save and manage passwords locally. | | +|Disabled |0 |no |Not allowed. |![Most restricted value](../images/check-gn.png) | +|Enabled
**(default)** |1 |yes |Allowed. | | +--- + +Verify not allowed/disabled settings: +1. Click or tap **More** (…) and select **Settings** > **View Advanced settings**. +2. Verify the settings **Save Password** is toggled off or on and is greyed out. + +### ADMX info and settings +#### ADMX info +- **GP English name:** Configure Password Manager +- **GP name:** AllowPasswordManager +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[AllowPasswordManager](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowpasswordmanager) +- **Supported devices:** Desktop and Mobile +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowPasswordManager +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main +- **Value name:** FormSuggest Passwords +- **Value type:** REG_SZ + +
\ No newline at end of file diff --git a/browsers/edge/includes/configure-pop-up-blocker-include.md b/browsers/edge/includes/configure-pop-up-blocker-include.md new file mode 100644 index 0000000000..dffcc2ed7e --- /dev/null +++ b/browsers/edge/includes/configure-pop-up-blocker-include.md @@ -0,0 +1,42 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10*
+>*Default setting: Disabled (Turned off)* + +[!INCLUDE [configure-pop-up-blocker-shortdesc](../shortdesc/configure-pop-up-blocker-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Not configured |Blank |Blank |Users can choose to use Pop-up Blocker. | | +|Disabled
**(default)** |0 |0 |Turned off. Allow pop-up windows to open. | | +|Enabled |1 |1 |Turned on. Prevent pop-up windows from opening. |![Most restricted value](../images/check-gn.png) | +--- + +### ADMX info and settings +#### ADMX info +- **GP English name:** Configure Pop-up Blocker +- **GP name:** AllowPopups +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[AllowPopups](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowpopups) +- **Supported devices:** Desktop +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowPopups +- **Data type:** Integer + +### Registry +- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main +- **Value name:** AllowPopups +- **Value type:** REG_SZ + +
\ No newline at end of file diff --git a/browsers/edge/includes/configure-search-suggestions-address-bar-include.md b/browsers/edge/includes/configure-search-suggestions-address-bar-include.md new file mode 100644 index 0000000000..4985091db3 --- /dev/null +++ b/browsers/edge/includes/configure-search-suggestions-address-bar-include.md @@ -0,0 +1,42 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10*
+>*Default setting: Not configured (Blank)* + +[!INCLUDE [configure-search-suggestions-in-address-bar-shortdesc](../shortdesc/configure-search-suggestions-in-address-bar-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Not configured
**(default)** |Blank |Blank |Users can choose to see search suggestions. | | +|Disabled |0 |0 |Prevented. Hide the search suggestions. |![Most restricted value](../images/check-gn.png) | +|Enabled |1 |1 |Allowed. Show the search suggestions. | | +--- + +### ADMX info and settings +#### ADMX info +- **GP English name:** Configure search suggestions in Address bar +- **GP name:** AllowSearchSuggestionsinAddressBar +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsearchsuggestionsinaddressbar) +- **Supported devices:** Desktop and Mobile +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowSearchSuggestionsinAddressBar +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\SearchScopes +- **Value name:** ShowSearchSuggestionsGlobal +- **Value type:** REG_DWORD + +
\ No newline at end of file diff --git a/browsers/edge/includes/configure-start-pages-include.md b/browsers/edge/includes/configure-start-pages-include.md new file mode 100644 index 0000000000..7c469da556 --- /dev/null +++ b/browsers/edge/includes/configure-start-pages-include.md @@ -0,0 +1,51 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
+>*Default setting: Blank or not configured (Load pages specified in App settings)* + +[!INCLUDE [configure-start-pages-shortdesc](../shortdesc/configure-start-pages-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description | +|---|:---:|:---:|---| +|Not configured |Blank |Blank |Load the pages specified in App settings as the default Start pages. | +|Enabled |String |String |Enter the URLs of the pages you want to load as the Start pages, separating each page using angle brackets:

    \\

**Version 1703 or later:**
If you do not want to send traffic to Microsoft, use the \ value, which honors both domain and non-domain-joined devices when it's the only configured URL.

**Version 1809:**
When you enable the Configure Open Microsoft Edge With policy with any option selected, and you enable the Configure Start Pages policy, the Configure Open Microsoft Edge With policy takes precedence, ignoring the Configure Start Pages policy. | +--- + +### ADMX info and settings +#### ADMX info +- **GP English name:** Configure Start pages +- **GP name:** HomePages +- **GP element:** HomePagesPrompt +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[HomePages](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-homepages) +- **Supported devices:** Desktop +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/HomePages +- **Data type:** String + +#### Registry settings +- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Internet Settings +- **Value name:** ProvisionedHomePages +- **Value type:** REG_SZ + + +### Related policies + +- [Disable Lockdown of Start Pages](#disable-lockdown-of-start-pages-include): [!INCLUDE [disable-lockdown-of-start-pages-shortdesc](../shortdesc/disable-lockdown-of-start-pages-shortdesc.md)] + +- [Configure Open Microsoft Edge With](../available-policies.md#configure-open-microsoft-edge-with): [!INCLUDE [configure-open-microsoft-edge-with-shortdesc](../shortdesc/configure-open-microsoft-edge-with-shortdesc.md)] + + + +

\ No newline at end of file diff --git a/browsers/edge/includes/configure-windows-defender-smartscreen-include.md b/browsers/edge/includes/configure-windows-defender-smartscreen-include.md new file mode 100644 index 0000000000..5e460d6a00 --- /dev/null +++ b/browsers/edge/includes/configure-windows-defender-smartscreen-include.md @@ -0,0 +1,47 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10*
+>*Default setting: Enabled (Turned on)* + +[!INCLUDE [configure-windows-defender-smartscreen-shortdesc](../shortdesc/configure-windows-defender-smartscreen-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Not configured |Blank |Blank |Users can choose to use Windows Defender SmartScreen. | | +|Disabled |0 |0 |Turned off. Do not protect users from potential threats and prevent users from turning it on. | | +|Enabled |1 |1 |Turned on. Protect users from potential threats and prevent users from turning it off. |![Most restricted value](../images/check-gn.png) | +--- + +To verify Windows Defender SmartScreen is turned off (disabled): +1. Click or tap **More** (…) and select **Settings** > **View Advanced settings**. +2. Verify the setting **Help protect me from malicious sites and download with SmartScreen Filter** is disabled.

![Verify that Windows Defender SmartScreen is turned off (disabled)](../images/allow-smart-screen-validation.PNG) + + +### ADMX info and settings +#### ADMX info +- **GP English name:** Configure Windows Defender SmartScreen +- **GP name:** AllowSmartScreen +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[AllowSmartScreen](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) +- **Supported devices:** Desktop and Mobile +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowSmartScreen +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter +- **Value name:** EnabledV9 +- **Value type:** REG_DWORD + +

\ No newline at end of file diff --git a/browsers/edge/includes/disable-lockdown-of-start-pages-include.md b/browsers/edge/includes/disable-lockdown-of-start-pages-include.md new file mode 100644 index 0000000000..94af3ec1e5 --- /dev/null +++ b/browsers/edge/includes/disable-lockdown-of-start-pages-include.md @@ -0,0 +1,55 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10*
+>*Default setting: Enabled (Start pages are not editable)* + +[!INCLUDE [disable-lockdown-of-start-pages-shortdesc](../shortdesc/disable-lockdown-of-start-pages-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Not configured |0 |0 |Locked. Start pages configured in either the Configure Open Microsoft Edge With policy and Configure Start Pages policy are not editable. |![Most restricted value](../images/check-gn.png) | +|Enabled |1 |1 |Unlocked. Users can make changes to all configured start pages.

When you enable this policy and define a set of URLs in the Configure Start Pages policy, Microsoft Edge uses the URLs defined in the Configure Open Microsoft Edge With policy. | | +--- + + +### ADMX info and settings +#### ADMX info +- **GP English name:** Disable lockdown of Start pages +- **GP name:** DisableLockdownOfStartPages +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[DisableLockdownOfStartPages](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-disablelockdownofstartpages) +- **Supported devices:** Desktop +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/DisableLockdownOfStartPages +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings +- **Value name:** DisableLockdownOfStartPages +- **Value type:** REG_SZ + + + + + +### Related Policies +- [Configure Start pages](../available-policies.md#configure-start-pages): [!INCLUDE [configure-start-pages-shortdesc](../shortdesc/configure-start-pages-shortdesc.md)] + +- [Configure Open Microsoft Edge With](../available-policies.md#configure-open-microsoft-edge-with): [!INCLUDE [configure-open-microsoft-edge-with-shortdesc](../shortdesc/configure-open-microsoft-edge-with-shortdesc.md)] + +### Related topics + +[!INCLUDE [microsoft-browser-extension-policy-shortdesc](../shortdesc/microsoft-browser-extension-policy-shortdesc.md)] + +

\ No newline at end of file diff --git a/browsers/edge/includes/do-not-sync-browser-settings-include.md b/browsers/edge/includes/do-not-sync-browser-settings-include.md new file mode 100644 index 0000000000..143622193e --- /dev/null +++ b/browsers/edge/includes/do-not-sync-browser-settings-include.md @@ -0,0 +1,52 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10*
+>*Default setting: Disabled or not configured (Allowed/turned on)* + +[!INCLUDE [do-not-sync-browser-settings-shortdesc](../shortdesc/do-not-sync-browser-settings-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description | +|---|:---:|:---:|---| +|Disabled or not configured
**(default)** |0 |0 |Allowed/turned on. The “browser” group syncs automatically between user’s devices and lets users to make changes. | +|Enabled |2 |2 |Prevented/turned off. The “browser” group does not use the _Sync your Settings_ option. | +--- + + +### ADMX info and settings +#### ADMX info +- **GP English name:** Do not sync browser settings +- **GP name:** DisableWebBrowserSettingSync +- **GP path:** Windows Components/Sync your settings +- **GP ADMX file name:** SettingSync.admx + +#### MDM settings +- **MDM name:** [Experience/DoNotSyncBrowserSettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-donotsyncbrowsersetting) +- **Supported devices:** Desktop +- **URI full path:** ./Vendor/MSFT/Policy/Config/Experience/DoNotSyncBrowserSettings +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\\Software\Policies\Microsoft\Windows\SettingSync +- **Value name:** DisableWebBrowserSettingSyncUserOverride +- **Value + +### Related policies + +[Prevent users from turning on browser syncing](../available-policies.md#prevent-users-from-turning-on-browser-syncing): [!INCLUDE [prevent-users-to-turn-on-browser-syncing-shortdesc](../shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md)] + + + +### Related topics + +[About sync setting on Microsoft Edge on Windows 10 devices](https://windows.microsoft.com/windows-10/about-sync-settings-on-windows-10-devices) +

+

diff --git a/browsers/edge/includes/do-not-sync-include.md b/browsers/edge/includes/do-not-sync-include.md new file mode 100644 index 0000000000..4434b8e64c --- /dev/null +++ b/browsers/edge/includes/do-not-sync-include.md @@ -0,0 +1,45 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10*
+>*Default setting: Disabled or not configured (Allowed/turned on)* + +[!INCLUDE [do-not-sync-shortdesc](../shortdesc/do-not-sync-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Disabled or not configured
**(default)** |0 |0 |Allowed/turned on. Users can choose what to sync to their device. | | +|Enabled |2 |2 |Prevented/turned off. Disables the _Sync your Settings_ toggle and prevents syncing. |![Most restricted value](../images/check-gn.png) | +--- + +### ADMX info and settings +#### ADMX info +- **GP English name:** Do not sync +- **GP name:** AllowSyncMySettings +- **GP path:** Windows Components/Sync your settings +- **GP ADMX file name:** SettingSync.admx + +#### MDM settings +- **MDM name:** Experience/[AllowSyncMySettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings) +- **Supported devices:** Desktop +- **URI full path:** ./Vendor/MSFT/Policy/Config/Experience/AllowSyncMySettings +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\Software\Policies\Microsoft\Windows\SettingSync +- **Value name:** DisableSettingSyn +- **Value type:** REG_DWORD + +### Related topics +[About sync setting on Microsoft Edge on Windows 10 devices](https://windows.microsoft.com/windows-10/about-sync-settings-on-windows-10-devices): Learn about what settings are synced. + + +
\ No newline at end of file diff --git a/browsers/edge/includes/enable-device-for-dev-shortdesc-include.md b/browsers/edge/includes/enable-device-for-dev-shortdesc-include.md new file mode 100644 index 0000000000..7d722faf12 --- /dev/null +++ b/browsers/edge/includes/enable-device-for-dev-shortdesc-include.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +[Enable your device for development](https://docs.microsoft.com/windows/uwp/get-started/enable-your-device-for-development): Developers can access special development features, along with other developer-focused settings, which makes it possible for them to develop, test, and debug apps. Learn how to configure your environment for development, the difference between Developer Mode and sideloading, and the security risks of Developer mode. \ No newline at end of file diff --git a/browsers/edge/includes/ie11-send-all-sites-not-in-site-list-include.md b/browsers/edge/includes/ie11-send-all-sites-not-in-site-list-include.md new file mode 100644 index 0000000000..d3d116dc84 --- /dev/null +++ b/browsers/edge/includes/ie11-send-all-sites-not-in-site-list-include.md @@ -0,0 +1,19 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +>*Supported versions: Internet Explorer 11 on Windows 10, version 1607 or later*
+>*Default setting: Disabled or not configured* + +By default, all sites open the currently active browser. With this policy, you can automatically open all sites not included in the Enterprise Mode Site List in Microsoft Edge. When you enable this policy, you must also turn on the Internet Explorer\Use the Enterprise Mode IE website list policy and include at least one site in the Enterprise Mode Site List. + +>[!NOTE] +>If you’ve also enabled the Microsoft Edge [Send all intranet sites to Internet Explorer 11](../available-policies.md#send-all-intranet-sites-to-internet-explorer-11) policy, all intranet sites continue to open in Internet Explorer 11. + +You can find the group policy settings in the following location of the Group Policy Editor: + +      **Computer Configuration\\Administrative Templates\\Windows Components\\Internet Explorer\\** diff --git a/browsers/edge/includes/keep-fav-sync-ie-edge-include.md b/browsers/edge/includes/keep-fav-sync-ie-edge-include.md new file mode 100644 index 0000000000..c7fc49bc93 --- /dev/null +++ b/browsers/edge/includes/keep-fav-sync-ie-edge-include.md @@ -0,0 +1,41 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
+>*Default setting: Disabled or not configured (Turned off/not syncing)* + +[!INCLUDE [keep-favorites-in-sync-between-ie-and-edge-shortdesc](../shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Disabled or not configured
**(default)** |0 |0 |Turned off/not syncing | | +|Enabled |1 |1 |Turned on/syncing |![Most restricted value](../images/check-gn.png) | +--- + +### ADMX info and settings +### ADMX info +- **GP English name:** Keep favorites in sync between Internet Explorer and Microsoft Edge +- **GP name:** SyncFavoritesBetweenIEAndMicrosoftEdge +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[SyncFavoritesBetweenIEAndMicrosoftEdge](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-syncfavoritesbetweenieandmicrosoftedge) +- **Supported devices:** Desktop +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SyncFavoritesBetweenIEAndMicrosoftEdge +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main +- **Value name:** SyncFavoritesBetweenIEAndMicrosoftEdge +- **Value type:** REG_DWORD + +
\ No newline at end of file diff --git a/browsers/edge/includes/man-connections-win-comp-services-shortdesc-include.md b/browsers/edge/includes/man-connections-win-comp-services-shortdesc-include.md new file mode 100644 index 0000000000..f7d692d864 --- /dev/null +++ b/browsers/edge/includes/man-connections-win-comp-services-shortdesc-include.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +[Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services): Learn about the network connections from Windows to Microsoft services. Also, learn about the privacy settings that affect the data shared with either Microsoft or apps and how to manage them in an enterprise. You can configure diagnostic data at the lowest level for your edition of Windows and evaluate which other connections Windows makes to Microsoft services you want to turn off in your environment. diff --git a/browsers/edge/includes/prevent-access-about-flag-include.md b/browsers/edge/includes/prevent-access-about-flag-include.md new file mode 100644 index 0000000000..1f55180874 --- /dev/null +++ b/browsers/edge/includes/prevent-access-about-flag-include.md @@ -0,0 +1,41 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10, version 1607 or later*
+>*Default setting: Disabled or not configured (Allowed)* + +[!INCLUDE [prevent-access-to-about-flags-page-shortdesc](../shortdesc/prevent-access-to-about-flags-page-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Disabled or not configured
**(default)** |0 |0 |Allowed | | +|Enabled |1 |1 |Prevented |![Most restricted value](../images/check-gn.png) | +--- + +### ADMX info and settings +#### ADMX info +- **GP English name:** Prevent access to the about:flags page in Microsoft Edge +- **GP name:** PreventAccessToAboutFlagsInMicrosoftEdge +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[PreventAccessToAboutFlagsInMicrosoftEdge](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventaccesstoaboutflagsinmicrosoftedge) +- **Supported devices:** Desktop and Mobile +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventAccessToAboutFlagsInMicrosoftEdge +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main +- **Value name:** PreventAccessToAboutFlagsInMicrosoftEdge +- **Value type:** REG_DWORD + +
\ No newline at end of file diff --git a/browsers/edge/includes/prevent-bypassing-win-defender-files-include.md b/browsers/edge/includes/prevent-bypassing-win-defender-files-include.md new file mode 100644 index 0000000000..7638ce642a --- /dev/null +++ b/browsers/edge/includes/prevent-bypassing-win-defender-files-include.md @@ -0,0 +1,41 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10, version 1511 or later*
+>*Default setting: Disabled or not configured (Allowed/turned off)* + +[!INCLUDE [prevent-bypassing-windows-defender-prompts-for-files-shortdesc](../shortdesc/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Disabled or not configured
**(default)** |0 |0 |Allowed/turned off. Users can ignore the warning and continue to download the unverified file(s). | | +|Enabled |1 |1 |Prevented/turned on. |![Most restricted value](../images/check-gn.png) | +--- + +### ADMX info and settings +#### ADMX info +- **GP English name:** Prevent bypassing Windows Defender SmartScreen prompts for files +- **GP name:** PreventSmartScreenPromptOverrideForFiles +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[PreventSmartScreenPromptOverrideForFiles](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverrideforfiles) +- **Supported devices:** Desktop and Mobile +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverrideForFiles +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter +- **Value name:** PreventOverrideAppRepUnknown +- **Value type:** REG_DWORD + +
\ No newline at end of file diff --git a/browsers/edge/includes/prevent-bypassing-win-defender-sites-include.md b/browsers/edge/includes/prevent-bypassing-win-defender-sites-include.md new file mode 100644 index 0000000000..438290f181 --- /dev/null +++ b/browsers/edge/includes/prevent-bypassing-win-defender-sites-include.md @@ -0,0 +1,41 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10, version 1511 or later*
+>*Default setting: Disabled or not configured (Allowed/turned off)* + +[!INCLUDE [prevent-bypassing-windows-defender-prompts-for-sites-shortdesc](../shortdesc/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Disabled or not configured
**(default)** |0 |0 |Allowed/turned off. Users can ignore the warning and continue to the site.| | +|Enabled |1 |1 |Prevented/turned on. |![Most restricted value](../images/check-gn.png) | +--- + +### ADMX info and settings +#### ADMX info +- **GP English name:** Prevent bypassing Windows Defender SmartScreen prompts for sites +- **GP name:** PreventSmartscreenPromptOverride +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[PreventSmartscreenPromptOverride](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverride) +- **Supported devices:** Desktop and Mobile +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventSmartscreenPromptOverride +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter +- **Value name:** PreventOverride +- **Value type:** REG_DWORD + +
\ No newline at end of file diff --git a/browsers/edge/includes/prevent-certificate-error-overrides-include.md b/browsers/edge/includes/prevent-certificate-error-overrides-include.md new file mode 100644 index 0000000000..404d0688e3 --- /dev/null +++ b/browsers/edge/includes/prevent-certificate-error-overrides-include.md @@ -0,0 +1,40 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + + +>*Supported versions: Microsoft Edge on Windows 10, version 1809*
+>*Default setting: Disabled or not configured (Allowed/turned off)* + +[!INCLUDE [prevent-certificate-error-overrides-shortdesc](../shortdesc/prevent-certificate-error-overrides-shortdesc.md)] + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Disabled or not configured
**(default)** |0 |0 |Allowed/turned on. Override the security warning to sites that have SSL errors. | | +|Enabled |1 |1 |Prevented/turned on. |![Most restricted value](../images/check-gn.png) | +--- + +### ADMX info and settings +#### ADMX info +- **GP English name:** Prevent certificate error overrides +- **GP name:** PreventCertErrorOverrides +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[PreventCertErrorOverrides](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides) +- **Supported devices:** Desktop and Mobile +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventCertErrorOverrides +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Setting +- **Value name:** PreventCertErrorOverrides +- **Value type:** REG_DWORD + +
diff --git a/browsers/edge/includes/prevent-changes-to-favorites-include.md b/browsers/edge/includes/prevent-changes-to-favorites-include.md new file mode 100644 index 0000000000..75a386025f --- /dev/null +++ b/browsers/edge/includes/prevent-changes-to-favorites-include.md @@ -0,0 +1,41 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10, version 1709 or later*
+>*Default setting: Disabled or not configured (Allowed/not locked down)* + +[!INCLUDE [prevent-changes-to-favorites-shortdesc](../shortdesc/prevent-changes-to-favorites-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Disabled or not configured
**(default)** |0 |0 |Allowed/unlocked. Users can add, import, and make changes to the Favorites list. | | +|Enabled |1 |1 |Prevented/locked down. |![Most restricted value](../images/check-gn.png) | +--- + +### ADMX info and settings +#### ADMX info +- **GP English name:** Prevent changes to Favorites on Microsoft Edge +- **GP name:** LockdownFavorites +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[LockdownFavorites](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) +- **Supported devices:** Desktop and Mobile +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/LockdownFavorites +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Favorites +- **Value name:** LockdownFavorites +- **Value type:** REG_DWORD + +
\ No newline at end of file diff --git a/browsers/edge/includes/prevent-first-run-webpage-open-include.md b/browsers/edge/includes/prevent-first-run-webpage-open-include.md new file mode 100644 index 0000000000..ec2966bba7 --- /dev/null +++ b/browsers/edge/includes/prevent-first-run-webpage-open-include.md @@ -0,0 +1,41 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
+>*Default setting: Disabled or not configured (Allowed)* + +[!INCLUDE [prevent-first-run-webpage-from-opening-shortdesc](../shortdesc/prevent-first-run-webpage-from-opening-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Disabled or not configured
**(default)** |0 |0 |Allowed. Load the First Run webpage. | | +|Enabled |1 |1 |Prevented. |![Most restricted value](../images/check-gn.png) | +--- + +### ADMX info and settings +#### ADMX info +- **GP English name:** Prevent the First Run webpage from opening on Microsoft Edge +- **GP name:** PreventFirstRunPage +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[PreventFirstRunPage](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventfirstrunpage) +- **Supported devices:** Desktop and Mobile +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventFirstRunPage +- **Data type:** Integer + +####Registry +- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main +- **Value name:** PreventFirstRunPage +- **Value type:** REG_DWORD + +
\ No newline at end of file diff --git a/browsers/edge/includes/prevent-live-tile-pinning-start-include.md b/browsers/edge/includes/prevent-live-tile-pinning-start-include.md new file mode 100644 index 0000000000..e595e3fe28 --- /dev/null +++ b/browsers/edge/includes/prevent-live-tile-pinning-start-include.md @@ -0,0 +1,41 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
+>*Default setting: Disabled or not configured (Collect and send)* + +[!INCLUDE [prevent-edge-from-gathering-live-tile-info-shortdesc](../shortdesc/prevent-edge-from-gathering-live-tile-info-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Disabled or not configured
**(default)** |0 |0 |Collect and send Live Tile metadata. | | +|Enabled |1 |1 |Do not collect data. |![Most restricted value](../images/check-gn.png) | +--- + +### ADMX info and settings +#### ADMX info +- **GP English name:** Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start +- **GP name:** PreventLiveTileDataCollection +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[PreventLiveTileDataCollection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventlivetiledatacollection) +- **Supported devices:** Desktop and Mobile +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventLiveTileDataCollection +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main +- **Value name:** PreventLiveTileDataCollection +- **Value type:** REG_DWORD + +
\ No newline at end of file diff --git a/browsers/edge/includes/prevent-localhost-address-for-webrtc-include.md b/browsers/edge/includes/prevent-localhost-address-for-webrtc-include.md new file mode 100644 index 0000000000..39187a492b --- /dev/null +++ b/browsers/edge/includes/prevent-localhost-address-for-webrtc-include.md @@ -0,0 +1,41 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10, version 1511 or later*
+>*Default setting: Disabled or not configured (Allowed/show localhost IP addresses)* + +[!INCLUDE [prevent-using-localhost-ip-address-for-webrtc-shortdesc](../shortdesc/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Disabled or not configured
**(default)** |0 |0 |Allowed. Show localhost IP addresses. | | +|Enabled |1 |1 |Prevented. |![Most restricted value](../images/check-gn.png) | +--- + +### ADMX info and settings +#### ADMX info +- **GP English name:** Prevent using Localhost IP address for WebRTC +- **GP name:** HideLocalHostIPAddress +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[PreventUsingLocalHostIPAddressForWebRTC](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventusinglocalhostipaddressforwebrtc) +- **Supported devices:** Desktop +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventUsingLocalHostIPAddressForWebRTC +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main +- **Value name:** HideLocalHostIPAddress +- **Value type:** REG_DWORD + +
\ No newline at end of file diff --git a/browsers/edge/includes/prevent-turning-off-required-extensions-include.md b/browsers/edge/includes/prevent-turning-off-required-extensions-include.md new file mode 100644 index 0000000000..4f168cc2ab --- /dev/null +++ b/browsers/edge/includes/prevent-turning-off-required-extensions-include.md @@ -0,0 +1,56 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + + +>*Supported versions: Microsoft Edge on Windows 10, version 1809*
+>*Default setting: Disabled or not configured (Allowed)* + +[!INCLUDE [prevent-turning-off-required-extensions-shortdesc](../shortdesc/prevent-turning-off-required-extensions-shortdesc.md)] + +### Supported values + +|Group Policy |Description | +|---|---| +|Disabled or not configured
**(default)** |Allowed. Users can uninstall extensions. If you previously enabled this policy and you decide to disable it, the list of extension PFNs defined in this policy get ignored. | +|Enabled |Provide a semi-colon delimited list of extension PFNs. For example, adding the following OneNote Web Clipper and Office Online extension prevents users from turning it off:

_Microsoft.OneNoteWebClipper8wekyb3d8bbwe;Microsoft.OfficeOnline8wekyb3d8bbwe_

After defining the list of extensions, you deploy them through any available enterprise deployment channel, such as Microsoft Intune.

Removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel. If you enable the [Allow Developer Tools](../group-policies/developer-settings-gp.md#allow-developer-tools) policy, then this policy does not prevent users from debugging and altering the logic on an extension. | +--- + + + +### ADMX info and settings +#### ADMX info +- **GP English name:** Prevent turning off required extensions +- **GP name:** PreventTurningOffRequiredExtensions +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** [Experience/PreventTurningOffRequiredExtensions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventturningoffrequiredextensions) +- **Supported devices:** Desktop +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventTurningOffRequiredExtensions +- **Data type:** String + +#### Registry settings +- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Extensions +- **Value name:** PreventTurningOffRequiredExtensions +- **Value type:** REG_SZ + +### Related policies +[Allow Developer Tools](../available-policies.md#allow-developer-tools): [!INCLUDE [allow-developer-tools-shortdesc](../shortdesc/allow-developer-tools-shortdesc.md)] + + +### Related topics + +- [Find a package family name (PFN) for per-app VPN](https://docs.microsoft.com/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn): There are two ways to find a PFN so that you can configure a per-app VPN. +- [How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune](https://docs.microsoft.com/intune/windows-store-for-business): The Microsoft Store for Business gives you a place to find and purchase apps for your organization, individually, or in volume. By connecting the store to Microsoft Intune, you can manage volume-purchased apps from the Azure portal. +- [How to assign apps to groups with Microsoft Intune](https://docs.microsoft.com/intune/apps-deploy): Apps can be assigned to devices whether or not Intune manages them. +- [Manage apps from the Microsoft Store for Business with System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business): Configuration Manager supports managing Microsoft Store for Business apps on both Windows 10 devices with the Configuration Manager client, and also Windows 10 devices enrolled with Microsoft Intune. +- [How to add Windows line-of-business (LOB) apps to Microsoft Intune](https://docs.microsoft.com/intune/lob-apps-windows): A line-of-business (LOB) app is one that you add from an app installation file. Typically, these types of apps are written in-house. + +

\ No newline at end of file diff --git a/browsers/edge/includes/prevent-users-to-turn-on-browser-syncing-include.md b/browsers/edge/includes/prevent-users-to-turn-on-browser-syncing-include.md new file mode 100644 index 0000000000..5548ae3f74 --- /dev/null +++ b/browsers/edge/includes/prevent-users-to-turn-on-browser-syncing-include.md @@ -0,0 +1,44 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10, version 1809*
+>*Default setting: Enabled or not configured (Prevented/turned off)* + +[!INCLUDE [prevent-users-to-turn-on-browser-syncing-shortdesc](../shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md)] + +### Supported values +|Group Policy |MDM |Registry |Description | +|---|:---:|:---:|---| +|Disabled |0 |0 |Allowed/turned on. Users can sync the browser settings. | +|Enabled or not configured
**(default)** |1 |1 |Prevented/turned off. | +--- + + +### ADMX info and settings +#### ADMX info +- **GP English name:** Prevent users from turning on browser syncing +- **GP name:** PreventUsersFromTurningOnBrowserSyncing +- **GP path:** Windows Components/Sync your settings +- **GP ADMX file name:** SettingSync.admx + +#### MDM settings +- **MDM name:** Experience/[PreventUsersFromTurningOnBrowserSyncing](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-preventusersfromturningonbrowsersyncing) +- **Supported devices:** Desktop +- **URI full path:** ./Vendor/MSFT/Policy/Config/Experience/PreventUsersFromTurningOnBrowserSyncing +- **Data type:** String + + +### Related policies +[Do not sync browser settings](../available-policies.md#do-not-sync-browser-settings): [!INCLUDE [do-not-sync-browser-settings-shortdesc](../shortdesc/do-not-sync-browser-settings-shortdesc.md)]. + +### Related topics +[About sync setting on Microsoft Edge on Windows 10 devices](https://windows.microsoft.com/windows-10/about-sync-settings-on-windows-10-devices) + + +
\ No newline at end of file diff --git a/browsers/edge/includes/provision-favorites-include.md b/browsers/edge/includes/provision-favorites-include.md new file mode 100644 index 0000000000..a67f33444b --- /dev/null +++ b/browsers/edge/includes/provision-favorites-include.md @@ -0,0 +1,49 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10, version 1511 or later*
+>*Default setting: Disabled or not configured (Customizable)* + +[!INCLUDE [provision-favorites-shortdesc](../shortdesc/provision-favorites-shortdesc.md)] + + +>[!IMPORTANT] +>Enable only this policy or the Keep favorites in sync between Internet Explorer and Microsoft Edge policy. If you enable both, Microsoft Edge prevents users from syncing their favorites between the two browsers. + +### Supported values + +|Group Policy |Description |Most restricted | +|---|---|:---:| +|Disabled or not configured
**(default)** |Users can customize the favorites list, such as adding folders, or adding and removing favorites. | | +|Enabled |Define a default list of favorites in Microsoft Edge. In this case, the Save a Favorite, Import settings, and context menu options (such as Create a new folder) are turned off.

To define a default list of favorites, do the following:

  1. In the upper-right corner of Microsoft Edge, click the ellipses (**...**) and select **Settings**.
  2. Click **Import from another browser**, click **Export to file** and save the file.
  3. In the **Options** section of the Group Policy Editor, provide the location that points the file with the list of favorites to provision. Specify the URL as:
    • HTTP location: "SiteList"=https://localhost:8080/URLs.html
    • Local network: "SiteList"="\network\shares\URLs.html"
    • Local file: "SiteList"=file:///c:/Users/Documents/URLs.html
|![Most restricted value](../images/check-gn.png) | +--- + +### ADMX info and settings +#### ADMX info +- **GP English name:** Provision Favorites +- **GP name:** ConfiguredFavorites +- **GP element:** ConfiguredFavoritesPrompt +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[ProvisionFavorites](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) +- **Supported devices:** Desktop +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ProvisionFavorites +- **Data type:** String + +#### Registry settings +- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Favorites +- **Value name:** ConfiguredFavorites +- **Value type:** REG_SZ + +### Related policies +[Keep favorites in sync between Internet Explorer and Microsoft Edge](../available-policies.md#keep-favorites-in-sync-between-internet-explorer-and-microsoft-edge): [!INCLUDE [keep-favorites-in-sync-between-ie-and-edge-shortdesc](../shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md)] + +
\ No newline at end of file diff --git a/browsers/edge/includes/search-provider-discovery-shortdesc-include.md b/browsers/edge/includes/search-provider-discovery-shortdesc-include.md new file mode 100644 index 0000000000..0189af0a67 --- /dev/null +++ b/browsers/edge/includes/search-provider-discovery-shortdesc-include.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +[Search provider discovery](https://docs.microsoft.com/microsoft-edge/dev-guide/browser/search-provider-discovery): Microsoft Edge follows the OpenSearch 1.1 specification to discover and use web search providers. When a user browses to a search service, the OpenSearch description is picked up and saved for later use. Users can then choose to add the search service to use in the Microsoft Edge address bar. \ No newline at end of file diff --git a/browsers/edge/includes/send-all-intranet-sites-ie-include.md b/browsers/edge/includes/send-all-intranet-sites-ie-include.md new file mode 100644 index 0000000000..17ce737c8c --- /dev/null +++ b/browsers/edge/includes/send-all-intranet-sites-ie-include.md @@ -0,0 +1,59 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10*
+>*Default setting: Disabled or not configured* + +[!INCLUDE [send-all-intranet-sites-to-ie-shortdesc](../shortdesc/send-all-intranet-sites-to-ie-shortdesc.md)] + +>[!TIP] +>Microsoft Edge does not support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology. If you have websites or web apps that still use this technology and needs IE11 to run, you can add them to the Enterprise Mode site list, using Enterprise Mode Site List Manager. + + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Disabled or not configured
**(default)** |0 |0 |All sites, including intranet sites, open in Microsoft Edge automatically. |![Most restricted value](../images/check-gn.png) | +|Enabled |1 |1 |Only intranet sites open in Internet Explorer 11 automatically.

Enabling this policy opens all intranet sites in IE11 automatically, even if the users have Microsoft Edge as their default browser.

  1. In Group Policy Editor, navigate to:

    **Computer Configuration\\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file**

  2. Click **Enable** and then refresh the policy to view the affected sites in Microsoft Edge.

    A message opens stating that the page needs to open in IE. At the same time, the page opens in IE11 automatically; in a new frame if it is not yet running, or in a new tab.

| | +--- + + +### ADMX info and settings +#### ADMX info +- **GP English name:** Send all intranet sites to Internet Explorer 11 +- **GP name:** SendIntranetTraffictoInternetExplorer +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[SendIntranetTraffictoInternetExplorer](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-sendintranettraffictointernetexplorer) +- **Supported devices:** Desktop +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SendIntranetTraffictoInternetExplorer +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main +- **Value name:** SendIntranetTraffictoInternetExplorer +- **Value type:** REG_DWORD + +### Related Policies +- [Configure the Enterprise Mode Site List](../available-policies.md#configure-the-enterprise-mode-site-list): [!INCLUDE [configure-enterprise-mode-site-list-shortdesc](../shortdesc/configure-enterprise-mode-site-list-shortdesc.md)] + +- [Show message when opening sites in Internet Explorer](../available-policies.md#show-message-when-opening-sites-in-internet-explorer): [!INCLUDE [show-message-when-opening-sites-in-ie-shortdesc](../shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md)] + + +### Related topics +- [Blog: How Microsoft Edge and Internet Explorer 11 on Windows 10 work better together in the Enterprise](https://go.microsoft.com/fwlink/p/?LinkID=624035). Many customers depend on legacy features only available in older versions of Internet Explorer and are familiar with our Enterprise Mode tools for IE11. The Enterprise Mode has been extended to support to Microsoft Edge by opening any site specified on the Enterprise Mode Site List in IE11. IT Pros can use their existing IE11 Enterprise Mode Site List, or they can create a new one specifically for Microsoft Edge. By keeping Microsoft Edge as the default browser in Windows 10 and only opening legacy line of business sites in IE11 when necessary, you can help keep newer development projects on track, using the latest web standards on Microsoft Edge. + +- [Enterprise Mode for Internet Explorer 11 (IE11)](https://go.microsoft.com/fwlink/p/?linkid=618377). Learn how to set up and use Enterprise Mode and the Enterprise Mode Site List Manager in your company. + +- [Use the Enterprise Mode Site List Manager](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager). You can use IE11 and the Enterprise Mode Site List Manager to add individual website domains and domain paths and to specify whether the site renders using Enterprise Mode or the default mode. + +
\ No newline at end of file diff --git a/browsers/edge/includes/set-default-search-engine-include.md b/browsers/edge/includes/set-default-search-engine-include.md new file mode 100644 index 0000000000..f7156818de --- /dev/null +++ b/browsers/edge/includes/set-default-search-engine-include.md @@ -0,0 +1,57 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
+>*Default setting: Not configured (Defined in App settings)* + +[!INCLUDE [set-default-search-engine-shortdesc](../shortdesc/set-default-search-engine-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Not configured
**(default)** |Blank |Blank |Use the search engine specified in App settings. If you don't configure this policy and disable the [Allow search engine customization](../group-policies/search-engine-customization-gp.md#allow-search-engine-customization) policy, users cannot make changes. | | +|Disabled |0 |0 |Remove or don't use the policy-set search engine and use the search engine for the market, letting users make changes. | | +|Enabled |1 |1 |Use the policy-set search engine specified in the OpenSearch XML file, preventing users from making changes.

Specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://docs.microsoft.com/microsoft-edge/dev-guide/browser/search-provider-discovery). Use this format to specify the link you want to add.

If you want your users to use the default Microsoft Edge settings for each market, then set the string to **EDGEDEFAULT**.

If you would like your users to use Microsoft Bing as the default search engine, then set the string to **EDGEBING**. |![Most restricted value](../images/check-gn.png) | +--- + + + +### ADMX info and settings +#### ADMX info +- **GP English name:** Set default search engine +- **GP name:** SetDefaultSearchEngine +- **GP element:** SetDefaultSearchEngine_Prompt +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** [SetDefaultSearchEngine](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-setdefaultsearchengine) +- **Supported devices:** Desktop +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetDefaultSearchEngine +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\OpenSearch +- **Value name:** SetDefaultSearchEngine +- **Value type:** REG_SZ + +### Related policies + +- [Configure additional search engines](../available-policies.md#configure-additional-search-engines): [!INCLUDE [configure-additional-search-engines-shortdesc](../shortdesc/configure-additional-search-engines-shortdesc.md)] + +- [Allow search engine customization](../available-policies.md#allow-search-engine-customization): [!INCLUDE [allow-search-engine-customization-shortdesc](../shortdesc/allow-search-engine-customization-shortdesc.md)] + +### Related topics + +- [!INCLUDE [microsoft-browser-extension-policy-shortdesc](../shortdesc/microsoft-browser-extension-policy-shortdesc.md)] + +- [Search provider discovery](https://docs.microsoft.com/microsoft-edge/dev-guide/browser/search-provider-discovery): The Microsoft Edge address bar uses rich search integration, including search suggestions, results from the web, your browsing history, and favorites. + +

\ No newline at end of file diff --git a/browsers/edge/includes/set-home-button-url-include.md b/browsers/edge/includes/set-home-button-url-include.md new file mode 100644 index 0000000000..5e091f18ac --- /dev/null +++ b/browsers/edge/includes/set-home-button-url-include.md @@ -0,0 +1,49 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10, version 1809*
+>*Default setting: Disabled or not configured (Blank)* + +[!INCLUDE [set-home-button-url-shortdesc](../shortdesc/set-home-button-url-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description | +|---|:---:|:---:|---| +|Disabled or not configured
**(default)** |Blank |Blank |Show the home button, load the Start pages, and lock down the home button to prevent users from changing what page loads. | +|Enabled - String |String |String |Enter a URL in string format, for example, https://www.msn.com.

For this policy to work, you must also enable the [Configure Home Button](../available-policies.md#configure-home-button) policy and select the _Show home button & set a specific page_ option. | +--- + + +### ADMX info and settings +#### ADMX info +- **GP English name:** Set Home Button URL +- **GP name:** SetHomeButtonURL +- **GP element:** SetHomeButtonURLPrompt +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[SetHomeButtonURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) +- **Supported devices:** Desktop and Mobile +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL +- **Data type:** String + +#### Registry settings +- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings +- **Value name:** ConfigureHomeButtonURL +- **Value type:** REG_SZ + +### Related policies + +- [Configure Home Button](../available-policies.md#configure-home-button): [!INCLUDE [configure-home-button-shortdesc](../shortdesc/configure-home-button-shortdesc.md)] + +- [Unlock Home Button](../available-policies.md#unlock-home-button): [!INCLUDE [unlock-home-button-shortdesc](../shortdesc/unlock-home-button-shortdesc.md)] + +

diff --git a/browsers/edge/includes/set-new-tab-url-include.md b/browsers/edge/includes/set-new-tab-url-include.md new file mode 100644 index 0000000000..8b9ac1c728 --- /dev/null +++ b/browsers/edge/includes/set-new-tab-url-include.md @@ -0,0 +1,48 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10, version 1809*
+>*Default setting: Disabled or not configured (Blank)* + +[!INCLUDE [set-new-tab-url-shortdesc](../shortdesc/set-new-tab-url-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description | +|---|:---:|:---:|---| +|Disabled or not configured
**(default)** |Blank |Blank |Load the default New Tab page. | +|Enabled - String |String |String |Enter a URL in string format, for example, https://www.msn.com.

Enabling this policy prevents users from making changes.

| +--- + +### ADMX info and settings +#### ADMX info +- **GP English name:** Set New Tab page URL +- **GP name:** SetNewTabPageURL +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[SetNewTabPageURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl) +- **Supported devices:** Desktop +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL +- **Data type:** String + +#### Registry settings +- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings +- **Value name:** NewTabPageUR +- **Value type:** REG_SZ + + +### Related policies + +[Allow web content on New Tab page](../available-policies.md#allow-web-content-on-new-tab-page): [!INCLUDE [allow-web-content-on-new-tab-page-shortdesc](../shortdesc/allow-web-content-on-new-tab-page-shortdesc.md)] + + + +

\ No newline at end of file diff --git a/browsers/edge/includes/show-message-opening-sites-ie-include.md b/browsers/edge/includes/show-message-opening-sites-ie-include.md new file mode 100644 index 0000000000..c5e808c926 --- /dev/null +++ b/browsers/edge/includes/show-message-opening-sites-ie-include.md @@ -0,0 +1,52 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + + +>*Supported versions: Microsoft Edge on Windows 10, version 1607 and later*
+>*Default setting: Disabled or not configured (No additional message)* + + +[!INCLUDE [show-message-when-opening-sites-in-ie-shortdesc](../shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md)] + + +### Supported values + +|Group Policy |MDM |Registry |Description |Most restricted | +|---|:---:|:---:|---|:---:| +|Disabled or not configured
**(default)** |0 |0 |No additional message displays. |![Most restricted value](../images/check-gn.png) | +|Enabled |1 |1 |Show an additional message stating that a site has opened in IE11. | | +|Enabled |2 |2 |Show an additional message with a _Keep going in Microsoft Edge_ link to allow users to open the site in Microsoft Edge. | | +--- + +### ADMX info and settings +#### ADMX info +- **GP English name:** Show message when opening sites in Internet Explorer +- **GP name:** ShowMessageWhenOpeningSitesInInternetExplorer +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[ShowMessageWhenOpeningSitesInInternetExplorer](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-showmessagewhenopeningsitesininternetexplorer) +- **Supported devices:** Desktop +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ShowMessageWhenOpeningSitesInInternetExplorer +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main +- **Value name:** ShowMessageWhenOpeningSitesInInternetExplorer +- **Value type:** REG_DWORD + +### Related policies + +- [Configure the Enterprise Mode Site List](../available-policies.md#configure-the-enterprise-mode-site-list): [!INCLUDE [configure-enterprise-mode-site-list-shortdesc](../shortdesc/configure-enterprise-mode-site-list-shortdesc.md)] + +- [Send all intranet sites to Internet Explorer 11](../available-policies.md#send-all-intranet-sites-to-internet-explorer-11): [!INCLUDE [send-all-intranet-sites-to-ie-shortdesc](../shortdesc/send-all-intranet-sites-to-ie-shortdesc.md)] + + +
\ No newline at end of file diff --git a/browsers/edge/includes/unlock-home-button-include.md b/browsers/edge/includes/unlock-home-button-include.md new file mode 100644 index 0000000000..d2c2e44746 --- /dev/null +++ b/browsers/edge/includes/unlock-home-button-include.md @@ -0,0 +1,48 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10, version 1809*
+>*Default setting: Disabled or not configured (Home button is locked)* + +[!INCLUDE [unlock-home-button-shortdesc](../shortdesc/unlock-home-button-shortdesc.md)] + +### Supported values + +|Group Policy |MDM |Registry |Description | +|---|:---:|:---:|---| +|Disabled or not configured
**(default)** |0 |0 |Locked, preventing users from making changes. | +|Enabled |1 |1 |Unlocked, letting users make changes. | +--- + +### ADMX info and settings +#### ADMX info +- **GP English name:** Unlock Home Button +- **GP name:** UnlockHomeButton +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[UnlockHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) +- **Supported devices:** Desktop +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/UnlockHomeButton +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Internet Settings +- **Value name:** UnlockHomeButton +- **Value type:** REG_DWORD + +### Related policies + +- [Configure Home Button](../available-policies.md#configure-home-button): [!INCLUDE [configure-home-button-shortdesc](../shortdesc/configure-home-button-shortdesc.md)] + +- [Set Home Button URL](../available-policies.md#set-home-button-url): [!INCLUDE [set-home-button-url-shortdesc](../shortdesc/set-home-button-url-shortdesc.md)] + + +
\ No newline at end of file diff --git a/browsers/edge/index.yml b/browsers/edge/index.yml new file mode 100644 index 0000000000..9550d5d1d2 --- /dev/null +++ b/browsers/edge/index.yml @@ -0,0 +1,163 @@ +### YamlMime:YamlDocument + +documentType: LandingData + +title: Microsoft Edge Group Policy configuration options + +metadata: + + document_id: + + title: Microsoft Edge Group Policy configuration options + + description: + + text: Learn how to deploy and configure group policies in Microsoft Edge on Windows 10. Some of the features coming to Microsoft Edge gives you the ability to set a custom URL for the New Tab page or Home button. Another new feature allows you to hide or show the Favorites bar, giving you more control over the favorites bar. + + keywords: Microsoft Edge, Windows 10 + + ms.localizationpriority: medium + + author: shortpatti + + ms.author: pashort + + ms.date: 08/09/2018 + + ms.topic: article + + ms.devlang: na + +sections: + +- title: + +- items: + + - type: markdown + + text: Learn about interoperability goals and enterprise guidance along with system requirements, language support and frequently asked questions. + +- items: + + - type: list + + style: cards + + className: cardsE + + columns: 3 + + items: + + - href: https://docs.microsoft.com/microsoft-edge/deploy/change-history-for-microsoft-edge + + html:

Learn more about the latest group policies and features added to Microsoft Edge.

+ + image: + + src: https://docs.microsoft.com/media/common/i_whats-new.svg + + title: What's new + + - href: https://docs.microsoft.com/microsoft-edge/deploy/about-microsoft-edge + + html:

Learn about the system requirements and language support for Microsoft Edge.

+ + image: + + src: https://docs.microsoft.com/media/common/i_overview.svg + + title: System requirements and supported languages + + - href: https://www.microsoft.com/en-us/WindowsForBusiness/Compare + + html:

Learn about the supported features & functionality in each Windows edition.

+ + image: + + src: https://docs.microsoft.com/media/common/i_config-tools.svg + + title: Compare Windows 10 Editions + + - href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/security-privacy-management-gp + + html:

Learn how Microsoft Edge helps to defend from increasingly sophisticated and prevalent web-based attacks against Windows.

+ + image: + + src: https://docs.microsoft.com/media/common/i_security-management.svg + + title: Security & protection + + - href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/interoperability-enterprise-guidance-gp + + html:

Learch how you can use the Enterprise Mode site list for websites and apps that have compatibility problems in Microsoft Edge.

+ + image: + + src: https://docs.microsoft.com/media/common/i_management.svg + + title: Interoperability & enterprise guidance + + - href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/index + + html:

Learn about the advanced VPN features you can add to improve the security and availability of your VPN connection.

+ + image: + + src: https://docs.microsoft.com/media/common/i_policy.svg + + title: Group policies & configuration options + +- items: + + - type: list + + style: cards + + className: cardsL + + items: + + - title: Microsoft Edge resources + + html:

Minimum system requirements

+ +

Supported languages

+ +

Document change history

+ +

Compare Windows 10 Editions

+ +

Microsoft Edge Dev blog

+ +

Microsoft Edge Dev on Twitter

+ +

Microsoft Edge changelog

+ +

Measuring the impact of Microsoft Edge

+ + - title: IE11 resources + + html:

Deploy Internet Explorer 11 (IE11) - IT Pros

+ +

Internet Explorer Administration Kit 11 (IEAK 11)

+ +

Download Internet Explorer 11

+ + - title: Additional resources + + html:

Group Policy and the Group Policy Management Console (GPMC)

+ +

Group Policy and the Local Group Policy Editor

+ +

Group Policy and the Advanced Group Policy Management (AGPM)

+ +

Group Policy and Windows PowerShell

+ + + + + + diff --git a/browsers/edge/managing-group-policy-admx-files.md b/browsers/edge/managing-group-policy-admx-files.md new file mode 100644 index 0000000000..2f76d6a665 --- /dev/null +++ b/browsers/edge/managing-group-policy-admx-files.md @@ -0,0 +1,24 @@ +--- +title: Managing group policy ADMX files +description: Learn how to centrally administer and incorporate ADMX files when editing the administrative template policy settings inside a local or domain-based Group Policy object. +ms.assetid: +author: shortpatti +ms.author: pashort +ms.prod: edge +ms.sitesec: library +ms.localizationpriority: medium +ms.date: 10/19/2018 +--- + +# Managing group policy ADMX files + +>Applies to: Microsoft Edge on Windows 10 + +ADMX files, which are registry-based policy settings provide an XML-based structure for defining the display of the Administrative Template policy settings in the Group Policy Object Editor. The ADMX files replace ADM files, which used a different markup language. + +>[!NOTE] +>The administrative tools you use—Group Policy Object Editor and Group Policy Management Console—remain mostly unchanged. In the majority of situations, you won’t notice the presence of ADMX files during your day-to-day Group Policy administration tasks. + +Unlike ADM files, ADMX files are not stored in individual GPOs by default; however, this behavior supports less common scenarios. For domain-based enterprises, you can create a central store location of ADMX files accessible by anyone with permission to create or edit GPOs. Group Policy tools continue to recognize other earlier ADM files you have in your existing environment. The Group Policy Object Editor automatically reads and displays Administrative Template policy settings from both the ADMX and ADM files. + +Some situations require a better understanding of how ADMX files are structured and the location of the files. In this article, we show you how ADMX files are incorporated when editing Administrative Template policy settings in a local or domain-based Group Policy object (GPO). diff --git a/browsers/edge/microsoft-browser-extension-policy-include.md b/browsers/edge/microsoft-browser-extension-policy-include.md deleted file mode 100644 index 03aabcbbff..0000000000 --- a/browsers/edge/microsoft-browser-extension-policy-include.md +++ /dev/null @@ -1 +0,0 @@ -[Microsoft browser extention policy](https://docs.microsoft.com/en-us/legal/windows/agreements/microsoft-browser-extension-policy) \ No newline at end of file diff --git a/browsers/edge/microsoft-edge-faq.md b/browsers/edge/microsoft-edge-faq.md index 59299f93a9..f989f0e5c8 100644 --- a/browsers/edge/microsoft-edge-faq.md +++ b/browsers/edge/microsoft-edge-faq.md @@ -1,51 +1,66 @@ --- -title: Microsoft Edge - Frequently Asked Questions (FAQs) for IT Pros (Microsoft Edge for IT Pros) -description: Answering frequently asked questions about Microsoft Edge features, integration, support, and potential problems. +title: Microsoft Edge - Frequently Asked Questions (FAQs) for IT Pros +description: Answers to frequently asked questions about Microsoft Edge features, integration, support, and potential problems. author: shortpatti ms.author: pashort ms.prod: edge +ms.topic: reference ms.mktglfcycl: general ms.sitesec: library ms.localizationpriority: medium -ms.date: 09/19/2017 +ms.date: 11/05/2018 --- -# Microsoft Edge - Frequently Asked Questions (FAQs) for IT Pros +# Frequently Asked Questions (FAQs) for IT Pros ->Applies to: Windows 10, Windows 10 Mobile +>Applies to: Microsoft Edge on Windows 10 and Windows 10 Mobile + +**Q: Why is the Sync settings option under Settings \> Accounts \> Sync your settings permanently disabled? + +**A:** In the Windows 10 Anniversary Update, domain-joined users who connected their Microsoft Account (MSA) could roam settings and data between Windows devices. A group policy to prevent users from connecting their MSAs exists, but this setting also prevents users from easily accessing their personal Microsoft services. Enterprises can still enable Enterprise State Roaming with Azure Active Directory. + +>In a nutshell, any fresh install of Windows 10 Creators Update or higher does not support funtionality if it's under an Active Directory, but works for Azure Active Directory. + +**Q: What is the size of the local storage for Microsoft Edge overall and per domain?** + +**A:** The limits are 5MB per subdomain, 10MB per domain, and 50MB total. **Q: What is the difference between Microsoft Edge and Internet Explorer 11? How do I know which one to use?** -**A:** Microsoft Edge is the default browser for all Windows 10 devices. It is built to be highly compatible with the modern web. For some enterprise web apps and a small set of sites on the web that were built to work with older technologies like ActiveX, [you can use Enterprise Mode](https://docs.microsoft.com/en-us/microsoft-edge/deploy/emie-to-improve-compatibility) to automatically send users to Internet Explorer 11 for those sites. +**A:** Microsoft Edge is the default browser for all Windows 10 devices. It is built to be highly compatible with the modern web. For some enterprise web apps and a small set of sites on the web that were built to work with older technologies like ActiveX, [you can use Enterprise Mode](https://docs.microsoft.com/microsoft-edge/deploy/emie-to-improve-compatibility) to automatically send users to Internet Explorer 11 for those sites. For more information on how Internet Explorer and Microsoft Edge can work together to support your legacy web apps, while still defaulting to the higher bar for security and modern experiences enabled by Microsoft Edge, see [Legacy apps in the enterprise](https://blogs.windows.com/msedgedev/2017/04/07/legacy-web-apps-enterprise/#RAbtRvJSYFaKu2BI.97). **Q: Does Microsoft Edge work with Enterprise Mode?** -**A:** [Enterprise Mode](https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11) offers better backward compatibility and enables customers to run many legacy web applications. Microsoft Edge and Internet Explorer can be configured to use the same Enterprise Mode Site List, switching seamlessly between browsers to support both modern and legacy web apps. For guidance and additional resources, please visit the [Microsoft Edge IT Center](https://technet.microsoft.com/en-us/microsoft-edge). +**A:** [Enterprise Mode](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11) offers better backward compatibility and enables customers to run many legacy web applications. Microsoft Edge and Internet Explorer can be configured to use the same Enterprise Mode Site List, switching seamlessly between browsers to support both modern and legacy web apps. **Q: I have Windows 10, but I don’t seem to have Microsoft Edge. Why?** -**A:** Long-Term Servicing Branch (LTSB) versions of Windows, including Windows Server 2016, don't include Microsoft Edge or many other Universal Windows Platform (UWP) apps. These apps and their services are frequently updated with new functionality and can't be supported on systems running LTSB operating systems. For customers who require the LTSB for specialized devices, we recommend using Internet Explorer 11. +**A:** Long-Term Servicing Branch (LTSB) versions of Windows, including Windows Server 2016 and Windows Server 2019, don't include Microsoft Edge or many other Universal Windows Platform (UWP) apps. These apps and their services are frequently updated with new functionality and can't be supported on systems running LTSB operating systems. For customers who require the LTSB for specialized devices, we recommend using Internet Explorer 11. **Q: How do I get the latest Canary/Beta/Preview version of Microsoft Edge?** -**A:** You can access the latest preview version of Microsoft Edge by updating to the latest Windows 10 preview via the [Windows Insider Program](https://insider.windows.com/). To run the preview version of Microsoft Edge on a stable version of Windows 10 (or any other OS), you can download a [Virtual Machine](https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/windows/) that we provide or use the upcoming RemoteEdge service. +**A:** You can access the latest preview version of Microsoft Edge by updating to the latest Windows 10 preview via the [Windows Insider Program](https://insider.windows.com/). To run the preview version of Microsoft Edge on a stable version of Windows 10 (or any other OS), you can download a [Virtual Machine](https://developer.microsoft.com/microsoft-edge/tools/vms/windows/) that we provide or use the upcoming RemoteEdge service. **Q: How do I customize Microsoft Edge and related settings for my organization?** -**A:** You can use Group Policy or Microsoft Intune to manage settings related to Microsoft Edge, such as security settings, folder redirection, and preferences. See [Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](https://docs.microsoft.com/en-us/microsoft-edge/deploy/available-policies) for a list of available policies for Microsoft Edge. +**A:** You can use Group Policy or Microsoft Intune to manage settings related to Microsoft Edge, such as security settings, folder redirection, and preferences. See [Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/group-policies/index) for a list of available policies for Microsoft Edge and configuration combinations. **Q: Is Adobe Flash supported in Microsoft Edge?** -**A:** Currently, Adobe Flash is supported as a built-in feature of Microsoft Edge on devices running the desktop version of Windows 10. In July 2017, Adobe announced that Flash will no longer be supported after 2020. We will phase out Flash from Microsoft Edge and Internet Explorer, culminating in the removal of Flash from Windows entirely by the end of 2020. This process began already for Microsoft Edge with [Click-to-Run for Flash](https://blogs.windows.com/msedgedev/2016/12/14/edge-flash-click-run/) in the Windows 10 Creators Update. +**A:** Currently, Adobe Flash is supported as a built-in feature of Microsoft Edge on devices running the desktop version of Windows 10. In July 2017, Adobe announced that Flash will no longer be supported after 2020. With Adobe no longer supporting Flash after 2020, Microsoft has started to phase out Flash from Microsoft Edge by adding the [Configure the Adobe Flash Click-to-Run setting](available-policies.md#configure-the-adobe-flash-click-to-run-setting) group policy giving you a way to control the list of websites that have permission to run Adobe Flash content. -For more information about the phasing out of Flash, read the [End of an Era – Next Steps for Adobe Flash](https://blogs.windows.com/msedgedev/2017/07/25/flash-on-windows-timeline/#85ZBy7aiVlDQHebO.97) blog post. -**Q: Does Microsoft Edge support ActiveX controls or BHOs like Silverlight or Java?** -**A:** No, ActiveX controls and BHOs such as Silverlight or Java are not supported in Microsoft Edge. The need for ActiveX controls has been significantly reduced by modern web standards, which are more interoperable across browsers. We are working on plans for an extension model based on the modern web platform in Microsoft Edge. We look forward to sharing more details on these plans soon. Not supporting legacy controls in Microsoft Edge provides many benefits including better interoperability with other modern browsers, as well as increased performance, security, and reliability. +To learn more about Microsoft’s plan for phasing out Flash from Microsoft Edge and Internet Explorer, see [The End of an Era — Next Steps for Adobe Flash]( https://blogs.windows.com/msedgedev/2017/07/25/flash-on-windows-timeline/#3Bcc3QjRw0l7XsZ4.97) (blog article). + + +**Q: Does Microsoft Edge support ActiveX controls or BHOs like Silverlight or Java?** + +**A:** No. Microsoft Edge does not support ActiveX controls and BHOs such as Silverlight or Java. If you are running web apps that continue to use ActiveX controls, x-ua-compatible headers, or legacy document modes, you need to keep running them in IE11. IE11 offers additional security, manageability, performance, backward compatibility, and modern standards support. + **Q: How often will Microsoft Edge be updated?** @@ -77,5 +92,5 @@ For more information about the phasing out of Flash, read the [End of an Era – **Q: Will Windows 7 or Windows 8.1 users get Microsoft Edge or the new Microsoft EdgeHTML rendering engine?** -**A:** Microsoft Edge has been designed and built to showcase Windows 10 features like Cortana, and is built on top of the Universal Windows Platform. Although we don’t have any plans to bring Microsoft Edge to Windows 7 or Windows 8.1 at this time, you can test Microsoft Edge with older versions of Internet Explorer using [free virtual machines](https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/). +**A:** No. Microsoft Edge has been designed and built to showcase Windows 10 features like Cortana, and is built on top of the Universal Windows Platform. diff --git a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md new file mode 100644 index 0000000000..a8f34188e6 --- /dev/null +++ b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md @@ -0,0 +1,263 @@ +--- +title: Deploy Microsoft Edge kiosk mode +description: Microsoft Edge kiosk mode works with assigned access to allow IT admins to create a tailored browsing experience designed for kiosk devices. To use Microsoft Edge kiosk mode, you must configure Microsoft Edge as an application in assigned access. +ms.assetid: +author: shortpatti +ms.author: pashort +ms.prod: edge +ms.sitesec: library +ms.topic: get-started-article +ms.localizationpriority: medium +ms.date: 10/29/2018 +--- + +# Deploy Microsoft Edge kiosk mode + +>Applies to: Microsoft Edge on Windows 10, version 1809 +>Professional, Enterprise, and Education + +In the Windows 10 October 2018 Update, we added the capability to use Microsoft Edge as a kiosk using assigned access. With assigned access, you create a tailored browsing experience locking down a Windows 10 device to only run as a single-app or multi-app kiosk. Assigned access restricts a local standard user account so that it only has access to one or more Windows app, such as Microsoft Edge in kiosk mode. + +In this topic, you learn how to configure the behavior of Microsoft Edge when it's running in kiosk mode with assigned access. You also learn how to set up your kiosk device using either Windows Setting or Microsoft Intune or other MDM service. + +At the end of this topic, you can find a list of [supported policies](#supported-policies-for-kiosk-mode) for kiosk mode and a [feature comparison](#feature-comparison-of-kiosk-mode-and-kiosk-browser-app) of the kiosk mode policy and kiosk browser app. You also find instructions on how to provide us feedback or get support. + + +## Kiosk mode configuration types + +>**Policy** = Configure kiosk mode (ConfigureKioskMode) + +Microsoft Edge kiosk mode supports four configurations types that depend on how Microsoft Edge is set up with assigned access, either as a single-app or multi-app kiosk. These configuration types help you determine what is best suited for your kiosk device or scenario. + +- Learn about [creating a kiosk experience](https://docs.microsoft.com/windows-hardware/customize/enterprise/create-a-kiosk-image) + + - [Set up a kiosk or digital signage on Windows 10 Pro, Enterprise, or Education](https://docs.microsoft.com/windows/configuration/setup-kiosk-digital-signage) + + - [Create a Windows 10 kiosk that runs multiple apps](https://docs.microsoft.com/windows/configuration/lock-down-windows-10-to-specific-apps). + +- Learn about configuring a more secure kiosk experience: [Other settings to lock down](https://docs.microsoft.com/windows/configuration/setup-kiosk-digital-signage#other-settings-to-lock-down). + + +### Important things to remember before getting started + +- The public browsing kiosk types run Microsoft Edge InPrivate mode to protect user data with a browsing experience designed for public kiosks. + +- Microsoft Edge kiosk mode has a built-in timer to help keep data safe in public browsing sessions. When the idle time (no user activity) meets the time limit, a confirmation message prompts the user to continue, and if no user activity Microsoft Edge resets the session to the default URL. By default, the idle timer is 5 minutes, but you can choose a value of your own. + +- Optionally, you can define a single URL for the Home button, Start page, and New Tab page. See [Supported policies for kiosk mode](#supported-policies-for-kiosk-mode) to learn more. + +- No matter which configuration type you choose, you must set up Microsoft Edge in assigned access; otherwise, Microsoft Edge ignores the settings in this policy (Configure kiosk mode/ConfigureKioskMode).

Learn more about assigned access: + + - [Configure kiosk and shared devices running Windows desktop editions](https://aka.ms/E489vw). + + - [Kiosk apps for assigned access best practices](https://aka.ms/H1s8y4). + + - [Guidelines for choosing an app for assigned access (kiosk mode)](https://aka.ms/Ul7dw3). + + +### Supported configuration types + +[!INCLUDE [configure-kiosk-mode-supported-values-include](includes/configure-kiosk-mode-supported-values-include.md)] + +## Set up Microsoft Edge kiosk mode + +Now that you're familiar with the different kiosk mode configurations and have the one you want to use in mind, you can use one of the following methods to set up Microsoft Edge kiosk mode: + +- **Windows Settings.** Use only to set up a couple of single-app devices because you perform these steps physically on each device. For a multi-app kiosk device, use Microsoft Intune or other MDM service. + +- **Microsoft Intune or other MDM service.** Use to set up several single-app or multi-app kiosk devices. Microsoft Intune and other MDM service providers offer more options for customizing the Microsoft Edge kiosk mode experience using any of the [Supported policies for kiosk mode](#supported-policies-for-kiosk-mode). + + +### Prerequisites + +- Microsoft Edge on Windows 10, version 1809 (Professional, Enterprise, and Education). + +- URL to load when the kiosk launches. The URL that you provide sets the Home button, Start page, and New Tab page. + +- _**For Microsoft Intune or other MDM service**_, you must have the AppUserModelID (AUMID) to set up Microsoft Edge: + + ``` + Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge + ``` + + +### Use Windows Settings + +Windows Settings is the simplest and the only way to set up one or a couple of single-app devices. + + +1. On the kiosk device, open Windows Settings, and in the search field type **kiosk** and then select **Set up a kiosk (assigned access)**. + +2. On the **Set up a kiosk** page, click **Get started**. + +3. Type a name to create a new kiosk account, or choose an existing account from the populated list and click **Next**. + +4. On the **Choose a kiosk app** page, select **Microsoft Edge** and then click **Next**. + +5. Select how Microsoft Edge displays when running in kiosk mode: + + - **As a digital sign or interactive display** - Displays a specific site in full-screen mode, running Microsoft Edge InPrivate protecting user data. + + - **As a public browser** - Runs a limited multi-tab version of Microsoft Edge, protecting user data. + +6. Select **Next**. + +7. Type the URL to load when the kiosk launches. + +8. Accept the default value of **5 minutes** for the idle time or provide a value of your own. + +9. Click **Next**. + +10. Close the **Settings** window to save and apply your choices. + +11. Restart the kiosk device and sign in with the local kiosk account to validate the configuration. + +**_Congratulations!_**

You’ve just finished setting up a single-app kiosk device using Windows Settings. + +**_What's next?_** + +- User your new kiosk device.

+ OR

+- Make changes to your kiosk device. In Windows Settings, on the **Set up a kiosk** page, make your changes to **Choose a kiosk mode** and **Set up Microsoft Edge**. + +--- + + +### Use Microsoft Intune or other MDM service + +With this method, you can use Microsoft Intune or other MDM services to configure Microsoft Edge kiosk mode in assigned access and how it behaves on a kiosk device. To learn about a few app fundamentals and requirements before adding them to Intune, see [Add apps to Microsoft Intune](https://docs.microsoft.com/intune/apps-add). + +>[!IMPORTANT] +>If you are using a local account as a kiosk account in Microsoft Intune, make sure to sign into this account and then sign out before configuring the kiosk device. + +1. In Microsoft Intune or other MDM service, configure [AssignedAccess](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) to prevent users from accessing the file system, running executables, or other apps. + +2. Configure the following MDM settings to setup Microsoft Edge kiosk mode on the kiosk device and then restart the device. + + | | | + |---|---| + | **[ConfigureKioskMode](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)**

![](images/icon-thin-line-computer.png) | Configure the display mode for Microsoft Edge as a kiosk app.

**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode

**Data type:** Integer

**Allowed values:**

| + | **[ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)**

![](images/icon-thin-line-computer.png) | Change the time in minutes from the last user activity before Microsoft Edge kiosk mode resets the user's session.

**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout

**Data type:** Integer

**Allowed values:**

| + | **[HomePages](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-homepages)**

![](images/icon-thin-line-computer.png) | Set one or more start pages, URLs, to load when Microsoft Edge launches.

**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/HomePages

**Data type:** String

**Allowed values:**

Enter one or more URLs, for example,
   \\ | + | **[ConfigureHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)**

![](images/icon-thin-line-computer.png) | Configure how the Home Button behaves.

**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton

**Data type:** Integer

**Allowed values:**

| + | **[SetHomeButtonURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)**

![](images/icon-thin-line-computer.png) | If you set ConfigureHomeButton to 2, configure the home button URL.

**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL

**Data type:** String

**Allowed values:** Enter a URL, for example, https://www.bing.com | + | **[SetNewTabPageURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)**

![](images/icon-thin-line-computer.png) | Set a custom URL for the New Tab page.

**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL

**Data type:** String

**Allowed values:** Enter a URL, for example, https://www.msn.com | + + +**_Congratulations!_**

You’ve just finished setting up a kiosk or digital signage with policies for Microsoft Edge kiosk mode using Microsoft Intune or other MDM service. + +**_What's next?_**

Now it's time to use your new kiosk device. Sign into the device with the kiosk account selected to run Microsoft Edge kiosk mode. + +--- + + +## Supported policies for kiosk mode + +Use any of the Microsoft Edge policies listed below to enhance the kiosk experience depending on the Microsoft Edge kiosk mode type you configure. To learn more about these policies, see [Policy CSP - Browser](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser). + +Make sure to check with your provider for instructions. + +| **MDM Setting** | **Digital /
Interactive signage** | **Public browsing
single-app** | **Public browsing
multi-app** | **Normal
mode** | +|------------------|:---------:|:---------:|:---------:|:---------:| +| [AllowAddressBarDropdown](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowaddressbardropdown) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [AllowAutofill](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowautofill) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [AllowBrowser](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowbrowser) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | +| [AllowConfigurationUpdateForBooksLibrary](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [AllowCookies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowcookies) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [AllowDeveloperTools](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowdevelopertools) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [AllowDoNotTrack](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowdonottrack) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [AllowExtensions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowextensions) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [AllowFlash](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowflash) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [AllowFlashClickToRun](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun) | ![Supported](images/148767.png)2 | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [AllowFullscreen](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowfullscreenmode)\* | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [AllowInPrivate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowinprivate) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [AllowMicrosoftCompatibilityList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowmicrosoftcompatibilitylist) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png)1 | ![Supported](images/148767.png) | +| [AllowPasswordManager](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowpasswordmanager) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [AllowPopups](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowpopups) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [AllowPrelaunch](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowprelaunch)\* | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [AllowPrinting](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowprinting)\* | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [AllowSavingHistory](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsavinghistory)\* | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [AllowSearchEngineCustomization](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsearchenginecustomization) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsearchenginecustomization) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [AllowSideloadingExtensions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsideloadingofextensions)\* | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [AllowSmartScreen](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [AllowSyncMySettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [AllowTabPreloading](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowtabpreloading)\* | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [AllowWebContentOnNewTabPage](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage)\* | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [AlwaysEnabledBooksLibrary](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [ClearBrowsingDataOnExit](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-clearbrowsingdataonexit) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [ConfigureAdditionalSearchEngines](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configureadditionalsearchengines) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [ConfigureFavoritesBar](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar)\* | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [ConfigureHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)\* | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +|  [ConfigureKioskMode](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)\* | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +|  [ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)\* | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | +| [ConfigureOpenEdgeWith](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith)\* | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [ConfigureTelemetryForMicrosoft365Analytics](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configuretelemetryformicrosoft365analytics)\* | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [DisableLockdownOfStartPages](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-disablelockdownofstartpages) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [Experience/DoNotSyncBrowserSettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-donotsyncbrowsersetting)\* and [Experience/PreventTurningOffRequiredExtensions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventturningoffrequiredextensions)\* | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [EnableExtendedBooksTelemetry](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [EnterpriseModeSiteList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png)1 | ![Supported](images/148767.png) | +| [FirstRunURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-firstrunurl) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | +| [HomePages](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-homepages) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [LockdownFavorites](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [PreventAccessToAboutFlagsInMicrosoftEdge](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventaccesstoaboutflagsinmicrosoftedge) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [PreventCertErrorOverrides](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides)\* | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [PreventFirstRunPage](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventfirstrunpage) | ![Supported](images/148767.png) | ![Supported](images/148767.png)| ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [PreventLiveTileDataCollection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventlivetiledatacollection) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [PreventSmartScreenPromptOverride](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverride) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [PreventSmartScreenPromptOverrideForFiles](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverrideforfiles) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [PreventTurningOffRequiredExtensions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventturningoffrequiredextensions)\* | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [PreventUsingLocalHostIPAddressForWebRTC](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventusinglocalhostipaddressforwebrtc) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [ProvisionFavorites](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [SendIntranetTraffictoInternetExplorer](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-sendintranettraffictointernetexplorer) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png)1 | ![Supported](images/148767.png) | +| [SetDefaultSearchEngine](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-setdefaultsearchengine) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [SetHomeButtonURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)\* | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [SetNewTabPageURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)\* | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [ShowMessageWhenOpeningInteretExplorerSites](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-showmessagewhenopeningsitesininternetexplorer) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png)1 | ![Supported](images/148767.png) | +| [SyncFavoritesBetweenIEAndMicrosoftEdge](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-syncfavoritesbetweenieandmicrosoftedge) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png)1 | ![Supported](images/148767.png) | +| [UnlockHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton)\* | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [UseSharedFolderForBooks](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-usesharedfolderforbooks) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | + + +*\* New policy as of Windows 10, version 1809.*

+*1) For multi-app assigned access, you must configure Internet Explorer 11.*
+*2) For digital/interactive signage to enable Flash, set [AllowFlashClickToRun](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun) to 0.* + +**Legend:**

+       ![Not supported](images/148766.png) = Not applicable or not supported
+       ![Supported](images/148767.png) = Supported + +--- + +## Feature comparison of kiosk mode and kiosk browser app +In the following table, we show you the features available in both Microsoft Edge kiosk mode and Kiosk Browser app available in Microsoft Store. Both kiosk mode and kiosk browser app work in assigned access. + +| **Feature** | **Microsoft Edge kiosk mode** | **Microsoft Kiosk browser app** | +|---------------|:----------------:|:---------------:| +| Print support | ![Supported](images/148767.png) | ![Not supported](images/148766.png) | +| Multi-tab support | ![Supported](images/148767.png) | ![Not supported](images/148766.png) | +| Allow/Block URL support | ![Supported](images/148767.png)

*\*For Microsoft Edge kiosk mode use* [Windows Defender Firewall](#_*Windows_Defender_Firewall)*. Microsoft kiosk browser has custom policy support.* | ![Supported](images/148767.png) | +| Configure Home Button | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| Set Start page(s) URL | ![Supported](images/148767.png) | ![Supported](images/148767.png)

*Same as Home button URL* | +| Set New Tab page URL | ![Supported](images/148767.png) | ![Not supported](images/148766.png) | +| Favorites management | ![Supported](images/148767.png) | ![Not supported](images/148766.png) | +| End session button | ![Supported](images/148767.png) | ![Supported](images/148767.png)

*In Microsoft Intune, you must create a custom URI to enable. Dedicated UI configuration introduced in version 1808.* | +| Reset on inactivity | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| Internet Explorer integration (Enterprise Mode site list) | ![Supported](images/148767.png)

*Multi-app mode only* | ![Not supported](images/148766.png) | +| Available in Microsoft Store | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +|SKU availability | Windows 10 October 2018 Update
Professional, Enterprise, and Education | Windows 10 April 2018 Update
Professional, Enterprise, and Education | + + +**\*Windows Defender Firewall**

+To prevent access to unwanted websites on your kiosk device, use Windows Defender Firewall to configure a list of allowed websites, blocked websites or both. For more details, see [Windows Defender Firewall with Advanced Security Deployment](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide). + +--- + +## Provide feedback or get support + +To provide feedback on Microsoft Edge kiosk mode in Feedback Hub, select **Microsoft Edge** as the **Category**, and **All other issues** as the subcategory. + +**_For multi-app kiosk only._** If you have set up the Feedback Hub in assigned access, you can you submit the feedback from the device running Microsoft Edge in kiosk mode in which you can include diagnostic logs. In the Feedback Hub, select **Microsoft Edge** as the **Category**, and **All other issues** as the subcategory. + + + diff --git a/browsers/edge/security-enhancements-microsoft-edge.md b/browsers/edge/security-enhancements-microsoft-edge.md deleted file mode 100644 index 9efd0d49d7..0000000000 --- a/browsers/edge/security-enhancements-microsoft-edge.md +++ /dev/null @@ -1,119 +0,0 @@ ---- -description: Microsoft Edge is designed with significant security improvements over existing browsers, helping to defend people from increasingly sophisticated and prevalent web-based attacks against Windows. -ms.prod: edge -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security -title: Security enhancements for Microsoft Edge (Microsoft Edge for IT Pros) -ms.localizationpriority: medium -ms.date: 10/16/2017 -ms.author: pashort -author: shortpatti ---- - -# Security enhancements for Microsoft Edge - ->Applies to: Windows 10, Windows 10 Mobile - -Microsoft Edge is designed with significant security improvements, helping to defend people from increasingly sophisticated and prevalent web-based attacks against Windows. - -## Help to protect against web-based security threats -While most websites are safe, some sites have been designed to steal personal information or gain access to your system’s resources. Thieves by nature don’t care about rules, and will use any means to take advantage of victims, most often using trickery or hacking: - -- **Trickery** uses things like “phishing” attacks to convince a person to enter a banking password into a website that looks like the bank, but isn’t. - -- **Hacking** attacks a system through malformed content that exploits subtle flaws in a browser, or in various browser extensions, such as video decoders. This exploit lets an attacker run code on a device, taking over first a browsing session, and perhaps ultimately the entire device. - -While trickery and hacking are threats faced by every browser, it’s important that we explore how Microsoft Edge addresses these threats and is helping make the web a safer experience. - -### Help against trickery -Web browsers can help defend your employees against trickery by identifying and blocking known tricks, and by using strong security protocols to ensure that they’re talking to the web site they think they’re talking to. - -#### Windows Hello -Phishing scams get people to enter passwords into a fake version of a trusted website, such as a bank. Attempts to identify legitimate websites through the HTTPS lock symbol and the EV Cert green bar have met with only limited success, since attackers are too good at faking legitimate experiences for many people to notice the difference. - -To really address this problem, we need to stop people from entering plain-text passwords into websites. So in Windows 10, we gave you [Windows Hello](http://blogs.windows.com/bloggingwindows/2015/03/17/making-windows-10-more-personal-and-more-secure-with-windows-hello/) technology with asymmetric cryptography that authenticates both the person and the website. - -Microsoft Edge is the first browser to natively support Windows Hello as a more personal, seamless, and secure way to authenticate on the web, powered by an early implementation of the [Web Authentication (formerly FIDO 2.0 Web API) specification](http://w3c.github.io/webauthn/). - -#### Microsoft SmartScreen -Microsoft SmartScreen, used in Windows 10 and both Internet Explorer 11 and Microsoft Edge, helps to defend against phishing by performing reputation checks on visited sites and blocking any sites that are thought to be phishing sites. SmartScreen also helps to defend people against being tricked into installing malicious [socially-engineered software downloads](http://operationstech.about.com/od/glossary/g/Socially-Engineered-Malware.htm and against [drive-by attacks](https://blogs.windows.com/msedgedev/2015/12/16/smartscreen-drive-by-improvements/). Drive-by attacks are malicious web-based attacks that compromise your system by targeting security vulnerabilities in commonly used software, and may be hosted on trusted sites. - -#### Certificate Reputation system -While people trust sites that have encrypted web traffic, that trust can be undermined by malicious sites using improperly obtained or fake certificates to impersonate legitimate sites. To help address this problem, we introduced the [Certificate Reputation system](http://blogs.msdn.com/b/ie/archive/2014/03/10/certificate-reputation-a-novel-approach-for-protecting-users-from-fraudulent-certificates.aspx) last year. This year, we’ve extended the system to let web developers use the [Bing Webmaster Tools](http://www.bing.com/toolbox/webmaster) to report directly to Microsoft to let us know about fake certificates. - -### Help against hacking -While Microsoft Edge has done much to help defend against trickery, the browser’s “engine” has also been overhauled to resist hacking (attempts to corrupt the browser itself) including a major overhaul of the DOM representation in the browser’s memory, and the security mitigations described here. - -#### Microsoft EdgeHTML and modern web standards -Microsoft Edge has a new rendering engine, Microsoft EdgeHTML, which is focused on modern standards that let web developers build and maintain a consistent site across all modern browsers. - -The Microsoft EdgeHTML engine also helps to defend against hacking through these new security standards features: - -- Support for the W3C standard for [Content Security Policy (CSP)](https://developer.microsoft.com/microsoft-edge/platform/documentation/dev-guide/security/content-Security-Policy), which can help web developers defend their sites against cross-site scripting attacks. - -- Support for the [HTTP Strict Transport Security (HSTS)](https://developer.microsoft.com/microsoft-edge/platform/documentation/dev-guide/security/HSTS/) security feature (IETF-standard compliant). This helps ensure that connections to important sites, such as to your bank, are always secured. - ->[!NOTE] ->Both Microsoft Edge and Internet Explorer 11 support HSTS. - -#### All web content runs in an app container sandbox -Internet Explorer 7 on Windows Vista was the first web browser to provide a browsing sandbox, called [Protected Mode](http://windows.microsoft.com/windows-vista/What-does-Internet-Explorer-protected-mode-do). Protected Mode forced the part of the browser that rendered web content to run with less privilege than the browser controls or the user, providing a level of isolation and protection should a malicious website attempt to exploit a bug in the browser or one of its plug-ins. - -Internet Explorer 10 introduced Enhanced Protected Mode (EPM), based on the Windows 8 app container technology, providing a stronger sandbox by adding deny-by-default and no-read-up semantics. EPM was turned on by default in the Windows 8 and Windows 8.1 immersive browser, but was optional on the Internet Explorer 10 and Internet Explorer 11 desktop versions. - -Microsoft Edge takes the sandbox even farther, running its content processes in app containers not just by default, but all of the time. Because Microsoft Edge doesn’t support 3rd party binary extensions, there’s no reason for it to run outside of the containers, ensuring that Microsoft Edge is more secure. - -#### Microsoft Edge is now a 64-bit app -The largest security change to Microsoft Edge is that it's designed like a Universal Windows app. By changing the browser to an app, it fundamentally changes the process model so that both the outer manager process and the assorted content processes all live within app container sandboxes; helping to provide the user and the platform with the [confidence](http://blogs.msdn.com/b/b8/archive/2012/05/17/delivering-reliable-and-trustworthy-metro-style-apps.aspx) provided by other Microsoft Store apps. - -##### 64-bit processes and Address Space Layout Randomization (ASLR) -Microsoft Edge runs in 64-bit not just by default, but anytime it’s running on a 64-bit operating system. Because Microsoft Edge doesn’t support legacy ActiveX controls or 3rd-party binary extensions, there’s no longer a reason to run 32-bit processes on a 64-bit system. - -The value of running 64-bit all the time is that it strengthens Windows Address Space Layout Randomization (ASLR). ASLR randomizes the memory layout of the browser processes, making it much harder for attackers to hit precise memory locations. In turn, 64-bit processes make ASLR much more effective by making the address space exponentially larger and, therefore, more difficult for attackers to find the sensitive memory components they’re looking for. - -#### New extension model and HTML5 support -Back in 1996, we introduced ActiveX for web browser extensions in an attempt to let 3rd parties experiment with various forms of alternate content on the web. However, we quickly learned that browser extensions can come at a cost of security and reliability. For example, binary extensions can bring code and data into the browser’s processes without any protection, meaning that if anything goes wrong, the entire browser itself can be compromised or go down. - -Based on that learning, we’ve stopped supporting binary extensions in Microsoft Edge and instead encourage everyone to use our new, scripted HTML5-based extension model. For more info about the new extensions, see the [Microsoft Edge Developer Center](https://developer.microsoft.com/microsoft-edge/extensions/). - -#### Reduced attack surfaces -In addition to removing support for VBScript, Jscript, VML, Browser Helper Objects, Toolbars, and ActiveX controls, Microsoft Edge also removed support for legacy Internet Explorer [document modes](https://msdn.microsoft.com/library/jj676915.aspx). Because many IE browser vulnerabilities are only present in legacy document modes, removing support for document modes significantly reduces attack surface, making the browser much more secure than before. However, it also means that it’s not as backward compatible. - -Because of the reduced backward compatibility, we’ve given Microsoft Edge the ability to automatically fall back to Internet Explorer 11, using the Enterprise Mode Site List, for any apps that need backward compatibility. - -#### Code integrity and image loading restrictions -Microsoft Edge content processes support code integrity and image load restrictions, helping to prevent malicious DLLs from loading or being injected into the content processes. Only [properly signed images](https://blogs.windows.com/msedgedev/2015/11/17/microsoft-edge-module-code-integrity/) are allowed to load into Microsoft Edge. Binaries on remote devices (such as, UNC or WebDAV) can’t be loaded. - -#### Memory corruption mitigations -Memory corruption happens most frequently to apps written in C or C++ because those languages don’t provide type safety or buffer overflow protection. Broadly speaking, memory corruption attacks happen when an attacker provides malformed input to a program and the program can’t handle it, corrupting the program’s memory state and allowing the attacker to take control of the program. - -Over the years, a broad variety of mitigations have been created around memory corruption, but even as these mitigations roll out, attackers adapt and invent new ways to attack. At the same time, we’ve responded with new memory safety defenses, mitigating the most common new forms of attack, including and especially [use-after-free (UAF)](http://cwe.mitre.org/data/definitions/416.html) vulnerabilities. - -##### Memory Garbage Collector (MemGC) mitigation -MemGC is the replacement for Memory Protector, currently turned on for both Microsoft Edge on Windows 10 and Internet Explorer 11 on Windows 7 and newer operating systems. MemGC is a memory garbage collection system that helps to defend the browser from UAF vulnerabilities by taking the responsibility for freeing memory away from the programmer and instead automating it, only freeing memory when the automation detects that there are no more references left pointing to a given block of memory. - -##### Control Flow Guard -Ultimately, attackers use memory corruption attacks to gain control of the CPU program counter so that they can jump to any code location they want. Control Flow Guard is a Microsoft Visual Studio technology that compiles checks around code that performs indirect jumps based on a pointer, restricting those jumps to only go to function entry points with known addresses. This makes attacker take-overs much more difficult by severely constraining where a memory corruption attack can jump to. - -#### Designed for security -We’ve spent countless hours reviewing, testing, and using Microsoft Edge to make sure that you’re more protected than ever before. - -##### Fuzzing/Static Analysis -We’ve devoted more than 670 machine-years to fuzz testing Microsoft Edge and Internet Explorer during product development, including monitoring for possible exceptions such as crashes or memory leaks. We’ve also generated more than 400-billion DOM manipulations from 1-billion HTML files. Because of all of this, hundreds of security issues were addressed before the product shipped. - -##### Code Review & Penetration Testing -Over 70 end-to-end security engagements reviewed all key features, helping to address security implementation and design issues before shipping. - -##### Windows REDTEAM -The Windows REDTEAM emulates the techniques and expertise of skilled, real-world attackers. Exploited Microsoft Edge vulnerabilities discovered through penetration testing can be addressed before public discovery and real-world exploits. - - - - - - - - - - diff --git a/browsers/edge/shortdesc/allow-a-shared-books-folder-shortdesc.md b/browsers/edge/shortdesc/allow-a-shared-books-folder-shortdesc.md new file mode 100644 index 0000000000..7eb5da6bd4 --- /dev/null +++ b/browsers/edge/shortdesc/allow-a-shared-books-folder-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +Microsoft Edge does not use a shared folder by default but downloads book files to a per-user folder for each user. With this policy, you can configure Microsoft Edge to store books from the Books Library to a default, shared folder in Windows, which decreases the amount of storage used by book files. When you enable this policy, Microsoft Edge downloads books to a shared folder after user action to download the book to their device, which allows them to remove downloaded books at any time. For this policy to work correctly, you must also enable the **Allow a Windows app to share application data between users** group policy. Also, the users must be signed in with a school or work account. \ No newline at end of file diff --git a/browsers/edge/shortdesc/allow-address-bar-drop-down-shortdesc.md b/browsers/edge/shortdesc/allow-address-bar-drop-down-shortdesc.md new file mode 100644 index 0000000000..d970c98301 --- /dev/null +++ b/browsers/edge/shortdesc/allow-address-bar-drop-down-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +Microsoft Edge shows the Address bar drop-down list and makes it available by default, which takes precedence over the Configure search suggestions in Address bar policy. We recommend disabling this policy if you want to minimize network connections from Microsoft Edge to Microsoft service, which hides the functionality of the Address bar drop-down list. When you disable this policy, Microsoft Edge also disables the _Show search and site suggestions as I type_ toggle in Settings. \ No newline at end of file diff --git a/browsers/edge/shortdesc/allow-adobe-flash-shortdesc.md b/browsers/edge/shortdesc/allow-adobe-flash-shortdesc.md new file mode 100644 index 0000000000..a06ece3f82 --- /dev/null +++ b/browsers/edge/shortdesc/allow-adobe-flash-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +Adobe Flash is integrated with Microsoft Edge and runs Adobe Flash content by default. With this policy, you can configure Microsoft Edge to prevent Adobe Flash content from running. \ No newline at end of file diff --git a/browsers/edge/shortdesc/allow-clearing-browsing-data-on-exit-shortdesc.md b/browsers/edge/shortdesc/allow-clearing-browsing-data-on-exit-shortdesc.md new file mode 100644 index 0000000000..75e6fa71ed --- /dev/null +++ b/browsers/edge/shortdesc/allow-clearing-browsing-data-on-exit-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +Microsoft Edge does not clear the browsing data on exit by default, but users can configure the _Clear browsing data_ option in Settings. Browsing data includes information you entered in forms, passwords, and even the websites visited. With this policy, you can configure Microsoft Edge to clear the browsing data automatically each time Microsoft Edge closes. \ No newline at end of file diff --git a/browsers/edge/shortdesc/allow-configuration-updates-for-books-library-shortdesc.md b/browsers/edge/shortdesc/allow-configuration-updates-for-books-library-shortdesc.md new file mode 100644 index 0000000000..69f981f0d4 --- /dev/null +++ b/browsers/edge/shortdesc/allow-configuration-updates-for-books-library-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +Microsoft Edge automatically updates the configuration data for the Books library. Disabling this policy prevents Microsoft Edge from updating the configuration data. If Microsoft receives feedback about the amount of data about the Books library, the data comes as a JSON file. \ No newline at end of file diff --git a/browsers/edge/shortdesc/allow-cortana-shortdesc.md b/browsers/edge/shortdesc/allow-cortana-shortdesc.md new file mode 100644 index 0000000000..cc694ab73b --- /dev/null +++ b/browsers/edge/shortdesc/allow-cortana-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +Since Microsoft Edge is integration with Cortana, Microsoft Edge allows users to use Cortana voice assistant by default. With this policy, you can configure Microsoft Edge to prevent users from using Cortana but can still search to find items on their device. \ No newline at end of file diff --git a/browsers/edge/shortdesc/allow-developer-tools-shortdesc.md b/browsers/edge/shortdesc/allow-developer-tools-shortdesc.md new file mode 100644 index 0000000000..ef095e5733 --- /dev/null +++ b/browsers/edge/shortdesc/allow-developer-tools-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +Microsoft Edge allows users to use the F12 developer tools to build and debug web pages by default. With this policy, you can configure Microsoft Edge to prevent users from using the F12 developer tools. \ No newline at end of file diff --git a/browsers/edge/shortdesc/allow-extended-telemetry-for-books-tab-shortdesc.md b/browsers/edge/shortdesc/allow-extended-telemetry-for-books-tab-shortdesc.md new file mode 100644 index 0000000000..1bbf337754 --- /dev/null +++ b/browsers/edge/shortdesc/allow-extended-telemetry-for-books-tab-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +By default, and depending on the device configuration, Microsoft Edge gathers basic diagnostic data about the books in the Books Library and sends it to Microsoft. Enabling this policy gathers and sends both basic and additional diagnostic data, such as usage data. \ No newline at end of file diff --git a/browsers/edge/shortdesc/allow-extensions-shortdesc.md b/browsers/edge/shortdesc/allow-extensions-shortdesc.md new file mode 100644 index 0000000000..41849af3ef --- /dev/null +++ b/browsers/edge/shortdesc/allow-extensions-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +Microsoft Edge allows users to add or personalize extensions in Microsoft Edge by default. With this policy, you can configure Microsoft to prevent users from adding or personalizing extensions. \ No newline at end of file diff --git a/browsers/edge/shortdesc/allow-fullscreen-mode-shortdesc.md b/browsers/edge/shortdesc/allow-fullscreen-mode-shortdesc.md new file mode 100644 index 0000000000..6f37d4a659 --- /dev/null +++ b/browsers/edge/shortdesc/allow-fullscreen-mode-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +Microsoft Edge allows fullscreen mode by default, which shows only the web content and hides the Microsoft Edge UI. When allowing fullscreen mode, users and extensions must have the proper permissions. Disabling this policy prevents fullscreen mode in Microsoft Edge. \ No newline at end of file diff --git a/browsers/edge/shortdesc/allow-inprivate-browsing-shortdesc.md b/browsers/edge/shortdesc/allow-inprivate-browsing-shortdesc.md new file mode 100644 index 0000000000..0171d9c8a5 --- /dev/null +++ b/browsers/edge/shortdesc/allow-inprivate-browsing-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +By default, Microsoft Edge allows InPrivate browsing, and after closing all InPrivate tabs, Microsoft Edge deletes the browsing data from the device. With this policy, you can configure Microsoft Edge to prevent InPrivate web browsing. \ No newline at end of file diff --git a/browsers/edge/shortdesc/allow-microsoft-compatibility-list-shortdesc.md b/browsers/edge/shortdesc/allow-microsoft-compatibility-list-shortdesc.md new file mode 100644 index 0000000000..769d1ee379 --- /dev/null +++ b/browsers/edge/shortdesc/allow-microsoft-compatibility-list-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +During browser navigation, Microsoft Edge checks the Microsoft Compatibility List for websites with known compatibility issues. If found, users are prompted to use Internet Explorer, where the site loads and displays correctly. Periodically during browser navigation, Microsoft Edge downloads the latest version of the list and applies the updates. With this policy, you can configure Microsoft Edge to ignore the compatibility list. You can view the compatibility list at about:compat. \ No newline at end of file diff --git a/browsers/edge/shortdesc/allow-prelaunch-shortdesc.md b/browsers/edge/shortdesc/allow-prelaunch-shortdesc.md new file mode 100644 index 0000000000..3d939db8c0 --- /dev/null +++ b/browsers/edge/shortdesc/allow-prelaunch-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +Microsoft Edge pre-launches as a background process during Windows startup when the system is idle waiting to be launched by the user. Pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start Microsoft Edge. You can also configure Microsoft Edge to prevent from pre-launching. \ No newline at end of file diff --git a/browsers/edge/shortdesc/allow-printing-shortdesc.md b/browsers/edge/shortdesc/allow-printing-shortdesc.md new file mode 100644 index 0000000000..b9e4cf691f --- /dev/null +++ b/browsers/edge/shortdesc/allow-printing-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +Microsoft Edge allows users to print web content by default. With this policy, you can configure Microsoft Edge to prevent users from printing web content. \ No newline at end of file diff --git a/browsers/edge/shortdesc/allow-saving-history-shortdesc.md b/browsers/edge/shortdesc/allow-saving-history-shortdesc.md new file mode 100644 index 0000000000..e37a1e9bfc --- /dev/null +++ b/browsers/edge/shortdesc/allow-saving-history-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +Microsoft Edge saves the browsing history of visited websites and shows them in the History pane by default. Disabling this policy prevents Microsoft Edge from saving the browsing history. If browsing history existed before disabling this policy, the previous browsing history remains in the History pane. Disabling this policy does not stop roaming of existing browsing history or browsing history from other devices. \ No newline at end of file diff --git a/browsers/edge/shortdesc/allow-search-engine-customization-shortdesc.md b/browsers/edge/shortdesc/allow-search-engine-customization-shortdesc.md new file mode 100644 index 0000000000..e94443a99b --- /dev/null +++ b/browsers/edge/shortdesc/allow-search-engine-customization-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +By default, users can add new search engines or change the default search engine, in Settings. With this policy, you can prevent users from customizing the search engine in Microsoft Edge. \ No newline at end of file diff --git a/browsers/edge/shortdesc/allow-sideloading-of-extensions-shortdesc.md b/browsers/edge/shortdesc/allow-sideloading-of-extensions-shortdesc.md new file mode 100644 index 0000000000..e9e9fd0512 --- /dev/null +++ b/browsers/edge/shortdesc/allow-sideloading-of-extensions-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +By default, Microsoft Edge allows sideloading, which installs and runs unverified extensions. Disabling this policy prevents sideloading of extensions but does not prevent sideloading using Add-AppxPackage via PowerShell. You can only install extensions through Microsoft store (including a store for business), enterprise storefront (such as Company Portal) or PowerShell (using Add-AppxPackage). \ No newline at end of file diff --git a/browsers/edge/shortdesc/allow-tab-preloading-shortdesc.md b/browsers/edge/shortdesc/allow-tab-preloading-shortdesc.md new file mode 100644 index 0000000000..b276822d74 --- /dev/null +++ b/browsers/edge/shortdesc/allow-tab-preloading-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +Microsoft Edge allows preloading of the Start and New Tab pages during Windows sign in, and each time Microsoft Edge closes by default. Preloading minimizes the amount of time required to start Microsoft Edge and load a new tab. With this policy, you can configure Microsoft Edge to prevent preloading of tabs. \ No newline at end of file diff --git a/browsers/edge/shortdesc/allow-web-content-on-new-tab-page-shortdesc.md b/browsers/edge/shortdesc/allow-web-content-on-new-tab-page-shortdesc.md new file mode 100644 index 0000000000..a056b0a737 --- /dev/null +++ b/browsers/edge/shortdesc/allow-web-content-on-new-tab-page-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 11/02/2018 +ms.prod: edge +ms:topic: include +--- + +By default, Microsoft Edge loads the default New Tab page and lets the users make changes. If you disable this policy, a blank page loads instead of the New Tab page and prevents users from changing it. \ No newline at end of file diff --git a/browsers/edge/shortdesc/allow-windows-app-to-share-data-users-shortdesc.md b/browsers/edge/shortdesc/allow-windows-app-to-share-data-users-shortdesc.md new file mode 100644 index 0000000000..86ac25c632 --- /dev/null +++ b/browsers/edge/shortdesc/allow-windows-app-to-share-data-users-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +With this policy, you can configure Windows 10 to share application data among multiple users on the system and with other instances of that app. Data shared through the SharedLocal folder is available through the Windows.Storage API. If you previously enabled this policy and now want to disable it, any shared app data remains in the SharedLocal folder. \ No newline at end of file diff --git a/browsers/edge/shortdesc/always-show-books-library-shortdesc.md b/browsers/edge/shortdesc/always-show-books-library-shortdesc.md new file mode 100644 index 0000000000..a91b389923 --- /dev/null +++ b/browsers/edge/shortdesc/always-show-books-library-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +Microsoft Edge shows the Books Library only in countries or regions where supported. With this policy, you can configure Microsoft Edge to show the Books Library regardless of the device’s country or region. \ No newline at end of file diff --git a/browsers/edge/shortdesc/configure-additional-search-engines-shortdesc.md b/browsers/edge/shortdesc/configure-additional-search-engines-shortdesc.md new file mode 100644 index 0000000000..39961b4f01 --- /dev/null +++ b/browsers/edge/shortdesc/configure-additional-search-engines-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +By default, users cannot add, remove, or change any of the search engines in Microsoft Edge, but they can set a default search engine. You can set the default search engine using the Set default search engine policy. However, with this policy, you can configure up to five additional search engines and set any one of them as the default. If you previously enabled this policy and now want to disable it, disabling deletes all configured search engines. \ No newline at end of file diff --git a/browsers/edge/shortdesc/configure-adobe-flash-click-to-run-setting-shortdesc.md b/browsers/edge/shortdesc/configure-adobe-flash-click-to-run-setting-shortdesc.md new file mode 100644 index 0000000000..d0be48cb2b --- /dev/null +++ b/browsers/edge/shortdesc/configure-adobe-flash-click-to-run-setting-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +Microsoft Edge supports Adobe Flash as a built-in feature rather than as an external add-on and updates automatically via Windows Update. By default, Microsoft Edge prevents Adobe Flash content from loading automatically, requiring action from the user, for example, clicking the **Click-to-Run** button. Depending on how often the content loads and runs, the sites for the content gets added to the auto-allowed list. Disable this policy if you want Adobe Flash content to load automatically. \ No newline at end of file diff --git a/browsers/edge/shortdesc/configure-autofill-shortdesc.md b/browsers/edge/shortdesc/configure-autofill-shortdesc.md new file mode 100644 index 0000000000..1688989ef7 --- /dev/null +++ b/browsers/edge/shortdesc/configure-autofill-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +By default, users can choose to use the Autofill feature to populate the form fields automatically. With this policy, you can configure Microsoft Edge, when enabled to use Autofill or, when disabled to prevent using Autofill. \ No newline at end of file diff --git a/browsers/edge/shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md b/browsers/edge/shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md new file mode 100644 index 0000000000..32abbdf60a --- /dev/null +++ b/browsers/edge/shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +Microsoft Edge does not send browsing history data to Microsoft 365 Analytics by default. With this policy though, you can configure Microsoft Edge to send intranet history only, internet history only, or both to Microsoft 365 Analytics for enterprise devices with a configured Commercial ID. \ No newline at end of file diff --git a/browsers/edge/shortdesc/configure-cookies-shortdesc.md b/browsers/edge/shortdesc/configure-cookies-shortdesc.md new file mode 100644 index 0000000000..ea5cb7e557 --- /dev/null +++ b/browsers/edge/shortdesc/configure-cookies-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +Microsoft Edge allows all cookies from all websites by default. With this policy, you can configure Microsoft to block only 3rd-party cookies or block all cookies. \ No newline at end of file diff --git a/browsers/edge/shortdesc/configure-do-not-track-shortdesc.md b/browsers/edge/shortdesc/configure-do-not-track-shortdesc.md new file mode 100644 index 0000000000..f9de9cd2ec --- /dev/null +++ b/browsers/edge/shortdesc/configure-do-not-track-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +Microsoft Edge does not send ‘Do Not Track’ requests to websites asking for tracking information, but users can choose to send tracking information to sites they visit. With this policy, you can configure Microsoft Edge to send or never send tracking information. \ No newline at end of file diff --git a/browsers/edge/shortdesc/configure-enterprise-mode-site-list-shortdesc.md b/browsers/edge/shortdesc/configure-enterprise-mode-site-list-shortdesc.md new file mode 100644 index 0000000000..fd49f0e0c9 --- /dev/null +++ b/browsers/edge/shortdesc/configure-enterprise-mode-site-list-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +Microsoft Edge does not support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology. If you have sites or apps that use this technology, you can configure Microsoft Edge to check the Enterprise Mode Site List XML file that lists the sites and domains with compatibility issues and switch to IE11 automatically. You can use the same site list for both Microsoft Edge and IE11, or you can use separate lists. By default, Microsoft Edge ignores the Enterprise Mode and the Enterprise Mode Site List XML file. In this case, users might experience problems while using legacy apps. These sites and domains must be viewed using Internet Explorer 11 and Enterprise Mode. \ No newline at end of file diff --git a/browsers/edge/shortdesc/configure-favorites-bar-shortdesc.md b/browsers/edge/shortdesc/configure-favorites-bar-shortdesc.md new file mode 100644 index 0000000000..0303f69e10 --- /dev/null +++ b/browsers/edge/shortdesc/configure-favorites-bar-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +Microsoft Edge hides the favorites bar by default but shows it on the Start and New Tab pages. Also, by default, the Favorites Bar toggle, in Settings, is set to Off but enabled letting users make changes. With this policy, you can configure Microsoft Edge to either show or hide the Favorites Bar on all pages. \ No newline at end of file diff --git a/browsers/edge/shortdesc/configure-favorites-shortdesc.md b/browsers/edge/shortdesc/configure-favorites-shortdesc.md new file mode 100644 index 0000000000..ae90afc8af --- /dev/null +++ b/browsers/edge/shortdesc/configure-favorites-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +Discontinued in Windows 10, version 1809. Use the **[Provision Favorites](../available-policies.md#provision-favorites)** policy instead. \ No newline at end of file diff --git a/browsers/edge/shortdesc/configure-home-button-shortdesc.md b/browsers/edge/shortdesc/configure-home-button-shortdesc.md new file mode 100644 index 0000000000..7a0260f8ea --- /dev/null +++ b/browsers/edge/shortdesc/configure-home-button-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +Microsoft Edge shows the home button and by clicking it the Start page loads by default. With this policy, you can configure the home button to load the New Tab page or a URL defined in the Set Home Button URL policy. You can also configure Microsoft Edge to hide the home button. \ No newline at end of file diff --git a/browsers/edge/shortdesc/configure-kiosk-mode-shortdesc.md b/browsers/edge/shortdesc/configure-kiosk-mode-shortdesc.md new file mode 100644 index 0000000000..ea135db692 --- /dev/null +++ b/browsers/edge/shortdesc/configure-kiosk-mode-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +Configure how Microsoft Edge behaves when it’s running in kiosk mode with assigned access, either as a single-app or as one of many apps running on the kiosk device. You can control whether Microsoft Edge runs InPrivate full screen, InPrivate multi-tab with a tailored experience for kiosks, or normal browsing in Microsoft Edge. diff --git a/browsers/edge/shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md b/browsers/edge/shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md new file mode 100644 index 0000000000..3bcba1b944 --- /dev/null +++ b/browsers/edge/shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +You can configure Microsoft Edge kiosk mode to reset to the configured start experience after a specified amount of idle time in minutes (0-1440). The reset timer begins after the last user interaction. Once the idle time meets the time specified, a confirmation message prompts the user to continue, and if no user action, Microsoft Edge kiosk mode resets after 30 seconds. Resetting to the configured start experience deletes the current user’s browsing data. \ No newline at end of file diff --git a/browsers/edge/shortdesc/configure-open-microsoft-edge-with-shortdesc.md b/browsers/edge/shortdesc/configure-open-microsoft-edge-with-shortdesc.md new file mode 100644 index 0000000000..5bf099b3ca --- /dev/null +++ b/browsers/edge/shortdesc/configure-open-microsoft-edge-with-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +By default, Microsoft Edge loads a specific page or pages defined in the Configure Start Pages policy and allow users to make changes. With this policy, you can configure Microsoft Edge to load either the Start page, New Tab page, previously opened pages. You can also configure Microsoft Edge to prevent users from changing or customizing the Start page. For this policy to work correctly, you must also configure the Configure Start Pages. If you want to prevent users from making changes, don’t configure the Disable Lockdown of Start Pages policy. \ No newline at end of file diff --git a/browsers/edge/shortdesc/configure-password-manager-shortdesc.md b/browsers/edge/shortdesc/configure-password-manager-shortdesc.md new file mode 100644 index 0000000000..0f77b004ba --- /dev/null +++ b/browsers/edge/shortdesc/configure-password-manager-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +By default, Microsoft Edge uses Password Manager automatically, allowing users to manager passwords locally. Disabling this policy restricts Microsoft Edge from using Password Manager. Don’t configure this policy if you want to let users choose to save and manage passwords locally using Password Manager. \ No newline at end of file diff --git a/browsers/edge/shortdesc/configure-pop-up-blocker-shortdesc.md b/browsers/edge/shortdesc/configure-pop-up-blocker-shortdesc.md new file mode 100644 index 0000000000..18d5e9bf38 --- /dev/null +++ b/browsers/edge/shortdesc/configure-pop-up-blocker-shortdesc.md @@ -0,0 +1,10 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +By default, Microsoft Edge turns off Pop-up Blocker, which opens pop-up windows. Enabling this policy turns on Pop-up Blocker preventing pop-up windows from opening. If you want users to choose to use Pop-up Blocker, don’t configure this policy. + diff --git a/browsers/edge/shortdesc/configure-search-suggestions-in-address-bar-shortdesc.md b/browsers/edge/shortdesc/configure-search-suggestions-in-address-bar-shortdesc.md new file mode 100644 index 0000000000..f9e057b6a5 --- /dev/null +++ b/browsers/edge/shortdesc/configure-search-suggestions-in-address-bar-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +By default, users can choose to see search suggestions in the Address bar of Microsoft Edge. Disabling this policy hides the search suggestions and enabling this policy shows the search suggestions. \ No newline at end of file diff --git a/browsers/edge/shortdesc/configure-start-pages-shortdesc.md b/browsers/edge/shortdesc/configure-start-pages-shortdesc.md new file mode 100644 index 0000000000..f9b5185f3d --- /dev/null +++ b/browsers/edge/shortdesc/configure-start-pages-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +By default, Microsoft Edge loads the pages specified in App settings as the default Start pages. With this policy, you can configure one or more Start pages when you enable this policy and enable the Configure Open Microsoft Edge With policy. Once you set the Start pages, either in this policy or Configure Open Microsoft Edge With policy, users cannot make changes. \ No newline at end of file diff --git a/browsers/edge/shortdesc/configure-windows-defender-smartscreen-shortdesc.md b/browsers/edge/shortdesc/configure-windows-defender-smartscreen-shortdesc.md new file mode 100644 index 0000000000..58dfd6be9a --- /dev/null +++ b/browsers/edge/shortdesc/configure-windows-defender-smartscreen-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +Microsoft Edge uses Windows Defender SmartScreen (turned on) to protect users from potential phishing scams and malicious software by default. Also, by default, users cannot disable (turn off) Windows Defender SmartScreen. Enabling this policy turns off Windows Defender SmartScreen and prevent users from turning it on. Don’t configure this policy to let users choose to turn Windows defender SmartScreen on or off. \ No newline at end of file diff --git a/browsers/edge/shortdesc/disable-lockdown-of-start-pages-shortdesc.md b/browsers/edge/shortdesc/disable-lockdown-of-start-pages-shortdesc.md new file mode 100644 index 0000000000..e0c635c0c7 --- /dev/null +++ b/browsers/edge/shortdesc/disable-lockdown-of-start-pages-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +By default, the Start pages configured in either the Configure Start Pages policy or Configure Open Microsoft Edge policies cannot be changed and remain locked down. Enabling this policy unlocks the Start pages, and lets users make changes to either all configured Start page or any Start page configured with the Configure Start pages policy. \ No newline at end of file diff --git a/browsers/edge/shortdesc/do-not-sync-browser-settings-shortdesc.md b/browsers/edge/shortdesc/do-not-sync-browser-settings-shortdesc.md new file mode 100644 index 0000000000..93ecd60efe --- /dev/null +++ b/browsers/edge/shortdesc/do-not-sync-browser-settings-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +By default, the “browser” group syncs automatically between user’s devices and allowing users to choose to make changes. The “browser” group uses the _Sync your Settings_ option in Settings to sync information like history and favorites. Enabling this policy prevents the “browser” group from using the Sync your Settings option. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option. \ No newline at end of file diff --git a/browsers/edge/shortdesc/do-not-sync-shortdesc.md b/browsers/edge/shortdesc/do-not-sync-shortdesc.md new file mode 100644 index 0000000000..5902fb6656 --- /dev/null +++ b/browsers/edge/shortdesc/do-not-sync-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +By default, Microsoft Edge turns on the _Sync your settings_ toggle in **Settings > Device sync settings** letting users choose what to sync on their devices. Enabling this policy turns off and disables the _Sync your settings_ toggle preventing the syncing of user’s settings between their devices. If you want syncing turned off by default in Microsoft Edge but not disabled, enable this policy and select the _Allow users to turn syncing on_ option. \ No newline at end of file diff --git a/browsers/edge/shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md b/browsers/edge/shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md new file mode 100644 index 0000000000..981ef9d876 --- /dev/null +++ b/browsers/edge/shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +By default, Microsoft Edge does not sync the user’s favorites between IE and Microsoft Edge. Enabling this policy syncs favorites between Internet Explorer and Microsoft Edge. Changes to favorites in one browser reflect in the other, including additions, deletions, modifications, and ordering of favorites. \ No newline at end of file diff --git a/browsers/edge/shortdesc/microsoft-browser-extension-policy-shortdesc.md b/browsers/edge/shortdesc/microsoft-browser-extension-policy-shortdesc.md new file mode 100644 index 0000000000..efc6fc71a1 --- /dev/null +++ b/browsers/edge/shortdesc/microsoft-browser-extension-policy-shortdesc.md @@ -0,0 +1,10 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +[Microsoft browser extension policy](https://docs.microsoft.com/legal/windows/agreements/microsoft-browser-extension-policy): +This document describes the supported mechanisms for extending or modifying the behavior or user experience of Microsoft Edge and Internet Explorer or the content displayed by these browsers. Any technique not explicitly listed in this document is considered **unsupported**. \ No newline at end of file diff --git a/browsers/edge/shortdesc/prevent-access-to-about-flags-page-shortdesc.md b/browsers/edge/shortdesc/prevent-access-to-about-flags-page-shortdesc.md new file mode 100644 index 0000000000..518f94bdea --- /dev/null +++ b/browsers/edge/shortdesc/prevent-access-to-about-flags-page-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +By default, users can access the about:flags page in Microsoft Edge, which is used to change developer settings and enable experimental features. Enabling this policy prevents users from accessing the about:flags page. \ No newline at end of file diff --git a/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md b/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md new file mode 100644 index 0000000000..6330b51213 --- /dev/null +++ b/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +By default, Microsoft Edge allows users to bypass (ignore) the Windows Defender SmartScreen warnings about potentially malicious files, allowing them to continue downloading the unverified file(s). Enabling this policy prevents users from bypassing the warnings, blocking them from downloading of the unverified file(s). \ No newline at end of file diff --git a/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md b/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md new file mode 100644 index 0000000000..d5eaea4a31 --- /dev/null +++ b/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +By default, Microsoft Edge allows users to bypass (ignore) the Windows Defender SmartScreen warnings about potentially malicious sites, allowing them to continue to the site. With this policy though, you can configure Microsoft Edge to prevent users from bypassing the warnings, blocking them from continuing to the site. \ No newline at end of file diff --git a/browsers/edge/shortdesc/prevent-certificate-error-overrides-shortdesc.md b/browsers/edge/shortdesc/prevent-certificate-error-overrides-shortdesc.md new file mode 100644 index 0000000000..156b1bb385 --- /dev/null +++ b/browsers/edge/shortdesc/prevent-certificate-error-overrides-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +Microsoft Edge, by default, allows overriding of the security warnings to sites that have SSL errors, bypassing or ignoring certificate errors. Enabling this policy prevents overriding of the security warnings. \ No newline at end of file diff --git a/browsers/edge/shortdesc/prevent-changes-to-favorites-shortdesc.md b/browsers/edge/shortdesc/prevent-changes-to-favorites-shortdesc.md new file mode 100644 index 0000000000..78c77baf42 --- /dev/null +++ b/browsers/edge/shortdesc/prevent-changes-to-favorites-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +By default, users can add, import, and make changes to the Favorites list in Microsoft Edge. Enabling this policy locks down the Favorites list in Microsoft Edge, preventing users from making changes. When enabled, Microsoft Edge turns off the Save a Favorite, Import settings, and context menu items, such as Create a new folder. Enable only this policy or the Keep favorites in sync between Internet Explorer and Microsoft Edge policy. If you enable both, Microsoft Edge prevents users from syncing their favorites between the two browsers. \ No newline at end of file diff --git a/browsers/edge/shortdesc/prevent-edge-from-gathering-live-tile-info-shortdesc.md b/browsers/edge/shortdesc/prevent-edge-from-gathering-live-tile-info-shortdesc.md new file mode 100644 index 0000000000..87d3b927ed --- /dev/null +++ b/browsers/edge/shortdesc/prevent-edge-from-gathering-live-tile-info-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +By default, Microsoft Edge collects the Live Tile metadata and sends it to Microsoft to help provide users a complete experience when they pin Live Tiles to the Start menu. However, with this policy, you can configure Microsoft Edge to prevent Microsoft from collecting Live Tile metadata, providing users with a limited experience. \ No newline at end of file diff --git a/browsers/edge/shortdesc/prevent-first-run-webpage-from-opening-shortdesc.md b/browsers/edge/shortdesc/prevent-first-run-webpage-from-opening-shortdesc.md new file mode 100644 index 0000000000..af24d3583b --- /dev/null +++ b/browsers/edge/shortdesc/prevent-first-run-webpage-from-opening-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +By default, when launching Microsoft Edge for the first time, the First Run webpage (a welcome page) hosted on Microsoft.com loads automatically via an FWLINK. The welcome page lists the new features and helpful tips of Microsoft Edge. With this policy, you can configure Microsoft Edge to prevent loading the welcome page on first explicit user-launch. \ No newline at end of file diff --git a/browsers/edge/shortdesc/prevent-turning-off-required-extensions-shortdesc.md b/browsers/edge/shortdesc/prevent-turning-off-required-extensions-shortdesc.md new file mode 100644 index 0000000000..7875990600 --- /dev/null +++ b/browsers/edge/shortdesc/prevent-turning-off-required-extensions-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +Microsoft Edge allows users to uninstall extensions by default. Enabling this policy prevents users from uninstalling extensions but lets them configure options for extensions defined in this policy, such as allowing InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically. If you enabled this policy and now you want to disable it, the list of extension package family names (PFNs) defined in this policy get ignored after disabling this policy. \ No newline at end of file diff --git a/browsers/edge/shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md b/browsers/edge/shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md new file mode 100644 index 0000000000..daa02c5729 --- /dev/null +++ b/browsers/edge/shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +By default, the “browser” group syncs automatically between the user’s devices, letting users make changes. With this policy, though, you can prevent the “browser” group from syncing and prevent users from turning on the _Sync your Settings_ toggle in Settings. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option in the Do not sync browser policy. For this policy to work correctly, you must enable the Do not sync browser policy. \ No newline at end of file diff --git a/browsers/edge/shortdesc/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md b/browsers/edge/shortdesc/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md new file mode 100644 index 0000000000..4ba3bff11a --- /dev/null +++ b/browsers/edge/shortdesc/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +By default, Microsoft Edge shows localhost IP address while making calls using the WebRTC protocol. Enabling this policy hides the localhost IP addresses. \ No newline at end of file diff --git a/browsers/edge/shortdesc/provision-favorites-shortdesc.md b/browsers/edge/shortdesc/provision-favorites-shortdesc.md new file mode 100644 index 0000000000..e2ed5da50f --- /dev/null +++ b/browsers/edge/shortdesc/provision-favorites-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +By default, users can customize the Favorites list in Microsoft Edge. With this policy though, you provision a standard list of favorites, which can include folders, to appear in the Favorites list in addition to the user’s favorites. Edge. Once you provision the Favorites list, users cannot customize it, such as adding folders for organizing, and adding or removing any of the favorites configured. \ No newline at end of file diff --git a/browsers/edge/shortdesc/search-provider-discovery-shortdesc.md b/browsers/edge/shortdesc/search-provider-discovery-shortdesc.md new file mode 100644 index 0000000000..454549bffe --- /dev/null +++ b/browsers/edge/shortdesc/search-provider-discovery-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +Microsoft Edge follows the OpenSearch 1.1 specification to discover and use web search providers. When a user browses to a search service, the OpenSearch description is picked up and saved for later use. Users can then choose to add the search service to use in the Microsoft Edge address bar. \ No newline at end of file diff --git a/browsers/edge/shortdesc/send-all-intranet-sites-to-ie-shortdesc.md b/browsers/edge/shortdesc/send-all-intranet-sites-to-ie-shortdesc.md new file mode 100644 index 0000000000..79dfd220c1 --- /dev/null +++ b/browsers/edge/shortdesc/send-all-intranet-sites-to-ie-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +By default, all websites, including intranet sites, open in Microsoft Edge automatically. Only enable this policy if there are known compatibility problems with Microsoft Edge. Enabling this policy loads only intranet sites in Internet Explorer 11 automatically. \ No newline at end of file diff --git a/browsers/edge/shortdesc/set-default-search-engine-shortdesc.md b/browsers/edge/shortdesc/set-default-search-engine-shortdesc.md new file mode 100644 index 0000000000..c9d57f2140 --- /dev/null +++ b/browsers/edge/shortdesc/set-default-search-engine-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +By default, Microsoft Edge uses the search engine specified in App settings, letting users make changes at any time unless the Allow search engine customization policy is disabled, which restricts users from making changes. With this policy, you can either remove or use the policy-set search engine. When you remove the policy-set search engine, Microsoft Edge uses the specified search engine for the market, which lets users make changes to the default search engine. You can use the policy-set search engine specified in the OpenSearch XML, which prevents users from making changes. \ No newline at end of file diff --git a/browsers/edge/shortdesc/set-home-button-url-shortdesc.md b/browsers/edge/shortdesc/set-home-button-url-shortdesc.md new file mode 100644 index 0000000000..98fcc7aef2 --- /dev/null +++ b/browsers/edge/shortdesc/set-home-button-url-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +By default, Microsoft Edge shows the home button and loads the Start page, and locks down the home button to prevent users from changing what page loads. Enabling this policy loads a custom URL for the home button. When you enable this policy, and enable the Configure Home Button policy with the _Show home button & set a specific page_ option selected, a custom URL loads when the user clicks the home button. \ No newline at end of file diff --git a/browsers/edge/shortdesc/set-new-tab-url-shortdesc.md b/browsers/edge/shortdesc/set-new-tab-url-shortdesc.md new file mode 100644 index 0000000000..9f27db97ce --- /dev/null +++ b/browsers/edge/shortdesc/set-new-tab-url-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +Microsoft Edge loads the default New Tab page by default. Enabling this policy lets you set a New Tab page URL in Microsoft Edge, preventing users from changing it. When you enable this policy, and you disable the Allow web content on New Tab page policy, Microsoft Edge ignores any URL specified in this policy and opens about:blank. \ No newline at end of file diff --git a/browsers/edge/shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md b/browsers/edge/shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md new file mode 100644 index 0000000000..a15e780afe --- /dev/null +++ b/browsers/edge/shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md @@ -0,0 +1,8 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- +Microsoft Edge does not show a notification before opening sites in Internet Explorer 11. However, with this policy, you can configure Microsoft Edge to display a notification before a site opens in IE11 or let users continue in Microsoft Edge. If you want users to continue in Microsoft Edge, enable this policy to show the _Keep going in Microsoft Edge_ link in the notification. For this policy to work correctly, you must also enable the Configure the Enterprise Mode Site List or Send all intranet sites to Internet Explorer 11, or both. \ No newline at end of file diff --git a/browsers/edge/shortdesc/unlock-home-button-shortdesc.md b/browsers/edge/shortdesc/unlock-home-button-shortdesc.md new file mode 100644 index 0000000000..d412d67e72 --- /dev/null +++ b/browsers/edge/shortdesc/unlock-home-button-shortdesc.md @@ -0,0 +1,9 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +By default, when you enable the Configure Home Button policy or provide a URL in the Set Home Button URL policy, Microsoft Edge locks down the home button to prevent users from changing the settings. When you enable this policy, users can make changes to the home button even if you enabled the Configure Home Button or Set Home Button URL policies. \ No newline at end of file diff --git a/browsers/edge/troubleshooting-microsoft-edge.md b/browsers/edge/troubleshooting-microsoft-edge.md new file mode 100644 index 0000000000..3f3707624b --- /dev/null +++ b/browsers/edge/troubleshooting-microsoft-edge.md @@ -0,0 +1,35 @@ +--- +title: Troubleshoot Microsoft Edge +description: +ms.assetid: +author: shortpatti +ms.author: pashort +ms.prod: edge +ms.sitesec: library +title: Deploy Microsoft Edge kiosk mode +ms.localizationpriority: medium +ms.date: 10/15/2018 +--- + +# Troubleshoot Microsoft Edge + + +## Microsoft Edge and IPv6 +We are aware of the known issue with Microsoft Edge and all UWP-based apps, such as Store, Mail, Feedback Hub, and so on. It only happens if you have disabled IPv6 (not recommended), so a temporary workaround is to enable it. + +## Microsoft Edge hijacks .PDF and .HTM files + + + +## Citrix Receiver in Microsoft Edge kiosk mode +If you want to deliver applications to users via Citrix through Microsoft Edge, you must create the kiosk user account and then log into the account to install Citrix Receiver BEFORE setting up assigned access. + +1. Create the kiosk user account. +2. Log into the account. +3. Install Citrix Receiver. +4. Set up assigned access. + + +## Missing SettingSync.admx and SettingSync.adml files + +Make sure to [download](https://www.microsoft.com/en-us/download/windows.aspx) the latest templates to C:\windows\policydefinitions\. \ No newline at end of file diff --git a/browsers/edge/use-powershell-to manage-group-policy.md b/browsers/edge/use-powershell-to manage-group-policy.md new file mode 100644 index 0000000000..b4a16608e7 --- /dev/null +++ b/browsers/edge/use-powershell-to manage-group-policy.md @@ -0,0 +1,27 @@ +--- +title: Use Windows PowerShell to manage group policy +description: +ms.prod: edge +ms.mktglfcycl: explore +ms.sitesec: library +ms.pagetype: security +title: Security enhancements for Microsoft Edge (Microsoft Edge for IT Pros) +ms.localizationpriority: medium +ms.date: 10/02/2018 +ms.author: pashort +author: shortpatti +--- + +# Use Windows PowerShell to manage group policy + +Windows PowerShell supports group policy automation of the same tasks you perform in Group Policy Management Console (GPMC) for domain-based group policy objects (GPOs): + +- Maintain GPOs (GPO creation, removal, backup, and import) +- Associate GPOs with Active Directory service containers (group policy link creation, update, and removal) +- Set permissions on GPOs +- Modify inheritance flags on Active Directory organization units (OUs) and domains +- Configure registry-based policy settings and group policy preferences registry settings (update, retrieval, and removal) +- Create starter GPOs + + + diff --git a/browsers/enterprise-mode/add-employees-enterprise-mode-portal.md b/browsers/enterprise-mode/add-employees-enterprise-mode-portal.md new file mode 100644 index 0000000000..72e501af4b --- /dev/null +++ b/browsers/enterprise-mode/add-employees-enterprise-mode-portal.md @@ -0,0 +1,65 @@ +--- +ms.localizationpriority: low +ms.mktglfcycl: deploy +ms.pagetype: appcompat +description: Details about how to add employees to the Enterprise Mode Site List Portal. +author: eross-msft +ms.prod: ie11 +title: Add employees to the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros) +ms.sitesec: library +ms.date: 07/27/2017 +--- + +# Add employees to the Enterprise Mode Site List Portal + +**Applies to:** + +- Windows 10 +- Windows 8.1 +- Windows 7 +- Windows Server 2012 R2 +- Windows Server 2008 R2 with Service Pack 1 (SP1) + +After you get the Enterprise Mode Site List Portal up and running, you must add your employees. During this process, you'll also assign roles and groups. + +The available roles are: + +- **Requester.** The primary role to assign to employees that need to access the Enterprise Mode Site List Portal. The Requester can create change requests, validate changes in the pre-production environment, rollback pre-production and production changes in case of failure, send personal approval requests, view personal change requests, and sign off and close personal change requests. + +- **App Manager.** This role is considered part of the Approvers group. The App Manager can approve change requests, validate changes in the pre-production environment, rollback pre-production and production changes in case of failure, send personal approval requests, view personal requests, and sign off and close personal requests. + +- **Group Head.** This role is considered part of the Approvers group. The Group Head can approve change requests, validate changes in the pre-production environment, rollback pre-production and production changes in case of failure, send personal approval requests, view personal requests, and sign off and close personal requests. + +- **Administrator.** The role with the highest-level rights; we recommend limiting the number of employees you grant this role. The Administrator can perform any task that can be performed by the other roles, in addition to adding employees to the portal, assigning employee roles, approving registrations to the portal, configuring portal settings (for example, determining the freeze schedule, determining the pre-production and production XML paths, and determining the attachment upload location), and using the standalone Enterprise Mode Site List Manager page. + +**To add an employee to the Enterprise Mode Site List Portal** +1. Open the Enterprise Mode Site List Portal and click the **Employee Management** icon in the upper-right area of the page. + + The **Employee management** page appears. + +2. Click **Add a new employee**. + + The **Add a new employee** page appears. + +3. Fill out the fields for each employee, including: + + - **Email.** Add the employee's email address. + + - **Name.** This box autofills based on the email address. + + - **Role.** Pick a single role for the employee, based on the list above. + + - **Group name.** Pick the name of the employee's group. The group association also assigns a group of Approvers. + + - **Comments.** Add optional comments about the employee. + + - **Active.** Click the check box to make the employee active in the system. If you want to keep the employee in the system, but you want to prevent access, clear this check box. + +4. Click **Save**. + +**To export all employees to an Excel spreadsheet** +1. On the **Employee management** page, click **Export to Excel**. + +2. Save the EnterpriseModeUsersList.xlsx file. + + The Excel file includes all employees with access to the Enterprise Mode Site List Portal, including user name, email address, role, and group name. \ No newline at end of file diff --git a/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md b/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md new file mode 100644 index 0000000000..595d31fa6f --- /dev/null +++ b/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md @@ -0,0 +1,109 @@ +--- +ms.localizationpriority: low +ms.mktglfcycl: deploy +ms.pagetype: appcompat +description: You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the Bulk add from file area of the Enterprise Mode Site List Manager. +author: eross-msft +ms.prod: ie11 +ms.assetid: 20aF07c4-051a-451f-9c46-5a052d9Ae27c +title: Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1) (Internet Explorer 11 for IT Pros) +ms.sitesec: library +ms.date: 07/27/2017 +--- + + +# Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1) + +**Applies to:** + +- Windows 8.1 +- Windows 7 + +You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the **Bulk add from file** area of the Enterprise Mode Site List Manager. You can only add specific URLs, not Internet or Intranet Zones. + +If you want to add your websites one at a time, see Add sites to the [Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md). + +## Create an Enterprise Mode site list (TXT) file +You can create and use a custom text file to add multiple sites to your Enterprise Mode site list at the same time.

**Important**
This text file is only lets you add multiple sites at the same time. You can’t use this file to deploy Enterprise Mode into your company. + +You must separate each site using commas or carriage returns. For example: + +``` +microsoft.com, bing.com, bing.com/images +``` +**-OR-** + +``` +microsoft.com +bing.com +bing.com/images +``` + +## Create an Enterprise Mode site list (XML) file using the v.1 version of the Enterprise Mode schema +You can create and use a custom XML file with the Enterprise Mode Site List Manager to add multiple sites to your Enterprise Mode site list at the same time. For more info about the v.1 version of the Enterprise Mode schema, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md). + +Each XML file must include: + +- **Version number.** This number must be incremented with each version of the Enterprise Mode site list, letting Internet Explorer know whether the list is new. Approximately 65 seconds after Internet Explorer 11 starts, it compares your site list version to the stored version number. If your file has a higher number, the newer version is loaded.

**Important**
After this check, IE11 won’t look for an updated list again until you restart the browser. + +- **<emie> tag.** This tag specifies the domains and domain paths that must be rendered using IE7 Enterprise Mode, IE8 Enterprise Mode, or the default IE11 browser environment.

**Important**
If you decide a site requires IE7 Enterprise Mode, you must add `forceCompatView=”true”` to your XML file. That code tells Enterprise Mode to check for a `DOCTYPE` tag on the specified webpage. If there is, the site renders using Windows Internet Explorer 7. If there’s no tag, the site renders using Microsoft Internet Explorer 5. + +- **<docMode> tag.**This tag specifies the domains and domain paths that need either to appear using the specific doc mode you assigned to the site. Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual. For more specific info about using document modes, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md). + +### Enterprise Mode v.1 XML schema example +The following is an example of what your XML file should look like when you’re done adding your sites. For more info about how to create your XML file, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md). + +``` + + + www.cpandl.com + www.woodgrovebank.com + adatum.com + contoso.com + relecloud.com + /about + + fabrikam.com + /products + + + + contoso.com + /travel + + fabrikam.com + /products + + + +``` + +To make sure your site list is up-to-date; wait 65 seconds after opening IE and then check that the `CurrentVersion` value in the `HKEY\CURRENT\USER\Software\Microsoft\Internet Explorer\Main\EnterpriseMode\` registry key matches the version number in your file.

**Important**
If `CurrentVersion` is not set or is wrong, it means that the XML parsing failed. This can mean that the XML file isn’t there, that there are access problems, or that the XML file format is wrong. Don’t manually change the `CurrentVersion` registry setting. You must make your changes to your site list and then update the list using the import function in the Enterprise Mode Site List Manager (. + +## Add multiple sites to the Enterprise Mode Site List Manager (schema v.1) +After you create your .xml or .txt file, you can bulk add the sites to the Enterprise Mode Site List Manager (schema v.1). + + **To add multiple sites** + +1. In the Enterprise Mode Site List Manager (schema v.1), click **Bulk add from file**. + +2. Go to your site list (either .txt or .xml) to add the included sites to the tool, and then click **Open**.

+Each site is validated and if successful, added to the global site list when you click **OK** to close the menu. If a site doesn’t pass validation, you can try to fix the issues or pick the site and click **Add to list** to ignore the validation problem. For more information about fixing validation problems, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md). + +3. Click **OK** to close the **Bulk add sites to the list** menu. + +4. On the **File** menu, click **Save to XML**, and save your file.

+You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md). + +## Next steps +After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md). + +## Related topics +- [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md) +- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378) +  + +  + + + diff --git a/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md b/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md new file mode 100644 index 0000000000..c8077d0f92 --- /dev/null +++ b/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md @@ -0,0 +1,119 @@ +--- +ms.localizationpriority: low +ms.mktglfcycl: deploy +ms.pagetype: appcompat +description: Add multiple sites to your Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2). +author: eross-msft +ms.prod: ie11 +ms.assetid: da659ff5-70d5-4852-995e-4df67c4871dd +title: Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros) +ms.sitesec: library +ms.date: 10/24/2017 +--- + + +# Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2) + +**Applies to:** + +- Windows 10 +- Windows 8.1 +- Windows 7 + +You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the **Bulk add from file** area of the Enterprise Mode Site List Manager (schema v.2). You can only add specific URLs, not Internet or Intranet Zones. + +To add your websites one at a time, see [Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md). + +## Create an Enterprise Mode site list (TXT) file + +You can create and use a custom text file with the Enterprise Mode Site List Manager (schema v.2) to add multiple sites to your Enterprise Mode site list at the same time. + +>**Important:**
This text file is only lets you add multiple sites at the same time. You can’t use this file to deploy Enterprise Mode into your company. + +You must separate each site using commas or carriage returns. For example: + +``` +microsoft.com, bing.com, bing.com/images +``` +**-OR-** + +``` +microsoft.com +bing.com +bing.com/images +``` + +## Create an Enterprise Mode site list (XML) file using the v.2 version of the Enterprise Mode schema + +You can create and use a custom XML file with the Enterprise Mode Site List Manager (schema v.2) to add multiple sites to your Enterprise Mode site list at the same time. + +Each XML file must include: + +- **site-list version number**. This number must be incremented with each version of the Enterprise Mode site list, letting Internet Explorer know whether the list is new. Approximately 65 seconds after Internet Explorer 11 starts, it compares your site list version to the stored version number. If your file has a higher number, the newer version is loaded.

**Important**
After this check, IE11 won’t look for an updated list again until you restart the browser.  + +- **<compat-mode> tag.** This tag specifies what compatibility setting are used for specific sites or domains. + +- **<open-in> tag.** This tag specifies what browser opens for each sites or domain. + +### Enterprise Mode v.2 XML schema example + +The following is an example of what your XML file should look like when you’re done adding your sites. For more info about how to create your XML file, see [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md). + +``` + + + + EnterpriseSitelistManager + 10240 + 20150728.135021 + + + + IE8Enterprise + MSEdge + + + IE7Enterprise + IE11 + + + default + IE11 + + +``` +In the above example, the following is true: + +- www.cpandl.com, as the main domain, must use IE8 Enterprise Mode. However, www.cpandl.com/images must use IE7 Enterprise Mode. + +- contoso.com, and all of its domain paths, can use the default compatibility mode for the site. + +To make sure your site list is up-to-date; wait 65 seconds after opening IE and then check that the `CurrentVersion` value in the `HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\EnterpriseMode\` registry key matches the version number in your file.

**Important**
If `CurrentVersion` is not set or is wrong, it means that the XML parsing failed. This can mean that the XML file isn’t there, that there are access problems, or that the XML file format is wrong. Don’t manually change the `CurrentVersion` registry setting. You must make your changes to your site list and then update the list using the import function in the Enterprise Mode Site List Manager (schema v.2). + +## Add multiple sites to the Enterprise Mode Site List Manager (schema v.2) +After you create your .xml or .txt file, you can bulk add the sites to the Enterprise Mode Site List Manager (schema v.2). + + **To add multiple sites** + +1. In the Enterprise Mode Site List Manager (schema v.2), click **Bulk add from file**. + +2. Go to your site list (either .txt or .xml) to add the included sites to the tool, and then click **Open**.

+Each site is validated and if successful, added to the global site list when you click **OK** to close the menu. If a site doesn’t pass validation, you can try to fix the issues or pick the site and click **Add to list** to ignore the validation problem. For more information about fixing validation problems, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md). + +3. Click **OK** to close the **Bulk add sites to the list** menu. + +4. On the **File** menu, click **Save to XML**, and save your file.

+You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md). + +## Next steps +After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md). + +## Related topics +- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) +- [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md) +  + +  + + + diff --git a/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md b/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md new file mode 100644 index 0000000000..6ebdd65d65 --- /dev/null +++ b/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md @@ -0,0 +1,63 @@ +--- +ms.localizationpriority: low +ms.mktglfcycl: deploy +ms.pagetype: appcompat +description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that's designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer. +author: eross-msft +ms.prod: ie11 +ms.assetid: 042e44e8-568d-4717-8fd3-69dd198bbf26 +title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1) (Internet Explorer 11 for IT Pros) +ms.sitesec: library +ms.date: 07/27/2017 +--- + + +# Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1) + +**Applies to:** + +- Windows 8.1 +- Windows 7 +- Windows Server 2008 R2 with Service Pack 1 (SP1) + +Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.

**Important**
You can only add specific URLs, not Internet or Intranet Zones. + +

**Note**
If you need to include a lot of sites, instead of adding them one at a time, you can create a list of websites and add them all at the same time. For more information, see [Add multiple sites to the Enterprise Mode site list using a file and the Windows 7 and 8.1 Enterprise Mode Site List Manager](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md). + +## Adding a site to your compatibility list +You can add individual sites to your compatibility list by using the Enterprise Mode Site List Manager. +

**Note**
If you're using the v.2 version of the Enterprise Mode schema, you'll need to use the Enterprise Mode Site List Manager (schema v.1). For more info, see [Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md). + + **To add a site to your compatibility list using the Enterprise Mode Site List Manager (schema v.1)** + +1. In the Enterprise Mode Site List Manager (schema v.1), click **Add**. + +2. Type the URL for the website that’s experiencing compatibility problems, like *<domain>.com* or *<domain>.com*/*<path>* into the **URL** box.

+Don't include the `https://` or `https://` designation. The tool automatically tries both versions during validation. + +3. Type any comments about the website into the **Notes about URL** box.

+Administrators can only see comments while they’re in this tool. + +4. Choose **IE7 Enterprise Mode**, **IE8 Enterprise Mode**, or the appropriate document mode for sites that must be rendered using the emulation of a previous version of IE, or pick **Default IE** if the site should use the latest version of IE. + +The path within a domain can require a different compatibility mode from the domain itself. For example, the domain might look fine in the default IE11 browser, but the path might have problems and require the use of Enterprise Mode. If you added the domain previously, your original compatibility choice is still selected. However, if the domain is new, **IE8 Enterprise Mode** is automatically selected. + +Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual. For more specific info about using document modes, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md). + +5. Click **Save** to validate your website and to add it to the site list for your enterprise.

+If your site passes validation, it’s added to the global compatibility list. If the site doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the site or ignore the validation problem and add it to your list anyway. + +6. On the **File** menu, go to where you want to save the file, and then click **Save to XML**.

+You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md). + +## Next steps +After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md). + +## Related topics +- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378) +  + +  + + + diff --git a/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md b/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md new file mode 100644 index 0000000000..4c6531c174 --- /dev/null +++ b/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md @@ -0,0 +1,79 @@ +--- +ms.localizationpriority: low +ms.mktglfcycl: deploy +ms.pagetype: appcompat +description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that''s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer. +author: eross-msft +ms.prod: ie11 +ms.assetid: 513e8f3b-fedf-4d57-8d81-1ea4fdf1ac0b +title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros) +ms.sitesec: library +ms.date: 07/27/2017 +--- + + +# Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2) + +**Applies to:** + +- Windows 10 +- Windows 8.1 +- Windows 7 + +Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.

**Important**
You can only add specific URLs, not Internet or Intranet Zones. + +

**Note**
If you need to include a lot of sites, instead of adding them one at a time, you can create a list of websites and add them all at the same time. For more information, see the [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md) or the [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md) topic, based on your operating system. + +## Adding a site to your compatibility list +You can add individual sites to your compatibility list by using the Enterprise Mode Site List Manager.

+**Note**
If you're using the v.1 version of the Enterprise Mode schema, you'll need to use the Enterprise Mode Site List Manager (schema v.1). For more info, see [Add sites to the Enterprise Mode site list using the WEnterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md). + + **To add a site to your compatibility list using the Enterprise Mode Site List Manager (schema v.2)** + +1. In the Enterprise Mode Site List Manager (schema v.2), click **Add**. + +2. Type the URL for the website that’s experiencing compatibility problems, like *<domain>.com* or *<domain>.com*/*<path>* into the **URL** box.

+Don't include the `https://` or `https://` designation. The tool automatically tries both versions during validation. + +3. Type any comments about the website into the **Notes about URL** box.

+Administrators can only see comments while they’re in this tool. + +4. In the **Compat Mode** box, choose one of the following: + + - **IE8Enterprise**. Loads the site in IE8 Enterprise Mode. + + - **IE7Enterprise**. Loads the site in IE7 Enterprise Mode. + + - **IE\[*x*\]**. Where \[x\] is the document mode number and the site loads in the specified document mode. + + - **Default Mode**. Loads the site using the default compatibility mode for the page. + + The path within a domain can require a different compatibility mode from the domain itself. For example, the domain might look fine in the default IE11 browser, but the path might have problems and require the use of Enterprise Mode. If you added the domain previously, your original compatibility choice is still selected. However, if the domain is new, **IE8 Enterprise Mode** is automatically selected. + + Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual. For more specific info about using document modes, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md). + +5. In conjunction with the compatibility mode, you'll need to use the **Open in** box to pick which browser opens the site. + + - **IE11**. Opens the site in IE11, regardless of which browser is opened by the employee. + + - **MSEdge**. Opens the site in Microsoft Edge, regardless of which browser is opened by the employee. + + - **None**. Opens in whatever browser the employee chooses. + +6. Click **Save** to validate your website and to add it to the site list for your enterprise.

+If your site passes validation, it’s added to the global compatibility list. If the site doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the site or ignore the validation problem and add it to your list anyway. + +7. On the **File** menu, go to where you want to save the file, and then click **Save to XML**.

+You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md). + +## Next steps +After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md). + +## Related topics +- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) +  + +  + + + diff --git a/browsers/enterprise-mode/administrative-templates-and-ie11.md b/browsers/enterprise-mode/administrative-templates-and-ie11.md new file mode 100644 index 0000000000..8f22d23808 --- /dev/null +++ b/browsers/enterprise-mode/administrative-templates-and-ie11.md @@ -0,0 +1,79 @@ +--- +ms.localizationpriority: low +ms.mktglfcycl: deploy +ms.pagetype: security +description: Administrative templates and Internet Explorer 11 +author: eross-msft +ms.prod: ie11 +ms.assetid: 2b390786-f786-41cc-bddc-c55c8a4c5af3 +title: Administrative templates and Internet Explorer 11 (Internet Explorer 11 for IT Pros) +ms.sitesec: library +ms.date: 07/27/2017 +--- + + +# Administrative templates and Internet Explorer 11 + +Administrative Templates are made up of a hierarchy of policy categories and subcategories that define how your policy settings appear in the Local Group Policy Editor, including: + +- What registry locations correspond to each setting. + +- What value options or restrictions are associated with each setting. + +- The default value for many settings. + +- Text explanations about each setting and the supported version of Internet Explorer. + +For a conceptual overview of Administrative Templates, see [Managing Group Policy ADMX Files Step-by-Step Guide](https://go.microsoft.com/fwlink/p/?LinkId=214519). + +## What are Administrative Templates? +Administrative Templates are XML-based, multi-language files that define the registry-based Group Policy settings in the Local Group Policy Editor. There are two types of Administrative Templates: + +- **ADMX.** A language-neutral setup file that states the number and type of policy setting, and the location by category, as it shows up in the Local Group Policy Editor. + +- **ADML.** A language-specific setup file that provides language-related information to the ADMX file. This file lets the policy setting show up in the right language in the Local Group Policy Editor. You can add new languages by adding new ADML files in the required language. + +## How do I store Administrative Templates? +As an admin, you can create a central store folder on your SYSVOL directory, named **PolicyDefinitions**. For example, %*SystemRoot*%\\PolicyDefinitions. This folder provides a single, centralized storage location for your Administrative Templates (both ADMX and ADML) files, so they can be used by your domain-based Group Policy Objects (GPOs). +

**Important**
Your Group Policy tools use the ADMX files in your store, ignoring any local copies. For more information about creating a central store, see [Scenario 1: Editing the Local GPO Using ADMX Files](https://go.microsoft.com/fwlink/p/?LinkId=276810). + +## Administrative Templates-related Group Policy settings +When you install Internet Explorer 11, it updates the local administrative files, Inetres.admx and Inetres.adml, both located in the **PolicyDefinitions** folder. +

**Note**
You won't see the new policy settings if you try to view or edit your policy settings on a computer that isn't running IE11. To fix this, you can either install IE11, or you can copy the updated Inetres.admx and Inetres.adml files from another computer to the **PolicyDefinitions** folder on this computer. + +IE11 provides these new policy settings, which are editable in the Local Group Policy Editor, and appear in the following policy paths: + +- Computer Configuration\\Administrative Templates\\Windows Components\\ + +- User Configuration\\Administrative Templates\\Windows Components\\ + + +|Catalog |Description | +| ------------------------------------------------ | --------------------------------------------| +|IE |Turns standard IE configuration on and off. | +|Internet Explorer\Accelerators |Sets up and manages Accelerators. | +|Internet Explorer\Administrator Approved Controls |Turns ActiveX controls on and off. | +|Internet Explorer\Application Compatibility |Turns the **Cut**, **Copy**, or **Paste** operations on or off. This setting also requires that `URLACTION_SCRIPT_PASTE` is set to **Prompt**. | +|Internet Explorer\Browser Menus |Shows or hides the IE menus and menu options.| +|Internet Explorer\Corporate Settings |Turns off whether you specify the code download path for each computer. | +|Internet Explorer\Delete Browsing History |Turns the **Delete Browsing History** settings on and off. | +|Internet Explorer\Internet Control Panel |Turns pages on and off in the **Internet Options** dialog box. Also turns on and off the subcategories that manage settings on the **Content**, **General**, **Security** and **Advanced** pages. | +|Internet Explorer\Internet Settings |Sets up and manages the **Advanced settings**, **AutoComplete**, **Display Settings**, and **URL Encoding** options. | +|Internet Explorer\Persistence Behavior |Sets up and manages the file size limits for Internet security zones. | +|Internet Explorer\Privacy |Turns various privacy-related features on and off. | +|Internet Explorer\Security Features |Turns various security-related features on and off in the browser, Windows Explorer, and other applications. | +|Internet Explorer\Toolbars |Turns on and off the ability for users to edit toolbars in the browser. You can also set the default toolbar buttons here. | +|RSS Feeds |Sets up and manages RSS feeds in the browser. | + + +## Editing Group Policy settings +Regardless which tool you're using to edit your Group Policy settings, you'll need to follow one of these guides for step-by-step editing instructions: + +- **If you're using the Group Policy Management Console (GPMC) or the Local Group Policy Editor.** See [Edit Administrative Template Policy Settings](https://go.microsoft.com/fwlink/p/?LinkId=214521) for step-by-step instructions about editing your Administrative Templates. + +- **If you're using GPMC with Advanced Group Policy Management (AGPM).** See [Checklist: Create, Edit, and Deploy a GPO](https://go.microsoft.com/fwlink/p/?LinkId=214522) for step-by-step instructions about how to check out a GPO from the AGPM archive, edit it, and request deployment. + +## Related topics +- [Administrative templates (.admx) for Windows 10 download](https://go.microsoft.com/fwlink/p/?LinkId=746579) +- [Administrative Templates (.admx) for Windows 8.1 and Windows Server 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=746580) + diff --git a/browsers/enterprise-mode/approve-change-request-enterprise-mode-portal.md b/browsers/enterprise-mode/approve-change-request-enterprise-mode-portal.md new file mode 100644 index 0000000000..24078753c7 --- /dev/null +++ b/browsers/enterprise-mode/approve-change-request-enterprise-mode-portal.md @@ -0,0 +1,59 @@ +--- +ms.localizationpriority: low +ms.mktglfcycl: deploy +ms.pagetype: appcompat +description: Details about how Approvers can approve open change requests in the Enterprise Mode Site List Portal. +author: eross-msft +ms.prod: ie11 +title: Approve a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros) +ms.sitesec: library +ms.date: 07/27/2017 +--- + +# Approve a change request using the Enterprise Mode Site List Portal + +**Applies to:** + +- Windows 10 +- Windows 8.1 +- Windows 7 +- Windows Server 2012 R2 +- Windows Server 2008 R2 with Service Pack 1 (SP1) + +After a change request is successfully submitted to the pre-defined Approver(s), employees granted the role of **App Manager**, **Group Head**, or **Administrator**, they must approve the changes. + +## Approve or reject a change request +The Approvers get an email stating that a Requester successfully opened, tested, and submitted the change request to the Approvers group. The Approvers can accept or reject a change request. + +**To approve or reject a change request** +1. The Approver logs onto the Enterprise Mode Site List Portal, **All Approvals** page. + + The Approver can also get to the **All Approvals** page by clicking **Approvals Pending** from the left pane. + +2. The Approver clicks the expander arrow (**\/**) to the right side of the change request, showing the list of Approvers and the **Approve** and **Reject** buttons. + +3. The Approver reviews the change request, making sure it's correct. If the info is correct, the Approver clicks **Approve** to approve the change request. If the info seems incorrect, or if the app shouldn't be added to the site list, the Approver clicks **Reject**. + + An email is sent to the Requester, the Approver(s) group, and the Administrator(s) group, with the updated status of the request. + + +## Send a reminder to the Approver(s) group +If the change request is sitting in the approval queue for too long, the Requester can send a reminder to the group. + +- From the **My Approvals** page, click the checkbox next to the name of each Approver to be reminded, and then click **Send reminder**. + + An email is sent to the selected Approver(s). + + +## View rejected change requests +The original Requester, the Approver(s) group, and the Administrator(s) group can all view the rejected change request. + +**To view the rejected change request** + +- In the Enterprise Mode Site List Portal, click **Rejected** from the left pane. + + All rejected change requests appear, with role assignment determining which ones are visible. + + +## Next steps +After an Approver approves the change request, it must be scheduled for inclusion in the production Enterprise Mode Site List. For the scheduling steps, see the [Schedule approved change requests for production using the Enterprise Mode Site List Portal](schedule-production-change-enterprise-mode-portal.md) topic. \ No newline at end of file diff --git a/browsers/enterprise-mode/check-for-new-enterprise-mode-site-list-xml-file.md b/browsers/enterprise-mode/check-for-new-enterprise-mode-site-list-xml-file.md new file mode 100644 index 0000000000..cf0a576c0e --- /dev/null +++ b/browsers/enterprise-mode/check-for-new-enterprise-mode-site-list-xml-file.md @@ -0,0 +1,49 @@ +--- +title: Check for a new Enterprise Mode site list xml file (Internet Explorer 11 for IT Pros) +description: You can have centralized control over Enterprise Mode by creating a single, global XML site list that includes the list of websites to render using Enterprise Mode. +ms.assetid: 2bbc7017-622e-4baa-8981-c0bbda10e9df +ms.prod: ie11 +ms.mktglfcycl: deploy +ms.pagetype: appcompat +ms.sitesec: library +author: eross-msft +ms.author: lizross +ms.date: 08/14/2017 +ms.localizationpriority: low +--- + + +# Check for a new Enterprise Mode site list xml file + +**Applies to:** + +- Windows 10 +- Windows 8.1 +- Windows 7 +- Windows Server 2012 R2 +- Windows Server 2008 R2 with Service Pack 1 (SP1) + +You can have centralized control over Enterprise Mode by creating a single, global XML site list that includes the list of websites to render using Enterprise Mode. You can add and remove sites from your XML list as frequently as you want, changing which sites should render in Enterprise Mode for your employees. For information about turning on Enterprise Mode and using site lists, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md). + +The information in this topic only covers HTTPS protocol. We strongly recommend that you use HTTPS protocol instead of file protocol due to increased performance. + +**How Internet Explorer 11 looks for an updated site list** + +1. Internet Explorer starts up and looks for an updated site list in the following places: + + 1. **In the cache container.** IE first checks the cache container to see if it finds your XML site list. + + 2. **In the local cache.** If there’s nothing in the cache container, IE checks your local cache for the site list. + + 3. **On the server.** Based on standard IE caching rules, IE might look for a copy of your site list in the location you put specified in the **SiteList** value of the registry. + +2. If there’s an .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server file has a different version number than the version in the cache container, the server file is used and stored in the cache container.

**Note**
If you’re already using a site list, enterprise mode continues to work during the 65 second wait; it just uses your existing site list instead of your new one. + +   + +  + +  + + + diff --git a/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md b/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md new file mode 100644 index 0000000000..4752275c43 --- /dev/null +++ b/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md @@ -0,0 +1,479 @@ +--- +ms.localizationpriority: low +ms.mktglfcycl: deploy +description: Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7. +author: eross-msft +ms.prod: ie11 +ms.assetid: a145e80f-eb62-4116-82c4-3cc35fd064b6 +title: Collect data using Enterprise Site Discovery +ms.sitesec: library +ms.date: 07/27/2017 +--- + +# Collect data using Enterprise Site Discovery + +**Applies to:** + +- Windows 10 +- Windows 8.1 +- Windows 7 with Service Pack 1 (SP1) + +Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7. This inventory information helps you build a list of websites used by your company so you can make more informed decisions about your IE deployments, including figuring out which sites might be at risk or require overhauls during future upgrades. + +>**Upgrade Analytics and Windows upgrades**
+>You can use Upgrade Analytics to help manage your Windows 10 upgrades on devices running Windows 8.1 and Windows 7 (SP1). You can also use Upgrade Analytics to review several site discovery reports. Check out Upgrade Analytics from [here](https://technet.microsoft.com/itpro/windows/deploy/upgrade-analytics-get-started). + + +## Before you begin +Before you start, you need to make sure you have the following: + +- Latest cumulative security update (for all supported versions of Internet Explorer): + + 1. Go to the [Microsoft Security Bulletin](https://go.microsoft.com/fwlink/p/?LinkID=718223) page, and change the filter to **Windows Internet Explorer 11**. + + ![microsoft security bulletin techcenter](images/securitybulletin-filter.png) + + 2. Click the title of the latest cumulative security update, and then scroll down to the **Affected software** table. + + ![affected software section](images/affectedsoftware.png) + + 3. Click the link that represents both your operating system version and Internet Explorer 11, and then follow the instructions in the **How to get this update** section. + +- [Setup and configuration package](https://go.microsoft.com/fwlink/p/?LinkId=517719), including: + + - Configuration-related PowerShell scripts + + - IETelemetry.mof file + + - Sample System Center 2012 report templates + + You must use System Center 2012 R2 Configuration Manager or later for these samples to work. + +Both the PowerShell script and the Managed Object Format (.MOF) file need to be copied to the same location on the client device, before you run the scripts. + +## What data is collected? +Data is collected on the configuration characteristics of IE and the sites it browses, as shown here. + +|Data point |IE11 |IE10 |IE9 |IE8 |Description | +|------------------------|-----|-----|-----|-----|------------------------------------------------------------------------| +|URL | X | X | X | X |URL of the browsed site, including any parameters included in the URL. | +|Domain | X | X | X | X |Top-level domain of the browsed site. | +|ActiveX GUID | X | X | X | X |GUID of the ActiveX controls loaded by the site. | +|Document mode | X | X | X | X |Document mode used by IE for a site, based on page characteristics. | +|Document mode reason | X | X | | |The reason why a document mode was set by IE. | +|Browser state reason | X | X | | |Additional information about why the browser is in its current state. Also called, browser mode. | +|Hang count | X | X | X | X |Number of visits to the URL when the browser hung. | +|Crash count | X | X | X | X |Number of visits to the URL when the browser crashed. | +|Most recent navigation failure (and count) | X | X | X | X |Description of the most recent navigation failure (like, a 404 bad request or 500 internal server error) and the number of times it happened. | +|Number of visits | X | X | X | X |Number of times a site has been visited. | +|Zone | X | X | X | X |Zone used by IE to browse sites, based on browser settings. | + + +>**Important**
By default, IE doesn’t collect this data; you have to turn this feature on if you want to use it. After you turn on this feature, data is collected on all sites visited by IE, except during InPrivate sessions. Additionally, the data collection process is silent, so there’s no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements. + +### Understanding the returned reason codes +The following tables provide more info about the Document mode reason, Browser state reason, and the Zone codes that are returned as part of your data collection. + +#### DocMode reason +The codes in this table can tell you what document mode was set by IE for a webpage.
These codes only apply to Internet Explorer 10 and Internet Explorer 11. + +|Code |Description | +|-----|------------| +|3 |Page state is set by the `FEATURE_DOCUMENT_COMPATIBLE_MODE` feature control key.| +|4 |Page is using an X-UA-compatible meta tag. | +|5 |Page is using an X-UA-compatible HTTP header. | +|6 |Page appears on an active **Compatibility View** list. | +|7 |Page is using native XML parsing. | +|8 |Page is using a special Quirks Mode Emulation (QME) mode that uses the modern layout engine, but the quirks behavior of Internet Explorer 5. | +|9 |Page state is set by the browser mode and the page's DOCTYPE.| + +#### Browser state reason +The codes in this table can tell you why the browser is in its current state. Also called “browser mode”.
These codes only apply to Internet Explorer 10 and Internet Explorer 11. + +|Code |Description | +|-----|------------| +|1 |Site is on the intranet, with the **Display intranet sites in Compatibility View** box checked. | +|2 |Site appears on an active **Compatibility View** list, created in Group Policy. | +|3 |Site appears on an active **Compatibility View** list, created by the user. | +|4 |Page is using an X-UA-compatible tag. | +|5 |Page state is set by the **Developer** toolbar. | +|6 |Page state is set by the `FEATURE_BROWSER_EMULATION` feature control key. | +|7 |Site appears on the Microsoft **Compatibility View (CV)** list. | +|8 |Site appears on the **Quirks** list, created in Group Policy. | +|11 |Site is using the default browser. | + +#### Zone +The codes in this table can tell you what zone is being used by IE to browse sites, based on browser settings.
These codes apply to Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11. + +|Code |Description | +|-----|------------| +|-1 |Internet Explorer is using an invalid zone. | +|0 |Internet Explorer is using the Local machine zone. | +|1 |Internet Explorer is using the Local intranet zone. | +|2 |Internet Explorer is using the Trusted sites zone. | +|3 |Internet Explorer is using the Internet zone. | +|4 |Internet Explorer is using the Restricted sites zone. | + +## Where is the data stored and how do I collect it? +The data is stored locally, in an industry-standard WMI class, .MOF file or in an XML file, depending on your configuration. This file remains on the client computer until it’s collected. To collect the files, we recommend: + +- **WMI file**. Use Microsoft Configuration Manager or any agent that can read the contents of a WMI class on your computer. + +- **XML file**. Any agent that works with XML can be used. + +## WMI Site Discovery suggestions +We recommend that you collect your data for at most a month at a time, to capture a user’s typical workflow. We don’t recommend collecting data longer than that because the data is stored in a WMI provider and can fill up your computer’s hard drive. You may also want to collect data only for pilot users or a representative sample of people, instead of turning this feature on for everyone in your company. + +On average, a website generates about 250bytes of data for each visit, causing only a minor impact to Internet Explorer’s performance. Over the course of a month, collecting data from 20 sites per day from 1,000 users, you’ll get about 150MB of data:

250 bytes (per site visit) X 20 sites/day X 30 days = (approximately) 150KB X 1000 users = (approximately) 150MB + +>**Important**
The data collection process is silent, so there’s no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements. + +## Getting ready to use Enterprise Site Discovery +Before you can start to collect your data, you must run the provided PowerShell script (IETelemetrySetUp.ps1) on your client devices to start generating the site discovery data and to set up a place to store this data locally. Then, you must start collecting the site discovery data from the client devices, using one of these three options: + +- Collect your hardware inventory using the MOF Editor, while connecting to a client device.

+-OR- +- Collect your hardware inventory using the MOF Editor with a .MOF import file.

+-OR- +- Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only) + +### WMI only: Running the PowerShell script to compile the .MOF file and to update security privileges +You need to set up your computers for data collection by running the provided PowerShell script (IETelemetrySetUp.ps1) to compile the .mof file and to update security privileges for the new WMI classes. + +>**Important**
You must run this script if you’re using WMI as your data output. It's not necessary if you're using XML as your data output. + +**To set up Enterprise Site Discovery** + +- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1`. For more info, see [about Execution Policies](https://go.microsoft.com/fwlink/p/?linkid=517460). + +### WMI only: Set up your firewall for WMI data +If you choose to use WMI as your data output, you need to make sure that your WMI data can travel through your firewall for the domain. If you’re sure, you can skip this section; otherwise, follow these steps: + +**To set up your firewall** + +1. In **Control Panel**, click **System and Security**, and then click **Windows Firewall**. + +2. In the left pane, click **Allow an app or feature through Windows Firewall** and scroll down to check the box for **Windows Management Instrumentation (WMI)**. + +3. Restart your computer to start collecting your WMI data. + +## Use PowerShell to finish setting up Enterprise Site Discovery +You can determine which zones or domains are used for data collection, using PowerShell. If you don’t want to use PowerShell, you can do this using Group Policy. For more info, see [Use Group Policy to finish setting up Enterprise Site Discovery](#use-group-policy-to-finish-setting-up-enterprise-site-discovery). + +>**Important**
The .ps1 file updates turn on Enterprise Site Discovery and WMI collection for all users on a device. + +- **Domain allow list.** If you have a domain allow list, a comma-separated list of domains that should have this feature turned on, you should use this process. + +- **Zone allow list.** If you have a zone allow list, a comma-separated list of zones that should have this feature turned on, you should use this process. + +**To set up data collection using a domain allow list** + + - Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`. + + >**Important**
Wildcards, like \*.microsoft.com, aren’t supported. + +**To set up data collection using a zone allow list** + + - Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`. + + >**Important**
Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported. + +## Use Group Policy to finish setting up Enterprise Site Discovery +You can use Group Policy to finish setting up Enterprise Site Discovery. If you don’t want to use Group Policy, you can do this using PowerShell. For more info, see [Use Powershell to finish setting up Enterprise Site Discovery](#use-powershell-to-finish-setting-up-enterprise-site-discovery). + +>**Note**
 All of the Group Policy settings can be used individually or as a group. + + **To set up Enterprise Site Discovery using Group Policy** + +- Open your Group Policy editor, and go to these new settings: + + |Setting name and location |Description |Options | + |---------------------------|-------------|---------| + |Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery WMI output |Writes collected data to a WMI class, which can be aggregated using a client-management solution like Configuration Manager. |

| + |Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery XML output |Writes collected data to an XML file, which is stored in your specified location. | | + |Administrative Templates\Windows Components\Internet Explorer\Limit Site Discovery output by Zone |Manages which zone can collect data. |To specify which zones can collect data, you must include a binary number that represents your selected zones, based on this order:

0 – Restricted Sites zone
0 – Internet zone
0 – Trusted Sites zone
0 – Local Intranet zone
0 – Local Machine zone

**Example 1:** Include only the Local Intranet zone

Binary representation: *00010*, based on:

0 – Restricted Sites zone
0 – Internet zone
0 – Trusted Sites zone
1 – Local Intranet zone
0 – Local Machine zone

**Example 2:** Include only the Restricted Sites, Trusted Sites, and Local Intranet zones

Binary representation: *10110*, based on:

1 – Restricted Sites zone
0 – Internet zone
1 – Trusted Sites zone
1 – Local Intranet zone
1 – Local Machine zone | + |Administrative Templates\Windows Components\Internet Explorer\Limit Site Discovery output by domain |Manages which domains can collect data |To specify which domains can collect data, you must include your selected domains, one domain per line, in the provided box. It should look like:

microsoft.sharepoint.com
outlook.com
onedrive.com
timecard.contoso.com
LOBApp.contoso.com | + +### Combining WMI and XML Group Policy settings +You can use both the WMI and XML settings individually or together: + +**To turn off Enterprise Site Discovery** + + + + + + + + + + + + + +
Setting nameOption
Turn on Site Discovery WMI outputOff
Turn on Site Discovery XML outputBlank
+ +**Turn on WMI recording only** + + + + + + + + + + + + + +
Setting nameOption
Turn on Site Discovery WMI outputOn
Turn on Site Discovery XML outputBlank
+ +**To turn on XML recording only** + + + + + + + + + + + + + +
Setting nameOption
Turn on Site Discovery WMI outputOff
Turn on Site Discovery XML outputXML file path
+ +**To turn on both WMI and XML recording** + + + + + + + + + + + + + +
Setting nameOption
Turn on Site Discovery WMI outputOn
Turn on Site Discovery XML outputXML file path
+ +## Use Configuration Manager to collect your data +After you’ve collected your data, you’ll need to get the local files off of your employee’s computers. To do this, use the hardware inventory process in Configuration Manager, using one of these options: + +- Collect your hardware inventory using the MOF Editor, while connecting to a client device.

+-OR- +- Collect your hardware inventory using the MOF Editor with a .MOF import file.

+-OR- +- Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only) + +### Collect your hardware inventory using the MOF Editor while connected to a client device +You can collect your hardware inventory using the MOF Editor, while you’re connected to your client devices. + + **To collect your inventory** + +1. From the Configuration Manager, click **Administration**, click **Client Settings**, double-click **Default Client Settings**, click **Hardware Inventory**, and then click **Set Classes**. + + ![Configuration Manager, showing the hardware inventory settings for client computers](images/configmgrhardwareinventory.png) + +2. Click **Add**, click **Connect**, and connect to a computer that has completed the setup process and has already existing classes. + +3. Change the **WMI Namespace** to `root\cimv2\IETelemetry`, and click **Connect**. + + ![Configuration Manager, with the Connect to Windows Management Instrumentation (WMI) box](images/ie11-inventory-addclassconnectscreen.png) + +4. Select the check boxes next to the following classes, and then click **OK**: + + - IESystemInfo + + - IEURLInfo + + - IECountInfo + +5. Click **OK** to close the default windows.
+Your environment is now ready to collect your hardware inventory and review the sample reports. + +### Collect your hardware inventory using the MOF Editor with a .MOF import file +You can collect your hardware inventory using the MOF Editor and a .MOF import file. + + **To collect your inventory** + +1. From the Configuration Manager, click **Administration**, click **Client Settings**, double-click **Default Client Settings**, click **Hardware Inventory**, and then click **Set Classes**. + +2. Click **Import**, choose the MOF file from the downloaded package we provided, and click **Open**. + +3. Pick the inventory items to install, and then click **Import**. + +4. Click **OK** to close the default windows.
+Your environment is now ready to collect your hardware inventory and review the sample reports. + +### Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only) +You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file. Editing this file lets you collect your data for System Center Configuration Manager 2007. If you aren’t using this version of Configuration Manager, you won’t want to use this option. + +**To collect your inventory** + +1. Using a text editor like Notepad, open the SMS\DEF.MOF file, located in your `\inboxes\clifiles.src\hinv` directory. + +2. Add this text to the end of the file: + + ``` + [SMS_Report (TRUE), + SMS_Group_Name ("IESystemInfo"), + SMS_Class_ID ("MICROSOFT|IESystemInfo|1.0"), + Namespace ("root\\\\cimv2\\\\IETelemetry") ] + Class IESystemInfo: SMS_Class_Template + { + [SMS_Report (TRUE), Key ] + String SystemKey; + [SMS_Report (TRUE) ] + String IEVer; + }; + + [SMS_Report (TRUE), + SMS_Group_Name ("IEURLInfo"), + SMS_Class_ID ("MICROSOFT|IEURLInfo|1.0"), + Namespace ("root\\\\cimv2\\\\IETelemetry") ] + Class IEURLInfo: SMS_Class_Template + { + [SMS_Report (TRUE), Key ] + String URL; + [SMS_Report (TRUE) ] + String Domain; + [SMS_Report (TRUE) ] + UInt32 DocMode; + [SMS_Report (TRUE) ] + UInt32 DocModeReason; + [SMS_Report (TRUE) ] + UInt32 Zone; + [SMS_Report (TRUE) ] + UInt32 BrowserStateReason; + [SMS_Report (TRUE) ] + String ActiveXGUID[]; + [SMS_Report (TRUE) ] + UInt32 CrashCount; + [SMS_Report (TRUE) ] + UInt32 HangCount; + [SMS_Report (TRUE) ] + UInt32 NavigationFailureCount; + [SMS_Report (TRUE) ] + UInt32 NumberOfVisits; + [SMS_Report (TRUE) ] + UInt32 MostRecentNavigationFailure; + }; + + [SMS_Report (TRUE), + SMS_Group_Name ("IECountInfo"), + SMS_Class_ID ("MICROSOFT|IECountInfo|1.0"), + Namespace ("root\\\\cimv2\\\\IETelemetry") ] + Class IECountInfo: SMS_Class_Template + { + [SMS_Report (TRUE), Key ] + String CountKey; + [SMS_Report (TRUE) ] + UInt32 CrashCount; + [SMS_Report (TRUE) ] + UInt32 HangCount; + [SMS_Report (TRUE) ] + UInt32 NavigationFailureCount; + }; + ``` + +3. Save the file and close it to the same location. + Your environment is now ready to collect your hardware inventory and review the sample reports. + +## View the sample reports with your collected data +The sample reports, **SCCM Report Sample – ActiveX.rdl** and **SCCM Report Sample – Site Discovery.rdl**, work with System Center 2012, so you can review your collected data. + +### SCCM Report Sample – ActiveX.rdl +Gives you a list of all of the ActiveX-related sites visited by the client computer. + +![ActiveX.rdl report, lists all ActiveX-related sites visited by the client computer](images/configmgractivexreport.png) + +### SCCM Report Sample – Site Discovery.rdl +Gives you a list of all of the sites visited by the client computer. + +![Site Discovery.rdl report, lists all websites visited by the client computer](images/ie-site-discovery-sample-report.png) + +## View the collected XML data +After the XML files are created, you can use your own solutions to extract and parse the data. The data will look like: + +``` xml + + + [dword] + [dword] + [dword] + + + [string] + + [guid] + + [dword] + [dword] + [dword] + [dword] + [dword] + [dword] + [dword] + [dword] + [string] + [dword] + + + + +``` +You can import this XML data into the correct version of the Enterprise Mode Site List Manager, automatically adding the included sites to your Enterprise Mode site list. + +**To add your XML data to your Enterprise Mode site list** + +1. Open the Enterprise Mode Site List Manager, click **File**, and then click **Bulk add from file**. + + ![Enterprise Mode Site List Manager with Bulk add from file option](images/bulkadd-emiesitelistmgr.png) + +2. Go to your XML file to add the included sites to the tool, and then click **Open**.
Each site is validated and if successful, added to the global site list when you click **OK** to close the menu. If a site doesn’t pass validation, you can try to fix the issues or pick the site and click **Add to list** to ignore the validation problem. For more information about fixing validation problems, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md). + +3. Click **OK** to close the **Bulk add sites to the list** menu. + +## Turn off data collection on your client devices +After you’ve collected your data, you’ll need to turn Enterprise Site Discovery off. + +**To stop collecting data, using PowerShell** + +- On your client computer, start Windows PowerShell in elevated mode (using admin privileges) and run `IETelemetrySetUp.ps1`, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1 –IEFeatureOff`. + + >**Note**
Turning off data collection only disables the Enterprise Site Discovery feature – all data already written to WMI stays on your employee’s computer. + + +**To stop collecting data, using Group Policy** + +1. Open your Group Policy editor, go to `Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery WMI output`, and click **Off**. + +2. Go to `Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery XML output`, and clear the file path location. + +### Delete already stored data from client computers +You can completely remove the data stored on your employee’s computers. + +**To delete all existing data** + +- On the client computer, start PowerShell in elevated mode (using admin privileges) and run these four commands: + + - `Remove-WmiObject -Namespace root/cimv2/IETelemetry IEURLInfo` + + - `Remove-WmiObject -Namespace root/cimv2/IETelemetry IESystemInfo` + + - `Remove-WmiObject -Namespace root/cimv2/IETelemetry IECountInfo` + + - `Remove-Item -Path 'HKCU:\Software\Microsoft\Internet Explorer\WMITelemetry'` + +## Related topics +* [Enterprise Mode Site List Manager (schema v.2) download](https://go.microsoft.com/fwlink/?LinkId=746562) +* [Enterprise Mode for Internet Explorer 11 (IE11)](enterprise-mode-overview-for-ie11.md) +  + + + diff --git a/browsers/enterprise-mode/configure-settings-enterprise-mode-portal.md b/browsers/enterprise-mode/configure-settings-enterprise-mode-portal.md new file mode 100644 index 0000000000..36066de055 --- /dev/null +++ b/browsers/enterprise-mode/configure-settings-enterprise-mode-portal.md @@ -0,0 +1,94 @@ +--- +ms.localizationpriority: low +ms.mktglfcycl: deploy +ms.pagetype: appcompat +description: Details about how the Administrator can use the Settings page to set up Groups and roles, the Enterprise Mode Site List Portal environment, and the freeze dates for production changes. +author: eross-msft +ms.prod: ie11 +title: Use the Settings page to finish setting up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros) +ms.sitesec: library +ms.date: 07/27/2017 +--- + +# Use the Settings page to finish setting up the Enterprise Mode Site List Portal + +**Applies to:** + +- Windows 10 +- Windows 8.1 +- Windows 7 +- Windows Server 2012 R2 +- Windows Server 2008 R2 with Service Pack 1 (SP1) + +The **Settings** page lets anyone with Administrator rights set up groups and roles, set up the Enterprise Mode Site List Portal environment, and choose the freeze dates for production changes. + +## Use the Environment settings area +This area lets you specify the location of your production and pre-production environments, where to store your attachments, your settings location, and the website domain for email notifications. + +**To add location info** +1. Open the Enterprise Mode Site List Portal and click the **Settings** icon in the upper-right area of the page. + + The **Settings** page appears. + +2. In the **Environment settings** area of the page, provide the info for your **Pre-production environment**, your **Production environment**, your **Attachments location**, your **Settings location**, and your **Website domain for email notifications**. + +3. Click **Credentials** to add the appropriate domain, user name, and password for each location, and then click **OK**. + +## Use the Group and role settings area +After you set up your email credentials, you'll be able to add or edit your Group info, along with picking which roles must be Approvers for the group. + +**To add a new group and determine the required change request Approvers** +1. Open the Enterprise Mode Site List Portal and click the **Settings** icon in the upper-right area of the page. + + The **Settings** page appears. + +2. In the **Group and role settings** area of the page, click **Group details**. + + The **Add or edit group names** box appears. + +3. Click the **Add group** tab, and then add the following info: + + - **New group name.** Type name of your new group. + + - **Group head email.** Type the email address for the primary contact for the group. + + - **Group head name.** This box automatically fills, based on the email address. + + - **Active.** Click the check box to make the group active in the system. If you want to keep the group in the system, but you want to prevent access, clear this check box. + +4. Click **Save**. + + +**To set a group's required Approvers** +1. In the **Group and role settings** area of the page, choose the group name you want to update with Approvers from the **Group name** box. + +2. In the **Required approvers** area, choose which roles are required to approve a change request for the group. You can choose one or many roles. + + - **App Manager.** All employees in the selected group must get change request approval by someone assigned this role. + + You can change the name of this role by clicking the pencil icon and providing a new name in the **Edit role name** box. + + - **Group Head.** All employees in the selected group must get change request approval by someone assigned this role. + + You can change the name of this role by clicking the pencil icon and providing a new name in the **Edit role name** box. + + - **Administrator.** All employees in the selected group must get change request approval by someone assigned this role. + +## Use the Freeze production changes area +This optional area lets you specify a period when your employees must stop adding changes to the current Enterprise Mode Site List. This must include both a start and an end date. + +**To add the start and end dates** +1. Open the Enterprise Mode Site List Portal and click the **Settings** icon in the upper-right area of the page. + + The **Settings** page appears. + +2. In the **Freeze production changes** area of the page, use the calendars to provide the **Freeze start date** and the **Freeze end date**. Your employees can't add apps to the production Enterprise Mode Site List during this span of time. + +3. Click **Save**. + +## Related topics +- [Enterprise Mode Site List Portal source code](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal) + +- [Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md) + +- [Use the Enterprise Mode Site List Manager tool or page](use-the-enterprise-mode-site-list-manager.md) \ No newline at end of file diff --git a/browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md b/browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md new file mode 100644 index 0000000000..4dfb16435c --- /dev/null +++ b/browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md @@ -0,0 +1,70 @@ +--- +ms.localizationpriority: low +ms.mktglfcycl: deploy +ms.pagetype: appcompat +description: Details about how to create a change request within the Enterprise Mode Site List Portal. +author: eross-msft +ms.prod: ie11 +title: Create a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros) +ms.sitesec: library +ms.date: 07/27/2017 +--- + +# Create a change request using the Enterprise Mode Site List Portal + +**Applies to:** + +- Windows 10 +- Windows 8.1 +- Windows 7 +- Windows Server 2012 R2 +- Windows Server 2008 R2 with Service Pack 1 (SP1) + +Employees assigned to the Requester role can create a change request. A change request is used to tell the Approvers and the Administrator that a website needs to be added or removed from the Enterprise Mode Site List. The employee can navigate to each stage of the process by using the workflow links provided at the top of each page of the portal. + +>[!Important] +>Each Requester must have access to a test machine with Administrator rights, letting him or her get to the pre-production environment to make sure that the requested change is correct. + +**To create a new change request** +1. The Requester (an employee that has been assigned the Requester role) signs into the Enterprise Mode Site List Portal, and clicks **Create new request**. + + The **Create new request** page appears. + +2. Fill out the required fields, based on the group and the app, including: + + - **Group name.** Select the name of your group from the dropdown box. + + - **App name.** Type the name of the app you want to add, delete, or update in the Enterprise Mode Site List. + + - **Search all apps.** If you can't remember the name of your app, you can click **Search all apps** and search the list. + + - **Add new app.** If your app isn't listed, you can click **Add new app** to add it to the list. + + - **Requested by.** Automatically filled in with your name. + + - **Description.** Add descriptive info about the app. + + - **Requested change.** Select whether you want to **Add to EMIE**, **Delete from EMIE**, or **Update to EMIE**. + + - **Reason for request.** Select the best reason for why you want to update, delete, or add the app. + + - **Business impact (optional).** An optional area where you can provide info about the business impact of this app and the change. + + - **App location (URL).** The full URL location to the app, starting with https:// or https://. + + - **App best viewed in.** Select the best browser experience for the app. This can be Internet Explorer 5 through Internet Explorer 11 or one of the IE7Enterprise or IE8Enterprise modes. + + - **Is an x-ua tag used?** Select **Yes** or **No** whether an x-ua-compatible tag is used by the app. For more info about x-ua-compatible tags, see the topics in [Defining document compatibility](https://msdn.microsoft.com/library/cc288325(v=vs.85).aspx). + +4. Click **Save and continue** to save the request and get the app info sent to the pre-production environment site list for testing. + + A message appears that the request was successful, including a **Request ID** number, saying that the change is being made to the pre-production environment site list. + +5. The Requester gets an email with a batch script, that when run, configures their test machine for the pre-production environment, along with the necessary steps to make sure the changed info is correct. + + - **If the change is correct.** The Requester asks the approvers to approve the change request by selecting **Successful** and clicking **Send for approval**. + + - **If the change is incorrect.** The Requester can rollback the change in pre-production or ask for help from the Administrator. + +## Next steps +After the change request is created, the Requester must make sure the suggested changes work in the pre-production environment. For these steps, see the [Verify your changes using the Enterprise Mode Site List Portal](verify-changes-preprod-enterprise-mode-portal.md) topic. \ No newline at end of file diff --git a/browsers/enterprise-mode/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md new file mode 100644 index 0000000000..13fd5539cd --- /dev/null +++ b/browsers/enterprise-mode/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md @@ -0,0 +1,46 @@ +--- +ms.localizationpriority: low +description: Delete a single site from your global Enterprise Mode site list. +ms.pagetype: appcompat +ms.mktglfcycl: deploy +author: eross-msft +ms.prod: ie11 +ms.assetid: 41413459-b57f-48da-aedb-4cbec1e2981a +title: Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros) +ms.sitesec: library +ms.date: 07/27/2017 +--- + + +# Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager + +**Applies to:** + +- Windows 10 +- Windows 8.1 +- Windows 7 +- Windows Server 2012 R2 +- Windows Server 2008 R2 with Service Pack 1 (SP1) + + + **To delete a single site from your global Enterprise Mode site list** + +- From the Enterprise Mode Site List Manager, pick the site you want to delete, and then click **Delete**.
+The site is permanently removed from your list. + +If you delete a site by mistake, you’ll need to manually add it back using the instructions in the following topics, based on operating system. + +- [Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md) + +- [Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md) + +## Related topics +- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) +- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378) +- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md) +  + +  + + + diff --git a/browsers/enterprise-mode/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md new file mode 100644 index 0000000000..c6e03cadc0 --- /dev/null +++ b/browsers/enterprise-mode/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md @@ -0,0 +1,50 @@ +--- +ms.localizationpriority: low +ms.mktglfcycl: deploy +ms.pagetype: appcompat +description: You can use Internet Explorer 11 and the Enterprise Mode Site List Manager to change whether page rendering should use Enterprise Mode or the default Internet Explorer browser configuration. You can also add, remove, or delete associated comments. +author: eross-msft +ms.prod: ie11 +ms.assetid: 76aa9a85-6190-4c3a-bc25-0f914de228ea +title: Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros) +ms.sitesec: library +ms.date: 07/27/2017 +--- + + +# Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager + +**Applies to:** + +- Windows 10 +- Windows 8.1 +- Windows 7 +- Windows Server 2012 R2 +- Windows Server 2008 R2 with Service Pack 1 (SP1) + +You can use Internet Explorer 11 and the Enterprise Mode Site List Manager to change whether page rendering should use Enterprise Mode or the default Internet Explorer browser configuration. You can also add, remove, or delete associated comments. + +If you need to edit a lot of websites, you probably don’t want to do it one at a time. Instead, you can edit your saved XML or TXT file and add the sites back again. For information about how to do this, depending on your operating system and schema version, see [Add multiple sites to the Enterprise Mode site list using a file and Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md) or [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md). + + **To change how your page renders** + +1. In the Enterprise Mode Site List Manager, double-click the site you want to change. + +2. Change the comment or the compatibility mode option. + +3. Click **Save** to validate your changes and to add the updated information to your site list.
+If your change passes validation, it’s added to the global site list. If the update doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the update or ignore the validation problem and add it to your list anyway. For more information about fixing validation issues, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md). + +4. On the **File** menu, click **Save to XML**, and save the updated file.
+You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md). + +## Related topics +- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) +- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378) +- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md) +  + +  + + + diff --git a/browsers/enterprise-mode/enterprise-mode-and-enterprise-site-list-include.md b/browsers/enterprise-mode/enterprise-mode-and-enterprise-site-list-include.md new file mode 100644 index 0000000000..25f58fb19f --- /dev/null +++ b/browsers/enterprise-mode/enterprise-mode-and-enterprise-site-list-include.md @@ -0,0 +1,50 @@ +## Enterprise Mode and the Enterprise Mode Site List XML file +The Enterprise Mode Site List is an XML document that specifies a list of sites, their compat mode, and their intended browser. Using [Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853), you can automatically start a webpage using a specific browser. In the case of IE11, the webpage can also be launched in a specific compat mode, so it always renders correctly. Your employees can easily view this site list by typing _about:compat_ in either Microsoft Edge or IE11. + +Starting with Windows 10, version 1511 (also known as the Anniversary Update), you can also [restrict IE11 to only the legacy web apps that need it](https://blogs.windows.com/msedgedev/2016/05/19/edge14-ie11-better-together/), automatically sending sites not included in the Enterprise Mode Site List to Microsoft Edge. + +### Site list xml file + +This is a view of the [raw EMIE v2 schema.xml file](https://gist.github.com/kypflug/9e9961de771d2fcbd86b#file-emie-v2-schema-xml). There are equivalent Enterprise Mode Site List policies for both [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/emie-to-improve-compatibility) and [Internet Explorer 11](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list). The Microsoft Edge list is used to determine which sites should open in IE11; while the IE11 list is used to determine the compat mode for a site, and which sites should open in Microsoft Edge. We recommend using one list for both browsers, where each policy points to the same XML file location. + +```xml + + + + EnterpriseSiteListManager + 10586 + 20150728.135021 + + + + IE8Enterprise + IE11 + + + default + IE11 + + + IE7Enterprise + IE11 + + + + + IE8Enterprise" + IE11 + + + IE7 + IE11 + + + IE7 + IE11 + + + +``` \ No newline at end of file diff --git a/browsers/enterprise-mode/enterprise-mode-features-include.md b/browsers/enterprise-mode/enterprise-mode-features-include.md new file mode 100644 index 0000000000..8090fc9ba8 --- /dev/null +++ b/browsers/enterprise-mode/enterprise-mode-features-include.md @@ -0,0 +1,16 @@ +### Enterprise Mode features +Enterprise Mode includes the following features: + +- **Improved web app and website compatibility.** Through improved emulation, Enterprise Mode lets many legacy web apps run unmodified on IE11, supporting several site patterns that aren’t currently supported by existing document modes. + +- **Tool-based management for website lists.** Use the Enterprise Mode Site List Manager to add website domains and domain paths and to specify whether a site renders using Enterprise Mode. +Download the [Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) or the [Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378), based on your operating system and schema. + +- **Centralized control.** You can specify the websites or web apps to interpret using Enterprise Mode, through an XML file on a website or stored locally. Domains and paths within those domains can be treated differently, allowing granular control. Use Group Policy to let users turn Enterprise Mode on or off from the Tools menu and to decide whether the Enterprise browser profile appears on the Emulation tab of the F12 developer tools. + + >[!Important] + >All centrally-made decisions override any locally-made choices. + +- **Integrated browsing.** When Enterprise Mode is set up, users can browse the web normally, letting the browser change modes automatically to accommodate Enterprise Mode sites. + +- **Data gathering.** You can configure Enterprise Mode to collect local override data, posting back to a named server. This lets you "crowd source" compatibility testing from key users; gathering their findings to add to your central site list. \ No newline at end of file diff --git a/browsers/enterprise-mode/enterprise-mode-overview-for-ie11.md b/browsers/enterprise-mode/enterprise-mode-overview-for-ie11.md new file mode 100644 index 0000000000..b7d9399d77 --- /dev/null +++ b/browsers/enterprise-mode/enterprise-mode-overview-for-ie11.md @@ -0,0 +1,51 @@ +--- +ms.localizationpriority: low +ms.mktglfcycl: deploy +ms.pagetype: appcompat +description: Use the topics in this section to learn how to set up and use Enterprise Mode, Enterprise Mode Site List Manager, and the Enterprise Mode Site List Portal for your company. +author: eross-msft +ms.prod: ie11 +ms.assetid: d52ba8ba-b3c7-4314-ba14-0610e1d8456e +title: Enterprise Mode for Internet Explorer 11 (Internet Explorer 11 for IT Pros) +ms.sitesec: library +ms.date: 07/27/2017 +--- + + +# Enterprise Mode for Internet Explorer 11 + +**Applies to:** + +- Windows 10 +- Windows 8.1 +- Windows 7 +- Windows Server 2012 R2 +- Windows Server 2008 R2 with Service Pack 1 (SP1) + +Use the topics in this section to learn how to set up and use Enterprise Mode and the Enterprise Mode Site List Manager in your company. + +## In this section +|Topic |Description | +|---------------------------------------------------------------|-----------------------------------------------------------------------------------| +|[Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md)|Includes descriptions of the features of Enterprise Mode. | +|[Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md) |Guidance about how to turn on local control of Enterprise Mode and how to use ASP or the GitHub sample to collect data from your local computers. | +|[Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md) |Guidance about how to turn on Enterprise Mode and set up a site list, using Group Policy or the registry. | +|[Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md) |Guidance about how to write the XML for your site list, including what not to include, how to use trailing slashes, and info about how to target specific sites. | +|[Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md) |Guidance about how to write the XML for your site list, including what not to include, how to use trailing slashes, and info about how to target specific sites. | +|[Check for a new Enterprise Mode site list xml file](check-for-new-enterprise-mode-site-list-xml-file.md) |Guidance about how the Enterprise Mode functionality looks for your updated site list. | +|[Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md) |Guidance about how to turn on local control of Enterprise Mode, using Group Policy or the registry.| +|[Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md) |Guidance about how to use the Enterprise Mode Site List Manager, including how to add and update sites on your site list. | +|[Use the Enterprise Mode Site List Portal](use-the-enterprise-mode-portal.md) |Guidance about how to set up and use the Enterprise Mode Site List Manager, including how to add and update sites on your site list. | +|[Using Enterprise Mode](using-enterprise-mode.md) |Guidance about how to turn on either IE7 Enterprise Mode or IE8 Enterprise Mode. | +|[Fix web compatibility issues using document modes and the Enterprise Mode Site List](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md) |Guidance about how to decide and test whether to use document modes or Enterprise Mode to help fix compatibility issues. | +|[Remove sites from a local Enterprise Mode site list](remove-sites-from-a-local-enterprise-mode-site-list.md) |Guidance about how to remove websites from a device's local Enterprise Mode site list. | +|[Remove sites from a local compatibility view list](remove-sites-from-a-local-compatibililty-view-list.md) |Guidance about how to remove websites from a device's local compatibility view list. | +|[Turn off Enterprise Mode](turn-off-enterprise-mode.md) |Guidance about how to stop using your site list and how to turn off local control, using Group Policy or the registry. | +  + +  + +  + + + diff --git a/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md b/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md new file mode 100644 index 0000000000..52ada71083 --- /dev/null +++ b/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md @@ -0,0 +1,233 @@ +--- +ms.localizationpriority: low +ms.mktglfcycl: deploy +ms.pagetype: appcompat +description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 7 or Windows 8.1 Update. +author: eross-msft +ms.prod: ie11 +ms.assetid: 17c61547-82e3-48f2-908d-137a71938823 +title: Enterprise Mode schema v.1 guidance (Internet Explorer 11 for IT Pros) +ms.sitesec: library +ms.date: 07/27/2017 +--- + + +# Enterprise Mode schema v.1 guidance + +**Applies to:** + +- Windows 10 +- Windows 8.1 +- Windows 7 + +Use the Enterprise Mode Site List Manager (schema v.1) to create and update your Enterprise Mode site list for devices running the v.1 version of the schema, or the Enterprise Mode Site List Manager (schema v.2) to create and update your Enterprise Mode site list for devices running the v.2 version of the schema. We strongly recommend moving to the new schema, v.2. For more info, see [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md). + +If you don't want to use the Enterprise Mode Site List Manager, you also have the option to update your XML schema using Notepad, or any other XML-editing app. + +## Enterprise Mode schema v.1 example +The following is an example of the Enterprise Mode schema v.1. This schema can run on devices running Windows 7 and Windows 8.1. + +**Important**
+Make sure that you don't specify a protocol when adding your URLs. Using a URL like `contoso.com` automatically applies to both https://contoso.com and https://contoso.com. + +``` xml + + + www.cpandl.com + www.woodgrovebank.com + adatum.com + contoso.com + relecloud.com + /about + + fabrikam.com + /products + + + + contoso.com + /travel + + fabrikam.com + /products + + + +``` + +### Schema elements +This table includes the elements used by the Enterprise Mode schema. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ElementDescriptionSupported browser
<rules>Root node for the schema. +

Example +

+<rules version="205">
+  <emie>
+    <domain>contoso.com</domain>
+  </emie>
+</rules>
Internet Explorer 11 and Microsoft Edge
<emie>The parent node for the Enterprise Mode section of the schema. All <domain> entries will have either IE8 Enterprise Mode or IE7 Enterprise Mode applied. +

Example +

+<rules version="205">
+  <emie>
+    <domain>contoso.com</domain>
+  </emie>
+</rules>
+-or- +

For IPv6 ranges:

<rules version="205">
+  <emie>
+    <domain>[10.122.34.99]:8080</domain>
+  </emie>
+  </rules>
+-or- +

For IPv4 ranges:

<rules version="205">
+  <emie>
+    <domain>10.122.34.99:8080</domain>
+  </emie>
+  </rules>
Internet Explorer 11 and Microsoft Edge
<docMode>The parent node for the document mode section of the section. All <domain> entries will get IE5 - IE11 document modes applied. If there's a <domain> element in the <docMode> section that uses the same value as a <domain> element in the <emie> section, the <emie> element is applied. +

Example +

+<rules version="205">
+  <docMode>
+    <domain docMode="7">contoso.com</domain>
+  </docMode>
+</rules>
Internet Explorer 11
<domain>A unique entry added for each site you want to put on the Enterprise Mode site list. The first <domain> element will overrule any additional <domain> elements that use the same value for the section. You can use port numbers for this element. +

Example +

+<emie>
+  <domain>contoso.com:8080</domain>
+</emie>
Internet Explorer 11 and Microsoft Edge
<path>A unique entry added for each path under a domain you want to put on the Enterprise Mode site list. The <path> element is a child of the <domain> element. Additionally, the first <path> element will overrule any additional <path> elements in the schema section. +

Example +

+<emie>
+  <domain exclude="false">fabrikam.com
+    <path exclude="true">/products</path>
+  </domain>
+</emie>

+Where https://fabrikam.com doesn't use IE8 Enterprise Mode, but https://fabrikam.com/products does.

Internet Explorer 11 and Microsoft Edge
+ +### Schema attributes +This table includes the attributes used by the Enterprise Mode schema. + + + + + + + + + + + + + + + + + + + + + + + + + +
AttributeDescriptionSupported browser
<version>Specifies the version of the Enterprise Mode Site List. This attribute is supported for the <rules> element.Internet Explorer 11 and Microsoft Edge
<exclude>Specifies the domain or path that is excluded from getting the behavior applied. This attribute is supported on the <domain> and <path> elements. +

Example +

+<emie>
+  <domain exclude="false">fabrikam.com
+    <path exclude="true">/products</path>
+  </domain>
+</emie>

+Where https://fabrikam.com doesn't use IE8 Enterprise Mode, but https://fabrikam.com/products does.

Internet Explorer 11 and Microsoft Edge
<docMode>Specifies the document mode to apply. This attribute is only supported on <domain> or <path> elements in the <docMode> section. +

Example +

+<docMode>
+  <domain exclude="false">fakrikam.com
+    <path docMode="7">/products</path>
+  </domain>
+</docMode>
Internet Explorer 11
+ +### Using Enterprise Mode and document mode together +If you want to use both Enterprise Mode and document mode together, you need to be aware that <emie> entries override <docMode> entries for the same domain. + +For example, say you want all of the sites in the contoso.com domain to open using IE8 Enterprise Mode, except test.contoso.com, which needs to open in document mode 11. Because Enterprise Mode takes precedence over document mode, if you want test.contoso.com to open using document mode, you'll need to explicitly add it as an exclusion to the <emie> parent node. + +```xml + + + contoso.com + test.contoso.com + + + test.contoso.com + + +``` + +### What not to include in your schema +We recommend that you not add any of the following items to your schema because they can make your compatibility list behave in unexpected ways: +- Don’t use protocols. For example, `https://`, `https://`, or custom protocols. They break parsing. +- Don’t use wildcards. +- Don’t use query strings, ampersands break parsing. + +## How to use trailing slashes +You can use trailing slashes at the path-level, but not at the domain-level: +- **Domain-level.** Don’t add trailing slashes to a domain, it breaks parsing. +- **Path-level.** Adding a trailing slash to a path means that the path ends at that point. By not adding a trailing slash, the rule applies to all of the sub-paths. + +**Example** + +``` xml +contoso.com + /about/ + +``` +In this example, `contoso.com/about/careers` will use the default version of Internet Explorer, even though `contoso.com/about/` uses Enterprise Mode. + + +## How to target specific sites +If you want to target specific sites in your organization. + +|Targeted site |Example |Explanation | +|--------------|--------|------------| +|You can specify subdomains in the domain tag. |<docMode>
<domain docMode="5">contoso.com</domain>
<domain docMode="9">info.contoso.com</domain>
<docMode> |

| +|You can specify exact URLs by listing the full path. |<emie>
<domain exclude="false">bing.com</domain>
<domain exclude="false" forceCompatView="true">contoso.com</domain>
<emie>|| +|You can nest paths underneath domains. |<emie>
<domain exclude="true">contoso.com
<path exclude="false">/about</path>
<path exclude="true">
/about/business</path>
</domain>
</emie> | | +|You can’t add a path underneath a path. The file will still be parsed, but the sub-path will be ignored. |<emie>
<domain exclude="true">contoso.com
<path>/about
<path exclude="true">/business</path>
</path>
</domain>
</emie> | | \ No newline at end of file diff --git a/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md b/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md new file mode 100644 index 0000000000..ebc229a1db --- /dev/null +++ b/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md @@ -0,0 +1,298 @@ +--- +ms.localizationpriority: low +ms.mktglfcycl: deploy +ms.pagetype: appcompat +description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 10. +author: eross-msft +ms.prod: ie11 +ms.assetid: 909ca359-5654-4df9-b9fb-921232fc05f5 +title: Enterprise Mode schema v.2 guidance (Internet Explorer 11 for IT Pros) +ms.sitesec: library +ms.date: 12/04/2017 +--- + + +# Enterprise Mode schema v.2 guidance + +**Applies to:** + +- Windows 10 +- Windows 8.1 +- Windows 7 + +Use the Enterprise Mode Site List Manager to create and update your site list for devices running Windows 7, Windows 8.1, and Windows 10, using the version 2.0 (v.2) of the Enterprise Mode schema. If you don't want to use the Enterprise Mode Site List Manager, you also have the option to update your XML schema using Notepad, or any other XML-editing app. + +**Important**
+If you're running Windows 7 or Windows 8.1 and you've been using the version 1.0 (v.1) of the schema, you can continue to do so, but you won't get the benefits that come with the updated schema. For info about the v.1 schema, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md). + +## Enterprise Mode schema v.2 updates +Because of the schema changes, you can't combine the old version (v.1) with the new version (v.2) of the schema. If you look at your XML file, you can tell which version you're using by: + +- <rules>. If your schema root node includes this key, you're using the v.1 version of the schema. + +- <site-list>. If your schema root node includes this key, you're using the v.2 version of the schema. + +You can continue to use the v.1 version of the schema on Windows 10, but you won't have the benefits of the new v.2 version schema updates and new features. Additionally, saving the v.1 version of the schema in the new Enterprise Mode Site List Manager (schema v.2) automatically updates the file to use the v.2 version of the schema. + +### Enterprise Mode v.2 schema example +The following is an example of the v.2 version of the Enterprise Mode schema. + +**Important**
+Make sure that you don't specify a protocol when adding your URLs. Using a URL like ``, automatically applies to both https://contoso.com and https://contoso.com. +  +``` xml + + + + EnterpriseSitelistManager + 10240 + 20150728.135021 + + + + IE8Enterprise + MSEdge + + + default + IE11 + + + IE7Enterprise + IE11 + + + default + IE11 + + + default + none + + IE8Enterprise" + + + IE7 + IE11 + + + IE8Enterprise + IE11 + + + IE7 + IE11 + + +``` + +### Updated schema elements +This table includes the elements used by the v.2 version of the Enterprise Mode schema. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ElementDescriptionSupported browser
<site-list>A new root node with this text is using the updated v.2 version of the schema. It replaces <rules>. +

Example +

+<site-list version="205">
+  <site url="contoso.com">
+    <compat-mode>IE8Enterprise</compat-mode>
+    <open-in>IE11</open-in>
+  </site>
+</site-list>
Internet Explorer 11 and Microsoft Edge
<site>A unique entry added for each site you want to put on the Enterprise Mode site list. The first <site> element will overrule any additional <site> elements that use the same value for the <url> element. +

Example +

+<site url="contoso.com">
+  <compat-mode>default</compat-mode>
+  <open-in>none</open-in>
+</site>
+-or- +

For IPv4 ranges:

<site url="10.122.34.99:8080">
+  <compat-mode>IE8Enterprise</compat-mode>
+<site>

+-or- +

For IPv6 ranges:

<site url="[10.122.34.99]:8080">
+  <compat-mode>IE8Enterprise</compat-mode>
+<site>

+You can also use the self-closing version, <url="contoso.com" />, which also sets: +

    +
  • <compat-mode>default</compat-mode>
    • +
  • <open-in>none</open-in>
    • +
Internet Explorer 11 and Microsoft Edge
<compat-mode>A child element that controls what compatibility setting is used for specific sites or domains. This element is only supported in IE11. +

Example +

+<site url="contoso.com">
+  <compat-mode>IE8Enterprise</compat-mode>
+</site>
+-or- +

For IPv4 ranges:

<site url="10.122.34.99:8080">
+  <compat-mode>IE8Enterprise</compat-mode>
+<site>

+-or- +

For IPv6 ranges:

<site url="[10.122.34.99]:8080">
+  <compat-mode>IE8Enterprise</compat-mode>
+<site>

+Where: +

    +
  • IE8Enterprise. Loads the site in IE8 Enterprise Mode.
    This element is required for sites included in the EmIE section of the v.1 schema and is needed to load in IE8 Enterprise Mode.

    • +

  • IE7Enterprise. Loads the site in IE7 Enterprise Mode.
    This element is required for sites included in the EmIE section of the v.1 schema and is needed to load in IE7 Enterprise Mode.

    Important
    This tag replaces the combination of the `"forceCompatView"="true"` attribute and the list of sites specified in the EmIE section of the v.1 version of the schema.

    • +

  • IE[x]. Where [x] is the document mode number into which the site loads.

    • +

  • Default or not specified. Loads the site using the default compatibility mode for the page. In this situation, X-UA-compatible meta tags or HTTP headers are honored.
    • +
Internet Explorer 11
<open-in>A child element that controls what browser is used for sites. This element supports the Open in IE11 or Open in Microsoft Edge experiences, for devices running Windows 10. +

Example +

+<site url="contoso.com">
+  <open-in>none</open-in>
+</site>

+Where: +

    +
  • IE11. Opens the site in IE11, regardless of which browser is opened by the employee.

    • +

  • MSEdge. Opens the site in Microsoft Edge, regardless of which browser is opened by the employee.

    • +

  • None or not specified. Opens in whatever browser the employee chooses.
    • +
Internet Explorer 11 and Microsoft Edge
+ +### Updated schema attributes +The <url> attribute, as part of the <site> element in the v.2 version of the schema, replaces the <domain> element from the v.1 version of the schema. + + + + + + + + + + + + + + + + + + + + + + + + + +
AttributeDescriptionSupported browser
allow-redirectA boolean attribute of the <open-in> element that controls the behavior for redirected sites. Setting this attribute to "true" indicates that the site will open in IE11 or Microsoft Edge even if the site is navigated to as part of a HTTP or meta refresh redirection chain. Omitting the attribute is equivalent to "false" (sites in redirect chain will not open in another browser). +

Example +

+<site url="contoso.com/travel">
+  <open-in allow-redirect="true">IE11</open-in>
+</site>
+In this example, if https://contoso.com/travel is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer.		Internet Explorer 11 and Microsoft Edge
versionSpecifies the version of the Enterprise Mode Site List. This attribute is supported for the <site-list> element.Internet Explorer 11 and Microsoft Edge
urlSpecifies the URL (and port number using standard port conventions) to which the child elements apply. The URL can be a domain, sub-domain, or any path URL. +
Note
+Make sure that you don't specify a protocol. Using <site url="contoso.com"> applies to both https://contoso.com and https://contoso.com. +

Example +

+<site url="contoso.com:8080">
+  <compat-mode>IE8Enterprise</compat-mode>
+  <open-in>IE11</open-in>
+</site>
+In this example, going to https://contoso.com:8080 using Microsoft Edge, causes the site to open in IE11 and load in IE8 Enterprise Mode.		Internet Explorer 11 and Microsoft Edge
+ +### Deprecated attributes +These v.1 version schema attributes have been deprecated in the v.2 version of the schema: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Deprecated attributeNew attributeReplacement example
<forceCompatView><compat-mode>Replace <forceCompatView="true"> with <compat-mode>IE7Enterprise</compat-mode>
<docMode><compat-mode>Replace <docMode="IE5"> with <compat-mode>IE5</compat-mode>
<doNotTransition><open-in>Replace <doNotTransition="true"> with <open-in>none</open-in>
<domain> and <path><site>Replace: +
+<emie>
+  <domain exclude="false">contoso.com</domain>
+</emie>
+With: +
+<site url="contoso.com"/>
+  <compat-mode>IE8Enterprise</compat-mode>
+</site>
+-AND-

+Replace: +

+<emie>
+  <domain exclude="true">contoso.com
+     <path exclude="false" forceCompatView="true">/about</path>
+  </domain>
+</emie>
+With: +
+<site url="contoso.com/about">
+  <compat-mode>IE7Enterprise</compat-mode>
+</site>
+ +While the old, replaced attributes aren't supported in the v.2 version of the schema, they'll continue to work in the v.1 version of the schema. If, however, you're using the v.2 version of the schema and these attributes are still there, the v.2 version schema takes precedence. We don’t recommend combining the two schemas, and instead recommend that you move to the v.2 version of the schema to take advantage of the new features. + +**Important**
+Saving your v.1 version of the file using the new Enterprise Mode Site List Manager (schema v.2) automatically updates the XML to the new v.2 version of the schema. + +### What not to include in your schema +We recommend that you not add any of the following items to your schema because they can make your compatibility list behave in unexpected ways: + +- Don’t use protocols. For example, https://, https://, or custom protocols. They break parsing. +- Don’t use wildcards. +- Don’t use query strings, ampersands break parsing. + +## Related topics +- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md) + + + + diff --git a/browsers/enterprise-mode/enterprise-mode-site-list-mgr-portal-tools-include.md b/browsers/enterprise-mode/enterprise-mode-site-list-mgr-portal-tools-include.md new file mode 100644 index 0000000000..f1c67006ba --- /dev/null +++ b/browsers/enterprise-mode/enterprise-mode-site-list-mgr-portal-tools-include.md @@ -0,0 +1,36 @@ +## Enterprise Mode Site List Manager and the Enterprise Mode Site List Portal tools +You can build and manage your Enterprise Mode Site List is by using any generic text editor. However, we’ve also provided a couple tools that can make that process even easier. + +### Enterprise Mode Site List Manager +This tool helps you create error-free XML documents with simple n+1 versioning and URL verification. We recommend using this tool if your site list is relatively small. For more info about this tool, see the [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md) topics. + +There are 2 versions of this tool, both supported on Windows 7, Windows 8.1, and Windows 10: + +- [Enterprise Mode Site List Manager (schema v.1)](https://www.microsoft.com/download/details.aspx?id=42501). This is an older version of the schema that you must use if you want to create and update your Enterprise Mode Site List for devices running the v.1 version of the schema. + + We strongly recommend moving to the new schema, v.2. For more info, see [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md). + +- [Enterprise Mode Site List Manager (schema v.2)](https://www.microsoft.com/download/details.aspx?id=49974). The updated version of the schema, including new functionality. You can use this version of the schema to create and update your Enterprise Mode Site List for devices running the v.2 version of the schema. + + If you open a v.1 version of your Enterprise Mode Site List using this version, it will update the schema to v.2, automatically. For more info, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md). + +If your list is too large to add individual sites, or if you have more than one person managing the site list, we recommend using the Enterprise Site List Portal. + +### Enterprise Mode Site List Portal +The [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal) is an open-source web tool on GitHub that allows you to manage your Enterprise Mode Site List, hosted by the app, with multiple users. The portal is designed to use IIS and a SQL Server backend, leveraging Active Directory (AD) for employee management. + +In addition to all the functionality of the Enterprise Mode Site List Manager tool, the Enterprise Mode Site List Portal helps you: + +- Manage site lists from any device supporting Windows 7 or greater. + +- Submit change requests. + +- Operate offline through an on-premise solution. + +- Provide role-based governance. + +- Test configuration settings before releasing to a live environment. + +Updates to your site list are made by submitting new change requests, which are then approved by a designated group of people, put into a pre-production environment for testing, and then deployed immediately, or scheduled for deployment later. + +Because the tool is open-source, the source code is readily available for examination and experimentation. We encourage you to [fork the code, submit pull requests, and send us your feedback](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal)! For more info about the Enterprise Mode Site List Portal, see the [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md) topics. \ No newline at end of file diff --git a/browsers/enterprise-mode/enterprise-mode-site-list-mgr-versions-include.md b/browsers/enterprise-mode/enterprise-mode-site-list-mgr-versions-include.md new file mode 100644 index 0000000000..4ead83795d --- /dev/null +++ b/browsers/enterprise-mode/enterprise-mode-site-list-mgr-versions-include.md @@ -0,0 +1,7 @@ +## Enterprise Mode Site List Manager versions +There are currently two versions of the Enterprise Site List Manager, both based on your schema and operating system. Download the [Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) or the [Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378) tool, based on your operating system. + +|Schema version |Operating system |Enterprise Site List Manager version | +|-----------------|---------------|------------------------------------| +|Enterprise Mode schema, version 2 (v.2) |Windows 10
-OR-
Windows 8.1
-OR-
Windows 7|Uses the Enterprise Mode Site List Manager (schema v.2) and the v.2 version of the schema. If you import a v.1 version schema into the Enterprise Mode Site List Manager (schema v.2), the XML is saved into the v.2 version of the schema.

For more info about the v.2 version of the schema, see [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md).| +|Enterprise Mode schema, version 1 (v.1) |Windows 10
-OR-
Windows 8.1
-OR-
Windows 7|Uses the Enterprise Mode Site List Manager (schema v.1) and the v.1 version of the schema.

For more info about the v.1 version of the schema, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md)| \ No newline at end of file diff --git a/browsers/enterprise-mode/enterprise-mode.md b/browsers/enterprise-mode/enterprise-mode.md new file mode 100644 index 0000000000..663a632588 --- /dev/null +++ b/browsers/enterprise-mode/enterprise-mode.md @@ -0,0 +1,57 @@ +--- +ms.localizationpriority: low +ms.mktglfcycl: deploy +ms.pagetype: security +description: Use this section to learn about how to turn on Enterprise Mode. +author: shortpatti +ms.author: pashort +ms.prod: edge, ie11 +ms.assetid: +title: Enterprise Mode for Microsoft Edge +ms.sitesec: library +ms.date: '' +--- + +# Enterprise Mode for Microsoft Edge +Enterprise Mode, a compatibility mode that runs on Internet Explorer 11 on Windows 10, Windows 8.1, and Windows 7 devices, lets websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8. Running in this mode helps to avoid many of the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer. + +Many customers identify web app compatibility as a significant cost to upgrading because web apps need to be tested and upgraded before adopting a new browser. The improved compatibility provided by Enterprise Mode can help give customers the confidence to upgrade to IE11, letting customers benefit from modern web standards, increased performance, improved security, and better reliability. + +## Available dual-browser experiences + + +## Enterprise Mode features + + + + +## Enterprise Mode Site List management tools +...description of what you can do with these tools; also specify if you must use both or if each tool works independently and no dependencies on the other tool... I think these tools are for two different scenarios... + +You can build and manage your Enterprise Mode Site List is by using any generic text editor. However, we’ve also provided a couple of tools that can make that process even easier. + +| | | +|---------|---------| +|Enterprise Mode Site List Manager |Use if your site list is relatively small. | +|Enterprise Mode Site List Portal |Use if your site list is too large to add individual sites, or if you have more than one person managing the sites. | + +### Enterprise Mode Site List Manager + + +### Enterprise Mode Site List Portal + + + +## Enterprise Mode Site List XML file +[!INCLUDE [enterprise-mode-and-enterprise-site-list-include](enterprise-mode-and-enterprise-site-list-include.md)] + + +## Turn on Enterprise Mode + + +### Add a single site to the site list + + +### Add mulitple sites to the site list + + diff --git a/browsers/enterprise-mode/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md new file mode 100644 index 0000000000..8e779574c1 --- /dev/null +++ b/browsers/enterprise-mode/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md @@ -0,0 +1,46 @@ +--- +ms.localizationpriority: low +ms.mktglfcycl: deploy +ms.pagetype: appcompat +description: After you create your Enterprise Mode site list in the Enterprise Mode Site List Manager, you can export the contents to an Enterprise Mode (.EMIE) file. +author: eross-msft +ms.prod: ie11 +ms.assetid: 9ee7c13d-6fca-4446-bc22-d23a0213a95d +title: Export your Enterprise Mode site list from the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros) +ms.sitesec: library +ms.date: 07/27/2017 +--- + + +# Export your Enterprise Mode site list from the Enterprise Mode Site List Manager + +**Applies to:** + +- Windows 10 +- Windows 8.1 +- Windows 7 +- Windows Server 2012 R2 +- Windows Server 2008 R2 with Service Pack 1 (SP1) + +After you create your Enterprise Mode site list in the Enterprise Mode Site List Manager, you can export the contents to an Enterprise Mode (.EMIE) file. This file includes all of your URLs, including your compatibility mode selections and should be stored somewhere safe. If your list gets deleted by mistake you can easily import this file and return everything back to when this file was last saved. + +**Important**
  +This file is not intended for distribution to your managed devices. Instead, it is only for transferring data and comments from one manager to another. For example, if one administrator leaves and passes the existing data to another administrator. Internet Explorer doesn’t read this file. + + **To export your compatibility list** + +1. On the **File** menu of the Enterprise Mode Site List Manager, click **Export**. + +2. Export the file to your selected location. For example, `C:\Users\\Documents\sites.emie`. + +## Related topics + +- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) +- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378) +- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md) +  + +  + + + diff --git a/browsers/enterprise-mode/images/config-enterprise-site-list.png b/browsers/enterprise-mode/images/config-enterprise-site-list.png new file mode 100644 index 0000000000..82ffc30895 Binary files /dev/null and b/browsers/enterprise-mode/images/config-enterprise-site-list.png differ diff --git a/browsers/enterprise-mode/images/enterprise-mode-value-data.png b/browsers/enterprise-mode/images/enterprise-mode-value-data.png new file mode 100644 index 0000000000..9e9ece9c1a Binary files /dev/null and b/browsers/enterprise-mode/images/enterprise-mode-value-data.png differ diff --git a/browsers/enterprise-mode/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md new file mode 100644 index 0000000000..963880eb75 --- /dev/null +++ b/browsers/enterprise-mode/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md @@ -0,0 +1,45 @@ +--- +ms.localizationpriority: low +ms.mktglfcycl: deploy +ms.pagetype: appcompat +description: Instructions about how to clear all of the sites from your global Enterprise Mode site list. +author: eross-msft +ms.prod: ie11 +ms.assetid: 90f38a6c-e0e2-4c93-9a9e-c425eca99e97 +title: Remove all sites from your Enterprise Mode site list using the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros) +ms.sitesec: library +ms.date: 07/27/2017 +--- + + +# Remove all sites from your Enterprise Mode site list using the Enterprise Mode Site List Manager + +**Applies to:** + +- Windows 10 +- Windows 8.1 +- Windows 7 +- Windows Server 2012 R2 +- Windows Server 2008 R2 with Service Pack 1 (SP1) + +You can clear all of the sites from your global Enterprise Mode site list. + +**Important**   +This is a permanent removal and erases everything. However, if you determine it was a mistake, and you saved an XML copy of your list, you can add the file again by following the steps in the [Add multiple sites to the Enterprise Mode site list using a file and Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md) or [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md), depending on your operating system. + + **To clear your compatibility list** + +1. On the **File** menu of the Enterprise Mode Site List Manager, click **Clear list**. + +2. Click **Yes** in the warning message.

Your sites are all cleared from your list. + +## Related topics +- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) +- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378) +- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md) +  + +  + + + diff --git a/browsers/enterprise-mode/remove-sites-from-a-local-compatibililty-view-list.md b/browsers/enterprise-mode/remove-sites-from-a-local-compatibililty-view-list.md new file mode 100644 index 0000000000..546fe2133e --- /dev/null +++ b/browsers/enterprise-mode/remove-sites-from-a-local-compatibililty-view-list.md @@ -0,0 +1,39 @@ +--- +ms.localizationpriority: low +ms.mktglfcycl: deploy +ms.pagetype: appcompat +description: Instructions about how to remove sites from a local compatibility view list. +author: eross-msft +ms.prod: ie11 +ms.assetid: f6ecaa75-ebcb-4f8d-8721-4cd6e73c0ac9 +title: Remove sites from a local compatibility view list (Internet Explorer 11 for IT Pros) +ms.sitesec: library +ms.date: 07/27/2017 +--- + + +# Remove sites from a local compatibility view list + +**Applies to:** + +- Windows 10 +- Windows 8.1 +- Windows 7 +- Windows Server 2012 R2 +- Windows Server 2008 R2 with Service Pack 1 (SP1) + +Remove websites that were added to a local compatibility view list by mistake or because they no longer have compatibility problems. + + **To remove sites from a local compatibility view list** + +1. Open Internet Explorer 11, click **Tools**, and then click **Compatibility View Settings**. + +2. Pick the site to remove, and then click **Remove**.

+Sites can only be removed one at a time. If one is removed by mistake, it can be added back using this same box and the **Add** section. + +  + +  + + + diff --git a/browsers/enterprise-mode/remove-sites-from-a-local-enterprise-mode-site-list.md b/browsers/enterprise-mode/remove-sites-from-a-local-enterprise-mode-site-list.md new file mode 100644 index 0000000000..8b15e9ddd5 --- /dev/null +++ b/browsers/enterprise-mode/remove-sites-from-a-local-enterprise-mode-site-list.md @@ -0,0 +1,55 @@ +--- +ms.localizationpriority: low +ms.mktglfcycl: deploy +ms.pagetype: appcompat +description: Instructions about how to remove sites from a local Enterprise Mode site list. +author: eross-msft +ms.prod: ie11 +ms.assetid: c7d6dd0b-e264-42bb-8c9d-ac2f837018d2 +title: Remove sites from a local Enterprise Mode site list (Internet Explorer 11 for IT Pros) +ms.sitesec: library +ms.date: 07/27/2017 +--- + + +# Remove sites from a local Enterprise Mode site list + +**Applies to:** + +- Windows 10 +- Windows 8.1 +- Windows 7 +- Windows Server 2012 R2 +- Windows Server 2008 R2 with Service Pack 1 (SP1) + +Remove websites that were added to a local Enterprise Mode site list by mistake or because the sites no longer have compatibility problems. + +**Note**
The changes described in this topic only impact sites added to a local Enterprise Mode site list and not the list of sites deployed to all employees by an administrator. Employees can't delete sites added to the list by an administrator. + +  **To remove single sites from a local Enterprise Mode site list** + +1. Open Internet Explorer 11 and go to the site you want to remove. + +2. Click **Tools**, and then click **Enterprise Mode**.

+The checkmark disappears from next to Enterprise Mode and the site is removed from the list. + +**Note**
If the site is removed by mistake, it can be added back by clicking **Enterprise Mode** again. + + **To remove all sites from a local Enterprise Mode site list** + +1. Open IE11, click **Tools**, and then click **Internet options**. + +2. Click the **Delete** button from the **Browsing history** area. + +3. Click the box next to **Cookies and website data**, and then click **Delete**. + +**Note**
This removes all of the sites from a local Enterprise Mode site list. + +   + +  + +  + + + diff --git a/browsers/enterprise-mode/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md new file mode 100644 index 0000000000..7ec1867c5b --- /dev/null +++ b/browsers/enterprise-mode/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md @@ -0,0 +1,43 @@ +--- +ms.localizationpriority: low +ms.mktglfcycl: deploy +ms.pagetype: appcompat +description: You can save your current Enterprise Mode compatibility site list as an XML file, for distribution and use by your managed systems. +author: eross-msft +ms.prod: ie11 +ms.assetid: 254a986b-494f-4316-92c1-b089ee8b3e0a +title: Save your site list to XML in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros) +ms.sitesec: library +ms.date: 07/27/2017 +--- + + +# Save your site list to XML in the Enterprise Mode Site List Manager + +**Applies to:** + +- Windows 10 +- Windows 8.1 +- Windows 7 +- Windows Server 2012 R2 +- Windows Server 2008 R2 with Service Pack 1 (SP1) + +You can save your current Enterprise Mode compatibility site list as an XML file, for distribution and use by your managed systems. + + **To save your list as XML** + +1. On the **File** menu of the Enterprise Mode Site List Manager, click **Save to XML**. + +2. Save the file to the location you specified in your Enterprise Mode registry key, set up when you turned on Enterprise Mode for use in your company. For information about the Enterprise Mode registry key, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).

+The first time a user starts Internet Explorer 11 on a managed device; Internet Explorer will look for a new version of the site list at the specified location. If the browser finds an updated site list, IE downloads the new XML site list and uses it. + +## Related topics +- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) +- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378) +- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md) +  + +  + + + diff --git a/browsers/enterprise-mode/schedule-production-change-enterprise-mode-portal.md b/browsers/enterprise-mode/schedule-production-change-enterprise-mode-portal.md new file mode 100644 index 0000000000..f49ad80a75 --- /dev/null +++ b/browsers/enterprise-mode/schedule-production-change-enterprise-mode-portal.md @@ -0,0 +1,50 @@ +--- +ms.localizationpriority: low +ms.mktglfcycl: deploy +ms.pagetype: appcompat +description: Details about how Administrators can schedule approved change requests for production in the Enterprise Mode Site List Portal. +author: eross-msft +ms.prod: ie11 +title: Schedule approved change requests for production using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros) +ms.sitesec: library +ms.date: 07/27/2017 +--- + +# Schedule approved change requests for production using the Enterprise Mode Site List Portal + +**Applies to:** + +- Windows 10 +- Windows 8.1 +- Windows 7 +- Windows Server 2012 R2 +- Windows Server 2008 R2 with Service Pack 1 (SP1) + +After a change request is approved, the original Requester can schedule the change for the production environment. The change can be immediate or set for a future time. + +**To schedule an immediate change** +1. The Requester logs onto the Enterprise Mode Site List Portal and clicks **In Progress** from the left pane. + +2. The Requester clicks the **Approved** status for the change request. + + The **Schedule changes** page appears. + +3. The Requester clicks **Now**, and then clicks **Save**. + + The update is scheduled to immediately update the production environment, and an email is sent to the Requester. After the update finishes, the Requester is asked to verify the changes. + + +**To schedule the change for a different day or time** +1. The Requester logs onto the Enterprise Mode Site List Portal and clicks **In Progress** from the left pane. + +2. The Requester clicks the **Approved** status for the change request. + + The **Schedule changes** page appears. + +3. The Requester clicks **Schedule**, sets the **Preferred day**, **Preferred start time**, and the **Preferred end time**, and then clicks **Save**. + + The update is scheduled to update the production environment on that day and time and an email is sent to the Requester. After the update finishes, the Requester will be asked to verify the changes. + + +## Next steps +After the update to the production environment completes, the Requester must again test the change. If the testing succeeds, the Requester can sign off on the change request. If the testing fails, the Requester can contact the Administrator group for more help. For the production environment testing steps, see the [Verify the change request update in the production environment using the Enterprise Mode Site List Portal](verify-changes-production-enterprise-mode-portal.md) topic. \ No newline at end of file diff --git a/browsers/enterprise-mode/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md new file mode 100644 index 0000000000..5292cf3570 --- /dev/null +++ b/browsers/enterprise-mode/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md @@ -0,0 +1,41 @@ +--- +ms.localizationpriority: low +ms.mktglfcycl: deploy +ms.pagetype: appcompat +description: Search to see if a specific site already appears in your global Enterprise Mode site list. +author: eross-msft +ms.prod: ie11 +ms.assetid: e399aeaf-6c3b-4cad-93c9-813df6ad47f9 +title: Search your Enterprise Mode site list in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros) +ms.sitesec: library +ms.date: 07/27/2017 +--- + + +# Search your Enterprise Mode site list in the Enterprise Mode Site List Manager + +**Applies to:** + +- Windows 10 +- Windows 8.1 +- Windows 7 +- Windows Server 2012 R2 +- Windows Server 2008 R2 with Service Pack 1 (SP1) + +You can search to see if a specific site already appears in your global Enterprise Mode site list so you don’t try to add it again. + + **To search your compatibility list** + +- From the Enterprise Mode Site List Manager, type part of the URL into the **Search** box.

+The search query searches all of the text. For example, entering *“micro”* will return results like, www.microsoft.com, microsoft.com, and microsoft.com/images. Wildcard characters aren’t supported. + +## Related topics +- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) +- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378) +- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md) +  + +  + + + diff --git a/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md b/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md new file mode 100644 index 0000000000..b67d27b563 --- /dev/null +++ b/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md @@ -0,0 +1,157 @@ +--- +ms.localizationpriority: low +ms.mktglfcycl: deploy +ms.pagetype: appcompat +description: Set up and turn on Enterprise Mode logging and data collection in your organization. +author: eross-msft +ms.prod: ie11 +ms.assetid: 2e98a280-f677-422f-ba2e-f670362afcde +title: Set up Enterprise Mode logging and data collection (Internet Explorer 11 for IT Pros) +ms.sitesec: library +ms.date: 07/27/2017 +--- + + +# Set up Enterprise Mode logging and data collection + +**Applies to:** + +- Windows 10 +- Windows 8.1 +- Windows 7 +- Windows Server 2012 R2 +- Windows Server 2008 R2 with Service Pack 1 (SP1) + +Using Group Policy, you can turn on Enterprise Mode for Internet Explorer and then you can turn on local user control using the **Let users turn on and use Enterprise Mode from the Tools menu** setting, located in the `Administrative Templates\Windows Components\Internet Explorer` category path. After you turn this setting on, your users can turn on Enterprise Mode locally, from the IE **Tools** menu. + +![enterprise mode option on the tools menu](images/ie-emie-toolsmenu.png) + +The **Let users turn on and use Enterprise Mode from the Tools menu** setting also lets you decide where to send the user reports (as a URL). We recommend creating a custom HTTP port 81 to let your incoming user information go to a dedicated site. A dedicated site is important so you can quickly pick out the Enterprise Mode traffic from your other website traffic. + +![group policy to turn on enterprise mode](images/ie-emie-grouppolicy.png) + +Getting these reports lets you find out about sites that aren’t working right, so you can add them to your Enterprise Mode site list, without having to locate them all yourself. For more information about creating and using a site list, see the [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md) or the [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md) topic, based on your operating system. + +## Using ASP to collect your data +When you turn logging on, you need a valid URL that points to a server that can be listened to for updates to a user’s registry key. This means you need to set up an endpoint server for the incoming POST messages, which are sent every time the user turns Enterprise Mode on or off from the **Tools** menu. + + **To set up an endpoint server** + +1. Configure an IIS server to work with your Enterprise Mode data collection process. If you’re unsure how to set up IIS, see the [IIS installation webpage](https://go.microsoft.com/fwlink/p/?LinkId=507609). + +2. Open Internet Information Services (IIS) and turn on the ASP components from the **Add Roles and Features Wizard**, **Server Roles** page.

+This lets you create an ASP form that accepts the incoming POST messages. + +3. Open the Internet Information Services (IIS) Manager, click **Bindings**, highlight **Port 81**, click **Edit**, and then change the website information to point to Port 81 so it matches your custom-created port. + + ![IIS Manager, editing website bindings](images/ie-emie-editbindings.png) + +4. Open the **Logging** feature, pick **W3C** for the format, and click **Select Fields** to open the **W3C Logging Fields** box. + + ![IIS Manager, setting logging options](images/ie-emie-logging.png) + +5. Change the WC3 logging fields to include only the **Date**, **Client IP**, **User Name**, and **URI Query** standard fields, and then click **OK**.

+Using only these fields keeps the log file simple, giving you the date, client IP address, and the website URI information for any site changed by your users. + +6. Apply these changes to your default website and close the IIS Manager. + +7. Put your EmIE.asp file into the root of the web server, using this command: + + ``` + <% @ LANGUAGE=javascript %> + <% + Response.AppendToLog(" ;" + Request.Form("URL") + " ;" + Request.Form("EnterpriseMode")); + %> + ``` +This code logs your POST fields to your IIS log file, where you can review all of the collected data. + + +### IIS log file information +This is what your log files will look like after you set everything up and at least one of your users has turned on Enterprise Mode locally from the **Tools** menu. You can see the URL of the problematic website and client IP address of the user that turned on Enterprise Mode. + +![Enterprise Mode log file](images/ie-emie-logfile.png) + + +## Using the GitHub sample to collect your data +Microsoft has created the [EMIE-Data-Collection_Sample](https://go.microsoft.com/fwlink/p/?LinkId=507401) that shows how to collect your Enterprise Mode reports. This sample only shows how to collect data, it doesn’t show how to aggregate the data into your Enterprise Mode site list.

+This sample starts with you turning on Enterprise Mode and logging (either through Group Policy, or by manually setting the EnterpriseMode registry key) so that your users can use Enterprise Mode locally. For the steps to do this, go to [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md). + +**Note**
If you decide to manually change the registry key, you can change the **Enable** setting to `[deployment url]/api/records/`, which automatically sends your reports to this page. + +### Setting up, collecting, and viewing reports +For logging, you’re going to need a valid URL that points to a server that can be listened to for updates to a user’s registry key. This means you need to set up an endpoint server for the incoming POST messages, which are sent every time the user turns Enterprise Mode on or off from the **Tools** menu. These POST messages go into your database, aggregating the report data by URL, giving you the total number of reports where users turned on Enterprise Mode, the total number of reports where users turned off Enterprise Mode, and the date of the last report. + + **To set up the sample** + +1. Set up a server to collect your Enterprise Mode information from your users. + +2. Go to the Internet Explorer/[EMIE-Data_Collection_Sample](https://go.microsoft.com/fwlink/p/?LinkId=507401) page on GitHub and tap or click the **Download ZIP** button to download the complete project. + +3. Open Microsoft Visual Studio 2013 with Update 2, and then open the PhoneHomeSample.sln file. + +4. On the **Build** menu, tap or click **Build Solution**.

+The required packages are automatically downloaded and included in the solution. + + **To set up your endpoint server** + +1. Right-click on the name, PhoneHomeSample, and click **Publish**. + + ![Visual Studio, Publish menu](images/ie-emie-publishsolution.png) + +2. In the **Publish Web** wizard, pick the publishing target and options that work for your organization. + + **Important**
+ Make sure you have a database associated with your publishing target. Otherwise, your reports won’t be collected and you’ll have problems deploying the website.  + + ![Visual Studio, Publish Web wizard](images/ie-emie-publishweb.png) + + After you finish the publishing process, you need to test to make sure the app deployed successfully. + + **To test, deploy, and use the app** + +1. Open a registry editor on the computer where you deployed the app, go to the `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode` key, and change the **Enable** string to: + + ``` "Enable"="https:///api/records/" + ``` + Where `` points to your deployment URL. + +2. After you’re sure your deployment works, you can deploy it to your users using one of the following: + + - Turn on the **Let users turn on and use Enterprise Mode from the Tools menu** Group Policy setting, putting your `` information into the **Options** box. + + - Deploy the registry key in Step 3 using System Center or other management software. + +3. Get your users to visit websites, turning Enterprise Mode on or off locally, as necessary. + + **To view the report results** + +- Go to `https:///List` to see the report results.

+If you’re already on the webpage, you’ll need to refresh the page to see the results. + + ![Enterprise Mode Result report with details](images/ie-emie-reportwdetails.png) + + +### Troubleshooting publishing errors +If you have errors while you’re publishing your project, you should try to update your packages. + + **To update your packages** + +1. From the **Tools** menu of Microsoft Visual Studio, click **NuGet Package Manager**, and click **Manage NuGet Packages for Solution**. + + ![Nuget Package Manager for package updates](images/ie-emie-packageupdate.png) + +2. Click **Updates** on the left side of the tool, and click the **Update All** button.

+You may need to do some additional package cleanup to remove older package versions. + +## Related topics +- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) +- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378) +- [What is Enterprise Mode?](what-is-enterprise-mode.md) +- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md) +- [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md) +  + +  + + + diff --git a/browsers/enterprise-mode/set-up-enterprise-mode-portal.md b/browsers/enterprise-mode/set-up-enterprise-mode-portal.md new file mode 100644 index 0000000000..fe5fe752fc --- /dev/null +++ b/browsers/enterprise-mode/set-up-enterprise-mode-portal.md @@ -0,0 +1,232 @@ +--- +ms.localizationpriority: low +ms.mktglfcycl: deploy +ms.pagetype: appcompat +description: Details about how to set up the Enterprise Mode Site List Portal for your organization. +author: eross-msft +ms.prod: ie11 +title: Set up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros) +ms.sitesec: library +ms.date: 07/27/2017 +--- + +# Set up the Enterprise Mode Site List Portal + +**Applies to:** + +- Windows 10 +- Windows 8.1 +- Windows 7 +- Windows Server 2012 R2 +- Windows Server 2008 R2 with Service Pack 1 (SP1) + +The Enterprise Mode Site List Portal is an open-source web tool on GitHub that allows you to manage your Enterprise Mode Site List, hosted by the app, with multiple users. The portal is designed to use IIS and a SQL Server backend, leveraging Active Directory (AD) for employee management. Updates to your site list are made by submitting new change requests, which are then approved by a designated group of people, put into a pre-production environment for testing, and then deployed immediately, or scheduled for deployment later. + +Before you can begin using the Enterprise Mode Site List Portal, you must set up your environment. + +## Step 1 - Copy the deployment folder to the web server +You must download the deployment folder (**EMIEWebPortal/**), which includes all of the source code for the website, from the [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal) site to your web server. + +**To download the source code** +1. Download the deployment folder from the [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal) source code to your web server. + +2. Install the Node.js® package manager, [npm](https://www.npmjs.com/). + + >[!Note] + >You need to install the npm package manager to replace all the third-party libraries we removed to make the Enterprise Mode Site List Portal open-source. + +3. Open File Explorer and then open the **EMIEWebPortal/** folder. + +4. Press and hold **Shift**, right-click the window, then click **Open PowerShell window here**. + +5. Type _npm i_ into the command prompt, then press **Enter**. + + Installs the npm package manager and bulk adds all the third-party libraries back into your codebase. + +6. Go back up a directory, open the solution file **EMIEWebPortal.sln** in Visual Studio, and then build the entire solution. + +7. Copy the contents of the **EMIEWebPortal/** folder to a dedicated folder on your file system. For example, _D:\EMIEWebApp_. In a later step, you'll designate this folder as your website in the IIS Manager. + +## Step 2 - Create the Application Pool and website, by using IIS +Create a new Application Pool and the website, by using the IIS Manager. + +**To create a new Application Pool** +1. In IIS Manager, expand your local computer in the **Connections** pane, right-click **Application Pools**, then click **Add Application Pool**. + + The **Add Application Pool** box appears. + +2. In the **Add Application Pool** box, enter the following info: + + - **Name.** Type the name of your new application pool. For example, _EMIEWebAppPool_. + + - **.NET CLR version.** Pick the version of .NET CLR used by your application pool from the drop-down box. It must be version 4.0 or higher. + + - **Managed pipeline mode.** Pick **Integrated** from the drop-down box. IIS uses the integrated IIS and ASP.NET request-processing pipeline for managed content. + +3. Click **OK**. + +4. Select your new application pool from the **Application Pool** pane, click **Advanced Settings** from the **Edit Application Pool** area of the **Actions** pane. + + The **Advanced Settings** box appears. + +5. Make sure your **Identity** value is **ApplicationPoolIdentity**, click **OK**, and then close the box. + +6. Open File Explorer and go to your deployment directory, created in Step 1. For example, _D:\EMIEWebApp_. + +7. Right-click on the directory, click **Properties**, and then click the **Security** tab. + +8. Add your new application pool to the list (for example, _IIS AppPool\EMIEWebAppPool_) with **Full control access**, making sure the location searches the local computer. + +9. Add **Everyone** to the list with **Read & execute access**. + +**To create the website** +1. In IIS Manager, expand your local computer in the **Connections** pane, right-click **Sites**, then click **Add Website**. + + The **Add Website** box appears. + +2. In the **Add Website** box, type the name of your website into the **Site name** box. For example, _EMIEWebApp_, and then click **Select**. + + The **Select Application Pool** box appears. + +4. Pick the name of the application pool created earlier in this step, and then click **OK**. For example, _EMIEWebAppPool_. + +5. In the **Physical path** box, browse to your folder that contains your deployment directory. For example, _D:\EMIEWebApp_. + +6. Set up your **Binding**, including your **Binding Type**, **IP address**, and **Port**, as appropriate for your organization. + +7. Clear the **Start Website immediately** check box, and then click **OK**. + +8. In IIS Manager, expand your local computer, and then double-click your new website. For example, _EMIEWebApp_. + + The **<website_name> Home** pane appears. + +9. Double-click the **Authentication** icon, right-click on **Windows Authentication**, and then click **Enable**. + + >[!Note] + >You must also make sure that **Anonymous Authentication** is marked as **Enabled**. + +10. Return to the **<website_name> Home** pane, and double-click the **Connection Strings** icon. + +11. Open the **LOBMergedEntities Connection String** to edit: + + - **Data source.** Type the name of your local computer. + + - **Initial catalog.** The name of your database. + + >[!Note] + >Step 3 of this topic provides the steps to create your database. + +## Step 3 - Create and prep your database +Create a SQL Server database and run our custom query to create the Enterprise Mode Site List tables. + +**To create and prep your database** +1. Start SQL Server Management Studio. + +2. Open **Object Explorer** and then connect to an instance of the SQL Server Database Engine. + +3. Expand the instance, right-click on **Databases**, and then click **New Database**. + +4. Type a database name. For example, _EMIEDatabase_. + +5. Leave all default values for the database files, and then click **OK**. + +6. Open the **DatabaseScripts/Create DB Tables/1_CreateEMIETables.sql** query file, located in the deployment directory. + +7. Replace the database name placeholder with the database name you created earlier. For example, _EMIEDatabase_. + +8. Run the query. + +## Step 4 - Map your Application Pool to a SQL Server role +Map your ApplicationPoolIdentity to your database, adding the db_owner role. + +**To map your ApplicationPoolIdentity to a SQL Server role** +1. Start SQL Server Management Studio and connect to your database. + +2. Expand the database instance and then open the server-level **Security** folder. + + > [!IMPORTANT] + > Make sure you open the **Security** folder at the server level and not for the database. + +3. Right-click **Logins**, and then click **New Login**. + + The **Login-New** dialog box appears. + +4. Type the following into the **Login name** box, based on your server instance type: + + - **Local SQL Server instance.** If you have a local SQL Server instance, where IIS and SQL Server are on the same server, type the name of your Application Pool. For example, _IIS AppPool\EMIEWebAppPool_. + + - **Remote SQL Server instance.** If you have a remote SQL Server instance, where IIS and SQL Server are on different servers, type `Domain\ServerName$`. + + > [!IMPORTANT] + > Don't click **Search** in the **Login name** box. Login name searches will resolve to a ServerName\AppPool Name account and SQL Server Management Studio won't be able to resolve the account's virtual Security ID (SID). + +5. Click **User Mapping** from the **Select a page** pane, click the checkbox for your database (for example, _EMIEDatabase_) from the **Users mapped to this login** pane, and then click **db_owner** from the list of available roles in the **Database role membership** pane. + +6. Click **OK**. + +## Step 5 - Restart the Application Pool and website +Using the IIS Manager, you must restart both your Application Pool and your website. + +**To restart your Application Pool and website** +1. In IIS Manager, expand your local computer in the **Connections** pane, select your website, then click **Restart** from the **Manage Website** pane. + +2. In the **Connections** pane, select your Application Pool, and then click **Recycle** from the **Application Pool Tasks** pane. + +## Step 6 - Registering as an administrator +After you've created your database and website, you'll need to register yourself (or another employee) as an administrator for the Enterprise Mode Site List Portal. + +**To register as an administrator** +1. Open Microsoft Edge and type your website URL into the Address bar. For example, https://emieportal:8085. + +2. Click **Register now**. + +3. Type your name or alias into the **Email** box, making sure it matches the info in the drop-down box. + +4. Click **Administrator** from the **Role** box, and then click **Save**. + +5. Append your website URL with `/#/EMIEAdminConsole` in the Address bar to go to your administrator console. For example, https://emieportal:8085/#/EMIEAdminConsole. + + A dialog box appears, prompting you for the system user name and password. The default user name is EMIEAdmin and the default password is Admin123. We strongly recommend that you change the password by using the **Change password** link as soon as you're done with your first visit. + +6. Select your name from the available list, and then click **Activate**. + +7. Go to the Enterprise Mode Site List Portal Home page and sign in. + +## Step 7 - Configure the SMTP server and port for email notification +After you've set up the portal, you need to configure your SMTP server and port for email notifications from the system. + +**To set up your SMTP server and port for emails** +1. Open Visual Studio, and then open the web.config file from your deployment directory. + +2. Update the SMTP server and port info with your info, using this format: + + ``` + + + ``` +3. Open the **Settings** page in the Enterprise Mode Site List Portal, and then update the email account and password info. + +## Step 8 - Register the scheduler service +Register the EMIEScheduler tool and service for production site list changes. + +**To register the scheduler service** + +1. Open File Explorer and go to EMIEWebPortal.SchedulerService\EMIEWebPortal.SchedulerService in your deployment directory, and then copy the **App_Data**, **bin**, and **Logs** folders to a separate folder. For example, C:\EMIEService\. + + >[!Important] + >If you can't find the **bin** and **Logs** folders, you probably haven't built the Visual Studio solution. Building the solution creates the folders and files. + +2. In Visual Studio start the Developer Command Prompt as an administrator, and then change the directory to the location of the InstallUtil.exe file. For example, _C:\Windows\Microsoft.NET\Framework\v4.0.30319_. + +3. Run the command, `InstallUtil ""`. For example, _InstallUtil "C:\EMIEService\bin\Debug\EMIEWebPortal.SchedulerService.exe"._ + + You'll be asked for your user name and password for the service. + +4. Open the **Run** command, type `Services.msc`, and then start the EMIEScheduler service. + +## Related topics +- [Enterprise Mode Site List Portal source code](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal) + +- [Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md) + +- [Use the Enterprise Mode Site List Manager tool or page](use-the-enterprise-mode-site-list-manager.md) \ No newline at end of file diff --git a/browsers/enterprise-mode/turn-off-enterprise-mode.md b/browsers/enterprise-mode/turn-off-enterprise-mode.md new file mode 100644 index 0000000000..12a4ee7ffd --- /dev/null +++ b/browsers/enterprise-mode/turn-off-enterprise-mode.md @@ -0,0 +1,77 @@ +--- +ms.localizationpriority: low +ms.mktglfcycl: deploy +ms.pagetype: appcompat +description: How to turn Enteprrise Mode off temporarily while testing websites and how to turn it off completely if you no longer want to to use it. +author: eross-msft +ms.prod: ie11 +ms.assetid: 5027c163-71e0-49b8-9dc0-f0a7310c7ae3 +title: Turn off Enterprise Mode (Internet Explorer 11 for IT Pros) +ms.sitesec: library +ms.date: 07/27/2017 +--- + + +# Turn off Enterprise Mode + +**Applies to:** + +- Windows 10 +- Windows 8.1 +- Windows 7 +- Windows Server 2012 R2 +- Windows Server 2008 R2 with Service Pack 1 (SP1) + +It’s important that you test the sites you’re adding, or considering removing, from your Enterprise Mode site list. To make this testing easier, you can turn off the site list or the entire Enterprise Mode functionality. For example, you might have an intranet site on your list that you’ve upgraded to be compatible with the new web standards . If you test the site while the site list is active, Internet Explorer 11 will automatically switch to Enterprise Mode. By turning off the site list, you can see what the page actually looks like and decide whether to remove it from your site list. + +In addition, if you no longer want your users to be able to turn Enterprise Mode on locally, you can remove Enterprise Mode from the local **Tools** menu. + +**Important**
+Turning off both of these features turns off Enterprise Mode for your company. Turning off Enterprise Mode also causes any websites included in your employee’s manual site lists to not appear in Enterprise Mode. + +  **To turn off the site list using Group Policy** + +1. Open your Group Policy editor, like Group Policy Management Console (GPMC). + +2. Go to the **Use the Enterprise Mode IE website list** setting, and then click **Disabled**.

+Enterprise Mode will no longer look for the site list, effectively turning off Enterprise Mode. However, if you previously turned on local control for your employees, Enterprise Mode will still be available from the **Tools** menu. You need to turn that part of the functionality off separately. + + **To turn off local control using Group Policy** + +1. Open your Group Policy editor, like Group Policy Management Console (GPMC). + +2. Go to the **Let users turn on and use Enterprise Mode from the Tools menu** setting, and then click **Disable**. + +3. Enterprise Mode no longer shows up on the **Tools** menu for your employees. However, if you are still using an Enterprise Mode site list, all of the globally listed sites will still appear in Enterprise Mode. If you want to turn off all of Enterprise Mode, you will need to also turn off the site list functionality. + + **To turn off the site list using the registry** + +1. Open a registry editor, such as regedit.exe. + +2. Go to `HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\EnterpriseMode`, and then delete the **SiteList** value.

+You can also use HKEY_LOCAL_MACHINE, depending whether you want to turn off the Enterprise Mode site list for users or for computers. + +3. Close all and restart all instances of Internet Explorer.

+IE11 stops looking at the site list for rendering instructions. However, Enterprise Mode is still available to your users locally (if it was turned on). + + **To turn off local control using the registry** + +1. Open a registry editor, such as regedit.exe. + +2. Go `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode`, and then delete the **Enable** value.

+You can also use HKEY_CURRENT_USER, depending whether you want to turn off Enterprise Mode for users or for computers. + +3. Close and restart all instances of IE.

+Enterprise Mode is no longer a user option on the **Tools** menu in IE11. However, IE11 still looks at the site list (if it was turned on). + +## Related topics +- [What is Enterprise Mode?](what-is-enterprise-mode.md) +- [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md) +- [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md) +- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md) +  + +  + + + diff --git a/browsers/enterprise-mode/turn-on-enterprise-mode-and-use-a-site-list.md b/browsers/enterprise-mode/turn-on-enterprise-mode-and-use-a-site-list.md new file mode 100644 index 0000000000..1a704aa67e --- /dev/null +++ b/browsers/enterprise-mode/turn-on-enterprise-mode-and-use-a-site-list.md @@ -0,0 +1,47 @@ +Before you can use a site list with Enterprise Mode, you must turn the functionality on and set up the system for centralized control. By allowing +centralized control, you can create one global list of websites that render using Enterprise Mode. Approximately 65 seconds after Internet Explorer 11 starts, it looks for a properly formatted site list. If a new site list if found, with a different version number than the active list, IE11 loads and uses the newer version. After the initial check, IE11 won’t look for an updated list again until you restart the browser. + +>[!NOTE] +>We recommend that you store and download your website list from a secure web server (https://), to help protect against data tampering. After the list is downloaded, it's stored locally on your employees' computers so if the centralized file location is unavailable, they can still use Enterprise Mode. + +**Group Policy** + +1. Open your Group Policy editor and go to the **Administrative Templates\\Windows Components\\Microsoft Edge\\Configure the Enterprise Mode Site List** setting.

Turning this setting on also requires you to create and store a site list. + + + +2. Click **Enabled**, and then in the **Options** area, type the location to your site list. + +3. Refresh your policy and then view the affected sites in Microsoft Edge.

The site shows a message in Microsoft Edge, saying that the page needs IE. At the same time, the page opens in IE11; in a new frame if it's not yet running, or in a new tab if it is. + +**Registry** + +All of your managed devices must have access to this location if you want them to be able to access and use Enterprise Mode and your site list. + +1. **To turn on Enterprise Mode for all users on the PC:** Open the registry editor and go to `HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\MicrosoftEdge\Main\EnterpriseMode`. + +2. Edit the `SiteList` registry key to point to where you want to keep your Enterprise Mode site list file.

For example: + + + - **HTTPS location:** `"SiteList"="https://localhost:8080/sites.xml"` + + - **Local network:** `"SiteList"="\\network\shares\sites.xml"` + + - **Local file:** `"SiteList"="file:///c:\\Users\\\\Documents\\testList.xml"` + + > **Example:** + >> _Web URL_ https://localhost:8080/EnterpriseMode.xml + >> + >> _Network Share_ \\NetworkShare.xml (Place this inside the group policy folder on Sysvol) + >> + >> _Drive Letter_ C:.xml + + All of your managed devices must have access to this location if you want them to use Enterprise Mode and your site list. + +3. Refresh the policy in your organization and then view the affected sites in + Microsoft Edge.

The site shows a message in Microsoft Edge, saying that the page needs IE. + At the same time, the page opens in IE11; in a new frame if it is not yet + running, or in a new tab if it is. diff --git a/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md b/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md new file mode 100644 index 0000000000..5781fe3fc0 --- /dev/null +++ b/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md @@ -0,0 +1,61 @@ +--- +ms.localizationpriority: low +ms.mktglfcycl: deploy +ms.pagetype: appcompat +description: Turn on local user control and logging for Enterprise Mode. +author: eross-msft +ms.prod: ie11 +ms.assetid: 6622ecce-24b1-497e-894a-e1fd5a8a66d1 +title: Turn on local control and logging for Enterprise Mode (Internet Explorer 11 for IT Pros) +ms.sitesec: library +ms.date: 07/27/2017 +--- + + +# Turn on local control and logging for Enterprise Mode + +**Applies to:** + +- Windows 10 +- Windows 8.1 +- Windows 7 +- Windows Server 2012 R2 +- Windows Server 2008 R2 with Service Pack 1 (SP1) + +You can turn on local control of Enterprise Mode so that your users can turn Enterprise Mode on from the **Tools** menu. Turning on this feature also adds the **Enterprise** browser profile to the **Emulation** tab of the F12 developer tools. + +Besides turning on this feature, you also have the option to provide a URL for Enterprise Mode logging. If you turn logging on, Internet Explorer initiates a simple POST back to the supplied address, including the URL and a specification that **EnterpriseMode** was turned on or off through the **Tools** menu. + + **To turn on local control of Enterprise Mode using Group Policy** + +1. Open your Group Policy editor and go to the **Administrative Templates\\Windows Components\\Internet Explorer\\Let users turn on and use Enterprise Mode from the Tools menu** setting. + + ![group policy editor with emie setting](images/ie-emie-editpolicy.png) + +2. Click **Enabled**, and then in the **Options** area, type the location for where to receive reports about when your employees use this functionality to turn Enterprise Mode on or off from the **Tools** menu. + + **To turn on local control of Enterprise Mode using the registry** + +1. Open a registry editor, like regedit.exe and go to `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode`. + +2. In the right pane, right-click and click **New**, click **String Value**, and then name the new value **Enable**. + +3. Right-click the **Enable** key, click **Modify**, and then type a **Value data** to point to a server that you can listen to for updates. + + ![edit registry string for data collection location](images/ie-emie-editregistrystring.png) + +Your **Value data** location can be any of the following types: + +- **URL location (like, https://www.emieposturl.com/api/records or https://localhost:13000)**. IE sends a POST message to the URL every time a change is made to Enterprise Mode from the **Tools** menu.

**Important**
+The `https://www.emieposturl.com/api/records` example will only work if you’ve downloaded the sample discussed in the [Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md) topic. If you don’t have the sample, you won’t have the web API. +- **Local network location (like, https://*emieposturl*/)**. IE sends a POST message to your specified local network location every time a change is made to Enterprise Mode from the **Tools** menu. +- **Empty string**. If you leave the **Value data** box blank; your employees will be able to turn Enterprise Mode on and off from the **Tools** menu, but you won’t collect any logging data. + +For information about how to collect the data provided when your employees turn Enterprise Mode on or off from the **Tools** menu, see [Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md). + +  + +  + + + diff --git a/browsers/enterprise-mode/use-the-enterprise-mode-portal.md b/browsers/enterprise-mode/use-the-enterprise-mode-portal.md new file mode 100644 index 0000000000..d57c5f411b --- /dev/null +++ b/browsers/enterprise-mode/use-the-enterprise-mode-portal.md @@ -0,0 +1,80 @@ +--- +ms.localizationpriority: low +ms.mktglfcycl: deploy +ms.pagetype: appcompat +description: Use the topics in this section to learn about how to use the Enterprise Mode Site List Portal. +ms.prod: ie11 +title: Use the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros) +ms.sitesec: library +ms.date: 07/27/2017 +--- + +# Use the Enterprise Mode Site List Portal + +**Applies to:** + +- Windows 10 +- Windows 8.1 +- Windows 7 +- Windows Server 2012 R2 +- Windows Server 2008 R2 with Service Pack 1 (SP1) + +Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer. + +The Enterprise Mode Site List Portal is an open-source web tool on GitHub that allows you to manage your Enterprise Mode Site List, hosted by the app, with multiple users. The portal is designed to use IIS and a SQL Server backend, leveraging Active Directory (AD) for employee management. Updates to your site list are made by submitting new change requests, which are then approved by a designated group of people, put into a pre-production environment for testing, and then deployed immediately, or scheduled for deployment later. + +You can use IE11 and the Enterprise Mode Site List Portal to manage your Enterprise Mode Site List, hosted by the app, with multiple users. + +## Minimum system requirements for portal and test machines +Some of the components in this table might also need additional system resources. Check the component's documentation for more information. + +|Item |Description | +|-----|------------| +|Operating system |Windows 7 or later | +|Memory |16 GB RAM | +|Hard drive space |At least 8 GB of free space, formatted using the NTFS file system for better security | +|Active Directory (AD) |Devices must be domain-joined | +|SQL Server |Microsoft SQL Server Enterprise Edition 2012 or later | +|Visual Studio |Visual Studio 2015 or later | +|Node.js® package manager |npm Developer version or higher | +|Additional server infrastructure |Internet Information Service (IIS) 6.0 or later | + +## Role assignments and available actions +Admins can assign roles to employees for the Enterprise Mode Site List Portal, allowing the employees to perform specific actions, as described in this table. + +|Role assignment |Available actions | +|----------------|------------------| +|Requester |

  • Create a change request


  • Validate changes in the pre-production environment


  • Rollback pre-production and production changes in case of failure


  • Send approval requests


  • View own requests


  • Sign off and close own requests
| +|Approver

(includes the App Manager and Group Head roles) |
  • All of the Requester actions, plus:


  • Approve requests
| +|Administrator |
  • All of the Requester and Approver actions, plus:


  • Add employees to the portal


  • Assign employee roles


  • Approve registrations to the portal


  • Configure portal settings (for example, determine the freeze schedule, determine the pre-production and production XML paths, and determine the attachment upload location)


  • Use the standalone Enterprise Mode Site List Manager page


  • View reports
| + +## Enterprise Mode Site List Portal workflow by employee role +The following workflow describes how to use the Enterprise Mode Site List Portal. + +1. [The Requester submits a change request for an app](create-change-request-enterprise-mode-portal.md) + +2. [The Requester tests the change request info, verifying its accuracy](verify-changes-preprod-enterprise-mode-portal.md) + +3. [The Approver(s) group accepts the change request](approve-change-request-enterprise-mode-portal.md) + +4. [The Requester schedules the change for the production environment](schedule-production-change-enterprise-mode-portal.md) + +5. [The change is verified against the production site list and signed off](verify-changes-production-enterprise-mode-portal.md) + + +## Related topics +- [Set up the Enterprise Mode Site List Portal](set-up-enterprise-mode-portal.md) + +- [Workflow-based processes for employees using the Enterprise Mode Site List Portal](workflow-processes-enterprise-mode-portal.md) + +- [How to use the Enterprise Mode Site List Manager tool or page](use-the-enterprise-mode-site-list-manager.md) + +- [Enterprise Mode Site List Portal source code](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal) + +- [Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md) +  + +  + + + diff --git a/browsers/enterprise-mode/use-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/use-the-enterprise-mode-site-list-manager.md new file mode 100644 index 0000000000..fbe6ddff8f --- /dev/null +++ b/browsers/enterprise-mode/use-the-enterprise-mode-site-list-manager.md @@ -0,0 +1,61 @@ +--- +ms.localizationpriority: low +ms.mktglfcycl: deploy +ms.pagetype: appcompat +description: Use the topics in this section to learn about how to use the Enterprise Mode Site List Manager. +author: eross-msft +ms.prod: ie11 +ms.assetid: f4dbed4c-08ff-40b1-ab3f-60d3b6e8ec9b +title: Use the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros) +ms.sitesec: library +ms.date: 12/04/2017 +--- + + +# Use the Enterprise Mode Site List Manager + +**Applies to:** + +- Windows 10 +- Windows 8.1 +- Windows 7 +- Windows Server 2012 R2 +- Windows Server 2008 R2 with Service Pack 1 (SP1) + +Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer. + +You can use IE11 and the Enterprise Mode Site List Manager to add individual website domains and domain paths and to specify whether the site renders using Enterprise Mode or the default mode. + +[!INCLUDE [enterprise-mode-site-list-mgr-versions-include](../../enterprise-mode/enterprise-mode-site-list-mgr-versions-include.md)] + +## Using the Enterprise Mode Site List Manager +The following topics give you more information about the things that you can do with the Enterprise Mode Site List Manager. + +|Topic |Description | +|------|------------| +|[Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md) |How to add websites to your site list using the Enterprise Mode Site List Manager (schema v.2). | +|[Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md) |How to add websites to your site list using the Enterprise Mode Site List Manager (schema v.1). | +|[Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md) |How to add several websites to your site list at the same time, using a text or XML file and the Enterprise Mode Site List Manager (schema v.2). | +|[Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md) |How to add several websites to your site list at the same time, using a text or XML file and the WEnterprise Mode Site List Manager (schema v.1). | +|[Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager](edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md) |How to edit the compatibility mode for specific websites.

This topic applies to both versions of the Enterprise Mode Site List Manager. | +|[Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md) |How to fix common site list validation errors.

This topic applies to both versions of the Enterprise Mode Site List Manager. | +|[Search your Enterprise Mode site list in the Enterprise Mode Site List Manager](search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to look to see if a site is already in your global Enterprise Mode site list.

This topic applies to both versions of the Enterprise Mode Site List Manager. | +|[Save your site list to XML in the Enterprise Mode Site List Manager](save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md) |How to save a site list as XML, so you can deploy and use it with your managed systems.

This topic applies to both versions of the Enterprise Mode Site List Manager. | +|[Export your Enterprise Mode site list from the Enterprise Mode Site List Manager](export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md) |How to export your site list so you can transfer your data and contents to someone else.

This topic applies to both versions of the Enterprise Mode Site List Manager. | +|[Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](import-into-the-enterprise-mode-site-list-manager.md) |How to import your site list to replace a corrupted or out-of-date list.

This topic applies to both versions of the Enterprise Mode Site List Manager. | +|[Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to delete a website from your site list.

This topic applies to both versions of the Enterprise Mode Site List Manager. | +|[Remove all sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to delete all of the websites in a site list.

This topic applies to both versions of the Enterprise Mode Site List Manager. | + +## Related topics + + +- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) +- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378) +- [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md) +- [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md) +  + +  + + + diff --git a/browsers/enterprise-mode/using-enterprise-mode.md b/browsers/enterprise-mode/using-enterprise-mode.md new file mode 100644 index 0000000000..313a07e8e8 --- /dev/null +++ b/browsers/enterprise-mode/using-enterprise-mode.md @@ -0,0 +1,57 @@ +--- +ms.localizationpriority: low +ms.mktglfcycl: deploy +ms.pagetype: security +description: Use this section to learn about how to turn on and use IE7 Enterprise Mode or IE8 Enterprise Mode. +author: eross-msft +ms.prod: ie11 +ms.assetid: 238ead3d-8920-429a-ac23-02f089c4384a +title: Using IE7 Enterprise Mode or IE8 Enterprise Mode (Internet Explorer 11 for IT Pros) +ms.sitesec: library +ms.date: 07/27/2017 +--- + + +# Using IE7 Enterprise Mode or IE8 Enterprise Mode + +**Applies to:** + +- Windows 10 +- Windows 8.1 +- Windows 7 +- Windows Server 2012 R2 +- Windows Server 2008 R2 with Service Pack 1 (SP1) + +Enterprise Mode gives you a way for your legacy websites and apps to run using emulated versions of Windows Internet Explorer 7 or Windows Internet Explorer 8, while your new sites and apps run using Internet Explorer 11, including modern standards and features. + +Although it’s called IE7 Enterprise Mode, it actually turns on Enterprise Mode along with Internet Explorer 7 or Microsoft Internet Explorer 5 Compatibility View. Compatibility View chooses which document mode to use based on whether there’s a `DOCTYPE` tag in your code: + +- **DOCTYPE tag found.** Webpages render using the Internet Explorer 7 document mode. +- **No DOCTYPE tag found.** Webpages render using the Internet Explorer 5 document mode. + +**Important**
+Because we’ve added the IE7 Enterprise Mode option, we’ve had to rename the original functionality of Enterprise Mode to be IE8 Enterprise Mode. We’ve also replaced Edge Mode with IE11 Document Mode, so you can explicitly use IE11 on Windows 10. + +## Turning on and using IE7 Enterprise Mode or IE8 Enterprise Mode +For instructions about how to add IE7 Enterprise Mode or IE8 Enterprise Mode to your webpages and apps, see: + +- [Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md) + +- [Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md) + +- [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md) + +- [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md) + +For instructions and more info about how to fix your compatibility issues using Enterprise Mode, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md). + +## Related topics +- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) +- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378) +- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md) +  + +  + + + diff --git a/browsers/enterprise-mode/verify-changes-preprod-enterprise-mode-portal.md b/browsers/enterprise-mode/verify-changes-preprod-enterprise-mode-portal.md new file mode 100644 index 0000000000..94de88ee4e --- /dev/null +++ b/browsers/enterprise-mode/verify-changes-preprod-enterprise-mode-portal.md @@ -0,0 +1,67 @@ +--- +ms.localizationpriority: low +ms.mktglfcycl: deploy +ms.pagetype: appcompat +description: Details about how to make sure your change request info is accurate within the pre-production environment of the Enterprise Mode Site List Portal. +author: eross-msft +ms.prod: ie11 +title: Verify your changes using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros) +ms.sitesec: library +ms.date: 07/27/2017 +--- + +# Verify your changes using the Enterprise Mode Site List Portal + +**Applies to:** + +- Windows 10 +- Windows 8.1 +- Windows 7 +- Windows Server 2012 R2 +- Windows Server 2008 R2 with Service Pack 1 (SP1) + +>[!Important] +>This step requires that each Requester have access to a test machine with Administrator rights, letting him or her get to the pre-production environment to make sure that the requested change is correct. + +The Requester successfully submits a change request to the Enterprise Mode Site List Portal and then gets an email, including: + +- **EMIE_RegKey**. A batch file that when run, sets the registry key to point to the local pre-production Enterprise Mode Site List. + +- **Test steps**. The suggested steps about how to test the change request details to make sure they're accurate in the pre-production environment. + +- **EMIE_Reset**. A batch file that when run, reverts the changes made to the pre-production registry. + +## Verify and send the change request to Approvers +The Requester tests the changes and then goes back into the Enterprise Mode Site List Portal, **Pre-production verification** page to verify whether the testing was successful. + +**To verify changes and send to the Approver(s)** +1. On the **Pre-production verification** page, the Requester clicks **Successful** and optionally includes any attachments (only .jpeg, .png, .jpg and .txt files are allowed) to support the change request and testing results. + +2. The Requester reviews the pre-defined Approver(s), and then clicks **Send for approval**. + + The Requester, the Approver group, and the Administrator group all get an email, stating that the change request is waiting for approval. + + +**To rollback your pre-production changes** +1. On the **Pre-production verification** page, the Requester clicks **Failed** and optionally includes any attachments (only .jpeg, .png, .jpg and .txt files are allowed) to support the change request and testing results. + +2. Add a description about the issue into the **Issue description** box, and then click **Send failure details**. + + The change request and issue info are sent to the Administrators. + +3. The Requester clicks **Roll back** to roll back the changes in the pre-production environment. + + After the Requester rolls back the changes, the request can be updated and re-submitted. + + +## View rolled back change requests +The original Requester and the Administrator(s) group can view the rolled back change requests. + +**To view the rolled back change request** + +- In the Enterprise Mode Site List Portal, click **Rolled back** from the left pane. + + All rolled back change requests appear, with role assignment determining which ones are visible. + +## Next steps +If the change request is certified as successful, the Requester must next send it to the Approvers for approval. For the Approver-related steps, see the [Approve a change request using the Enterprise Mode Site List Portal](approve-change-request-enterprise-mode-portal.md) topic. diff --git a/browsers/enterprise-mode/verify-changes-production-enterprise-mode-portal.md b/browsers/enterprise-mode/verify-changes-production-enterprise-mode-portal.md new file mode 100644 index 0000000000..00fb099e3f --- /dev/null +++ b/browsers/enterprise-mode/verify-changes-production-enterprise-mode-portal.md @@ -0,0 +1,42 @@ +--- +ms.localizationpriority: low +ms.mktglfcycl: deploy +ms.pagetype: appcompat +description: Details about how the Requester makes sure that the change request update is accurate within the production environment using the Enterprise Mode Site List Portal. +author: eross-msft +ms.prod: ie11 +title: Verify the change request update in the production environment using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros) +ms.sitesec: library +ms.date: 07/27/2017 +--- + +# Verify the change request update in the production environment using the Enterprise Mode Site List Portal + +**Applies to:** + +- Windows 10 +- Windows 8.1 +- Windows 7 +- Windows Server 2012 R2 +- Windows Server 2008 R2 with Service Pack 1 (SP1) + +## Verify and sign off on the update in the production environment +The Requester tests the changes in the production environment and then goes back into the Enterprise Mode Site List Portal, **Production verification** page to verify whether the testing was successful. + +**To verify the changes and sign off** +- On the **Production verification** page, the Requester clicks **Successful**, optionally includes any attachments (only .jpeg, .png, .jpg and .txt files are allowed) to support the testing results, optionally includes a description of the change, and then clicks **Sign off**. + + The Requester, Approver group, and Administrator group all get an email, stating that the change request has been signed off. + + +**To rollback production changes** +1. On the **Production verification** page, the Requester clicks **Failed** and optionally includes any attachments (only .jpeg, .png, .jpg and .txt files are allowed) to support the testing results. + +2. Add a description about the issue into the **Change description** box, and then click **Send failure details**. + + The info is sent to the Administrators. + +3. The Requester clicks **Roll back** to roll back the changes in the production environment. + + After the Requester rolls back the changes, the request is automatically handled in the production and pre-production environment site lists. + diff --git a/browsers/enterprise-mode/view-apps-enterprise-mode-site-list.md b/browsers/enterprise-mode/view-apps-enterprise-mode-site-list.md new file mode 100644 index 0000000000..29d1d8afe9 --- /dev/null +++ b/browsers/enterprise-mode/view-apps-enterprise-mode-site-list.md @@ -0,0 +1,38 @@ +--- +ms.localizationpriority: low +ms.mktglfcycl: deploy +ms.pagetype: appcompat +description: Details about how to view the active Enterprise Mode Site List from the Enterprise Mode Site List Portal. +author: eross-msft +ms.prod: ie11 +title: View the apps included in the active Enterprise Mode Site List from the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros) +ms.sitesec: library +ms.date: 07/27/2017 +--- + +# View the apps included in the active Enterprise Mode Site List from the Enterprise Mode Site List Portal + +**Applies to:** + +- Windows 10 +- Windows 8.1 +- Windows 7 +- Windows Server 2012 R2 +- Windows Server 2008 R2 with Service Pack 1 (SP1) + +Any employee with access to the Enterprise Mode Site List Portal can view the apps included in the current Enterprise Mode Site List. + +**To view the active Enterprise Mode Site List** +1. Open the Enterprise Mode Site List Portal and click the **Production sites list** icon in the upper-right area of the page. + + The **Production sites list** page appears, with each app showing its URL, the compatibility mode to use, and the assigned browser to open the site. + +2. Click any URL to view the actual site, using the compatibility mode and opening in the correct browser. + + +**To export the active Enterprise Mode Site List** +1. On the **Production sites list** page, click **Export**. + +2. Save the ProductionSiteList.xlsx file. + + The Excel file includes all apps in the current Enterprise Mode Site List, including URL, compatibility mode, and assigned browser. diff --git a/browsers/enterprise-mode/what-is-enterprise-mode-include.md b/browsers/enterprise-mode/what-is-enterprise-mode-include.md new file mode 100644 index 0000000000..34359d6f1b --- /dev/null +++ b/browsers/enterprise-mode/what-is-enterprise-mode-include.md @@ -0,0 +1,4 @@ +## What is Enterprise Mode? +Enterprise Mode, a compatibility mode that runs on Internet Explorer 11 on Windows 10, Windows 8.1, and Windows 7 devices, lets websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8. Running in this mode helps to avoid many of the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer. + +Many customers identify web app compatibility as a significant cost to upgrading because web apps need to be tested and upgraded before adopting a new browser. The improved compatibility provided by Enterprise Mode can help give customers confidence to upgrade to IE11, letting customers benefit from modern web standards, increased performance, improved security, and better reliability. \ No newline at end of file diff --git a/browsers/includes/available-duel-browser-experiences-include.md b/browsers/includes/available-duel-browser-experiences-include.md new file mode 100644 index 0000000000..3ea0832564 --- /dev/null +++ b/browsers/includes/available-duel-browser-experiences-include.md @@ -0,0 +1,20 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +## Available dual-browser experiences +Based on the size of your legacy web app dependency, determined by the data collected with [Windows Upgrade Analytics](https://blogs.windows.com/windowsexperience/2016/09/26/new-windows-10-and-office-365-features-for-the-secure-productive-enterprise/), there are several options from which you can choose to configure your enterprise browsing environment: + +- Use Microsoft Edge as your primary browser. + +- Use Microsoft Edge as your primary browser and use Enterprise Mode to open sites in Internet Explorer 11 (IE11) that use IE proprietary technologies. + +- Use Microsoft Edge as your primary browser and open all intranet sites in IE11. + +- Use IE11 as your primary browser and use Enterprise Mode to open sites in Microsoft Edge that use modern web technologies. + +For more info about when to use which option, and which option is best for you, see the [Continuing to make it easier for Enterprise customers to upgrade to Internet Explorer 11 — and Windows 10](https://blogs.windows.com/msedgedev/2015/11/23/windows-10-1511-enterprise-improvements) blog. \ No newline at end of file diff --git a/browsers/includes/helpful-topics-include.md b/browsers/includes/helpful-topics-include.md new file mode 100644 index 0000000000..450c65b503 --- /dev/null +++ b/browsers/includes/helpful-topics-include.md @@ -0,0 +1,36 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + + +## Helpful information and additional resources +- [Enterprise Mode Site List Portal source code](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal) + +- [Technical guidance, tools, and resources on Enterprise browsing](https://technet.microsoft.com/ie) + +- [Enterprise Mode Site List Manager (schema v.1)](https://www.microsoft.com/download/details.aspx?id=42501) + +- [Enterprise Mode Site List Manager (schema v.2)](https://www.microsoft.com/download/details.aspx?id=49974) + +- [Use the Enterprise Mode Site List Manager](../enterprise-mode/use-the-enterprise-mode-site-list-manager.md) + +- [Collect data using Enterprise Site Discovery](../enterprise-mode/collect-data-using-enterprise-site-discovery.md) + +- [Web Application Compatibility Lab Kit](https://technet.microsoft.com/microsoft-edge/mt612809.aspx) + +- [Microsoft Services Support](https://www.microsoft.com/en-us/microsoftservices/support.aspx) + +- [Find a Microsoft partner on Pinpoint](https://partnercenter.microsoft.com/pcv/search) + + + + + +- [Web Application Compatibility Lab Kit for Internet Explorer 11](https://technet.microsoft.com/browser/mt612809.aspx) +- [Download Internet Explorer 11](https://go.microsoft.com/fwlink/p/?linkid=290956) +- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](https://go.microsoft.com/fwlink/p/?LinkId=760646) +- [Fix web compatibility issues using document modes and the Enterprise Mode site list](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list) diff --git a/browsers/includes/import-into-the-enterprise-mode-site-list-mgr-include.md b/browsers/includes/import-into-the-enterprise-mode-site-list-mgr-include.md new file mode 100644 index 0000000000..02ad5fe86d --- /dev/null +++ b/browsers/includes/import-into-the-enterprise-mode-site-list-mgr-include.md @@ -0,0 +1,20 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/02/2018 +ms.prod: edge +ms:topic: include +--- + +If you need to replace your entire site list because of errors, or simply because it’s out of date, you can import your exported Enterprise Mode site list using the Enterprise Mode Site List Manager. + +>[!IMPORTANT] +>Importing your file overwrites everything that’s currently in the tool, so make sure it’s what want to do. + +1. In the Enterprise Mode Site List Manager, click **File \> Import**. + +2. Go to the exported .EMIE file.

For example, `C:\users\\documents\sites.emie` + +1. Click **Open**. + +2. Review the alert message about all of your entries being overwritten and click **Yes**. diff --git a/browsers/includes/interoperability-goals-enterprise-guidance.md b/browsers/includes/interoperability-goals-enterprise-guidance.md new file mode 100644 index 0000000000..a18552366f --- /dev/null +++ b/browsers/includes/interoperability-goals-enterprise-guidance.md @@ -0,0 +1,37 @@ +--- +author: shortpatti +ms.author: pashort +ms.date: 10/15/2018 +ms.prod: edge +ms:topic: include +--- + +## Interoperability goals and enterprise guidance + +Our primary goal is that your websites work in Microsoft Edge. To that end, we've made Microsoft Edge the default browser. + +You must continue using IE11 if web apps use any of the following: + +* ActiveX controls + +* x-ua-compatible headers + +* <meta> tags + +* Enterprise mode or compatibility view to addressing compatibility issues + +* legacy document modes + +If you have uninstalled IE11, you can download it from the Microsoft Store or the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956). Alternatively, you can use Enterprise Mode with Microsoft Edge to transition only the sites that need these technologies to load in IE11. + +>[!TIP] +>If you want to use Group Policy to set Internet Explorer as your default browser, you can find the info here, [Set the default browser using Group Policy](https://go.microsoft.com/fwlink/p/?LinkId=620714). + + +|Technology |Why it existed |Why we don't need it anymore | +|---------|---------|---------| +|ActiveX |ActiveX is a binary extension model introduced in 1996 which allowed developers to embed native Windows technologies (COM/OLE) in web pages. These controls can be downloaded and installed from a site and were subsequently loaded in-process and rendered in Internet Explorer. | | +|Browser Helper Objects (BHO) |BHOs are a binary extension model introduced in 1997 which enabled developers to write COM objects that were loaded in-process with the browser and could perform actions on available windows and modules. A common use was to build toolbars that installed into Internet Explorer. | | +|Document modes | Starting with IE8, Internet Explorer introduced a new “document mode” with every release. These document modes could be requested via the x-ua-compatible header to put the browser into a mode which emulates legacy versions. |Similar to other modern browsers, Microsoft Edge has a single “living” document mode. To minimize the compatibility burden, we test features behind switches in about:flags until stable and ready to be turned on by default. | +--- + diff --git a/browsers/internet-explorer/docfx.json b/browsers/internet-explorer/docfx.json index 34e8b2d487..323ba3e4bd 100644 --- a/browsers/internet-explorer/docfx.json +++ b/browsers/internet-explorer/docfx.json @@ -9,7 +9,7 @@ ], "resource": [ { - "files": ["**/images/**", "**/*.json"], + "files": ["**/images/**"], "exclude": ["**/obj/**"] } ], diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md index decdc115fa..2eab3c28fd 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md +++ b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md @@ -33,7 +33,7 @@ You can add individual sites to your compatibility list by using the Enterprise 1. In the Enterprise Mode Site List Manager (schema v.1), click **Add**. 2. Type the URL for the website that’s experiencing compatibility problems, like *<domain>.com* or *<domain>.com*/*<path>* into the **URL** box.

-Don't include the `http://` or `https://` designation. The tool automatically tries both versions during validation. +Don't include the `https://` or `https://` designation. The tool automatically tries both versions during validation. 3. Type any comments about the website into the **Notes about URL** box.

Administrators can only see comments while they’re in this tool. diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md index bdfc8633a7..df209b5a60 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md +++ b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md @@ -33,7 +33,7 @@ You can add individual sites to your compatibility list by using the Enterprise 1. In the Enterprise Mode Site List Manager (schema v.2), click **Add**. 2. Type the URL for the website that’s experiencing compatibility problems, like *<domain>.com* or *<domain>.com*/*<path>* into the **URL** box.

-Don't include the `http://` or `https://` designation. The tool automatically tries both versions during validation. +Don't include the `https://` or `https://` designation. The tool automatically tries both versions during validation. 3. Type any comments about the website into the **Notes about URL** box.

Administrators can only see comments while they’re in this tool. diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md index a1ba907f17..9e485e54d8 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md @@ -52,7 +52,7 @@ After adding the `FEATURE\AUTOCONFIG\BRANDING` registry key, you can change your - **Automatic Configuration URL (.INS file) box:** Type the location of your automatic configuration script. - - **Automatic proxy URL (.JS, .JVS, or .PAC file) box:** Type the location of your automatic proxy script.

**Important**
Internet Explorer 11 no longer supports using file server locations with your proxy configuration (.pac) files. To keep using your .pac files, you have to keep them on a web server and reference them using a URL, like `http://share/test.ins`. + - **Automatic proxy URL (.JS, .JVS, or .PAC file) box:** Type the location of your automatic proxy script.

**Important**
Internet Explorer 11 no longer supports using file server locations with your proxy configuration (.pac) files. To keep using your .pac files, you have to keep them on a web server and reference them using a URL, like `https://share/test.ins`. If your branding changes aren't correctly deployed after running through this process, see [Auto configuration and auto proxy problems with Internet Explorer 11](auto-configuration-and-auto-proxy-problems-with-ie11.md). diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md index 180e1100b9..8d6510713e 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md @@ -40,7 +40,7 @@ To use automatic detection, you have to set up your DHCP and DNS servers.

**No 3. In your DNS database file, create a host record named, **WPAD**. This record has the IP address of the web server storing your automatic configuration (.js, .jvs, .pac, or .ins) file.

**-OR-**

Create a canonical name (CNAME) alias record named, **WPAD**. This record has the resolved name (not the IP address) of the server storing your automatic configuration (.pac) file.

**Note**
For more information about creating a **WPAD** entry, see [Creating a WPAD entry in DNS](https://go.microsoft.com/fwlink/p/?LinkId=294651).  -4. After the database file propagates to the server, the DNS name, `wpad..com` resolves to the server name that includes your automatic configuration file.

**Note**
Internet Explorer 11 creates a default URL template based on the host name, **wpad**. For example, `http://wpad..com/wpad.dat`. Because of this, you need to set up a file or redirection point in your web server **WPAD** record, named **wpad.dat**. The **wpad.dat** record delivers the contents of your automatic configuration file. +4. After the database file propagates to the server, the DNS name, `wpad..com` resolves to the server name that includes your automatic configuration file.

**Note**
Internet Explorer 11 creates a default URL template based on the host name, **wpad**. For example, `https://wpad..com/wpad.dat`. Because of this, you need to set up a file or redirection point in your web server **WPAD** record, named **wpad.dat**. The **wpad.dat** record delivers the contents of your automatic configuration file.   diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md index 99f85f37b8..a0e95c8fac 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md @@ -30,7 +30,7 @@ You can use your Internet settings (.ins) files to set up your standard proxy se - **Automatic Configuration URL (.INS file) box:** Type the location of the .ins file you want to use for automatic configuration. For more information about setting up **Automatic Configuration**, see [Auto configuration settings for Internet Explorer 11](auto-configuration-settings-for-ie11.md). - - **Automatic proxy URL (.JS, .JVS, or .PAC file) box:** Type the location of your automatic proxy script. This script runs whenever IE11 makes a network request and can include multiple proxy servers for each protocol type.

**Important**
IE11 no longer supports using file server locations with your proxy configuration (.pac) files. To keep using your .pac files, you have to keep them on a web server and reference them using a URL, like `http://share/test.ins`. + - **Automatic proxy URL (.JS, .JVS, or .PAC file) box:** Type the location of your automatic proxy script. This script runs whenever IE11 makes a network request and can include multiple proxy servers for each protocol type.

**Important**
IE11 no longer supports using file server locations with your proxy configuration (.pac) files. To keep using your .pac files, you have to keep them on a web server and reference them using a URL, like `https://share/test.ins`. ## Locking your auto-proxy settings You have two options to restrict your users' ability to override the automatic configuration settings, based on your environment. diff --git a/browsers/internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls.md b/browsers/internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls.md index 70a66c3670..ac73cc7854 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls.md +++ b/browsers/internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls.md @@ -18,8 +18,8 @@ ms.sitesec: library ActiveX controls are small apps that let websites provide content, like videos and games, and let you interact with content, like toolbars. Unfortunately, because many ActiveX controls aren't automatically updated, they can become outdated as new versions are released. It's very important that you keep your ActiveX controls up to date because malicious software (or malware) can target security flaws in outdated controls, damaging your computer by collecting info from it, installing unwanted software, or by letting someone else control it remotely. To help avoid this situation, Internet Explorer includes a security feature called _out-of-date ActiveX control blocking_. -We'll periodically update this page with new ActiveX controls blocked by this feature. We'll typically provide one month's advance notice before adding new controls to the list. - +We'll periodically update this page with new ActiveX controls blocked by this feature. We'll typically provide one month's advance notice before adding new controls to the list. + You will receive a notification if a webpage tries to load one of the following of ActiveX control versions: **Java** @@ -37,4 +37,4 @@ You will receive a notification if a webpage tries to load one of the following | Everything below (but not including) Silverlight 5.1.50907.0 | |--------------------------------------------------------------| -For more information, see [Out-of-date ActiveX control blocking](out-of-date-activex-control-blocking.md) and [Internet Explorer begins blocking out-of-date ActiveX controls](http://blogs.msdn.com/b/ie/archive/2014/08/06/internet-explorer-begins-blocking-out-of-date-activex-controls.aspx). You can also view Microsoft's complete list of out-of-date ActiveX controls in the XML-based [version list](http://go.microsoft.com/fwlink/?LinkId=403864). \ No newline at end of file +For more information, see [Out-of-date ActiveX control blocking](out-of-date-activex-control-blocking.md) and [Internet Explorer begins blocking out-of-date ActiveX controls](https://blogs.msdn.com/b/ie/archive/2014/08/06/internet-explorer-begins-blocking-out-of-date-activex-controls.aspx). You can also view Microsoft's complete list of out-of-date ActiveX controls in the XML-based [version list](https://go.microsoft.com/fwlink/?LinkId=403864). \ No newline at end of file diff --git a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md index 201c1903c2..5d6a571e4a 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md +++ b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md @@ -21,7 +21,7 @@ ms.date: 07/27/2017 Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7. This inventory information helps you build a list of websites used by your company so you can make more informed decisions about your IE deployments, including figuring out which sites might be at risk or require overhauls during future upgrades. >**Upgrade Analytics and Windows upgrades**
->You can use Upgrade Analytics to help manage your Windows 10 upgrades on devices running Windows 8.1 and Windows 7 (SP1). You can also use Upgrade Analytics to review several site discovery reports. Check out Upgrade Analytics from [here](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-analytics-get-started). +>You can use Upgrade Analytics to help manage your Windows 10 upgrades on devices running Windows 8.1 and Windows 7 (SP1). You can also use Upgrade Analytics to review several site discovery reports. Check out Upgrade Analytics from [here](https://technet.microsoft.com/itpro/windows/deploy/upgrade-analytics-get-started). ## Before you begin diff --git a/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md index 3d85d5801b..145c439f02 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md +++ b/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md @@ -50,11 +50,11 @@ Employees assigned to the Requester role can create a change request. A change r - **Business impact (optional).** An optional area where you can provide info about the business impact of this app and the change. - - **App location (URL).** The full URL location to the app, starting with http:// or https://. + - **App location (URL).** The full URL location to the app, starting with https:// or https://. - **App best viewed in.** Select the best browser experience for the app. This can be Internet Explorer 5 through Internet Explorer 11 or one of the IE7Enterprise or IE8Enterprise modes. - - **Is an x-ua tag used?** Select **Yes** or **No** whether an x-ua-compatible tag is used by the app. For more info about x-ua-compatible tags, see the topics in [Defining document compatibility](https://msdn.microsoft.com/en-us/library/cc288325(v=vs.85).aspx). + - **Is an x-ua tag used?** Select **Yes** or **No** whether an x-ua-compatible tag is used by the app. For more info about x-ua-compatible tags, see the topics in [Defining document compatibility](https://msdn.microsoft.com/library/cc288325(v=vs.85).aspx). 4. Click **Save and continue** to save the request and get the app info sent to the pre-production environment site list for testing. diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md index d6ea666402..ef14f9f67f 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md +++ b/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md @@ -41,7 +41,7 @@ Deploying pinned websites in MDT 2013 is a 4-step process: Pinned websites are immediately available to every user who logs on to the computer although the user must click each icon to populate its Jump List. **Important**
-To follow the examples in this topic, you’ll need to pin the Bing (http://www.bing.com/) and MSN (http://www.msn.com/) websites to the taskbar. +To follow the examples in this topic, you’ll need to pin the Bing (https://www.bing.com/) and MSN (https://www.msn.com/) websites to the taskbar. ### Step 1: Creating .website files The first step is to create a .website file for each website that you want to pin to the Windows 8.1 taskbar during deployment. A .website file is like a shortcut, except it’s a plain text file that describes not only the website’s URL but also how the icon looks. @@ -78,7 +78,7 @@ After your operating system is installed on the target computer, you need to cop 4. Rename the newly created item to *Copy Files* and move it up to the top of the **Postinstall** folder. -5. In the **Command Line** box enter the following text, `xcopy “%DEPLOYROOT%\$OEM$\$1” “%OSDisk%\” /yqe`. +5. In the **Command Line** box enter the following text, `xcopy "%DEPLOYROOT%\$OEM$\$1" "%OSDisk%\" /yqe`. 6. Click the **Apply** button to save your changes. diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md index 154ad6670a..307614576b 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md +++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md @@ -28,7 +28,7 @@ If you don't want to use the Enterprise Mode Site List Manager, you also have th The following is an example of the Enterprise Mode schema v.1. This schema can run on devices running Windows 7 and Windows 8.1. **Important**
-Make sure that you don't specify a protocol when adding your URLs. Using a URL like `contoso.com` automatically applies to both http://contoso.com and https://contoso.com. +Make sure that you don't specify a protocol when adding your URLs. Using a URL like `contoso.com` automatically applies to both https://contoso.com and https://contoso.com. ``` xml @@ -131,11 +131,11 @@ This table includes the elements used by the Enterprise Mode schema.

Example 

 <emie>
-  <domain exclude="false">fabrikam.com
-    <path exclude="true">/products</path>
+  <domain exclude="true">fabrikam.com
+    <path exclude="false">/products</path>
   </domain>
 </emie>

-Where http://fabrikam.com doesn't use IE8 Enterprise Mode, but http://fabrikam.com/products does. +Where https://fabrikam.com doesn't use IE8 Enterprise Mode, but https://fabrikam.com/products does. Internet Explorer 11 and Microsoft Edge @@ -159,7 +159,7 @@ This table includes the attributes used by the Enterprise Mode schema. <exclude> -Specifies the domain or path that is excluded from getting the behavior applied. This attribute is supported on the <domain> and <path> elements. +Specifies the domain or path excluded from applying the behavior and is supported on the <domain> and <path> elements.

Example 

 <emie>
@@ -167,7 +167,7 @@ This table includes the attributes used by the Enterprise Mode schema.
     <path exclude="true">/products</path>
   </domain>
 </emie>

-Where http://fabrikam.com doesn't use IE8 Enterprise Mode, but http://fabrikam.com/products does. +Where https://fabrikam.com uses IE8 Enterprise Mode, but https://fabrikam.com/products does not. Internet Explorer 11 and Microsoft Edge @@ -203,7 +203,7 @@ For example, say you want all of the sites in the contoso.com domain to open usi ### What not to include in your schema We recommend that you not add any of the following items to your schema because they can make your compatibility list behave in unexpected ways: -- Don’t use protocols. For example, `http://`, `https://`, or custom protocols. They break parsing. +- Don’t use protocols. For example, `https://`, `https://`, or custom protocols. They break parsing. - Don’t use wildcards. - Don’t use query strings, ampersands break parsing. @@ -230,4 +230,4 @@ If you want to target specific sites in your organization. |You can specify subdomains in the domain tag. |<docMode>
<domain docMode="5">contoso.com</domain>
<domain docMode="9">info.contoso.com</domain>
<docMode> |

  • contoso.com uses document mode 5.
  • info.contoso.com uses document mode 9.
  • test.contoso.com also uses document mode 5.
| |You can specify exact URLs by listing the full path. |<emie>
<domain exclude="false">bing.com</domain>
<domain exclude="false" forceCompatView="true">contoso.com</domain>
<emie>|
  • bing.com uses IE8 Enterprise Mode.
  • contoso.com uses IE7 Enterprise Mode.
| |You can nest paths underneath domains. |<emie>
<domain exclude="true">contoso.com
<path exclude="false">/about</path>
<path exclude="true">
/about/business</path>
</domain>
</emie> |
  • contoso.com will use the default version of IE.
  • contoso.com/about and everything underneath that node will load in Enterprise Mode, except contoso.com/about/business, which will load in the default version of IE.
| -|You can’t add a path underneath a path. The file will still be parsed, but the sub-path will be ignored. |<emie>
<domain exclude="true">contoso.com
<path>/about
<path exclude="true">/business</path>
</path>
</domain>
</emie> |
  • contoso.com will use the default version of IE.
  • contoso.com/about and everything underneath that node will load in Enterprise Mode, including contoso.com/about/business because the last rule is ignored.
| \ No newline at end of file +|You can’t add a path underneath a path. The file will still be parsed, but the sub-path will be ignored. |<emie>
<domain exclude="true">contoso.com
<path>/about
<path exclude="true">/business</path>
</path>
</domain>
</emie> |
  • contoso.com will use the default version of IE.
  • contoso.com/about and everything underneath that node will load in Enterprise Mode, including contoso.com/about/business because the last rule is ignored.
| diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md index 354fe81545..d9689c000a 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md +++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md @@ -38,7 +38,7 @@ You can continue to use the v.1 version of the schema on Windows 10, but you wo The following is an example of the v.2 version of the Enterprise Mode schema. **Important**
-Make sure that you don't specify a protocol when adding your URLs. Using a URL like ``, automatically applies to both http://contoso.com and https://contoso.com. +Make sure that you don't specify a protocol when adding your URLs. Using a URL like ``, automatically applies to both https://contoso.com and https://contoso.com.   ``` xml @@ -198,7 +198,7 @@ The <url> attribute, as part of the <site> element in the v.2 versio <site url="contoso.com/travel"> <open-in allow-redirect="true">IE11</open-in> </site> -In this example, if http://contoso.com/travel is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer. +In this example, if https://contoso.com/travel is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer. Internet Explorer 11 and Microsoft Edge @@ -210,14 +210,14 @@ In this example, if http://contoso.com/travel is encountered in a redirect chain url Specifies the URL (and port number using standard port conventions) to which the child elements apply. The URL can be a domain, sub-domain, or any path URL.
Note
-Make sure that you don't specify a protocol. Using <site url="contoso.com"> applies to both http://contoso.com and https://contoso.com. +Make sure that you don't specify a protocol. Using <site url="contoso.com"> applies to both https://contoso.com and https://contoso.com.

Example 

 <site url="contoso.com:8080">
   <compat-mode>IE8Enterprise</compat-mode>
   <open-in>IE11</open-in>
 </site>
-In this example, going to http://contoso.com:8080 using Microsoft Edge, causes the site to open in IE11 and load in IE8 Enterprise Mode. +In this example, going to https://contoso.com:8080 using Microsoft Edge, causes the site to open in IE11 and load in IE8 Enterprise Mode. Internet Explorer 11 and Microsoft Edge @@ -286,7 +286,7 @@ Saving your v.1 version of the file using the new Enterprise Mode Site List Mana ### What not to include in your schema We recommend that you not add any of the following items to your schema because they can make your compatibility list behave in unexpected ways: -- Don’t use protocols. For example, http://, https://, or custom protocols. They break parsing. +- Don’t use protocols. For example, https://, https://, or custom protocols. They break parsing. - Don’t use wildcards. - Don’t use query strings, ampersands break parsing. diff --git a/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md b/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md index ad0704e0c4..7391d19ecf 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md +++ b/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md @@ -2,12 +2,12 @@ ms.localizationpriority: medium ms.mktglfcycl: support ms.pagetype: security -description: +description: author: shortpatti ms.author: pashort ms.manager: elizapo ms.prod: ie11 -ms.assetid: +ms.assetid: title: Internet Explorer 11 delivery through automatic updates ms.sitesec: library ms.date: 05/22/2018 @@ -16,31 +16,31 @@ ms.date: 05/22/2018 # Internet Explorer 11 delivery through automatic updates Internet Explorer 11 makes browsing the web faster, easier, safer, and more reliable than ever. To help customers become more secure and up-to-date, Microsoft will distribute Internet Explorer 11 through Automatic Updates and the Windows Update and Microsoft Update sites. Internet Explorer 11 will be available for users of the 32-bit and 64-bit versions of Windows 7 Service Pack 1 (SP1), and 64-bit version of Windows Server 2008 R2 SP1. This article provides an overview of the delivery process and options available for IT administrators to control how and when Internet Explorer 11 is deployed to their organization through Automatic Updates. -- [Automatic updates delivery process](https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates#automatic-updates-delivery-process) +- [Automatic updates delivery process](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates#automatic-updates-delivery-process) -- [Internet Explorer 11 automatic upgrades](https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates#internet-explorer-11-automatic-upgrades) +- [Internet Explorer 11 automatic upgrades](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates#internet-explorer-11-automatic-upgrades) -- [Options for blocking automatic delivery](https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates#options-for-blocking-automatic-delivery) +- [Options for blocking automatic delivery](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates#options-for-blocking-automatic-delivery) -- [Availability of Internet Explorer 11](https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates#availability-of-internet-explorer-11) +- [Availability of Internet Explorer 11](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates#availability-of-internet-explorer-11) -- [Prevent automatic installation of Internet Explorer 11 with WSUS](https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates#prevent-automatic-installation-of-internet-explorer-11-with-wsus) +- [Prevent automatic installation of Internet Explorer 11 with WSUS](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates#prevent-automatic-installation-of-internet-explorer-11-with-wsus) ## Automatic updates delivery process Internet Explorer 11 only downloads and installs if it’s available for delivery through Automatic Updates; and Automatic Updates only offer Internet Explorer 11 to users with local administrator accounts. User’s without local administrator accounts won’t be prompted to install the update and will continue using their -current version of Internet Explorer. +current version of Internet Explorer. Internet Explorer 11 replaces Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10. If you decide you don’t want Internet Explorer 11, and you’re running Windows 7 SP1 or Windows Server 2008 R2 with SP1, you can uninstall it from the **View installed updates** section of the **Uninstall an update** page of the Control Panel. >[!Note] ->If a user installs Internet Explorer 11 and then removes it, it won’t be re-offered to that computer through Automatic Updates. Instead, the user will have to manually re-install the app. +>If a user installs Internet Explorer 11 and then removes it, it won’t be re-offered to that computer through Automatic Updates. Instead, the user will have to manually re-install the app. ## Internet Explorer 11 automatic upgrades -Internet Explorer 11 is offered through Automatic Updates and Windows Update as an Important update. Users running Windows 7 SP1, who have chosen to download and install updates automatically through Windows Update, are automatically upgraded to Internet Explorer 11. - +Internet Explorer 11 is offered through Automatic Updates and Windows Update as an Important update. Users running Windows 7 SP1, who have chosen to download and install updates automatically through Windows Update, are automatically upgraded to Internet Explorer 11. + Users who were automatically upgraded to Internet Explorer 11 can decide to uninstall Internet Explorer 11. However, Internet Explorer 11 will still appear as an optional update through Windows Update. ## Options for blocking automatic delivery @@ -50,13 +50,13 @@ If you use Automatic Updates in your company, but want to stop your users from a - **Download and use the Internet Explorer 11 Blocker Toolkit.** Includes a Group Policy template and a script that permanently blocks Internet Explorer 11 from being offered by Windows Update or Microsoft Update as a high-priority update. You can download this kit from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=40722). >[!Note] - >The toolkit won't stop users with local administrator accounts from manually installing Internet Explorer 11. Using this toolkit also prevents your users from receiving automatic upgrades from Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 to Internet Explorer 11. For more information, see the [Internet Explorer 11 Blocker Toolkit frequently asked questions](../ie11-faq/faq-ie11-blocker-toolkit.md). + >The toolkit won't stop users with local administrator accounts from manually installing Internet Explorer 11. Using this toolkit also prevents your users from receiving automatic upgrades from Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 to Internet Explorer 11. For more information, see the [Internet Explorer 11 Blocker Toolkit frequently asked questions](../ie11-faq/faq-ie11-blocker-toolkit.md). -- **Use an update management solution to control update deployment.** - If you already use an update management solution, like [Windows Server Update Services (WSUS)](https://docs.microsoft.com/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) or the more advanced [System Center 2012 Configuration Manager](http://go.microsoft.com/fwlink/?LinkID=276664), you should use that instead of the Internet Explorer Blocker Toolkit. +- **Use an update management solution to control update deployment.** + If you already use an update management solution, like [Windows Server Update Services (WSUS)](https://docs.microsoft.com/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) or the more advanced [System Center 2012 Configuration Manager](https://go.microsoft.com/fwlink/?LinkID=276664), you should use that instead of the Internet Explorer Blocker Toolkit. >[!Note] - >If you use WSUS to manage updates, and Update Rollups are configured for automatic installation, Internet Explorer will automatically install throughout your company. This scenario is discussed in detail in the Knowledge Base article [here](http://support.microsoft.com/kb/946202). + >If you use WSUS to manage updates, and Update Rollups are configured for automatic installation, Internet Explorer will automatically install throughout your company. This scenario is discussed in detail in the Knowledge Base article [here](https://support.microsoft.com/kb/946202). Additional information on Internet Explorer 11, including a Readiness Toolkit, technical overview, in-depth feature summary, and Internet Explorer 11 download is available on the [Internet Explorer 11 page of the Microsoft Edge IT Center](https://technet.microsoft.com/microsoft-edge/dn262703.aspx). @@ -76,12 +76,12 @@ Internet Explorer 11 will be released to WSUS as an Update Rollup package. There 3. Click **Automatic Approvals**. 4. Click the rule that automatically approves an update that is classified as - Update Rollup, and then click **Edit.** - - >[!Note] - >If you don’t see a rule like this, you most likely haven’t configured WSUS to automatically approve Update Rollups for installation. In this situation, you don’t have to do anything else. + Update Rollup, and then click **Edit.** -5. Click the **Update Rollups** property under the **Step 2: Edit the properties (click an underlined value)** section. + >[!Note] + >If you don’t see a rule like this, you most likely haven’t configured WSUS to automatically approve Update Rollups for installation. In this situation, you don’t have to do anything else. + +5. Click the **Update Rollups** property under the **Step 2: Edit the properties (click an underlined value)** section. >[!Note] >The properties for this rule will resemble the following:
  • When an update is in Update Rollups
  • Approve the update for all computers
@@ -101,9 +101,9 @@ Internet Explorer 11 will be released to WSUS as an Update Rollup package. There 12. Choose **Unapproved** in the **Approval**drop down box. 13. Check to make sure that Microsoft Internet Explorer 11 is listed as an unapproved update. - + >[!Note] - >There may be multiple updates, depending on the imported language and operating system updates. + >There may be multiple updates, depending on the imported language and operating system updates. **Optional** @@ -121,7 +121,7 @@ If you need to reset your Update Rollups packages to auto-approve, do this: 6. Check the **Update Rollups** check box, and then click **OK**. -7. Click **OK** to close the **Automatic Approvals** dialog box. +7. Click **OK** to close the **Automatic Approvals** dialog box. >[!Note] >Because auto-approval rules are only evaluated when an update is first imported into WSUS, turning this rule back on after the Internet Explorer 11 update has been imported and synchronized to the server won’t cause this update to be auto-approved. diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md index 7a95011950..37916eff52 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md +++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md @@ -16,7 +16,7 @@ Windows Server Update Services (WSUS) lets you download a single copy of the Mic **To import from Windows Update to WSUS** -1. Open your WSUS admin site. For example, `http:///WSUSAdmin/`.

+1. Open your WSUS admin site. For example, `https:///WSUSAdmin/`.

Where `` is the name of your WSUS server. 2. Choose the top server node or the **Updates** node, and then click **Import Updates**. diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md index ec70489dce..f1136e386c 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md @@ -48,7 +48,7 @@ If you get an error during the Windows Update process, see [Fix the problem with 5. Try to reinstall IE11 from either Windows Update (if you saw it in Step 3) or from the [Download Internet Explorer 11](https://go.microsoft.com/fwlink/p/?linkid=327753) website. -If these steps didn't fix your problem, see [Troubleshooting a failed installation of Internet Explorer 11](https://go.microsoft.com/fwlink/p/?LinkId=304130). +   diff --git a/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md index 5be58eea07..1dcf781581 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md @@ -21,7 +21,7 @@ IE11 works differently with search, based on whether your organization is domain - **Non-domain-joined computers.** A single word entry is treated as an intranet site. However, if the term doesn't resolve to a site, IE11 then treats the entry as a search term and opens your default search provider. -To explicitly go to an intranet site, regardless of the environment, users can type either a trailing slash like ` contoso/` or the `http://` prefix. Either of these will cause IE11 to treat the entry as an intranet search. You can also change the default behavior so that IE11 treats your single word entry in the address bar as an intranet site, regardless of your environment. +To explicitly go to an intranet site, regardless of the environment, users can type either a trailing slash like ` contoso/` or the `https://` prefix. Either of these will cause IE11 to treat the entry as an intranet search. You can also change the default behavior so that IE11 treats your single word entry in the address bar as an intranet site, regardless of your environment. **To enable single-word intranet search** @@ -29,7 +29,7 @@ To explicitly go to an intranet site, regardless of the environment, users can t 2. Click **Advanced**, check the **Go to an intranet site for a single word entry in the Address bar** box, and then click **OK**. -If you'd like your entire organization to have single word entries default to an intranet site, you can turn on the **Go to an intranet site for a single word entry in the Address bar** Group Policy. With this policy turned on, a search for `contoso` automatically resolves to `http://contoso`. +If you'd like your entire organization to have single word entries default to an intranet site, you can turn on the **Go to an intranet site for a single word entry in the Address bar** Group Policy. With this policy turned on, a search for `contoso` automatically resolves to `https://contoso`.   diff --git a/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md index d365ac1e78..0b64ef876d 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md @@ -33,7 +33,7 @@ Internet Explorer 11 gives you some new Group Policy settings to help you manag |Prevent deleting ActiveX Filtering, Tracking Protection and Do Not Track data |Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History |At least Windows Internet Explorer 9 |**In Internet Explorer 9 and Internet Explorer 10:**
This policy setting prevents users from deleting ActiveX Filtering and Tracking Protection data, which includes the list of websites for which the user has chosen to disable ActiveX Filtering or Tracking Protection. In addition, Tracking Protection data is also collected if users turn on the **Personalized Tracking Protection List**, which blocks third-party items while the user is browsing.

**In IE11:**
This policy setting prevents users from deleting ActiveX Filtering, Tracking Protection data, and Do Not Track exceptions, stored in the **Delete Browsing History** dialog box, for visited websites.

If you enable this policy setting, ActiveX Filtering, Tracking Protection and Do Not Track data is preserved when the user clicks **Delete**.

If you disable this policy setting, ActiveX Filtering, Tracking Protection and Do Not Track data is deleted when the user clicks **Delete**.

If you don’t configure this policy setting, users can turn this feature on and off, determining whether to delete ActiveX Filtering, Tracking Protection, and Do Not Track data when clicking **Delete**. | |Send all sites not included in the Enterprise Mode Site List to Microsoft Edge |Administrative Templates\Windows Components\Internet Explorer |IE11 on Windows 10, version 1607 |This policy setting lets you decide whether to open all sites that aren’t specified to open in IE11 by the Enterprise Mode site list, to open in Microsoft Edge.

If you enable this policy setting, you must also enable the Administrative Templates\Windows Components\Internet Explorer\Use the Enterprise Mode IE website list policy setting and you must include at least one site in the Enterprise Mode site list.

If you disable or don't configure this policy setting, all sites will open based on the currently active browser.

**Note:**
If you’ve also enabled the Administrative Templates\Windows Components\Microsoft Edge\Send all intranet sites to Internet Explorer 11 policy setting, then all intranet sites will continue to open in Internet Explorer 11. | |Show message when opening sites in Microsoft Edge using Enterprise Mode |Administrative Templates\Windows Components\Internet Explorer |IE11 on Windows 10, version 1607 |This policy setting lets you decide whether employees see an additional page in Internet Explorer 11, stating that a site has been opened using Microsoft Edge with Enterprise Mode.

If you enable this policy setting, employees see an additional page in Internet Explorer 11, stating that a site has been opened using Microsoft Edge with Enterprise Mode.

If you disable or don't configure this policy setting, the default app behavior occurs and no additional page appears. | -|Turn off automatic download of the ActiveX VersionList |Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management |At least Windows Internet Explorer 8 |This policy setting allows you to decide whether Internet Explorer automatically downloads updated versions of Microsoft's VersionList.XML file. This file tells Internet Explorer whether to stop specific ActiveX controls from loading.

If you enable this policy setting, Internet Explorer stops automatically downloading updated versions of the VersionList.XML file.

If you disable or don’t configure this setting, Internet Explorer continues to download updated versions of the VersionList.XML file.

**Important:**
Stopping this file from updating breaks the out-of-date ActiveX control blocking feature, potentially compromising the security of the device. For more info, see the Out-of-Date ActiveX Control Blocking (https://technet.microsoft.com/en-us/itpro/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking) topic. | +|Turn off automatic download of the ActiveX VersionList |Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management |At least Windows Internet Explorer 8 |This policy setting allows you to decide whether Internet Explorer automatically downloads updated versions of Microsoft's VersionList.XML file. This file tells Internet Explorer whether to stop specific ActiveX controls from loading.

If you enable this policy setting, Internet Explorer stops automatically downloading updated versions of the VersionList.XML file.

If you disable or don’t configure this setting, Internet Explorer continues to download updated versions of the VersionList.XML file.

**Important:**
Stopping this file from updating breaks the out-of-date ActiveX control blocking feature, potentially compromising the security of the device. For more info, see the Out-of-Date ActiveX Control Blocking (https://technet.microsoft.com/itpro/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking) topic. | |Turn off loading websites and content in the background to optimize performance |Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |IE11 on Windows 10 |This policy setting determines whether Internet Explorer preemptively loads websites and content in the background, speeding up performance such that when the user clicks a hyperlink, the background page seamlessly switches into view.

If you enable this policy setting, IE doesn't load any websites or content in the background.

If you disable this policy setting, IE preemptively loads websites and content in the background.

If you don’t configure this policy setting, users can turn this behavior on or off, using IE settings. This feature is turned on by default. | |Turn off phone number detection |Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing |IE11 on Windows 10 |This policy setting determines whether phone numbers are recognized and turned into hyperlinks, which can be used to invoke the default phone application on the system.

If you enable this policy setting, phone number detection is turned off. Users won’t be able to modify this setting.

If you disable this policy setting, phone number detection is turned on. Users won’t be able to modify this setting.

If you don't configure this policy setting, users can turn this behavior on or off, using IE settings. The default is on. | |Turn off sending URL path as UTF-8 |User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\URL Encoding |At least Windows Internet Explorer 7 |This policy setting determines whether to let IE send the path portion of a URL using the UTF-8 standard. This standard defines characters so they're readable in any language and lets you exchange Internet addresses (URLs) with characters included in any language.

If you enable this policy setting, UTF-8 is not allowed. Users won't be able to change this setting.

If you disable this policy setting, UTF-8 is allowed. Users won't be able to change this setting.

If you don't configure this policy setting, users can turn this behavior on or off. | diff --git a/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md b/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md index 66a5d8b70b..a834636814 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md +++ b/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md @@ -115,7 +115,7 @@ Out-of-date ActiveX control blocking is turned off in the Local Intranet Zone an |--------|--------------|-------------|----------| |Turn on ActiveX control logging in IE |`Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management` |Internet Explorer 8 through IE11 |This setting determines whether IE saves log information for ActiveX controls.

If you enable this setting, IE logs ActiveX control information (including the source URI that loaded the control and whether it was blocked) to a local file.

If you disable or don't configure this setting, IE won't log ActiveX control information.

Note that you can turn this setting on or off regardless of the **Turn off blocking of outdated ActiveX controls for IE** or **Turn off blocking of outdated ActiveX controls for IE on specific domains** settings. | |Remove the **Run this time** button for outdated ActiveX controls in IE |`Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management`|Internet Explorer 8 through IE11 |This setting allows you stop users from seeing the **Run this time** button and from running specific outdated ActiveX controls in IE.

If you enable this setting, users won't see the **Run this time** button on the warning message that appears when IE blocks an outdated ActiveX control.

If you disable or don't configure this setting, users will see the **Run this time** button on the warning message that appears when IE blocks an outdated ActiveX control. Clicking this button lets the user run the outdated ActiveX control once. | -|Turn off blocking of outdated ActiveX controls for IE on specific domains |`Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management` |Internet Explorer 8 through IE11 |This setting allows you to manage a list of domains on which IE will stop blocking outdated ActiveX controls. Outdated ActiveX controls are never blocked in the Intranet Zone.

If you enable this setting, you can enter a custom list of domains for which outdated ActiveX controls won't be blocked in IE. Each domain entry must be formatted like one of the following:

  • **"domainname.TLD".** For example, if you want to include `*.contoso.com/*`, use "contoso.com".
  • **"hostname".** For example, if you want to include `http://example`, use "example".
  • **"file:///path/filename.htm"**. For example, use `file:///C:/Users/contoso/Desktop/index.htm`.

If you disable or don't configure this setting, the list is deleted and IE continues to block specific outdated ActiveX controls on all domains in the Internet Zone. | +|Turn off blocking of outdated ActiveX controls for IE on specific domains |`Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management` |Internet Explorer 8 through IE11 |This setting allows you to manage a list of domains on which IE will stop blocking outdated ActiveX controls. Outdated ActiveX controls are never blocked in the Intranet Zone.

If you enable this setting, you can enter a custom list of domains for which outdated ActiveX controls won't be blocked in IE. Each domain entry must be formatted like one of the following:

  • **"domainname.TLD".** For example, if you want to include `*.contoso.com/*`, use "contoso.com".
  • **"hostname".** For example, if you want to include `https://example`, use "example".
  • **"file:///path/filename.htm"**. For example, use `file:///C:/Users/contoso/Desktop/index.htm`.

If you disable or don't configure this setting, the list is deleted and IE continues to block specific outdated ActiveX controls on all domains in the Internet Zone. | |Turn off blocking of outdated ActiveX controls for IE |`Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management` |Internet Explorer 8 through IE11 |This setting determines whether IE blocks specific outdated ActiveX controls. Outdated ActiveX controls are never blocked in the Intranet Zone.

If you enable this setting, IE stops blocking outdated ActiveX controls.

If you disable or don't configure this setting, IE continues to block specific outdated ActiveX controls. | |Remove the **Update** button in the out-of-date ActiveX control blocking notification for IE |This functionality is only available through the registry |Internet Explorer 8 through IE11 |This setting determines whether the out-of-date ActiveX control blocking notification shows the **Update** button. This button points users to update specific out-of-date ActiveX controls in IE. | @@ -145,8 +145,8 @@ Here’s a detailed example and description of what’s included in the VersionA |Source URI |File path |Product version |File version |Allowed/Blocked |Reason |EPM-compatible | |-----------|----------|----------------|-------------|----------------|-------|---------------| -|`http://contoso.com/test1.html` |C:\Windows\System32\Macromed\Flash\Flash.ocx |14.0.0.125 |14.0.0.125 |Allowed |Not in blocklist |EPM-compatible | -|`http://contoso.com/test2.html` |C:\Program Files\Java\jre6\bin\jp2iexp.dll |6.0.410.2 |6.0.410.2 |Blocked |Out of date |Not EPM-compatible | +|`https://contoso.com/test1.html` |C:\Windows\System32\Macromed\Flash\Flash.ocx |14.0.0.125 |14.0.0.125 |Allowed |Not in blocklist |EPM-compatible | +|`https://contoso.com/test2.html` |C:\Program Files\Java\jre6\bin\jp2iexp.dll |6.0.410.2 |6.0.410.2 |Blocked |Out of date |Not EPM-compatible | **Where:** - **Source URI.** The URL of the page that loaded the ActiveX control. diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md index e3c64ee2bb..896d0512a7 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md +++ b/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md @@ -17,7 +17,7 @@ You can use the Group Policy setting, **Set a default associations configuration **To set the default browser as Internet Explorer 11** -1. Open your Group Policy editor and go to the **Computer Configuration\\Policies\\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file** setting.

+1. Open your Group Policy editor and go to the **Computer Configuration\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file** setting.

Turning this setting on also requires you to create and store a default associations configuration file, locally or on a network share. For more information about creating this file, see [Export or Import Default Application Associations]( https://go.microsoft.com/fwlink/p/?LinkId=618268). ![set default associations group policy setting](images/setdefaultbrowsergp.png) diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md index 8653264774..a72a457d0a 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md +++ b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md @@ -111,7 +111,7 @@ The required packages are automatically downloaded and included in the solution. 1. Open a registry editor on the computer where you deployed the app, go to the `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode` key, and change the **Enable** string to: - ``` "Enable"="http:///api/records/" + ``` "Enable"="https:///api/records/" ``` Where `` points to your deployment URL. @@ -125,7 +125,7 @@ The required packages are automatically downloaded and included in the solution. **To view the report results** -- Go to `http:///List` to see the report results.

+- Go to `https:///List` to see the report results.

If you’re already on the webpage, you’ll need to refresh the page to see the results. ![Enterprise Mode Result report with details](images/ie-emie-reportwdetails.png) diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md index bb8a401b5c..47c4caf92b 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md +++ b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md @@ -176,7 +176,7 @@ Using the IIS Manager, you must restart both your Application Pool and your webs After you've created your database and website, you'll need to register yourself (or another employee) as an administrator for the Enterprise Mode Site List Portal. **To register as an administrator** -1. Open Microsoft Edge and type your website URL into the Address bar. For example, http://emieportal:8085. +1. Open Microsoft Edge and type your website URL into the Address bar. For example, https://emieportal:8085. 2. Click **Register now**. @@ -184,7 +184,7 @@ After you've created your database and website, you'll need to register yourself 4. Click **Administrator** from the **Role** box, and then click **Save**. -5. Append your website URL with `/#/EMIEAdminConsole` in the Address bar to go to your administrator console. For example, http://emieportal:8085/#/EMIEAdminConsole. +5. Append your website URL with `/#/EMIEAdminConsole` in the Address bar to go to your administrator console. For example, https://emieportal:8085/#/EMIEAdminConsole. A dialog box appears, prompting you for the system user name and password. The default user name is EMIEAdmin and the default password is Admin123. We strongly recommend that you change the password by using the **Change password** link as soon as you're done with your first visit. diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md index ea5b7d450b..ea9a56a081 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md +++ b/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md @@ -46,9 +46,9 @@ Besides turning on this feature, you also have the option to provide a URL for E Your **Value data** location can be any of the following types: -- **URL location (like, http://www.emieposturl.com/api/records or http://localhost:13000)**. IE sends a POST message to the URL every time a change is made to Enterprise Mode from the **Tools** menu.

**Important**
-The `http://www.emieposturl.com/api/records` example will only work if you’ve downloaded the sample discussed in the [Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md) topic. If you don’t have the sample, you won’t have the web API. -- **Local network location (like, http://*emieposturl*/)**. IE sends a POST message to your specified local network location every time a change is made to Enterprise Mode from the **Tools** menu. +- **URL location (like, https://www.emieposturl.com/api/records or https://localhost:13000)**. IE sends a POST message to the URL every time a change is made to Enterprise Mode from the **Tools** menu.

**Important**
+The `https://www.emieposturl.com/api/records` example will only work if you’ve downloaded the sample discussed in the [Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md) topic. If you don’t have the sample, you won’t have the web API. +- **Local network location (like, https://*emieposturl*/)**. IE sends a POST message to your specified local network location every time a change is made to Enterprise Mode from the **Tools** menu. - **Empty string**. If you leave the **Value data** box blank; your employees will be able to turn Enterprise Mode on and off from the **Tools** menu, but you won’t collect any logging data. For information about how to collect the data provided when your employees turn Enterprise Mode on or off from the **Tools** menu, see [Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md). diff --git a/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md index bd859900d1..61997d30d7 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md +++ b/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md @@ -8,7 +8,7 @@ ms.prod: ie11 ms.assetid: 3c77e9f3-eb21-46d9-b5aa-f9b2341cfefa title: Enterprise Mode and the Enterprise Mode Site List (Internet Explorer 11 for IT Pros) ms.sitesec: library -ms.date: 12/04/2017 +ms.date: 10/25/2018 --- @@ -25,17 +25,15 @@ ms.date: 12/04/2017 Internet Explorer and Microsoft Edge can work together to support your legacy web apps, while still defaulting to the higher bar for security and modern experiences enabled by Microsoft Edge. Working with multiple browsers can be difficult, particularly if you have a substantial number of internal sites. To help manage this dual-browser experience, we are introducing a new web tool specifically targeted towards larger organizations: the [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal). ## Available dual-browser experiences -Based on the size of your legacy web app dependency, determined by the data collected with [Windows Upgrade Analytics](https://blogs.windows.com/windowsexperience/2016/09/26/new-windows-10-and-office-365-features-for-the-secure-productive-enterprise/), there are several options from which you can choose to configure your enterprise browsing environment: +If you have specific websites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the websites automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work correctly with Microsoft Edge, you can set all intranet sites to open using IE11 automatically. -- Use Microsoft Edge as your primary browser. +Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11. -- Use Microsoft Edge as your primary browser and use Enterprise Mode to open sites in Internet Explorer 11 (IE11) that use IE proprietary technologies. +>[!TIP] +> If you are running an earlier version of Internet Explorer, we recommend upgrading to IE11, so that any legacy apps continue to work correctly. -- Use Microsoft Edge as your primary browser and open all intranet sites in IE11. +For Windows 10 and Windows 10 Mobile, Microsoft Edge is the default browser experience. However, Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or included on your Enterprise Mode Site List. -- Use IE11 as your primary browser and use Enterprise Mode to open sites in Microsoft Edge that use modern web technologies. - -For more info about when to use which option, and which option is best for you, see the [Continuing to make it easier for Enterprise customers to upgrade to Internet Explorer 11 — and Windows 10](https://blogs.windows.com/msedgedev/2015/11/23/windows-10-1511-enterprise-improvements) blog. ## What is Enterprise Mode? Enterprise Mode, a compatibility mode that runs on Internet Explorer 11 on Windows 10, Windows 8.1, and Windows 7 devices, lets websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8. Running in this mode helps to avoid many of the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer. @@ -65,7 +63,7 @@ The Enterprise Mode Site List is an XML document that specifies a list of sites, Starting with Windows 10, version 1511 (also known as the Anniversary Update), you can also [restrict IE11 to only the legacy web apps that need it](https://blogs.windows.com/msedgedev/2016/05/19/edge14-ie11-better-together/), automatically sending sites not included in the Enterprise Mode Site List to Microsoft Edge. ### Site list xml file -This is a view of the [raw EMIE v2 schema.xml file](https://gist.github.com/kypflug/9e9961de771d2fcbd86b#file-emie-v2-schema-xml). There are equivalent Enterprise Mode Site List policies for both [Microsoft Edge](https://docs.microsoft.com/en-us/microsoft-edge/deploy/emie-to-improve-compatibility) and [Internet Explorer 11](turn-on-enterprise-mode-and-use-a-site-list.md). The Microsoft Edge list is used to determine which sites should open in IE11; while the IE11 list is used to determine the compat mode for a site, and which sites should open in Microsoft Edge. We recommend using one list for both browsers, where each policy points to the same XML file location. +This is a view of the [raw EMIE v2 schema.xml file](https://gist.github.com/kypflug/9e9961de771d2fcbd86b#file-emie-v2-schema-xml). There are equivalent Enterprise Mode Site List policies for both [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/emie-to-improve-compatibility) and [Internet Explorer 11](turn-on-enterprise-mode-and-use-a-site-list.md). The Microsoft Edge list is used to determine which sites should open in IE11; while the IE11 list is used to determine the compat mode for a site, and which sites should open in Microsoft Edge. We recommend using one list for both browsers, where each policy points to the same XML file location. ```xml diff --git a/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md b/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md index 9809598bf3..ae241bde6a 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md +++ b/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md @@ -46,7 +46,7 @@ Wait for the message, **Blocking deployment of IE11 on the local machine. The op For answers to frequently asked questions, see [Internet Explorer 11 Blocker Toolkit: Frequently Asked Questions](https://go.microsoft.com/fwlink/p/?LinkId=314063). -## Automatic updates +## Automatic updates Internet Explorer 11 makes browsing the web faster, easier, safer, and more reliable than ever. To help customers become more secure and up-to-date, Microsoft will distribute Internet Explorer 11 through Automatic Updates and the Windows Update and Microsoft Update sites. Internet Explorer 11 will be available for users of the 32-bit and 64-bit versions of Windows 7 Service Pack 1 (SP1), and 64-bit version of Windows Server 2008 R2 SP1. This article provides an overview of the delivery process and options available for IT administrators to control how and when Internet Explorer 11 is deployed to their organization through Automatic Updates. ### Automatic delivery process @@ -56,8 +56,8 @@ Internet Explorer 11 replaces Internet Explorer 8, Internet Explorer 9, or Inter ### Internet Explorer 11 automatic upgrades -Internet Explorer 11 is offered through Automatic Updates and Windows Update as an Important update. Users running Windows 7 SP1, who have chosen to download and install updates automatically through Windows Update, are automatically upgraded to Internet Explorer 11. - +Internet Explorer 11 is offered through Automatic Updates and Windows Update as an Important update. Users running Windows 7 SP1, who have chosen to download and install updates automatically through Windows Update, are automatically upgraded to Internet Explorer 11. + Users who were automatically upgraded to Internet Explorer 11 can decide to uninstall Internet Explorer 11. However, Internet Explorer 11 will still appear as an optional update through Windows Update. ### Options for blocking automatic delivery @@ -65,15 +65,15 @@ Users who were automatically upgraded to Internet Explorer 11 can decide to unin If you use Automatic Updates in your company, but want to stop your users from automatically getting Internet Explorer 11, do one of the following: - **Download and use the Internet Explorer 11 Blocker Toolkit.** Includes a Group Policy template and a script that permanently blocks Internet Explorer 11 from being offered by Windows Update or Microsoft Update as a high-priority update. You can download this kit from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=40722). - - >[!NOTE] - >The toolkit won't stop users with local administrator accounts from manually installing Internet Explorer 11. Using this toolkit also prevents your users from receiving automatic upgrades from Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 to Internet Explorer 11. For more information, see the [Internet Explorer 11 Blocker Toolkit frequently asked questions](#faq). - -- **Use an update management solution to control update deployment.** If you already use an update management solution, like [Windows Server Update Services (WSUS)](https://docs.microsoft.com/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) or the more advanced [System Center 2012 Configuration Manager](http://go.microsoft.com/fwlink/?LinkID=276664), you should use that instead of the Internet Explorer Blocker Toolkit. ->[!NOTE] ->If you use WSUS to manage updates, and Update Rollups are configured for automatic installation, Internet Explorer will automatically install throughout your company. - + >[!NOTE] + >The toolkit won't stop users with local administrator accounts from manually installing Internet Explorer 11. Using this toolkit also prevents your users from receiving automatic upgrades from Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 to Internet Explorer 11. For more information, see the [Internet Explorer 11 Blocker Toolkit frequently asked questions](#faq). + +- **Use an update management solution to control update deployment.** If you already use an update management solution, like [Windows Server Update Services (WSUS)](https://docs.microsoft.com/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) or the more advanced [System Center 2012 Configuration Manager](https://go.microsoft.com/fwlink/?LinkID=276664), you should use that instead of the Internet Explorer Blocker Toolkit. + +>[!NOTE] +>If you use WSUS to manage updates, and Update Rollups are configured for automatic installation, Internet Explorer will automatically install throughout your company. + ### Prevent automatic installation of Internet Explorer 11 with WSUS @@ -88,7 +88,7 @@ Internet Explorer 11 will be released to WSUS as an Update Rollup package. There 4. Click the rule that automatically approves an update that is classified as Update Rollup, and then click **Edit.** >[!NOTE] - >If you don’t see a rule like this, you most likely haven’t configured WSUS to automatically approve Update Rollups for installation. In this situation, you don’t have to do anything else. + >If you don’t see a rule like this, you most likely haven’t configured WSUS to automatically approve Update Rollups for installation. In this situation, you don’t have to do anything else. 5. Click the **Update Rollups** property under the **Step 2: Edit the properties (click an underlined value)** section. diff --git a/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md b/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md index 4d0aae1968..304aac3c88 100644 --- a/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md +++ b/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md @@ -145,14 +145,14 @@ Yes. You can use IEAK 11 to build custom Internet Explorer 11 packages in any of IEAK 11 is available in 24 languages but can build customized Internet Explorer 11 packages in all languages of the supported operating systems. Select a language below and download IEAK 11 from the download center: | | | | |---------|---------|---------| -|[English](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/en-us/ieak.msi) |[French](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/fr-fr/ieak.msi) |[Norwegian (Bokmål)](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/nb-no/ieak.msi) | -|[Arabic](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ar-sa/ieak.msi) |[Chinese (Simplified)](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/zh-cn/ieak.msi) |[Chinese(Traditional)](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/zh-tw/ieak.msi) | -|[Czech](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/cs-cz/ieak.msi) |[Danish](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/da-dk/ieak.msi) |[Dutch](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/nl-nl/ieak.msi) | -|[Finnish](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/fi-fi/ieak.msi) |[German](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/de-de/ieak.msi) |[Greek](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/el-gr/ieak.msi) | -|[Hebrew](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/he-il/ieak.msi) |[Hungarian](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/hu-hu/ieak.msi) |[Italian](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/it-it/ieak.msi) | -|[Japanese](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ja-jp/ieak.msi) |[Korean](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ko-kr/ieak.msi) |[Polish](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pl-pl/ieak.msi) | -|[Portuguese (Brazil)](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pt-br/ieak.msi) |[Portuguese (Portugal)](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pt-pt/ieak.msi) |[Russian](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ru-ru/ieak.msi) | -|[Spanish](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/es-es/ieak.msi) |[Swedish](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/sv-se/ieak.msi) |[Turkish](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/tr-tr/ieak.msi) | +|[English](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/en-us/ieak.msi) |[French](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/fr-fr/ieak.msi) |[Norwegian (Bokmål)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/nb-no/ieak.msi) | +|[Arabic](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ar-sa/ieak.msi) |[Chinese (Simplified)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/zh-cn/ieak.msi) |[Chinese(Traditional)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/zh-tw/ieak.msi) | +|[Czech](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/cs-cz/ieak.msi) |[Danish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/da-dk/ieak.msi) |[Dutch](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/nl-nl/ieak.msi) | +|[Finnish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/fi-fi/ieak.msi) |[German](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/de-de/ieak.msi) |[Greek](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/el-gr/ieak.msi) | +|[Hebrew](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/he-il/ieak.msi) |[Hungarian](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/hu-hu/ieak.msi) |[Italian](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/it-it/ieak.msi) | +|[Japanese](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ja-jp/ieak.msi) |[Korean](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ko-kr/ieak.msi) |[Polish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pl-pl/ieak.msi) | +|[Portuguese (Brazil)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pt-br/ieak.msi) |[Portuguese (Portugal)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pt-pt/ieak.msi) |[Russian](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ru-ru/ieak.msi) | +|[Spanish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/es-es/ieak.msi) |[Swedish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/sv-se/ieak.msi) |[Turkish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/tr-tr/ieak.msi) | diff --git a/browsers/internet-explorer/ie11-faq/faq-ieak11.md b/browsers/internet-explorer/ie11-faq/faq-ieak11.md index 3798a051af..59d6f5be4a 100644 --- a/browsers/internet-explorer/ie11-faq/faq-ieak11.md +++ b/browsers/internet-explorer/ie11-faq/faq-ieak11.md @@ -7,7 +7,7 @@ author: shortpatti ms.author: pashort ms.manager: elizapo ms.prod: ie11 -ms.assetid: +ms.assetid: title: IEAK 11 - Frequently Asked Questions ms.sitesec: library ms.date: 05/10/2018 @@ -31,21 +31,21 @@ You can customize and install IEAK 11 on the following supported operating syste - Windows 7 Service Pack 1 (SP1) -- Windows Server 2008 R2 Service Pack 1 (SP1) - +- Windows Server 2008 R2 Service Pack 1 (SP1) + >[!Note] >IEAK 11 does not support building custom packages for Windows RT.   **What can I customize with IEAK 11?** -The IEAK 11 enables you to customize branding and settings for Internet Explorer 11. For PCs running Windows 7, the custom package also includes the Internet Explorer executable. +The IEAK 11 enables you to customize branding and settings for Internet Explorer 11. For PCs running Windows 7, the custom package also includes the Internet Explorer executable. >[!Note] >Internet Explorer 11 is preinstalled on PCs running Windows 8. Therefore, the executable is not included in the customized package. **Can IEAK 11 build custom Internet Explorer 11 packages in languages other than the language of the in-use IEAK 11 version?** -Yes. You can use IEAK 11 to build custom Internet Explorer 11 packages in any of the supported 24 languages. You'll select the language for the custom package on the Language Selection page of the customization wizard. +Yes. You can use IEAK 11 to build custom Internet Explorer 11 packages in any of the supported 24 languages. You'll select the language for the custom package on the Language Selection page of the customization wizard. >[!Note] >IEAK 11 is available in 24 languages but can build customized Internet Explorer 11 packages in all languages of the supported operating systems. To download IEAK 11, see [Internet Explorer Administration Kit (IEAK) information and downloads](../ie11-ieak/ieak-information-and-downloads.md). @@ -99,19 +99,19 @@ Yes. You can use IEAK 11 to build custom Internet Explorer 11 packages in any of IEAK 11 is available in 24 languages but can build customized Internet Explorer 11 packages in all languages of the supported operating systems. Select a language below and download IEAK 11 from the download center: | | | | |---------|---------|---------| -|[English](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/en-us/ieak.msi) |[French](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/fr-fr/ieak.msi) |[Norwegian (Bokmål)](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/nb-no/ieak.msi) | -|[Arabic](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ar-sa/ieak.msi) |[Chinese (Simplified)](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/zh-cn/ieak.msi) |[Chinese(Traditional)](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/zh-tw/ieak.msi) | -|[Czech](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/cs-cz/ieak.msi) |[Danish](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/da-dk/ieak.msi) |[Dutch](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/nl-nl/ieak.msi) | -|[Finnish](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/fi-fi/ieak.msi) |[German](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/de-de/ieak.msi) |[Greek](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/el-gr/ieak.msi) | -|[Hebrew](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/he-il/ieak.msi) |[Hungarian](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/hu-hu/ieak.msi) |[Italian](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/it-it/ieak.msi) | -|[Japanese](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ja-jp/ieak.msi) |[Korean](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ko-kr/ieak.msi) |[Polish](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pl-pl/ieak.msi) | -|[Portuguese (Brazil)](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pt-br/ieak.msi) |[Portuguese (Portugal)](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pt-pt/ieak.msi) |[Russian](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ru-ru/ieak.msi) | -|[Spanish](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/es-es/ieak.msi) |[Swedish](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/sv-se/ieak.msi) |[Turkish](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/tr-tr/ieak.msi) | +|[English](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/en-us/ieak.msi) |[French](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/fr-fr/ieak.msi) |[Norwegian (Bokmål)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/nb-no/ieak.msi) | +|[Arabic](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ar-sa/ieak.msi) |[Chinese (Simplified)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/zh-cn/ieak.msi) |[Chinese(Traditional)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/zh-tw/ieak.msi) | +|[Czech](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/cs-cz/ieak.msi) |[Danish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/da-dk/ieak.msi) |[Dutch](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/nl-nl/ieak.msi) | +|[Finnish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/fi-fi/ieak.msi) |[German](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/de-de/ieak.msi) |[Greek](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/el-gr/ieak.msi) | +|[Hebrew](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/he-il/ieak.msi) |[Hungarian](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/hu-hu/ieak.msi) |[Italian](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/it-it/ieak.msi) | +|[Japanese](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ja-jp/ieak.msi) |[Korean](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ko-kr/ieak.msi) |[Polish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pl-pl/ieak.msi) | +|[Portuguese (Brazil)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pt-br/ieak.msi) |[Portuguese (Portugal)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pt-pt/ieak.msi) |[Russian](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ru-ru/ieak.msi) | +|[Spanish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/es-es/ieak.msi) |[Swedish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/sv-se/ieak.msi) |[Turkish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/tr-tr/ieak.msi) | ## Additional resources [Download IEAK 11](https://technet.microsoft.com/microsoft-edge/bb219517) -[IEAK 11 overview](https://technet.microsoft.com/microsoft-edge/dn532244) +[IEAK 11 overview](https://technet.microsoft.com/microsoft-edge/dn532244) [IEAK 11 product documentation](https://docs.microsoft.com/internet-explorer/ie11-ieak/index) [IEAK 11 licensing guidelines](../ie11-ieak/licensing-version-and-features-ieak11.md) diff --git a/browsers/internet-explorer/ie11-ieak/auto-config-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/auto-config-ieak11-wizard.md index b31c220601..440d2c7fc1 100644 --- a/browsers/internet-explorer/ie11-ieak/auto-config-ieak11-wizard.md +++ b/browsers/internet-explorer/ie11-ieak/auto-config-ieak11-wizard.md @@ -42,7 +42,7 @@ You can use the Domain Name System (DNS) and the Dynamic Host Configuration Prot - Type the location to your automatic proxy script file. **Note**
- If you specify URLs for both auto-config and auto-proxy, the auto-proxy URL will be incorporated into the .ins file. The correct form for the URL is `http://share/test.ins`. + If you specify URLs for both auto-config and auto-proxy, the auto-proxy URL will be incorporated into the .ins file. The correct form for the URL is `https://share/test.ins`. 3. Click **Next** to go to the [Proxy Settings](proxy-settings-ieak11-wizard.md) page or **Back** to go to the [Connection Settings](connection-settings-ieak11-wizard.md) page. diff --git a/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md b/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md index 0752aaac38..b14d4aa1ce 100644 --- a/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md +++ b/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md @@ -36,9 +36,9 @@ DHCP has a higher priority than DNS for automatic configuration. If DHCP provide - Open the [DHCP Administrative Tool](https://go.microsoft.com/fwlink/p/?LinkId=302212), create a new option type, using the code number 252, and then associate it with the URL to your configuration file. For detailed instructions about how to do this, see [Create an option 252 entry in DHCP](https://go.microsoft.com/fwlink/p/?LinkId=294649). **Examples:**
- `http://www.microsoft.com/webproxy.pac`
- `http://marketing/config.ins`
- `http://123.4.567.8/account.pac`

+ `https://www.microsoft.com/webproxy.pac`
+ `https://marketing/config.ins`
+ `https://123.4.567.8/account.pac`

For more detailed info about how to set up your DHCP server, see your server documentation. **To set up automatic detection for DNS servers** @@ -55,5 +55,5 @@ Create a canonical name (CNAME) alias record, named **WPAD**. This record lets y 2. After the database file propagates to the server, the DNS name, `wpad..com` resolves to the server name that includes your automatic configuration file. **Note**
-IE11 creates a default URL template based on the host name,**wpad**. For example, `http://wpad..com/wpad.dat`. Because of this, you need to set up a file or redirection point in your web server **WPAD** record, named **wpad.dat**. The **wpad.dat** record delivers the contents of your automatic configuration file. +IE11 creates a default URL template based on the host name,**wpad**. For example, `https://wpad..com/wpad.dat`. Because of this, you need to set up a file or redirection point in your web server **WPAD** record, named **wpad.dat**. The **wpad.dat** record delivers the contents of your automatic configuration file. diff --git a/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md index 9d4d9f6b4f..f404bf78cf 100644 --- a/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md +++ b/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md @@ -16,5 +16,5 @@ Provide the URL to your branding cabinet (.cab) file. |Name |Value | Description | |-----------|--------------------------------|--------------------------------------------------------------| -|Branding |`` |The location of your branding cabinet (.cab) file. For example, http://www.<your_server>.net/cabs/branding.cab.| +|Branding |`` |The location of your branding cabinet (.cab) file. For example, https://www.<your_server>.net/cabs/branding.cab.| diff --git a/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md b/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md index a4bbac4b2e..fde8b84b67 100644 --- a/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md +++ b/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md @@ -21,7 +21,7 @@ You can customize Automatic Search so that your employees can type a single word **To set up Automatic Search** -1. Create a script (.asp) file that conditionally looks for search terms, and post it to an intranet server here: http://ieautosearch/response.asp?MT=%1&srch=%2.

+1. Create a script (.asp) file that conditionally looks for search terms, and post it to an intranet server here: https://ieautosearch/response.asp?MT=%1&srch=%2.

For info about the acceptable values for the *%1* and *%2* parameters, see the [Automatic Search parameters](#automatic-search-parameters). For an example of the script file, see the [Sample Automatic Search script](#sample-automatic-search-script).

**Important**
If you aren’t using IIS in your company, you’ll need to remap this URL to your script file’s location. @@ -72,18 +72,18 @@ searchOption = Request.QueryString("srch") ' about filling out an expense report if (search = "NEW HIRE") then -Response.Redirect("http://admin/hr/newhireforms.htm") +Response.Redirect("https://admin/hr/newhireforms.htm") elseif (search = "LIBRARY CATALOG") then -Response.Redirect("http://library/catalog") +Response.Redirect("https://library/catalog") elseif (search = "EXPENSE REPORT") then -Response.Redirect("http://expense") +Response.Redirect("https://expense") elseif (search = "LUNCH MENU") then -Response.Redirect("http://cafe/menu/") +Response.Redirect("https://cafe/menu/") else ' If there is not a match, use the ' default IE autosearch server -Response.Redirect("http://auto.search.msn.com/response.asp?MT=" +Response.Redirect("https://auto.search.msn.com/response.asp?MT=" + search + "&srch=" + searchOption + "&prov=&utf8") end if diff --git a/browsers/internet-explorer/ie11-ieak/ieak-information-and-downloads.md b/browsers/internet-explorer/ie11-ieak/ieak-information-and-downloads.md index 21b4aa46b2..0e0ea99ea5 100644 --- a/browsers/internet-explorer/ie11-ieak/ieak-information-and-downloads.md +++ b/browsers/internet-explorer/ie11-ieak/ieak-information-and-downloads.md @@ -2,12 +2,12 @@ ms.localizationpriority: medium ms.mktglfcycl: support ms.pagetype: security -description: The Internet Explorer Administration Kit (IEAK) simplifies the creation, deployment, and management of customized Internet Explorer packages. You can use the IEAK to configure the out-of-box Internet Explorer experience or to manage user settings after Internet Explorer deployment. +description: The Internet Explorer Administration Kit (IEAK) simplifies the creation, deployment, and management of customized Internet Explorer packages. Use the IEAK to configure the out-of-box Internet Explorer experience or to manage user settings after Internet Explorer deployment. author: shortpatti ms.author: pashort -ms.manager: elizapo +ms.manager: dougkim ms.prod: ie11 -ms.assetid: +ms.assetid: title: Internet Explorer Administration Kit (IEAK) information and downloads ms.sitesec: library ms.date: 05/10/2018 @@ -15,8 +15,11 @@ ms.date: 05/10/2018 # Internet Explorer Administration Kit (IEAK) information and downloads +>Applies to: Windows 10 + The Internet Explorer Administration Kit (IEAK) simplifies the creation, deployment, and management of customized Internet Explorer packages. You can use the IEAK to configure the out-of-box Internet Explorer experience or to manage user settings after Internet Explorer deployment. To find more information on the IEAK, see [What IEAK can do for you](what-ieak-can-do-for-you.md). + ## Internet Explorer Administration Kit 11 (IEAK 11) [IEAK 11 documentation](index.md) @@ -34,13 +37,13 @@ To download, choose to **Open** the download or **Save** it to your hard drive f | | | | |---------|---------|---------| -|[English](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/en-us/ieak.msi) |[French](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/fr-fr/ieak.msi) |[Norwegian (Bokmål)](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/nb-no/ieak.msi) | -|[Arabic](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ar-sa/ieak.msi) |[German](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/de-de/ieak.msi) |[Polish](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pl-pl/ieak.msi) | -|[Chinese (Simplified)](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/zh-cn/ieak.msi) |[Greek](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/el-gr/ieak.msi) |[Portuguese (Brazil)](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pt-br/ieak.msi) | -|[Chinese (Traditional)](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/zh-tw/ieak.msi) |[Hebrew](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/he-il/ieak.msi) |[Portuguese (Portugal)](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pt-pt/ieak.msi) | -|[Czech](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/cs-cz/ieak.msi) |[Hungarian](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/hu-hu/ieak.msi) |[Russian](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ru-ru/ieak.msi) | -|[Danish](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/da-dk/ieak.msi) |[Italian](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/it-it/ieak.msi) |[Spanish](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/es-es/ieak.msi) | -|[Dutch](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/nl-nl/ieak.msi) |[Japanese](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ja-jp/ieak.msi) |[Swedish](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/sv-se/ieak.msi) | -|[Finnish](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/fi-fi/ieak.msi) |[Korean](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ko-kr/ieak.msi) |[Turkish](http://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/tr-tr/ieak.msi) | +|[English](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/en-us/ieak.msi) |[French](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/fr-fr/ieak.msi) |[Norwegian (Bokmål)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/nb-no/ieak.msi) | +|[Arabic](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ar-sa/ieak.msi) |[German](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/de-de/ieak.msi) |[Polish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pl-pl/ieak.msi) | +|[Chinese (Simplified)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/zh-cn/ieak.msi) |[Greek](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/el-gr/ieak.msi) |[Portuguese (Brazil)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pt-br/ieak.msi) | +|[Chinese (Traditional)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/zh-tw/ieak.msi) |[Hebrew](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/he-il/ieak.msi) |[Portuguese (Portugal)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/pt-pt/ieak.msi) | +|[Czech](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/cs-cz/ieak.msi) |[Hungarian](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/hu-hu/ieak.msi) |[Russian](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ru-ru/ieak.msi) | +|[Danish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/da-dk/ieak.msi) |[Italian](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/it-it/ieak.msi) |[Spanish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/es-es/ieak.msi) | +|[Dutch](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/nl-nl/ieak.msi) |[Japanese](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ja-jp/ieak.msi) |[Swedish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/sv-se/ieak.msi) | +|[Finnish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/fi-fi/ieak.msi) |[Korean](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/ko-kr/ieak.msi) |[Turkish](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/tr-tr/ieak.msi) | diff --git a/browsers/internet-explorer/ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md index 60b082565b..604489d8fc 100644 --- a/browsers/internet-explorer/ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md +++ b/browsers/internet-explorer/ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md @@ -17,7 +17,7 @@ The **Important URLS – Home Page and Support** page of the Internet Explorer C **To use the Important URLS – Home Page and Support page** 1. In the **Add a homepage URL** box, type the URL to the page your employees go to when they click the **Home** button, and then click **Add**.

-If you add multiple **Home** pages, each page appears on a separate tab in the browser. If you don’t add a custom **Home** page, IE uses http://www.msn.com by default. If you want to delete an existing page, click the URL and then click **Remove**. +If you add multiple **Home** pages, each page appears on a separate tab in the browser. If you don’t add a custom **Home** page, IE uses https://www.msn.com by default. If you want to delete an existing page, click the URL and then click **Remove**. 2. Check the **Retain previous Home Page (Upgrade)** box if you have employees with previous versions of IE, who need to keep their **Home** page settings when the browser is updated. diff --git a/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md b/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md index c69fbd1f67..056ef076a4 100644 --- a/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md +++ b/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md @@ -1,20 +1,19 @@ --- ms.localizationpriority: medium ms.mktglfcycl: plan -description: Learn about which version of the IEAK 11 you should run, based on your license agreement. +description: Learn about the version of the IEAK 11 you should run, based on your license agreement. author: pashort ms.author: shortpatti -ms.manager: elizapo ms.prod: ie11, ieak11 ms.assetid: 69d25451-08af-4db0-9daa-44ab272acc15 title: Determine the licensing version and features to use in IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros) ms.sitesec: library -ms.date: 05/02/2018 +ms.date: 10/23/2018 --- # Determine the licensing version and features to use in IEAK 11 -In addition to the Software License Terms for the Internet Explorer Administration Kit 11 (IEAK 11) (IEAK 11, the "software"), these Guidelines further define how you may and may not use the software to create versions of Internet Explorer 11 with optional customizations (the "customized browser") for internal use and distribution in accordance with the IEAK 11 Software License Terms. IEAK 11 is for testing purposes only and is not intended to be used in a production environment. +In addition to the Software License Terms for the Internet Explorer Administration Kit 11 (IEAK 11, referred to as the "software"), these Guidelines further define how you may and may not use the software to create versions of Internet Explorer 11 with optional customizations (referred to as the "customized browser") for internal use and distribution in accordance with the IEAK 11 Software License Terms. IEAK 11 is for testing purposes only and is not intended to be used in a production environment. During installation, you must pick a version of IEAK 11, either **External** or **Internal**, based on your license agreement. Your version selection decides the options you can chose, the steps you follow to deploy your Internet Explorer 11 package, and how you manage the browser after deployment. @@ -26,34 +25,36 @@ During installation, you must pick a version of IEAK 11, either **External** or ## Available features by version -|Internal |External | -|------------------------------------------|------------------------------------------| -|Welcome screen |Welcome screen | -|File locations |File locations | -|Platform selection |Platform selection | -|Language selection |Language selection | -|Package type selection |Package type selection | -|Feature selection |Feature selection | -|Automatic Version Synchronization (AVS) |Automatic Version Synchronization (AVS) | -|Custom components |Custom components | -|Internal install |Not available | -|User experience |Not available | -|Browser user interface |Browser user interface | -|Search providers |Search providers | -|Important URLs – Home page and support |Important URLs – Home page and support | -|Accelerators |Accelerators | -|Favorites, Favorites bar, and feeds |Favorites, Favorites bar, and feeds | -|Browsing options |Not available | -|First Run wizard and Welcome page options |First Run wizard and Welcome page options | -|Connection manager |Connection manager | -|Connection settings |Connection settings | -|Automatic configuration |Not available | -|Proxy settings |Proxy settings | -|Security and privacy settings |Not available | -|Add a root certificate |Not available | -|Programs |Programs | -|Additional settings |Not available | -|Wizard complete |Wizard complete | +| Feature | Internal | External | +| ---------------------------------------- | :---------------------------------------------: | :----------------------------------------------: | +|Welcome screen | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | +|File locations | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | +|Platform selection | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | +|Language selection | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | +|Package type selection | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | +|Feature selection | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | +|Automatic Version Synchronization (AVS) | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | +|Custom components | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | +|Internal install | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | ![Not available](https://docs.microsoft.com/microsoft-edge/deploy/images/148766.png) | +|User experience | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | ![Not available](https://docs.microsoft.com/microsoft-edge/deploy/images/148766.png) | +|Browser user interface | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | +|Search providers | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | +|Important URLs – Home page and support | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | +|Accelerators | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | +|Favorites, Favorites bar, and feeds | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | +|Browsing options | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | ![Not available](https://docs.microsoft.com/microsoft-edge/deploy/images/148766.png) | +|First Run wizard and Welcome page options | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | +|Connection manager | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | +|Connection settings | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | +|Automatic configuration | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | ![Not available](https://docs.microsoft.com/microsoft-edge/deploy/images/148766.png) | +|Proxy settings | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | +|Security and privacy settings | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | ![Not available](https://docs.microsoft.com/microsoft-edge/deploy/images/148766.png) | +|Add a root certificate | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | ![Not available](https://docs.microsoft.com/microsoft-edge/deploy/images/148766.png) | +|Programs | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | +|Additional settings | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | ![Not available](https://docs.microsoft.com/microsoft-edge/deploy/images/148766.png) | +|Wizard complete | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | ![Available](https://docs.microsoft.com/microsoft-edge/deploy/images/148767.png) | +--- + ## Customization guidelines @@ -68,7 +69,7 @@ Two installation modes are available to you, depending on how you are planning t The table below identifies which customizations you may or may not perform based on the mode you selected. | **Feature Name** | **External Distribution** | **Internal Distribution** | -|---------------------------------|----------------------|-------------------| +|---------------------------------|:--------------------:|:-------------------:| | **Custom Components** | Yes | Yes | | **Title Bar** | Yes | Yes | | **Favorites** | One folder, containing any number of links. | Any number of folders/links. | @@ -96,7 +97,7 @@ Support for some of the Internet Explorer settings on the wizard pages varies de Two installation modes are available to you, depending on how you are planning to use the customized browser created with the software. Each mode requires a separate installation of the software. - **External Distribution** - You shall use commercially reasonable efforts to maintain the quality of (i) any non-Microsoft software distributed with Internet Explorer 11, and (ii) any media used for distribution (for example, optical media, flash drives), at a level that meets or exceeds the highest industry standards. If you distribute add-ons with Internet Explorer 11, those add-ons must comply with the [!INCLUDE [microsoft-browser-extension-policy-include](../../edge/microsoft-browser-extension-policy-include.md)]. + You shall use commercially reasonable efforts to maintain the quality of (i) any non-Microsoft software distributed with Internet Explorer 11, and (ii) any media used for distribution (for example, optical media, flash drives), at a level that meets or exceeds the highest industry standards. If you distribute add-ons with Internet Explorer 11, those add-ons must comply with the [Microsoft browser extension policy](https://docs.microsoft.com/legal/windows/agreements/microsoft-browser-extension-policy). - **Internal Distribution - corporate intranet** - The software is solely for use by your employees within your company's organization and affiliated companies through your corporate intranet. Neither you nor any of your employees may permit redistribution of the software to or for use by third parties other than for third parties such as consultants, contractors, and temporary staff accessing your corporate intranet. \ No newline at end of file + The software is solely for use by your employees within your company's organization and affiliated companies through your corporate intranet. Neither you nor any of your employees may permit redistribution of the software to or for use by third parties other than for third parties such as consultants, contractors, and temporary staff accessing your corporate intranet. diff --git a/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md b/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md index 9a57aef1fa..5e04f4e473 100644 --- a/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md +++ b/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md @@ -127,7 +127,7 @@ In this example, the proxy server is selected by translating the host name into ``` javascript function FindProxyForURL(url, host) { - if (dnsResolve(host) == "999.99.99.999") { // = http://secproxy + if (dnsResolve(host) == "999.99.99.999") { // = https://secproxy return "PROXY secproxy:8080"; } else { diff --git a/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md index c29f790845..22252bf546 100644 --- a/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md +++ b/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md @@ -21,7 +21,7 @@ Using a proxy server lets you limit access to the Internet. You can also use the 1. Check the **Enable proxy settings** box if you want to use proxy servers for any of your services. 2. Type the address of the proxy server you want to use for your services into the **Address of proxy** box. In most cases, a single proxy server is used for all of your services.

-Proxy locations that don’t begin with a protocol (like, http:// or ftp://) are assumed to be a CERN-type HTTP proxy. For example, the entry *proxy* is treated the same as the entry `http://proxy`. +Proxy locations that don’t begin with a protocol (like, https:// or ftp://) are assumed to be a CERN-type HTTP proxy. For example, the entry *proxy* is treated the same as the entry `https://proxy`. 3. Type the port for each service. The default value is *80*. @@ -30,7 +30,7 @@ Proxy locations that don’t begin with a protocol (like, http:// or ftp://) are 5. Type any services that shouldn’t use a proxy server into the **Do not use proxy server for addresses beginning with** box.

When filling out your exceptions, keep in mind: - - Proxy bypass entries can begin with a protocol type, such as http://, https://, or ftp://. However, if a protocol type is used, the exception entry applies only to requests for that protocol. + - Proxy bypass entries can begin with a protocol type, such as https://, https://, or ftp://. However, if a protocol type is used, the exception entry applies only to requests for that protocol. - Protocol values are not case sensitive and you can use a wildcard character (*) in place of zero or more characters. diff --git a/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md index 0e48aa99c7..3633d298c1 100644 --- a/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md +++ b/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md @@ -25,7 +25,7 @@ The **Search Provider** box appears. 3. In the **Display Name** box, type the text that appears in the **Search Options** menu for the search provider. -4. In the **URL** box, type the full URL to the search provider, including the http:// prefix. +4. In the **URL** box, type the full URL to the search provider, including the https:// prefix. 5. In the **Favicon URL** box, type the full URL to any icon to associate with your provider. diff --git a/browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md b/browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md index 2526c4f33b..8f9826a8b5 100644 --- a/browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md +++ b/browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md @@ -57,7 +57,7 @@ Internet Explorer Setup can switch servers during the installation process to ma To address connection issues (for example, as a result of server problems) where Setup can’t locate another download site by default, we recommend you overwrite your first download server using this workaround: ``` syntax -\ie11setup.exe /C:"ie11wzd.exe /S:""\ie11setup.exe"" /L:""http://your_Web_server/your_Web_site/ie11sites.dat""" +\ie11setup.exe /C:"ie11wzd.exe /S:""\ie11setup.exe"" /L:""https://your_Web_server/your_Web_site/ie11sites.dat""" ``` Where `` represents the folder location where you stored IE11setup.exe. diff --git a/browsers/internet-explorer/nndxczrp.ojy.json b/browsers/internet-explorer/nndxczrp.ojy.json deleted file mode 100644 index 824a00e16b..0000000000 Binary files a/browsers/internet-explorer/nndxczrp.ojy.json and /dev/null differ diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md index 49d9417151..b314f85b52 100644 --- a/devices/hololens/TOC.md +++ b/devices/hololens/TOC.md @@ -1,7 +1,9 @@ # [Microsoft HoloLens](index.md) ## [What's new in Microsoft HoloLens](hololens-whats-new.md) ## [HoloLens in the enterprise: requirements and FAQ](hololens-requirements.md) +## [Insider preview for Microsoft HoloLens](hololens-insider.md) ## [Set up HoloLens](hololens-setup.md) +## [Install localized version of HoloLens](hololens-install-localized.md) ## [Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md) ## [Enroll HoloLens in MDM](hololens-enroll-mdm.md) ## [Manage updates to HoloLens](hololens-updates.md) @@ -9,8 +11,6 @@ ## [Share HoloLens with multiple people](hololens-multiple-users.md) ## [Configure HoloLens using a provisioning package](hololens-provisioning.md) ## [Install apps on HoloLens](hololens-install-apps.md) -## [Preview new mixed reality apps for HoloLens](hololens-public-preview-apps.md) -### [Microsoft Remote Assist app](hololens-microsoft-remote-assist-app.md) -### [Microsoft Layout app](hololens-microsoft-layout-app.md) ## [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) +## [How HoloLens stores data for spaces](hololens-spaces.md) ## [Change history for Microsoft HoloLens documentation](change-history-hololens.md) \ No newline at end of file diff --git a/devices/hololens/change-history-hololens.md b/devices/hololens/change-history-hololens.md index 68f9c695ce..1fc820a243 100644 --- a/devices/hololens/change-history-hololens.md +++ b/devices/hololens/change-history-hololens.md @@ -9,13 +9,40 @@ author: jdeckerms ms.author: jdecker ms.topic: article ms.localizationpriority: medium -ms.date: 06/04/2018 +ms.date: 11/05/2018 --- # Change history for Microsoft HoloLens documentation This topic lists new and updated topics in the [Microsoft HoloLens documentation](index.md). +## Windows 10 Holographic for Business, version 1809 + +The topics in this library have been updated for Windows 10 Holographic for Business, version 1809. + +## November 2018 + +New or changed topic | Description +--- | --- +[How HoloLens stores data for spaces](hololens-spaces.md) | New + + +## October 2018 + +New or changed topic | Description +--- | --- +[Preview new mixed reality apps for HoloLens](hololens-public-preview-apps.md) | Removed, and redirected to [Mixed reality apps](https://docs.microsoft.com/dynamics365/#pivot=mixed-reality-apps) +[Microsoft Remote Assist app](hololens-microsoft-remote-assist-app.md) | Removed, and redirected to [Overview of Dynamics 365 Remote Assist](https://docs.microsoft.com/dynamics365/mixed-reality/remote-assist/) +[Microsoft Dynamics 365 Layout app](hololens-microsoft-dynamics-365-layout-app.md) | Removed, and redirected to [Overview of Dynamics 365 Layout](https://docs.microsoft.com/dynamics365/mixed-reality/layout/) +[Insider preview for Microsoft HoloLens](hololens-insider.md) | Added instructions for opting out of Insider builds. + + +## July 2018 + +New or changed topic | Description +--- | --- +Insider preview for Microsoft HoloLens | New (topic retired on release of Windows 10, version 1809) + ## June 2018 New or changed topic | Description diff --git a/devices/hololens/hololens-encryption.md b/devices/hololens/hololens-encryption.md index 8210e1f2fb..bbb59099b1 100644 --- a/devices/hololens/hololens-encryption.md +++ b/devices/hololens/hololens-encryption.md @@ -21,40 +21,21 @@ You can enable [Bitlocker device encryption](https://docs.microsoft.com/windows/ You can use your mobile device management (MDM) provider to apply a policy that requires device encryption. The policy used is the [Security/RequireDeviceEncryption setting](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-security#security-requiredeviceencryption) in the Policy CSP. -In the following steps, Microsoft Intune is used as the example. For other MDM tools, see your MDM provider's documentation for instructions. +[See instructions for enabling device encryption using Microsoft Intune.](https://docs.microsoft.com/intune/compliance-policy-create-windows#windows-holographic-for-business) -1. Sign in to the [Microsoft Azure portal](https://portal.azure.com/). +For other MDM tools, see your MDM provider's documentation for instructions. If your MDM provider requires custom URI for device encryption, use the following configuration: -2. Use **Search** or go to **More services** to open the Intune blade. - -3. Go to **Device configuration > Profiles**, and select **Create profile**. - - ![Intune create profile option](images/encrypt-create-profile.png) - -4. Enter a name of your choice, select **Windows 10 and later** for the platform, select **Custom** for the profile type, and then select **Add**. - - ![Intune custom setting screen](images/encrypt-custom.png) - -5. In **Add Row OMA-URI Settings**, enter or select the following information: - - **Name**: a name of your choice - - **Description**: optional - - **OMA-URI**: `./Vendor/MSFT/Policy/Config/Security/RequireDeviceEncryption` - - **Data type**: integer - - **Value**: `1` - - ![Intune OMA-URI settings for encryption](images/encrypt-oma-uri.png) - -6. Select **OK**, select **OK**, and then select **Create**. The blade for the profile opens automatically. - -7. Select **Assignments** to assign the profile to a group. After you configure the assignment, select **Save**. - -![Intune profile assignment screen](images/encrypt-assign.png) +- **Name**: a name of your choice +- **Description**: optional +- **OMA-URI**: `./Vendor/MSFT/Policy/Config/Security/RequireDeviceEncryption` +- **Data type**: integer +- **Value**: `1` ## Enable device encryption using a provisioning package Provisioning packages are files created by the Windows Configuration Designer tool that apply a specified configuration to a device. -### Create a provisioning package that upgrades the Windows Holographic edition +### Create a provisioning package that upgrades the Windows Holographic edition and enables encryption 1. [Create a provisioning package for HoloLens.](hololens-provisioning.md) diff --git a/devices/hololens/hololens-insider.md b/devices/hololens/hololens-insider.md new file mode 100644 index 0000000000..3a90c8fe68 --- /dev/null +++ b/devices/hololens/hololens-insider.md @@ -0,0 +1,52 @@ +--- +title: Insider preview for Microsoft HoloLens (HoloLens) +description: It’s simple to get started with Insider builds and to provide valuable feedback for our next major operating system update for HoloLens. +ms.prod: hololens +ms.sitesec: library +author: jdeckerms +ms.author: jdecker +ms.topic: article +ms.localizationpriority: medium +ms.date: 10/23/2018 +--- + +# Insider preview for Microsoft HoloLens + +Welcome to the latest Insider Preview builds for HoloLens! It’s simple to get started and provide valuable feedback for our next major operating system update for HoloLens. + + + + +## How do I install the Insider builds? + +On a device running the Windows 10 April 2018 Update, go to **Settings -> Update & Security -> Windows Insider Program** and select **Get started**. Link the account you used to register as a Windows Insider. + +Then, select **Active development of Windows**, choose whether you’d like to receive **Fast** or **Slow** builds, and review the program terms. + +Select **Confirm -> Restart Now** to finish up. After your device has rebooted, go to **Settings -> Update & Security -> Check for updates** to get the latest build. + +## How do I stop receiving Insider builds? + +If you no longer want to receive Insider builds of Windows Holographic, you can opt out when your HoloLens is running a production build, or you can [recover your device](https://docs.microsoft.com/windows/mixed-reality/reset-or-recover-your-hololens#perform-a-full-device-recovery) using the Windows Device Recovery Tool to recover your device to a non-Insider version of Windows Holographic. + +To verify that your HoloLens is running a production build: +- Go to **Settings > System > About**, and find the build number. +- If the build number is 10.0.17763.1, your HoloLens is running a production build. [See the list of production build numbers.](https://www.microsoft.com/itpro/windows-10/release-information) + +To opt out of Insider builds: +- On a HoloLens running a production build, go to **Settings > Update & Security > Windows Insider Program**, and select **Stop Insider builds**. +- Follow the instructions to opt out your device. + + + +## Note for developers + +You are welcome and encouraged to try developing your applications using Insider builds of HoloLens. Check out the [HoloLens Developer Documentation](https://developer.microsoft.com/windows/mixed-reality/development) to get started. Those same instructions work with Insider builds of HoloLens. You can use the same builds of Unity and Visual Studio that you're already using for HoloLens development. + +## Provide feedback and report issues + +Please use [the Feedback Hub app](https://docs.microsoft.com/windows/mixed-reality/give-us-feedback) on your HoloLens or Windows 10 PC to provide feedback and report issues. Using Feedback Hub ensures that all necessary diagnostics information is included to help our engineers quickly debug and resolve the problem. Issues with the Chinese and Japanese version of HoloLens should be reported the same way. + +>[!NOTE] +>Be sure to accept the prompt that asks whether you’d like Feedback Hub to access your Documents folder (select **Yes** when prompted). + diff --git a/devices/hololens/hololens-install-apps.md b/devices/hololens/hololens-install-apps.md index 3de34452cf..05d7673aa2 100644 --- a/devices/hololens/hololens-install-apps.md +++ b/devices/hololens/hololens-install-apps.md @@ -8,7 +8,7 @@ author: jdeckerms ms.author: jdecker ms.topic: article ms.localizationpriority: medium -ms.date: 12/20/2017 +ms.date: 10/23/2018 --- # Install apps on HoloLens @@ -83,7 +83,7 @@ Using Intune, you can also [monitor your app deployment](https://docs.microsoft. ![App Manager](images/apps.png) -5. In **Install app**, select an **app package** from a folder on your computer or network. If the app package requires additional software, click **Add dependency**. +5. In **Install app**, select an **app package** from a folder on your computer or network. If the app package requires additional software, such as dependency frameworks, select **I want to specify framework packages**. 6. In **Deploy**, click **Go** to deploy the app package and added dependencies to the connected HoloLens. diff --git a/devices/hololens/hololens-install-localized.md b/devices/hololens/hololens-install-localized.md new file mode 100644 index 0000000000..8e5a72150a --- /dev/null +++ b/devices/hololens/hololens-install-localized.md @@ -0,0 +1,35 @@ +--- +title: Install localized versions of HoloLens (HoloLens) +description: Learn how to install the Chinese or Japanese versions of HoloLens +ms.prod: hololens +ms.mktglfcycl: manage +ms.sitesec: library +author: jdeckerms +ms.author: jdecker +ms.topic: article +ms.localizationpriority: medium +ms.date: 11/13/2018 +--- + +# Install localized versions of HoloLens + +In order to switch to the Chinese or Japanese version of HoloLens, you’ll need to download the build for the language on a PC and then install it on your HoloLens using the Windows Device Recovery Tool (WDRT). + +>[!IMPORTANT] +>Installing the Chinese or Japanese builds of HoloLens using WDRT will delete existing data, like personal files and settings, from your HoloLens. + + +2. On your PC, download and install [the Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379). +3. Download the package for the language you want to your PC: [Simplified Chinese](https://aka.ms/hololensdownload-ch) or [Japanese](https://aka.ms/hololensdownload-jp). +4. When the download is finished, select **File Explorer > Downloads**. Right-click the zipped folder you just downloaded, and select **Extract all... > Extract** to unzip it. +5. Connect your HoloLens to your PC using the micro-USB cable it came with. (Even if you've been using other cables to connect your HoloLens, this one works best.)  +6. The tool will automatically detect your HoloLens. Select the Microsoft HoloLens tile. +7. On the next screen, select **Manual package selection** and choose the installation file contained in the folder you unzipped in step 4. (Look for a file with the extension “.ffu”.) +8. Select **Install software** and follow the instructions to finish installing. +9. Once the build is installed, HoloLens setup will start automatically. Put on the device and follow the setup directions. + + +## Note for language support + +- You can’t change the system language between English, Japanese, and Chinese using the Settings app. Flashing a new build is the only supported way to change the device system language. +- While you can enter Simplified Chinese / Japanese text using the on-screen Pinyin keyboard, typing in Simplified Chinese / Japanese using a Bluetooth hardware keyboard is not supported at this time. However, on Chinese/Japanese HoloLens, you can continue to use a BT keyboard to type in English (the ~ key on a hardware keyboard toggles the keyboard to type in English). diff --git a/devices/hololens/hololens-kiosk.md b/devices/hololens/hololens-kiosk.md index 9b54f8a335..c888927596 100644 --- a/devices/hololens/hololens-kiosk.md +++ b/devices/hololens/hololens-kiosk.md @@ -7,7 +7,7 @@ author: jdeckerms ms.author: jdecker ms.topic: article ms.localizationpriority: medium -ms.date: 05/22/2018 +ms.date: 11/13/2018 --- # Set up HoloLens in kiosk mode @@ -20,7 +20,17 @@ When HoloLens is configured as a multi-app kiosk, only the allowed apps are avai Single-app kiosk mode starts the specified app when the user signs in, and restricts the user's ability to launch new apps or change the running app. When single-app kiosk mode is enabled for HoloLens, the bloom gesture and Cortana are disabled, and placed apps aren't shown in the user's surroundings. -The [AssignedAccess Configuration Service Provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) enables kiosk configuration. +The following table lists the device capabilities in the different kiosk modes. + +Kiosk mode | Voice and Bloom commands | Quick actions menu | Camera and video | Miracast +--- | --- | --- | --- | --- +Single-app kiosk | ![no](images/crossmark.png) | ![no](images/crossmark.png) | ![no](images/crossmark.png) | ![no](images/crossmark.png) +Multi-app kiosk | ![yes](images/checkmark.png) | ![yes](images/checkmark.png) with **Home** and **Volume** (default)

Photo and video buttons shown in Quick actions menu if the Camera app is enabled in the kiosk configuration.

Miracast is shown if the Camera app and device picker app are enabled in the kiosk configuration. | ![yes](images/checkmark.png) if the Camera app is enabled in the kiosk configuration. | ![yes](images/checkmark.png) if the Camera app and device picker app are enabled in the kiosk configuration. + +>[!NOTE] +>Use the Application User Model ID (AUMID) to allow apps in your kiosk configuration. The Camera app AUMID is `HoloCamera_cw5n1h2txyewy!HoloCamera`. The device picker app AUMID is `HoloDevicesFlow_cw5n1h2txyewy!HoloDevicesFlow`. + +The [AssignedAccess Configuration Service Provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) enables kiosk configuration. >[!WARNING] >The assigned access feature which enables kiosk mode is intended for corporate-owned fixed-purpose devices. When the multi-app assigned access configuration is applied on the device, certain policies are enforced system-wide, and will impact other users on the device. Deleting the multi-app configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all [the enforced policies](https://docs.microsoft.com/windows/configuration/lock-down-windows-10-to-specific-apps#policies-set-by-multi-app-kiosk-configuration). A factory reset is needed to clear all the policies enforced via assigned access. diff --git a/devices/hololens/hololens-microsoft-layout-app.md b/devices/hololens/hololens-microsoft-layout-app.md deleted file mode 100644 index 4f5540e858..0000000000 --- a/devices/hololens/hololens-microsoft-layout-app.md +++ /dev/null @@ -1,73 +0,0 @@ ---- -title: Microsoft Layout -description: How to get and deploy the Microsoft Layout app throughout your organization -ms.prod: hololens -ms.sitesec: library -author: alhopper-msft -ms.author: alhopper -ms.topic: article -ms.localizationpriority: medium -ms.date: 05/21/2018 ---- -# Microsoft Layout - -Bring designs from concept to completion with confidence and speed. Import 3D models to easily create room layouts in real-world scale. Experience designs as high-quality holograms in physical space or virtual reality and edit with stakeholders in real time. With Microsoft Layout, see ideas in context, saving valuable time and money. - -## Device options and technical requirements - -Below are the device options, and technical requirements, to use and deploy Microsoft Layout throughout your organization. - -### Device options - -Microsoft Layout works with a HoloLens, or with a Windows Mixed Reality headset with motion controllers. - -#### HoloLens requirements - -| OS requirements | Details | -|:----------------------------------|:-----------------------------------------------------------| -| Build 10.0.17134.77 or above | See [Update HoloLens](https://support.microsoft.com/help/12643/hololens-update-hololens) for instructions on upgrading to this build. | - -#### Windows Mixed Reality headset requirements - -| Requirements | Details | -|:----------------------------------------------|:-----------------------------------------------------------| -| Windows 10 PC with build 16299.0 or higher | The Windows 10 PC hardware must be able to support the headset. See [Windows Mixed Reality PC hardware guidelines](https://support.microsoft.com/en-us/help/4039260/windows-10-mixed-reality-pc-hardware-guidelines) for specific hardware requirements. We recommend following the **Windows Mixed Reality Ultra** hardware guidelines. | -| Motion controllers | Motion controllers are hardware accessories that allow users to take action in mixed reality. See [Motion controllers](https://docs.microsoft.com/en-us/windows/mixed-reality/motion-controllers) to learn more. | - -### Technical requirements - -Have the following technical requirements in place to start using Microsoft Layout. - -| Requirement | Details | Learn more | -|:----------------------------------|:------------------|:------------------| -| Azure Active Directory (Azure AD) | Required for app distribution through the [Microsoft Store for Business](https://docs.microsoft.com/en-us/microsoft-store/sign-up-microsoft-store-for-business). If you choose not to distribute the app through the Microsoft Store for Business, users can also install Layout on a HoloLens or PC from the [Microsoft Store](https://www.microsoft.com/en-us/store/apps). | [Get started with Azure AD](https://docs.microsoft.com/en-us/azure/active-directory/get-started-azure-ad) | -| Network connectivity | Internet access is required to download the app, and utilize all of its features. There are no bandwidth requirements. | | -| Apps for sharing | Video calling or screen sharing requires a separate app, such as Microsoft Remote Assist on HoloLens, or Skype or Skype for Business on Windows Mixed Reality headsets.

A Windows 10 PC that meets the Windows Mixed Reality Ultra specifications is also required for video calling or screen sharing when using Layout with a Windows Mixed Reality headset. | [Remote Assist](hololens-microsoft-remote-assist-app.md)

[Windows Mixed Reality PC hardware guidelines](https://support.microsoft.com/en-us/help/4039260/windows-10-mixed-reality-pc-hardware-guidelines) | -| Import Tool for Microsoft Layout | The Import Tool for Microsoft Layout is a companion app for Layout that makes model optimization and management easy. The Import Tool runs on Windows 10 PCs, and is required to transfer existing 3D models from your PC to Microsoft Layout, so they can be viewed and edited from the HoloLens or mixed reality headset. The Import Tool is also required to transfer Visio space dimensions to the HoloLens or Windows Mixed Reality headset. | [Import Tool for Microsoft Layout](#get-and-deploy-the-import-tool-for-microsoft-layout) | - -## Get and deploy Microsoft Layout - -Microsoft Layout is available from the Microsoft Store for Business for free for a limited time: - -1. Go to the [Microsoft Layout](https://businessstore.microsoft.com/en-us/store/details/app/9NSJN53K3GFJ) app in the Microsoft Store for Business. -1. Click **Get the app**. Microsoft Layout is added to the **Products and Services** tab for your private store. -1. Users can open the **Products and Services** tab to install the app to their device, or you can deploy the app throughout your organization using MDM. See [Install apps on HoloLens](hololens-install-apps.md) for further instructions on deploying apps. - -For a limited time, users can also [Get Microsoft Layout from the Microsoft Store](https://www.microsoft.com/store/productId/9NSJN53K3GFJ) for free. - -### Get and deploy the Import Tool for Microsoft Layout - -The **Import Tool for Microsoft Layout** is a companion app for Layout that makes model optimization and management easy. The Import Tool runs on Windows 10 PCs, and is required to transfer existing 3D models from your PC to Microsoft Layout, for viewing and editing on Microsoft HoloLens or a Windows Mixed Reality headset. - -The companion app is available in both the Microsoft Store for Business, and the Microsoft Store, for free for a limited time: - -* [Get the Microsoft Layout Import Tool](https://businessstore.microsoft.com/en-us/store/details/app/9N88Q3RXPLP0) from the Microsoft Store for Business. See [Distribute apps to your employees from Microsoft Store for Business](https://docs.microsoft.com/en-us/microsoft-store/distribute-apps-to-your-employees-microsoft-store-for-business) for instructions on using the Microsoft Store for Business, and/or MDM, to deploy Windows 10 apps throughout your organization. -* Alternately, have your users [Get the Microsoft Layout Import Tool](https://www.microsoft.com/store/productId/9N88Q3RXPLP0) from the Microsoft Store to install the app on their Windows 10 PC. - -## Use Microsoft Layout - -For guidance on using the features of the Microsoft Layout app, please see [Set up and use Microsoft Layout](https://support.microsoft.com/help/4294437). - -## Questions and support - -You can ask questions and engage with our team in the [Mixed Reality Tech Community](https://techcommunity.microsoft.com/t5/Mixed-Reality/ct-p/MixedReality). \ No newline at end of file diff --git a/devices/hololens/hololens-microsoft-remote-assist-app.md b/devices/hololens/hololens-microsoft-remote-assist-app.md deleted file mode 100644 index 221c650ada..0000000000 --- a/devices/hololens/hololens-microsoft-remote-assist-app.md +++ /dev/null @@ -1,64 +0,0 @@ ---- -title: Microsoft Remote Assist -description: How to get and deploy the Microsoft Remote Assist app throughout your organization -ms.prod: hololens -ms.sitesec: library -author: alhopper-msft -ms.author: alhopper -ms.topic: article -ms.localizationpriority: medium -ms.date: 05/22/2018 ---- -# Microsoft Remote Assist - -Collaborate remotely with heads-up, hands-free video calling, image sharing, and mixed reality annotations. Firstline workers can share what they see with any expert on Microsoft Teams, while staying hands on to solve problems and complete tasks together, faster. Backed by enterprise-level security, Microsoft Remote Assist enables communication with peace of mind. - -## Technical requirements - -Below are the technical requirements to deploy and use Microsoft Remote Assist throughout your organization. - -### Device requirements - -| Device | OS requirements | Details | -|:---------------------------|:----------------------------------|:-----------------------------------------------------------| -| HoloLens | Build 10.0.14393.0 or above | See [Manage updates to HoloLens](https://docs.microsoft.com/en-us/HoloLens/hololens-updates) for instructions on using Windows Update for Business, MDM, and Windows Server Update Service (WSUS) to deploy updates to HoloLens. | -| Windows 10 PC (optional) | Any Windows 10 build | A Windows 10 PC can collaborate with the HoloLens using Microsoft Teams. | - -> [!Note] -> HoloLens build 10.0.14393.0 is the minimum that supports Remote Assist. We recommend updating the HoloLens to newer versions when they are available. - -### Licensing & product requirements - -| Product required | Details | Learn more | -|:----------------------------------|:------------------|:------------------| -| Azure Active Directory (Azure AD) | Required to log users into the Remote Assist app through Microsoft Teams. Also required for app distribution through the [Microsoft Store for Business](https://docs.microsoft.com/en-us/microsoft-store/sign-up-microsoft-store-for-business). If you choose not to distribute the app through the Microsoft Store for Business, users can alternately install Remote Assist on a HoloLens or PC from the [Microsoft Store](https://www.microsoft.com/en-us/store/apps). | [Get started with Azure AD](https://docs.microsoft.com/en-us/azure/active-directory/get-started-azure-ad) | -| Microsoft Teams | Microsoft Teams facilitates communication in Remote Assist. Microsoft Teams must be installed on any device that will make calls to the HoloLens. | [Overview of Microsoft Teams](https://docs.microsoft.com/en-us/MicrosoftTeams/teams-overview) | -| Microsoft Office 365 | Because Microsoft Teams is part of Office 365, each user who will make calls from their PC/phone to the HoloLens will need an Office 365 license. | [Office 365 licensing for Microsoft Teams](https://docs.microsoft.com/en-us/MicrosoftTeams/office-365-licensing) | - -### Network requirements - -1.5 MB/s is the recommended bandwidth for optimal performance of Microsoft Remote Assist. Though audio/video calls may be possible in environments with reduced bandwidth, you may experience HoloLens feature degradation, limiting the user experience. To test your company’s network bandwidth, follow these steps: - - 1. Have a Teams user video call another Teams user. - 2. Add another separate video call between a 3rd and 4th user, and another for a 5th and 6th user. - 3. Continue adding video callers to stress test your network bandwidth until confident that multiple users can successfully connect on video calls at the same time. - -See [Preparing your organization's network for Microsoft Teams](https://docs.microsoft.com/en-us/MicrosoftTeams/prepare-network) to learn more. - -## Get and deploy Microsoft Remote Assist - -Microsoft Remote Assist is available from the Microsoft Store for Business for free for a limited time: - -1. Go to the [Microsoft Remote Assist](https://businessstore.microsoft.com/en-us/store/details/app/9PPJSDMD680S) app in the Microsoft Store for Business. -1. Click **Get the app**. Microsoft Remote Assist is added to the **Products and Services** tab for your private store. -1. Users can open the **Products and Services** tab to install the app to their device, or you can deploy the app throughout your organization using MDM. See [Install apps on HoloLens](hololens-install-apps.md) for further instructions on deploying apps. - -For a limited time, users can also [Get Microsoft Remote Assist from the Microsoft Store](https://www.microsoft.com/store/productId/9PPJSDMD680S) for free. - -## Use Microsoft Remote Assist - -For guidance on using the features of the Microsoft Remote Assist app, please see [Set up and use Microsoft Remote Assist](https://support.microsoft.com/en-us/help/4294812). - -## Questions and support - -You can ask questions and engage with our team in the [Mixed Reality Tech Community](https://techcommunity.microsoft.com/t5/Mixed-Reality/ct-p/MixedReality). diff --git a/devices/hololens/hololens-provisioning.md b/devices/hololens/hololens-provisioning.md index c1a90edadb..3ef1fa581c 100644 --- a/devices/hololens/hololens-provisioning.md +++ b/devices/hololens/hololens-provisioning.md @@ -7,7 +7,7 @@ author: jdeckerms ms.author: jdecker ms.topic: article ms.localizationpriority: medium -ms.date: 04/30/2018 +ms.date: 11/13/2018 --- # Configure HoloLens using a provisioning package @@ -49,8 +49,7 @@ Provisioning packages can include management instructions and policies, customiz > [!TIP] > Use the desktop wizard to create a package with the common settings, then switch to the advanced editor to add other settings, apps, policies, etc. -> ->![open advanced editor](images/icd-simple-edit.png) + ### Create the provisioning package @@ -73,12 +72,12 @@ Use the Windows Configuration Designer tool to create a provisioning package. - - + + - - + +
![step one](images/one.png)![set up device](images/set-up-device.png)

Browse to and select the enterprise license file to upgrade the HoloLens edition.

You can also toggle **Yes** or **No** to hide parts of the first experience.

Select a region and timezone in which the device will be used. 		![Select enterprise licence file and configure OOBE](images/set-up-device-details.png)
![step two](images/two.png) ![set up network](images/set-up-network.png)

Toggle **On** or **Off** for wireless network connectivity. If you select **On**, enter the SSID, the network type (**Open** or **WPA2-Personal**), and (if **WPA2-Personal**) the password for the wireless network.		![Enter network SSID and type](images/set-up-network-details-desktop.png)
![step one](images/one.png)![set up device](images/set-up-device.png)

Browse to and select the enterprise license file to upgrade the HoloLens edition.

You can also toggle **Yes** or **No** to hide parts of the first experience.

To setup the device without the need to connect to a Wi-Fi network, toggle **Skip Wi-Fi setup** to **On**.

Select a region and timezone in which the device will be used. 		![Select enterprise licence file and configure OOBE](images/set-up-device-details.png)
![step two](images/two.png) ![set up network](images/set-up-network.png)

In this section, you can enter the details of the Wi-Fi wireless network that the device should connect to automatically. To do this, select **On**, enter the SSID, the network type (**Open** or **WPA2-Personal**), and (if **WPA2-Personal**) the password for the wireless network.		![Enter network SSID and type](images/set-up-network-details-desktop.png)
![step three](images/three.png) ![account management](images/account-management.png)

You can enroll the device in Azure Active Directory, or create a local account on the device

Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](https://docs.microsoft.com/azure/active-directory/active-directory-azureadjoin-setup). The **maximum number of devices per user** setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 30 days from the date you get the token). Click **Get bulk token**. In the **Let's get you signed in** window, enter an account that has permissions to join a device to Azure AD, and then the password. Click **Accept** to give Windows Configuration Designer the necessary permissions.

To create a local account, select that option and enter a user name and password.

**Important:** (For Windows 10, version 1607 only) If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in. 		![join Azure AD or create a local account](images/account-management-details.png)
![step four](images/four.png) ![add certificates](images/add-certificates.png)

To provision the device with a certificate, click **Add a certificate**. Enter a name for the certificate, and then browse to and select the certificate to be used.		![add a certificate](images/add-certificates-details.png)
![Developer Setup](images/developer-setup.png)

Toggle **Yes** or **No** to enable Developer Mode on the HoloLens. [Learn more about Developer Mode.](https://docs.microsoft.com/windows/uwp/get-started/enable-your-device-for-development#developer-mode)		![Enable Developer Mode](images/developer-setup-details.png)
![finish](images/finish.png)

Do not set a password to protect your provisioning package. If the provisioning package is protected by a password, provisioning the HoloLens device will fail.		![Protect your package](images/finish-details.png)
![step five](images/five.png) ![Developer Setup](images/developer-setup.png)

Toggle **Yes** or **No** to enable Developer Mode on the HoloLens. [Learn more about Developer Mode.](https://docs.microsoft.com/windows/uwp/get-started/enable-your-device-for-development#developer-mode)		![Enable Developer Mode](images/developer-setup-details.png)
![step six](images/six.png) ![finish](images/finish.png)

Do not set a password to protect your provisioning package. If the provisioning package is protected by a password, provisioning the HoloLens device will fail.		![Protect your package](images/finish-details.png)
After you're done, click **Create**. It only takes a few seconds. When the package is built, the location where the package is stored is displayed as a hyperlink at the bottom of the page. @@ -137,7 +136,7 @@ After you're done, click **Create**. It only takes a few seconds. When the packa 10. When the build completes, click **Finish**. -## Apply a provisioning package to HoloLens +## Apply a provisioning package to HoloLens during setup 1. Connect the device via USB to a PC and start the device, but do not continue past the **Fit** page of OOBE (the first page with the blue box). @@ -156,6 +155,23 @@ After you're done, click **Create**. It only takes a few seconds. When the packa >[!NOTE] >If the device was purchased before August 2016, you will need to sign into the device with a Microsoft account, get the latest OS update, and then reset the OS in order to apply the provisioning package. +## Apply a provisioning package to HoloLens after setup + +>[!NOTE] +>Windows 10, version 1809 only + +On your PC: +1. Create a provisioning package as described at [Create a provisioning package for HoloLens using the HoloLens wizard](hololens-provisioning.md). +2. Connect the HoloLens device via USB to a PC. HoloLens will show up as a device in File Explorer on the PC. +3. Drag and drop the provisioning package to the Documents folder on the HoloLens. + +On your HoloLens: +1. Go to **Settings > Accounts > Access work or school**. +2. In **Related Settings**, select **Add or remove a provisioning package**. +3. On the next page, select **Add a package** to launch the file picker and select your provisioning package. If the folder is empty, make sure you select **This Device** and select **Documents**. + +After your package has been applied, it will show in the list of **Installed packages**. To view package details or to remove the package from the device, select the listed package. + ## What you can configure Provisioning packages make use of configuration service providers (CSPs). If you're not familiar with CSPs, see [Introduction to configuration service providers (CSPs) for IT pros](https://technet.microsoft.com/itpro/windows/manage/how-it-pros-can-use-configuration-service-providers). diff --git a/devices/hololens/hololens-public-preview-apps.md b/devices/hololens/hololens-public-preview-apps.md deleted file mode 100644 index e3a966f008..0000000000 --- a/devices/hololens/hololens-public-preview-apps.md +++ /dev/null @@ -1,31 +0,0 @@ ---- -title: Preview new mixed reality apps for HoloLens -description: Here's how to download and distribute new mixed reality apps for HoloLens, free for a limited time during public preview -ms.prod: hololens -ms.sitesec: library -author: alhopper -ms.author: alhopper -ms.topic: article -ms.localizationpriority: medium -ms.date: 05/21/2018 ---- -# Preview new mixed reality apps for HoloLens - -Microsoft has just announced two new mixed reality apps coming to HoloLens: Microsoft Remote Assist and Microsoft Layout. - -The gap between the real and digital world limits our ability to take advantage of new technologies and transform how we work, learn, create, communicate, and live. **Mixed reality is here to close that gap**. - -Mixed reality has the potential to help customers and businesses across the globe do things that until now, have never been possible. Mixed reality helps businesses and employees complete crucial tasks faster, safer, more efficiently, and create new ways to connect to customers and partners. - -Ready to get started? Check out the links below to learn more about how you can download and deploy Microsoft's new commercial-focused mixed reality apps. - -## In this section - -| Topic | Description | -| --- | --- | -| [Microsoft Remote Assist](hololens-microsoft-remote-assist-app.md) | Microsoft Remote Assist enables collaboration in mixed reality to solve problems faster. Firstline workers can collaborate remotely with heads-up, hands-free video calling, image sharing, and mixed reality annotations. They can share what they see with an expert on Microsoft Teams, while staying hands-on to solve problems and complete tasks together, faster. | -| [Microsoft Layout](hololens-microsoft-layout-app.md ) | Bring designs from concept to completion with confidence and speed using Microsoft Layout. Import 3D models to easily create room layouts in real-world scale. Experience designs as high-quality holograms in physical or virtual space and edit in real time. With Microsoft Layout, you can see ideas in context, saving valuable time and money. | - -## Questions and support - -You can ask questions and engage with our team in the [Mixed Reality Tech Community](https://techcommunity.microsoft.com/t5/Mixed-Reality/ct-p/MixedReality). \ No newline at end of file diff --git a/devices/hololens/hololens-spaces.md b/devices/hololens/hololens-spaces.md new file mode 100644 index 0000000000..19307fdfb6 --- /dev/null +++ b/devices/hololens/hololens-spaces.md @@ -0,0 +1,69 @@ +--- +title: How HoloLens stores data for spaces (HoloLens) +description: +ms.prod: hololens +ms.sitesec: library +author: jdeckerms +ms.author: jdecker +ms.topic: article +ms.localizationpriority: medium +ms.date: 11/05/2018 +--- + +# How HoloLens stores data for spaces + +In the Windows 10, version 1803 update for Microsoft HoloLens, the mapping data for [spaces](https://support.microsoft.com/help/13760/hololens-spaces-on-hololens) is stored in a local database. + +The map database is not exposed to a user of the device, even when plugged into a PC or when using the File Explorer app. When BitLocker is enabled, the stored map data is also encrypted with the entire volume. + +Holograms that are anchored within the same map section are considered to be “nearby” in the current space. + + +## Frequently asked questions + +**How can I remove map data and known spaces from the HoloLens?** + +There are two options for deleting map data in **Settings > System > Holograms**: + +- Select **Remove nearby holograms** to delete nearby holograms, clearing the map data and anchored holograms for the current space. A brand new map section would be created and stored in the database for that location while the device is used there. This option can be used to clear the map data for work without affecting any map data from home, for example. +- Select **Remove all holograms** to delete all holograms, clearing all locally stored map data and anchored holograms. No holograms will be rediscovered and any holograms need to be newly placed. + +>[!NOTE] +>When you remove nearby or all holograms, HoloLens immediately starts scanning and mapping the current space. + +**How does Wi-Fi data get used by HoloLens and where is the data stored?** + +As long as Wi-Fi is enabled, map data will be correlated with nearby Wi-Fi access points. There is no difference in behavior if a network is connected or just nearby. Network characteristics are not sent to Microsoft, and all Wi-Fi references are kept local on the HoloLens. + +Wi-Fi characteristics are stored locally to help correlate hologram locations and map sections stored within HoloLens’ database of known spaces. It’s inaccessible to users, and not sent to Microsoft via the cloud or via telemetry. + + + +**Does HoloLens need to be connected to the internet?** + +No, internet connectivity is not required. Observed Wi-Fi access points are obtained without being connected or authenticated. It does not change functionality if the access points are internet connected or intranet/local only. + + + + + +**Since HoloLens no longer requires you to select a space when Wi-Fi is disabled, how does it find the space automatically?** + +If Wi-Fi is disabled, the space search can still happen; HoloLens will need to search more of the map data within the spaces database, and finding holograms can take longer. + +HoloLens will sense and remember spaces even when Wi-Fi is disabled, by securely storing the sensor data when holograms are placed. Without the Wi-Fi info, the space and holograms may be slower to recognize at a later time, as the HoloLens needs to compare active scans to all hologram anchors and map sections stored on the device in order to locate the correct portion of the map. + +HoloLens will visually compare the current scanning data from the sensors to locally stored map sections in the entire spaces database. It will locate holograms faster if the Wi-Fi characteristics can be found, to narrow down the number of spaces to compare. + + + + +  + + + +## Related topics + +- [Environment considerations for HoloLens](https://docs.microsoft.com/windows/mixed-reality/environment-considerations-for-hololens) +- [Spatial mapping design](https://docs.microsoft.com/windows/mixed-reality/spatial-mapping-design) +- [HoloLens and holograms: FAQ](https://support.microsoft.com/help/13456/hololens-and-holograms-faq) diff --git a/devices/hololens/hololens-updates.md b/devices/hololens/hololens-updates.md index e10552862b..9ea1e9de34 100644 --- a/devices/hololens/hololens-updates.md +++ b/devices/hololens/hololens-updates.md @@ -14,36 +14,30 @@ ms.date: 04/30/2018 >**Looking for how to get the latest update? See [Update HoloLens](https://support.microsoft.com/help/12643/hololens-update-hololens).** -Windows 10, version 1803, is the first feature update to Windows Holographic for Business since its release in Windows 10, version 1607. As with desktop devices, administrators can manage updates to the HoloLens operating system using [Windows Update for Business](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wufb). - >[!NOTE] >HoloLens devices must be [upgraded to Windows Holographic for Business](hololens-upgrade-enterprise.md) to manage updates. +For a complete list of Update policies, see [Policies supported by Windows Holographic for Business](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#a-href-idhololenspoliciesapolicies-supported-by-windows-holographic-for-business). -Mobile device management (MDM) providers use the [Policy Configuration Service Provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider) to enable update management. +To configure how and when updates are applied, use the following policies: +- [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) +- [Update/ScheduledInstallDay](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallday) +- [Update/ScheduledInstallTime](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstalltime) -The Update policies supported for HoloLens are: +To turn off the automatic check for updates, set the following policy to value **5** – Turn off Automatic Updates: +- [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) -- [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) -- [Update/AllowUpdateService](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowupdateservice) -- [Update/RequireDeferUpgrade](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-requiredeferupgrade) -- [Update/RequireUpdateApproval](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-requireupdateapproval) -- [Update/UpdateServiceUrl](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-updateserviceurl) +In Microsoft Intune, you can use **Automatic Update Behavior** to change this policy. (See [Manage software updates in Microsoft Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure)) - - -Typically, devices access Windows Update directly for updates. You can use the following update policies to configure devices to get updates from Windows Server Update Service (WSUS) instead: +For devices on Windows 10, version 1607 only: You can use the following update policies to configure devices to get updates from Windows Server Update Service (WSUS) instead of Windows Update: - [Update/AllowUpdateService](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowupdateservice) - [Update/RequireUpdateApproval](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-requireupdateapproval) - [Update/UpdateServiceUrl](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-updateserviceurl) -In Microsoft Intune, use [a custom profile](https://docs.microsoft.com/intune/custom-settings-windows-holographic) to configure devices to get updates from WSUS. - - - ## Related topics -- [Manage software updates in Microsoft Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure) \ No newline at end of file +- [Policies supported by Windows Holographic for Business](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#a-href-idhololenspoliciesapolicies-supported-by-windows-holographic-for-business) +- [Manage software updates in Microsoft Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure) diff --git a/devices/hololens/hololens-whats-new.md b/devices/hololens/hololens-whats-new.md index 75556a83db..0e17d81790 100644 --- a/devices/hololens/hololens-whats-new.md +++ b/devices/hololens/hololens-whats-new.md @@ -1,18 +1,60 @@ --- title: What's new in Microsoft HoloLens (HoloLens) -description: Windows Holographic for Business gets new features in Windows 10, version 1803. +description: Windows Holographic for Business gets new features in Windows 10, version 1809. ms.prod: hololens ms.sitesec: library author: jdeckerms ms.author: jdecker ms.topic: article ms.localizationpriority: medium -ms.date: 04/30/2018 +ms.date: 11/13/2018 --- # What's new in Microsoft HoloLens +## Windows 10, version 1809 for Microsoft HoloLens +### For everyone + +Feature | Details +--- | --- +Quick actions menu | When you're in an app, the Bloom gesture will now open a Quick actions menu to give you quick access to commonly used system features without having to leave the app. See [Set up HoloLens in kiosk mode](hololens-kiosk.md) for information about the Quick actions menu in kiosk mode.

![sample of the Quick actions menu](images/minimenu.png) +Stop video capture from the Start or quick actions menu | If you start video capture from the Start menu or quick actions menu, you’ll be able to stop recording from the same place. (Don’t forget, you can always do this with voice commands too.) +Project to a Miracast-enabled device | Project your HoloLens content to a nearby Surface device or TV/Monitor if using Microsoft Display adapter. On **Start**, select **Connect**, and then select the device you want to project to. **Note:** You can deploy HoloLens to use Miracast projection without enabling developer mode. +New notifications | View and respond to notification toasts on HoloLens, just like you do on a PC. Gaze to respond to or dismiss them (or if you’re in an immersive experience, use the bloom gesture). +HoloLens overlays (file picker, keyboard, dialogs, etc.) | You’ll now see overlays such as the keyboard, dialogs, file picker, etc. when using immersive apps. +Visual feedback overlay UI for volume change | When you use the volume up/down buttons on your HoloLens you’ll see a visual display of the volume level. +New UI for device boot | A loading indicator was added during the boot process to provide visual feedback that the system is loading. Reboot your device to see the new loading indicator—it’s between the "Hello" message and the Windows boot logo. +Share UX: Nearby Sharing | Addition of the Windows Nearby Sharing experience, allowing you to share a capture with a nearby Windows device. When you capture a photo or video on HoloLens (or use the share button from an app such as Microsoft Edge), select a nearby Windows device to share with. +Share from Microsoft Edge | Share button is now available on Microsoft Edge windows on HoloLens. In Microsoft Edge, select **Share**. Use the HoloLens share picker to share web content. + + + +### For administrators + + +Feature | Details +--- | --- +[Enable post-setup provisioning](hololens-provisioning.md) | You can now apply a runtime provisioning package at any time using **Settings**. +Assigned access with Azure AD groups | You can now use Azure AD groups for configuration of Windows assigned access to set up single or multi-app kiosk configuration. +PIN sign-in on profile switch from sign-in screen | PIN sign-in is now available for **Other User**.  | When signing in as **Other User**, the PIN option is now available under **Sign-In options**. +Sign in with Web Credential Provider using password | You can now select the Globe sign-in option to launch web sign-in with your password. From the sign-in screen, select **Sign-In options** and select the Globe option to launch web sign-in. Enter your user name if needed, then your password.
**Note:** You can choose to bypass any PIN/Smartcard options when prompted during web sign-in.  +Read device hardware info through MDM so devices can be tracked by serial # | IT administrators can see and track HoloLens by device serial number in their MDM console. Refer to your MDM documentation for feature availability and instructions. +Set HoloLens device name through MDM (rename) |  IT administrators can see and rename HoloLens devices in their MDM console. Refer to your MDM documentation for feature availability and instructions. + +### For international customers + + +Feature | Details +--- | --- +Localized Chinese and Japanese builds | Use HoloLens with localized user interface for Simplified Chinese or Japanese, including localized Pinyin keyboard, dictation, and voice commands. +Speech Synthesis (TTS) | Speech synthesis feature now supports Chinese, Japanese, and English. + +[Learn how to install the Chinese and Japanese versions of HoloLens.](hololens-install-localized.md) + + + +## Windows 10, version 1803 for Microsoft HoloLens Windows 10, version 1803, is the first feature update to Windows Holographic for Business since its release in Windows 10, version 1607. This update introduces the following changes: @@ -49,6 +91,6 @@ Windows 10, version 1803, is the first feature update to Windows Holographic for ## Additional resources - [Reset or recover your HoloLens](https://developer.microsoft.com/windows/mixed-reality/reset_or_recover_your_hololens) -- [Restart, rest, or recover HoloLens](https://support.microsoft.com/help/13452/hololens-restart-reset-or-recover-hololens) +- [Restart, reset, or recover HoloLens](https://support.microsoft.com/help/13452/hololens-restart-reset-or-recover-hololens) - [Manage devices running Windows Holographic with Microsoft Intune](https://docs.microsoft.com/intune/windows-holographic-for-business) diff --git a/devices/hololens/images/account-management-details.png b/devices/hololens/images/account-management-details.png index 4094dabd85..20816830a4 100644 Binary files a/devices/hololens/images/account-management-details.png and b/devices/hololens/images/account-management-details.png differ diff --git a/devices/hololens/images/account-management.PNG b/devices/hololens/images/account-management.PNG index 34165dfcd6..da53cb74b8 100644 Binary files a/devices/hololens/images/account-management.PNG and b/devices/hololens/images/account-management.PNG differ diff --git a/devices/hololens/images/add-certificates.PNG b/devices/hololens/images/add-certificates.PNG index 24cb605d1c..7a16dffd26 100644 Binary files a/devices/hololens/images/add-certificates.PNG and b/devices/hololens/images/add-certificates.PNG differ diff --git a/devices/hololens/images/apps.png b/devices/hololens/images/apps.png index 5cb3b7ec8f..4e00aa96fc 100644 Binary files a/devices/hololens/images/apps.png and b/devices/hololens/images/apps.png differ diff --git a/devices/hololens/images/developer-setup-details.png b/devices/hololens/images/developer-setup-details.png index 0a32af7ba7..d445bf5759 100644 Binary files a/devices/hololens/images/developer-setup-details.png and b/devices/hololens/images/developer-setup-details.png differ diff --git a/devices/hololens/images/developer-setup.png b/devices/hololens/images/developer-setup.png index 826fda5f25..a7e49873b0 100644 Binary files a/devices/hololens/images/developer-setup.png and b/devices/hololens/images/developer-setup.png differ diff --git a/devices/hololens/images/finish.PNG b/devices/hololens/images/finish.PNG index 7c65da1799..975caba764 100644 Binary files a/devices/hololens/images/finish.PNG and b/devices/hololens/images/finish.PNG differ diff --git a/devices/hololens/images/minimenu.png b/devices/hololens/images/minimenu.png new file mode 100644 index 0000000000..7aa0018011 Binary files /dev/null and b/devices/hololens/images/minimenu.png differ diff --git a/devices/hololens/images/set-up-device-details.PNG b/devices/hololens/images/set-up-device-details.PNG index 85b7dd382e..7325e06e86 100644 Binary files a/devices/hololens/images/set-up-device-details.PNG and b/devices/hololens/images/set-up-device-details.PNG differ diff --git a/devices/hololens/images/set-up-device.PNG b/devices/hololens/images/set-up-device.PNG index 0c9eb0e3ff..577117a26a 100644 Binary files a/devices/hololens/images/set-up-device.PNG and b/devices/hololens/images/set-up-device.PNG differ diff --git a/devices/hololens/images/set-up-network.PNG b/devices/hololens/images/set-up-network.PNG index a0e856c103..19fd3ff7bb 100644 Binary files a/devices/hololens/images/set-up-network.PNG and b/devices/hololens/images/set-up-network.PNG differ diff --git a/devices/hololens/images/windows-device-portal-home-page.png b/devices/hololens/images/windows-device-portal-home-page.png index 9604161bcd..55e4b0eaad 100644 Binary files a/devices/hololens/images/windows-device-portal-home-page.png and b/devices/hololens/images/windows-device-portal-home-page.png differ diff --git a/devices/hololens/index.md b/devices/hololens/index.md index 90e76edb5e..9b7ed69845 100644 --- a/devices/hololens/index.md +++ b/devices/hololens/index.md @@ -7,7 +7,7 @@ author: jdeckerms ms.author: jdecker ms.topic: article ms.localizationpriority: medium -ms.date: 05/21/2018 +ms.date: 07/27/2018 --- # Microsoft HoloLens @@ -24,6 +24,7 @@ ms.date: 05/21/2018 | [What's new in Microsoft HoloLens](hololens-whats-new.md) | Discover the new features in the latest update. | | [HoloLens in the enterprise: requirements](hololens-requirements.md) | Lists requirements for general use, Wi-Fi, and device management | | [Set up HoloLens](hololens-setup.md) | How to set up HoloLens for the first time | +[Install localized version of HoloLens](hololens-install-localized.md) | Install the Chinese or Japanese version of HoloLens | [Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md) | How to upgrade your Development Edition HoloLens to Windows Holographic for Business | | [Enroll HoloLens in MDM](hololens-enroll-mdm.md) | Manage multiple HoloLens devices simultaneously using solutions like Microsoft Intune | | [Manage updates to HoloLens](hololens-updates.md) | Use mobile device management (MDM) policies to configure settings for updates. | @@ -31,7 +32,6 @@ ms.date: 05/21/2018 [Share HoloLens with multiple people](hololens-multiple-users.md) | Multiple users can shared a HoloLens device by using their Azure Active Directory accounts. | | [Configure HoloLens using a provisioning package](hololens-provisioning.md) | Provisioning packages make it easy for IT administrators to configure HoloLens devices without imaging | | [Install apps on HoloLens](hololens-install-apps.md) | Use Microsoft Store for Business, mobile device management (MDM), or the Windows Device Portal to install apps on HoloLens | -| [Preview new mixed reality apps for HoloLens](hololens-public-preview-apps.md) | Download and deploy new mixed reality apps for HoloLens, free for a limited time during public preview | | [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) | Learn how to use Bitlocker device encryption to protect files and information stored on the HoloLens | | [Change history for Microsoft HoloLens documentation](change-history-hololens.md) | See new and updated topics in the HoloLens documentation library. | diff --git a/devices/surface-hub/accessibility-surface-hub.md b/devices/surface-hub/accessibility-surface-hub.md index 618afe96b7..634261a1e3 100644 --- a/devices/surface-hub/accessibility-surface-hub.md +++ b/devices/surface-hub/accessibility-surface-hub.md @@ -54,7 +54,7 @@ Additionally, these accessibility features and apps are returned to default sett ## Change accessibility settings during a meeting During a meeting, users can toggle accessibility features and apps in a couple ways: -- [Keyboard shortcuts](https://support.microsoft.com/en-us/help/13813/windows-10-microsoft-surface-hub-keyboard-shortcuts) +- [Keyboard shortcuts](https://support.microsoft.com/help/13813/windows-10-microsoft-surface-hub-keyboard-shortcuts) - **Quick Actions** > **Ease of Access** from the status bar > ![Image showing Quick Action center on Surface Hub](images/sh-quick-action.png) diff --git a/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md b/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md index ae2a7ce2e0..f037f97ecb 100644 --- a/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md +++ b/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md @@ -33,9 +33,9 @@ PowerShell scripts to help set up and manage your Microsoft Surface Hub. To successfully execute these PowerShell scripts, you will need to install the following prerequisites: -- [Microsoft Online Services Sign-in Assistant for IT Professionals RTW](https://www.microsoft.com/download/details.aspx?id=41950) -- [Microsoft Azure Active Directory Module for Windows PowerShell (64-bit version)](http://connect.microsoft.com/site1164/Downloads/DownloadDetails.aspx?DownloadID=59185) -- [Windows PowerShell Module for Skype for Business Online](https://www.microsoft.com/download/details.aspx?id=39366) +- [Microsoft Online Services Sign-in Assistant for IT Professionals RTW](https://www.microsoft.com/download/details.aspx?id=41950) +- [Microsoft Azure Active Directory Module for Windows PowerShell (64-bit version)](https://www.powershellgallery.com/packages/MSOnline/1.1.183.17) +- [Windows PowerShell Module for Skype for Business Online](https://www.microsoft.com/download/details.aspx?id=39366) ## PowerShell scripts for Surface Hub administrators @@ -280,7 +280,7 @@ if ([System.String]::IsNullOrEmpty($strLyncFQDN)) PrintAction "Connecting to remote sessions. This can occasionally take a while - please do not enter input..." -try +try { $sessExchange = New-PSSession -ConfigurationName microsoft.exchange -Credential $credExchange -AllowRedirection -Authentication Kerberos -ConnectionUri "http://$strExchangeServer/powershell" -WarningAction SilentlyContinue } @@ -305,7 +305,7 @@ Import-PSSession $sessExchange -AllowClobber -WarningAction SilentlyContinue Import-PSSession $sessLync -AllowClobber -WarningAction SilentlyContinue ## Create the Exchange mailbox ## -# Note: These exchange commandlets do not always throw their errors as exceptions +# Note: These exchange commandlets do not always throw their errors as exceptions # Because Get-Mailbox will throw an error if the mailbox is not found $Error.Clear() @@ -333,7 +333,7 @@ $easpolicy = $null try { $easpolicy = Get-MobileDeviceMailboxPolicy $strPolicy } -catch {} +catch {} if ($easpolicy) { @@ -355,7 +355,7 @@ else $easpolicy = New-MobileDeviceMailboxPolicy -Name $strPolicy -PasswordEnabled $false -AllowNonProvisionableDevices $true if ($easpolicy) { - PrintSuccess "A new device policy has been created; you can use this same policy for all future Surface Hub device accounts." + PrintSuccess "A new device policy has been created; you can use this same policy for all future Surface Hub device accounts." } else { @@ -388,7 +388,7 @@ if ($easpolicy) if (!((Get-Mailbox $credNewAccount.UserName).ResourceType)) { $Error.Clear() - # Set policy for account + # Set policy for account Set-CASMailbox $credNewAccount.UserName -ActiveSyncMailboxPolicy $strPolicy if (!$Error) { @@ -399,9 +399,9 @@ if ($easpolicy) $status["ActiveSync Policy"] = "Failed to apply the EAS policy to the account." } $Error.Clear() - + # Convert back to room mailbox - Set-Mailbox $credNewAccount.UserName -Type Room + Set-Mailbox $credNewAccount.UserName -Type Room # Loop until resource type goes back to room for ($i = 0; ($i -lt 5) -And ((Get-Mailbox $credNewAccount.UserName).ResourceType -ne "Room"); $i++) { @@ -409,12 +409,12 @@ if ($easpolicy) } if ((Get-Mailbox $credNewAccount.UserName).ResourceType -ne "Room") { - # A failure to convert the mailbox back to a room is unfortunate but means the mailbox is unusable. + # A failure to convert the mailbox back to a room is unfortunate but means the mailbox is unusable. $status["Mailbox Setup"] = "A mailbox was created but we could not set it to a room resource type." } else { - try + try { Set-Mailbox $credNewAccount.UserName -RoomMailboxPassword $credNewAccount.Password -EnableRoomMailboxAccount $true } catch { } @@ -424,7 +424,7 @@ if ($easpolicy) } $Error.Clear() } - + } } } @@ -464,13 +464,13 @@ $Error.Clear() ## Configure the Account to not expire ## PrintAction "Configuring password not to expire..." Start-Sleep -s 20 -try +try { Set-AdUser $mailbox.UserPrincipalName -PasswordNeverExpires $true -Enabled $true } catch { - + } if ($Error) @@ -503,7 +503,7 @@ $Error.Clear() try { Enable-CsMeetingRoom -Identity $credNewAccount.UserName -RegistrarPool $strRegPool -SipAddressType EmailAddress } -catch { } +catch { } if ($Error) { @@ -524,14 +524,14 @@ $strUsr = $credNewAccount.UserName PrintAction "Summary for creation of $strUsr ($strDisplay)" if ($status.Count -gt 0) { - ForEach($k in $status.Keys) + ForEach($k in $status.Keys) { $v = $status[$k] $color = "yellow" if ($v[0] -eq "S") { $color = "green" } - elseif ($v[0] -eq "F") + elseif ($v[0] -eq "F") { - $color = "red" + $color = "red" $v += " Go to http://aka.ms/shubtshoot" } @@ -611,11 +611,11 @@ function ExitIfError($strMsg) try { Import-Module LyncOnlineConnector Import-Module MSOnline -} +} catch { PrintError "Some dependencies are missing" - PrintError "Please install the Windows PowerShell Module for Lync Online. For more information go to http://www.microsoft.com/download/details.aspx?id=39366" + PrintError "Please install the Windows PowerShell Module for Lync Online. For more information go to http://www.microsoft.com/download/details.aspx?id=39366" PrintError "Please install the Azure Active Directory module for PowerShell from https://go.microsoft.com/fwlink/p/?linkid=236297" CleanupAndFail } @@ -638,10 +638,10 @@ $credAdmin = $null $credAdmin=Get-Credential -Message "Enter credentials of an Exchange and Skype for Business admin" if (!$credadmin) { - CleanupAndFail "Valid admin credentials are required to create and prepare the account." + CleanupAndFail "Valid admin credentials are required to create and prepare the account." } PrintAction "Connecting to remote sessions. This can occasionally take a while - please do not enter input..." -try +try { $sessExchange = New-PSSession -ConfigurationName microsoft.exchange -Credential $credAdmin -AllowRedirection -Authentication basic -ConnectionUri "https://outlook.office365.com/powershell-liveid/" -WarningAction SilentlyContinue } @@ -661,7 +661,7 @@ catch try { - Connect-MsolService -Credential $credAdmin + Connect-MsolService -Credential $credAdmin } catch { @@ -672,7 +672,7 @@ Import-PSSession $sessExchange -AllowClobber -WarningAction SilentlyContinue Import-PSSession $sessCS -AllowClobber -WarningAction SilentlyContinue ## Create the Exchange mailbox ## -# Note: These exchange commandlets do not always throw their errors as exceptions +# Note: These exchange commandlets do not always throw their errors as exceptions # Because Get-Mailbox will throw an error if the mailbox is not found $Error.Clear() @@ -700,7 +700,7 @@ $easpolicy = $null try { $easpolicy = Get-MobileDeviceMailboxPolicy $strPolicy } -catch {} +catch {} if ($easpolicy) { @@ -722,7 +722,7 @@ else $easpolicy = New-MobileDeviceMailboxPolicy -Name $strPolicy -PasswordEnabled $false -AllowNonProvisionableDevices $true if ($easpolicy) { - PrintSuccess "A new device policy has been created; you can use this same policy for all future Surface Hub device accounts." + PrintSuccess "A new device policy has been created; you can use this same policy for all future Surface Hub device accounts." } else { @@ -756,7 +756,7 @@ if ($easpolicy) if (!((Get-Mailbox $credNewAccount.UserName).ResourceType)) { $Error.Clear() - # Set policy for account + # Set policy for account Set-CASMailbox $credNewAccount.UserName -ActiveSyncMailboxPolicy $strPolicy if (!$Error) { @@ -768,9 +768,9 @@ if ($easpolicy) PrintError "Failed to apply policy" } $Error.Clear() - + # Convert back to room mailbox - Set-Mailbox $credNewAccount.UserName -Type Room + Set-Mailbox $credNewAccount.UserName -Type Room # Loop until resource type goes back to room for ($i = 0; ($i -lt 5) -And ((Get-Mailbox $credNewAccount.UserName).ResourceType -ne "Room"); $i++) { @@ -778,7 +778,7 @@ if ($easpolicy) } if ((Get-Mailbox $credNewAccount.UserName).ResourceType -ne "Room") { - # A failure to convert the mailbox back to a room is unfortunate but means the mailbox is unusable. + # A failure to convert the mailbox back to a room is unfortunate but means the mailbox is unusable. $status["Mailbox Setup"] = "A mailbox was created but we could not set it to a room resource type." } else @@ -790,7 +790,7 @@ if ($easpolicy) } $Error.Clear() } - + } } } @@ -834,13 +834,13 @@ else $Error.Clear() ## Configure the Account to not expire ## PrintAction "Configuring password not to expire..." -try +try { Set-MsolUser -UserPrincipalName $credNewAccount.UserName -PasswordNeverExpires $true } catch { - + } if ($Error) @@ -883,7 +883,7 @@ $Error.Clear() try { Enable-CsMeetingRoom -Identity $credNewAccount.UserName -RegistrarPool $strRegPool -SipAddressType EmailAddress } -catch { } +catch { } if ($Error) { @@ -933,14 +933,14 @@ else if (![System.String]::IsNullOrEmpty($strLicenses)) { - try + try { $Error.Clear() Set-MsolUserLicense -UserPrincipalName $credNewAccount.UserName -AddLicenses $strLicenses } catch { - + } if ($Error) { @@ -959,7 +959,7 @@ else } -Write-Host +Write-Host ## Cleanup and print results ## Cleanup @@ -968,14 +968,14 @@ $strUsr = $credNewAccount.UserName PrintAction "Summary for creation of $strUsr ($strDisplay)" if ($status.Count -gt 0) { - ForEach($k in $status.Keys) + ForEach($k in $status.Keys) { $v = $status[$k] $color = "yellow" if ($v[0] -eq "S") { $color = "green" } - elseif ($v[0] -eq "F") + elseif ($v[0] -eq "F") { - $color = "red" + $color = "red" $v += " Go to http://aka.ms/shubtshoot for help" } @@ -1100,7 +1100,7 @@ if ($fSfbIsOnline) try { Import-Module LyncOnlineConnector } - catch + catch { CleanupAndFail "To verify Skype for Business in online tenants you need the Lync Online Connector module from http://www.microsoft.com/download/details.aspx?id=39366" } @@ -1116,7 +1116,7 @@ if ($fHasOnline) try { Import-Module MSOnline } - catch + catch { CleanupAndFail "To verify accounts in online tenants you need the Azure Active Directory module for PowerShell from https://go.microsoft.com/fwlink/p/?linkid=236297" } @@ -1128,7 +1128,7 @@ if ($fExIsOnline) { $authType = [System.Management.Automation.Runspaces.AuthenticationMechanism]::Basic } -try +try { $sessEx = $null if ($fExIsOnline) @@ -1139,12 +1139,12 @@ try { $sessEx = New-PSSession -ConfigurationName microsoft.exchange -Credential $credEx -AllowRedirection -Authentication $authType -ConnectionUri https://$strExServer/powershell -WarningAction SilentlyContinue } -} +} catch { } -if (!$sessEx) +if (!$sessEx) { CleanupAndFail "Connecting to Exchange Powershell failed, please validate your server is accessible and credentials are correct" } @@ -1184,12 +1184,12 @@ if ($fHasOnline) { CleanupAndFail "Internal error - could not determine MS Online credentials" } - try + try { PrintAction "Connecting to Azure Active Directory Services..." Connect-MsolService -Credential $credMsol PrintSuccess "Connected to Azure Active Directory Services" - } + } catch { # This really shouldn't happen unless there is a network error @@ -1201,26 +1201,26 @@ if ($fHasOnline) PrintAction "Importing remote sessions into the local session..." try { - $importEx = Import-PSSession $sessEx -AllowClobber -WarningAction SilentlyContinue -DisableNameChecking - $importSfb = Import-PSSession $sessSfb -AllowClobber -WarningAction SilentlyContinue -DisableNameChecking + $importEx = Import-PSSession $sessEx -AllowClobber -WarningAction SilentlyContinue -DisableNameChecking + $importSfb = Import-PSSession $sessSfb -AllowClobber -WarningAction SilentlyContinue -DisableNameChecking } -catch +catch { } if (!$importEx -or !$importSfb) { - CleanupAndFail "Import failed" + CleanupAndFail "Import failed" } PrintSuccess "Import successful" $mailbox = $null -try +try { $mailbox = Get-Mailbox -Identity $strUpn -} +} catch -{ +{ } if (!$mailbox) @@ -1334,12 +1334,12 @@ if ($casMailbox) $policy = Get-ActiveSyncMailboxPolicy -Identity $strPolicy -WarningAction SilentlyContinue -ErrorAction SilentlyContinue Validate -Test "The policy $strPolicy does not require a device password" -Condition ($policy.PasswordEnabled -ne $True) -FailureMsg "PasswordEnabled - policy requires a device password - the Surface Hub will not be able to send mail or sync its calendar." } - + if ($policy -ne $null) { Validate -Test "The policy $strPolicy allows non-provisionable devices" -Condition ($policy.AllowNonProvisionableDevices -eq $null -or $policy.AllowNonProvisionableDevices -eq $true) -FailureMsg "AllowNonProvisionableDevices - policy will not allow the SurfaceHub to sync" } - + } @@ -1409,7 +1409,7 @@ if ($fHasOnline) } } -#If there is an on-prem component, we can get the authorative AD user from mailbox +#If there is an on-prem component, we can get the authorative AD user from mailbox if ($fHasOnPrem) { $accountOnPrem = $null @@ -1512,16 +1512,16 @@ if ($online) { try { Import-Module LyncOnlineConnector - } + } catch { PrintError "Some dependencies are missing" - PrintError "Please install the Windows PowerShell Module for Lync Online. For more information go to http://www.microsoft.com/download/details.aspx?id=39366" + PrintError "Please install the Windows PowerShell Module for Lync Online. For more information go to http://www.microsoft.com/download/details.aspx?id=39366" PrintError "Please install the Azure Active Directory module for PowerShell from https://go.microsoft.com/fwlink/p/?linkid=236297" CleanupAndFail } } -else +else { $strRegPool = Read-Host "Enter the FQDN of your Skype for Business Registrar Pool" } @@ -1633,7 +1633,7 @@ To apply the policy, the mailbox cannot be a room type, so it has to be converte ```PowerShell # Convert user to regular type Set-Mailbox $strRoomUpn -Type Regular -# Set policy for account +# Set policy for account Set-CASMailbox $strRoomUpn -ActiveSyncMailboxPolicy $strPolicy ``` diff --git a/devices/surface-hub/change-history-surface-hub.md b/devices/surface-hub/change-history-surface-hub.md index 10317bd4e4..836ff19136 100644 --- a/devices/surface-hub/change-history-surface-hub.md +++ b/devices/surface-hub/change-history-surface-hub.md @@ -44,7 +44,7 @@ New or changed topic | Description New or changed topic | Description --- | --- -[Create and test a device account (Surface Hub)](create-and-test-a-device-account-surface-hub.md) | Added section for account verification and testing, with link to new Surface Hub Hardware Diagnostic app. +[Create and test a device account (Surface Hub)](create-and-test-a-device-account-surface-hub.md) | Added section for account verification and testing, with link to new Surface Hub Hardware Diagnostic app. ## February 2018 @@ -63,7 +63,7 @@ New or changed topic | Description ## November 2017 -New or changed topic | Description +New or changed topic | Description --- | --- [Enable 802.1x wired authentication](enable-8021x-wired-authentication.md) | New [Manage settings with an MDM provider (Surface Hub)](manage-settings-with-mdm-for-surface-hub.md) | Added settings for 802.1x wired authentication. @@ -73,10 +73,10 @@ New or changed topic | Description New or changed topic | Description | --- | --- [Install apps on your Microsoft Surface Hub](install-apps-on-surface-hub.md) | Updated instructions to use Windows Team device family -[Hybrid deployment](hybrid-deployment-surface-hub-device-accounts.md) | Updated the instructions for Exchange on-premises +[Hybrid deployment](hybrid-deployment-surface-hub-device-accounts.md) | Updated the instructions for Exchange on-premises [Create a device account using UI](create-a-device-account-using-office-365.md) | Updated the instructions [Differences between Surface Hub and Windows 10 Enterprise](differences-between-surface-hub-and-windows-10-enterprise.md) | Clarified user sign-in on Surface Hub -[Set up and use Whiteboard to Whiteboard collaboration](whiteboard-collaboration.md) | Removed **How to control and manage Whiteboard to Whiteboard collaboration** due to issues with the EnterpriseModernAppmanagement CSP losing state during End Session. +[Set up and use Whiteboard to Whiteboard collaboration](whiteboard-collaboration.md) | Removed **How to control and manage Whiteboard to Whiteboard collaboration** due to issues with the EnterpriseModernAppmanagement CSP losing state during End Session. | [Manage settings with an MDM provider (Surface Hub)](manage-settings-with-mdm-for-surface-hub.md) | Removed settings for managing Whiteboard collaboration. | [Top support solutions for Surface Hub](support-solutions-surface-hub.md) | Added link to Surface Hub warranty information @@ -122,7 +122,7 @@ The topics in this library have been updated for Windows 10, version 1703 (also - [Miracast on existing wireless network or LAN](miracast-over-infrastructure.md) ->[Looking for the Surface Hub admin guide for Windows 10, version 1607?](http://download.microsoft.com/download/7/2/5/7252051B-7E97-4781-B5DF-58D4B1A4BB88/surface-hub-admin-guide-1607.pdf) +>[Looking for the Surface Hub admin guide for Windows 10, version 1607?](https://download.microsoft.com/download/7/2/5/7252051B-7E97-4781-B5DF-58D4B1A4BB88/surface-hub-admin-guide-1607.pdf) ## May 2017 @@ -180,5 +180,5 @@ The topics in this library have been updated for Windows 10, version 1607 (also | [Password management (Surface Hub)](password-management-for-surface-hub-device-accounts.md) | Updates to content. | | [Create and test a device account (Surface Hub)](create-and-test-a-device-account-surface-hub.md) | Reorganize and streamline guidance on creating a device account. | | [Introduction to Surface Hub](intro-to-surface-hub.md) | Move Surface Hub dependencies table to [Prepare your environment for Surface Hub](prepare-your-environment-for-surface-hub.md). | -| [Prepare your environment for Surface Hub](prepare-your-environment-for-surface-hub.md) | Add dependency table and reorganize topic. | +| [Prepare your environment for Surface Hub](prepare-your-environment-for-surface-hub.md) | Add dependency table and reorganize topic. | | [Local management for Surface Hub settings](local-management-surface-hub-settings.md) | New topic. | \ No newline at end of file diff --git a/devices/surface-hub/create-a-device-account-using-office-365.md b/devices/surface-hub/create-a-device-account-using-office-365.md index 6b6492acc1..dc313f8f5d 100644 --- a/devices/surface-hub/create-a-device-account-using-office-365.md +++ b/devices/surface-hub/create-a-device-account-using-office-365.md @@ -36,7 +36,7 @@ If you prefer to use a graphical user interface, you can create a device account 3. In the Office 365 Admin Center, navigate to **Resources** in the left panel, and then click **Rooms & equipment**. ![Rooms & equipment option in Office 365 admin center](images/room-equipment.png) - + 4. Click **Add** to create a new Room account. Enter a display name and email address for the account, and then click **Add**. ![Create new room account window](images/room-add.png) @@ -75,9 +75,15 @@ From here on, you'll need to finish the account creation process using PowerShel In order to run cmdlets used by these PowerShell scripts, the following must be installed for the admin PowerShell console: -- [Microsoft Online Services Sign-In Assistant for IT Professionals BETA](https://go.microsoft.com/fwlink/?LinkId=718149) +- [Microsoft Online Services Sign-In Assistant for IT Professionals RTW](https://www.microsoft.com/en-us/download/details.aspx?id=41950) - [Windows Azure Active Directory Module for Windows PowerShell](https://www.microsoft.com/web/handlers/webpi.ashx/getinstaller/WindowsAzurePowershellGet.3f.3f.3fnew.appids) -- [Skype for Business Online, Windows PowerShell Module](http://www.microsoft.com/download/details.aspx?id=39366) +- [Skype for Business Online, Windows PowerShell Module](https://www.microsoft.com/download/details.aspx?id=39366) + +Install the following module in Powershell +``` syntax + install-module AzureAD + Install-module MsOnline +``` ### Connecting to online services @@ -137,19 +143,19 @@ Now that you're connected to the online services, you can finish setting up the 1. You’ll need to enter the account’s mail address and create a variable with that value: - ```powershell + ```powershell $mailbox = (Get-Mailbox ) ``` To store the value get it from the mailbox: - ```powershell + ```powershell $strEmail = $mailbox.WindowsEmailAddress ``` Print the value: - ```powershell + ```powershell $strEmail ``` @@ -160,7 +166,7 @@ Now that you're connected to the online services, you can finish setting up the 2. Run the following cmdlet: ```powershell - Set-CASMailbox $strEmail -ActiveSyncMailboxPolicy "SurfaceHubDeviceMobilePolicy" + Set-CASMailbox $strEmail -ActiveSyncMailboxPolicy "SurfaceHubDeviceMobilePolicy" ``` 4. Various Exchange properties can be set on the device account to improve the meeting experience. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section. @@ -192,16 +198,15 @@ In order to enable Skype for Business, your environment will need to meet the fo 1. Start by creating a remote PowerShell session from a PC. ```PowerShell - Import-Module LyncOnlineConnector - $cssess=New-CsOnlineSession -Credential $cred + Import-Module LyncOnlineConnector + $cssess=New-CsOnlineSession -Credential $cred Import-PSSession $cssess -AllowClobber ``` 2. To enable your Surface Hub account for Skype for Business Server, run this cmdlet: ```PowerShell - Enable-CsMeetingRoom -Identity $strEmail -RegistrarPool - "sippoolbl20a04.infra.lync.com" -SipAddressType EmailAddress + Enable-CsMeetingRoom -Identity $strEmail -RegistrarPool "sippoolbl20a04.infra.lync.com" -SipAddressType EmailAddress ``` If you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet: @@ -351,23 +356,27 @@ In order to enable Skype for Business, your environment will need to meet the fo 1. Start by creating a remote PowerShell session from a PC. ```PowerShell - Import-Module LyncOnlineConnector - $cssess=New-CsOnlineSession -Credential $cred + Import-Module LyncOnlineConnector + $cssess=New-CsOnlineSession -Credential $cred Import-PSSession $cssess -AllowClobber ``` -2. To enable your Surface Hub account for Skype for Business Server, run this cmdlet: +2. Retrieve your Surface Hub account Registrar Pool - ```PowerShell - Enable-CsMeetingRoom -Identity $strEmail -RegistrarPool - "sippoolbl20a04.infra.lync.com" -SipAddressType EmailAddress - ``` - - If you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet: +If you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet: ```PowerShell Get-CsOnlineUser -Identity ‘alice@contoso.microsoft.com’| fl *registrarpool* ``` + +3. To enable your Surface Hub account for Skype for Business Server, run this cmdlet: + + ```PowerShell + Enable-CsMeetingRoom -Identity $strEmail -RegistrarPool + "sippoolbl20a04.infra.lync.com" -SipAddressType EmailAddress + ``` + + diff --git a/devices/surface-hub/device-reset-surface-hub.md b/devices/surface-hub/device-reset-surface-hub.md index b4ee4473f6..7fce01ab55 100644 --- a/devices/surface-hub/device-reset-surface-hub.md +++ b/devices/surface-hub/device-reset-surface-hub.md @@ -36,27 +36,27 @@ Initiating a reset will return the device to the last cumulative Windows update, After the reset, Surface Hub restarts the [first run program](first-run-program-surface-hub.md) again. If the Surface Hub displays a Welcome screen, that indicates that the reset encountered a problem and rolled back to the previously existing OS image. -If you see a blank screen for long periods of time during the **Reset device** process, please wait and do not take any action. +If you see a blank screen for long periods of time during the **Reset device** process, please wait and do not take any action. ## Reset a Surface Hub from Settings **To reset a Surface Hub** -1. On your Surface Hub, open **Settings**. +1. On your Surface Hub, open **Settings**. ![Image showing Settings app for Surface Hub.](images/sh-settings.png) - + 2. Click **Update & Security**. ![Image showing Update & Security group in Settings app for Surface Hub.](images/sh-settings-update-security.png) - + 3. Click **Recovery**, and then, under **Reset device**, click **Get started**. - ![Image showing Reset device option in Settings app for Surface Hub.](images/sh-settings-reset-device.png) + ![Image showing Reset device option in Settings app for Surface Hub.](images/sh-settings-reset-device.png) ## Recover a Surface Hub from the cloud - + In the Windows Recovery Environment (Windows RE), you can recover your device by downloading a factory build from the cloud and installing it on the Surface Hub. This allows devices in an unusable state to recover without requiring assistance from Microsoft Support. >[!NOTE] @@ -64,7 +64,7 @@ In the Windows Recovery Environment (Windows RE), you can recover your device by ### Recover a Surface Hub in a bad state -If the device account gets into an unstable state or the Admin account is running into issues, you can use cloud recovery in **Settings**. You should only use cloud recovery when [reset](#reset-a-surface-hub-from-settings) doesn't fix the problem. +If the device account gets into an unstable state or the Admin account is running into issues, you can use cloud recovery in **Settings**. You should only use cloud recovery when [reset](#reset-a-surface-hub-from-settings) doesn't fix the problem. 1. On your Surface Hub, go to **Settings** > **Update & security** > **Recovery**. @@ -74,23 +74,23 @@ If the device account gets into an unstable state or the Admin account is runnin ### Recover a locked Surface Hub -On rare occasions, a Surface Hub may encounter an error while cleaning up user and app data at the end of a session. When this happens, the device will automatically reboot and try again. But if this operation fails repeatedly, the device will be automatically locked to protect user data. To unlock it, you must reset or recover the device from [Windows RE](https://technet.microsoft.com/library/cc765966.aspx). +On rare occasions, a Surface Hub may encounter an error while cleaning up user and app data at the end of a session. When this happens, the device will automatically reboot and try again. But if this operation fails repeatedly, the device will be automatically locked to protect user data. To unlock it, you must reset or recover the device from [Windows RE](https://technet.microsoft.com/library/cc765966.aspx). -1. From the welcome screen, toggle the Surface Hub's power switch 3 times. Wait a few seconds between each toggle. See the [Surface Hub Site Readiness Guide (PDF)](http://download.microsoft.com/download/3/8/8/3883E991-DFDB-4E70-8D28-20B26045FC5B/Surface-Hub-Site-Readiness-Guide_EN.pdf) for help with locating the power switch. -2. The device should automatically boot into Windows RE. +1. From the welcome screen, toggle the Surface Hub's power switch 3 times. Wait a few seconds between each toggle. See the [Surface Hub Site Readiness Guide (PDF)](https://download.microsoft.com/download/3/8/8/3883E991-DFDB-4E70-8D28-20B26045FC5B/Surface-Hub-Site-Readiness-Guide_EN.pdf) for help with locating the power switch. +2. The device should automatically boot into Windows RE. 3. After the Surface Hub enters Windows RE, select **Recover from the cloud**. (Optionally, you can choose **Reset**, however **Recover from the cloud** is the recommended approach.) - + ![Recover from the cloud](images/recover-from-cloud.png) - + 4. Enter the Bitlocker key (if prompted). 5. When prompted, select **Reinstall**. ![Reinstall](images/reinstall.png) 6. Select **Yes** to repartition the disk. - + ![Repartition](images/repartition.png) - + Reset will begin after the image is downloaded from the cloud. You will see progress indicators. ![downloading 97&](images/recover-progress.png) diff --git a/devices/surface-hub/docfx.json b/devices/surface-hub/docfx.json index dc151c3165..47f420a4d0 100644 --- a/devices/surface-hub/docfx.json +++ b/devices/surface-hub/docfx.json @@ -9,7 +9,7 @@ ], "resource": [ { - "files": ["**/images/**", "**/*.json"], + "files": ["**/images/**"], "exclude": ["**/obj/**"] } ], diff --git a/devices/surface-hub/first-run-program-surface-hub.md b/devices/surface-hub/first-run-program-surface-hub.md index 2574c2cbf6..6fcee63f5d 100644 --- a/devices/surface-hub/first-run-program-surface-hub.md +++ b/devices/surface-hub/first-run-program-surface-hub.md @@ -396,7 +396,7 @@ Once the device has been domain joined, you must specify a security group from t The following input is required: - **Domain:** This is the fully qualified domain name (FQDN) of the domain that you want to join. A security group from this domain can be used to manage the device. -- **User name:** The user name of an account that has sufficient permission to join the specified domain. This account must be a computer object. +- **User name:** The user name of an account that has sufficient permission to join the specified domain. - **Password:** The password for the account. After the credentials are verified, you will be asked to type a security group name. This input is required. diff --git a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md index d72676e762..fde0bb2f8a 100644 --- a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md +++ b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md @@ -8,7 +8,7 @@ ms.sitesec: library author: jdeckerms ms.author: jdecker ms.topic: article -ms.date: 04/12/2018 +ms.date: 08/30/2018 ms.localizationpriority: medium --- @@ -145,17 +145,17 @@ To enable Skype for Business online, your tenant users must have Exchange mailbo | --- | --- | --- | --- | | Join a scheduled meeting | Skype for Business Standalone Plan 1 | E1, 3, 4, or 5 | Skype for Business Server Standard CAL | | Initiate an ad-hoc meeting | Skype for Business Standalone Plan 2 | E 1, 3, 4, or 5 | Skype for Business Server Standard CAL or Enterprise CAL | -| Initiate an ad-hoc meeting and dial out from a meeting to phone numbers | Skype for Business Standalone Plan 2 with PSTN Conferencing

**Note** PSTN consumption billing is optional | E1 or E3 with PSTN Conferencing, or E5| Skype for Business Server Standard CAL or Enterprise CAL | -| Give the room a phone number and make or receive calls from the room or join a dial-in conference using a phone number | Skype for Business Standalone Plan 2 with Cloud PBX and a PSTN Voice Calling plan | E1 or E3 with Cloud PBX and a PSTN Voice Calling plan, or E5 | Skype for Business Server Standard CAL or Plus CAL | +| Initiate an ad-hoc meeting and dial out from a meeting to phone numbers | Skype for Business Standalone Plan 2 with Audio Conferencing

**Note** PSTN consumption billing is optional | E1 or E3 with Audio Conferencing, or E5| Skype for Business Server Standard CAL or Enterprise CAL | +| Give the room a phone number and make or receive calls from the room or join a dial-in conference using a phone number | Skype for Business Standalone Plan 2 with Phone System and a PSTN Voice Calling plan | E1 or E3 with Phone System and a PSTN Voice Calling plan, or E5 | Skype for Business Server Standard CAL or Plus CAL | The following table lists the Office 365 plans and Skype for Business options. -| O365 Plan | Skype for Business | Cloud PBX | PSTN Conferencing | PSTN Calling | +| O365 Plan | Skype for Business | Phone System | Audio Conferencing | Calling Plans | | --- | --- | --- | --- | --- | | O365 Business Essentials | Included | | | | | O365 Business Premium | Included | | | | -| E1 | Included | Add-on | Add-on | Add-on (requires Cloud PBX add-on) | -| E3 | Included | Add-on | Add-on | Add-on (requires Cloud PBX add-on) | +| E1 | Included | Add-on | Add-on | Add-on (requires Phone System add-on) | +| E3 | Included | Add-on | Add-on | Add-on (requires Phone System add-on) | | E5 | Included | Included | Included | Add-on | 1. Start by creating a remote PowerShell session from a PC to the Skype for Business online environment. @@ -190,7 +190,7 @@ The following table lists the Office 365 plans and Skype for Business options. - Click **Licenses**. - - In **Assign licenses**, select Skype for Business (Plan 2) or Skype for Business (Plan 3), depending on your licensing and Enterprise Voice requirements. You'll have to use a Plan 3 license if you want to use Enterprise Voice on your Surface Hub. + - In **Assign licenses**, select Skype for Business (Plan 1) or Skype for Business (Plan 2), depending on your licensing and Enterprise Voice requirements. You'll have to use a Plan 2 license if you want to use Enterprise Voice on your Surface Hub. - Click **Save**. @@ -282,7 +282,7 @@ Use this procedure if you use Exchange online. 5. Add email address for your on-premises domain account. - For this procedure, you'll be using AD admin tools to add an email address for your on-preises domain account. + For this procedure, you'll be using AD admin tools to add an email address for your on-premises domain account. - In **Active Directory Users and Computers** AD tool, right-click on the folder or Organizational Unit that your Surface Hub accounts will be created in, click **New**, and **User**. - Type the display name from the previous cmdlet into the **Full name** box, and the alias into the **User logon name** box. Click **Next**. @@ -291,7 +291,8 @@ Use this procedure if you use Exchange online. - Type the password for this account. You'll need to retype it for verification. Make sure the **Password never expires** checkbox is the only option selected. - >**Important** Selecting **Password never expires** is a requirement for Skype for Business on the Surface Hub. Your domain rules may prohibit passwords that don't expire. If so, you'll need to create an exception for each Surface Hub device account. + >[!IMPORTANT] + >Selecting **Password never expires** is a requirement for Skype for Business on the Surface Hub. Your domain rules may prohibit passwords that don't expire. If so, you'll need to create an exception for each Surface Hub device account. ![Image showing password dialog box.](images/hybriddeployment-02a.png) diff --git a/devices/surface-hub/index.md b/devices/surface-hub/index.md index b819e54b9a..f91b3e81bf 100644 --- a/devices/surface-hub/index.md +++ b/devices/surface-hub/index.md @@ -13,9 +13,9 @@ ms.localizationpriority: medium # Microsoft Surface Hub admin guide ->[Looking for the Surface Hub admin guide for Windows 10, version 1607?](http://download.microsoft.com/download/7/2/5/7252051B-7E97-4781-B5DF-58D4B1A4BB88/surface-hub-admin-guide-1607.pdf) +>[Looking for the Surface Hub admin guide for Windows 10, version 1607?](https://download.microsoft.com/download/7/2/5/7252051B-7E97-4781-B5DF-58D4B1A4BB88/surface-hub-admin-guide-1607.pdf) ->[Looking for the user's guide for Surface Hub?](http://download.microsoft.com/download/3/6/B/36B6331E-0C63-4E71-A05D-EE88D05081F8/surface-hub-user-guide-en-us.pdf) +>[Looking for the user's guide for Surface Hub?](https://download.microsoft.com/download/3/6/B/36B6331E-0C63-4E71-A05D-EE88D05081F8/surface-hub-user-guide-en-us.pdf)
Microsoft Surface Hub is an all-in-one productivity device that is intended for brainstorming, collaboration, and presentations. In order to get the maximum benefit from Surface Hub, your organization’s infrastructure and the Surface Hub itself must be properly set up and integrated. The documentation in this library describes what needs to be done both before and during setup in order to help you optimize your use of the device.![image of a Surface Hub](images/surfacehub.png)
@@ -41,9 +41,9 @@ In some ways, adding your new Surface Hub is just like adding any other Microsof | [Prepare your environment for Microsoft Surface Hub](prepare-your-environment-for-surface-hub.md) | This section contains an overview of the steps required to prepare your environment so that you can use all of the features of Surface Hub. See [Intro to Surface Hub](intro-to-surface-hub.md) for a description of how the device and its features interact with your IT environment. | | [Set up Microsoft Surface Hub](set-up-your-surface-hub.md) | Set up instructions for Surface Hub include a setup worksheet, and a walkthrough of the first-run program. | | [Manage Microsoft Surface Hub](manage-surface-hub.md) | How to manage your Surface Hub after finishing the first-run program. | -| [PowerShell for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md) | +| [PowerShell for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md) | | [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md) | This topic provides guidance on Wi-Fi Direct security risks, how the Surface Hub has addressed those risks, and how Surface Hub administrators can configure the device for the highest level of security. | PowerShell scripts to help set up and manage your Surface Hub. | -| [Top support solutions for Surface Hub](support-solutions-surface-hub.md) | These are the top Microsoft Support solutions for common issues experienced using Surface Hub. | +| [Top support solutions for Surface Hub](support-solutions-surface-hub.md) | These are the top Microsoft Support solutions for common issues experienced using Surface Hub. | | [Troubleshoot Microsoft Surface Hub](troubleshoot-surface-hub.md) | Troubleshoot common problems, including setup issues, Exchange ActiveSync errors. | | [Troubleshoot Miracast on Surface Hub](miracast-troubleshooting.md) | Learn how to resolve Miracast issues. | | [Useful downloads for Surface Hub administrators](surface-hub-downloads.md) | This topic provides links to useful Surface Hub documents, such as product datasheets, the site readiness guide, and user's guide. | @@ -51,3 +51,11 @@ In some ways, adding your new Surface Hub is just like adding any other Microsof +## Additional resources + +- [Surface Hub update history](https://support.microsoft.com/help/4037666/surface-surface-hub-update-history) +- [Surface Hub help](https://support.microsoft.com/hub/4343507/surface-hub-help) +- [Surface IT Pro Blog](https://blogs.technet.microsoft.com/surface/) +- [Surface Playlist of videos](https://www.youtube.com/playlist?list=PLXtHYVsvn_b__1Baibdu4elN4SoF3JTBZ) +- [Microsoft Surface on Twitter](https://twitter.com/surface) + diff --git a/devices/surface-hub/install-apps-on-surface-hub.md b/devices/surface-hub/install-apps-on-surface-hub.md index ffa77e640e..847625be1f 100644 --- a/devices/surface-hub/install-apps-on-surface-hub.md +++ b/devices/surface-hub/install-apps-on-surface-hub.md @@ -8,7 +8,7 @@ ms.sitesec: library author: jdeckerms ms.author: jdecker ms.topic: article -ms.date: 10/20/2017 +ms.date: 10/23/2018 ms.localizationpriority: medium --- @@ -19,7 +19,9 @@ You can install additional apps on your Surface Hub to fit your team or organiza A few things to know about apps on Surface Hub: - Surface Hub only runs [Universal Windows Platform (UWP) apps](https://msdn.microsoft.com/windows/uwp/get-started/whats-a-uwp). Apps created using the [Desktop App Converter](https://docs.microsoft.com/windows/uwp/porting/desktop-to-uwp-run-desktop-app-converter) will not run on Surface Hub. See a [list of apps that work with Surface Hub](https://support.microsoft.com/help/4040382/surface-Apps-that-work-with-Microsoft-Surface-Hub). - Apps must be targeted for the [Universal device family](https://msdn.microsoft.com/library/windows/apps/dn894631) or Windows Team device family. -- By default, apps must be Store-signed to be installed. During testing and development, you can also choose to run developer-signed UWP apps by placing the device in developer mode.- When submitting an app to the Microsoft Store, developers need to set Device family availability and Organizational licensing options to make sure an app will be available to run on Surface Hub. +- Surface Hub only supports [offline-licensed apps](https://docs.microsoft.com/microsoft-store/distribute-offline-apps) from Microsoft Store for Business. +- By default, apps must be Store-signed to be installed. During testing and development, you can also choose to run developer-signed UWP apps by placing the device in developer mode. +- When submitting an app to the Microsoft Store, developers need to set Device family availability and Organizational licensing options to make sure an app will be available to run on Surface Hub. - You need admin credentials to install apps on your Surface Hub. Since the device is designed to be used in communal spaces like meeting rooms, people can't access the Microsoft Store to download and install apps. @@ -27,7 +29,7 @@ A few things to know about apps on Surface Hub: While you're developing your own app, there are a few options for testing apps on Surface Hub. ### Developer Mode -By default, Surface Hub only runs UWP apps that have been published to and signed by the Microsoft Store. Apps submitted to the Microsoft Store go through security and compliance tests as part of the [app certification process](https://msdn.microsoft.com/en-us/windows/uwp/publish/the-app-certification-process), so this helps safeguard your Surface Hub against malicious apps. +By default, Surface Hub only runs UWP apps that have been published to and signed by the Microsoft Store. Apps submitted to the Microsoft Store go through security and compliance tests as part of the [app certification process](https://msdn.microsoft.com/windows/uwp/publish/the-app-certification-process), so this helps safeguard your Surface Hub against malicious apps. By enabling developer mode, you can also install developer-signed UWP apps. @@ -144,8 +146,8 @@ To deploy apps to a large number of Surface Hubs in your organization, use a sup 8. On the **Import Information** page, review the information that was imported, and then click **Next**. If necessary, you can click **Previous** to go back and correct any errors. 9. On the **General Information** page, complete additional details about the app. Some of this information might already be populated if it was automatically obtained from the app package. 10. Click **Next**, review the application information on the Summary page, and then complete the Create Application Wizard. -11. Create a deployment type for the application. For more information, see [Create deployment types for the application](https://docs.microsoft.com/en-us/sccm/apps/deploy-use/create-applications#create-deployment-types-for-the-application). -12. Deploy the application to your Surface Hubs. For more information, see [Deploy applications with System Center Configuration Manager](https://docs.microsoft.com/en-us/sccm/apps/deploy-use/deploy-applications). +11. Create a deployment type for the application. For more information, see [Create deployment types for the application](https://docs.microsoft.com/sccm/apps/deploy-use/create-applications#create-deployment-types-for-the-application). +12. Deploy the application to your Surface Hubs. For more information, see [Deploy applications with System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/deploy-applications). 13. As needed, update the app by downloading a new package from the Store for Business, and publishing an application revision in Configuration Manager. For more information, see [Update and retire applications with System Center Configuration Manager](https://technet.microsoft.com/library/mt595704.aspx). > [!NOTE] diff --git a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md index d0e895cd1a..0771aab258 100644 --- a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md +++ b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md @@ -148,9 +148,9 @@ The following tables include info on Windows 10 settings that have been validate | Setting | Details | CSP reference | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML\*? | | --- | --- | --- |---- | --- | --- | -| Install trusted CA certificates | Use to deploy trusted root and intermediate CA certificates. | [RootCATrustedCertificates CSP](https://msdn.microsoft.com/library/windows/hardware/dn904970.aspx) | Yes.
See [Configure Intune certificate profiles](https://docs.microsoft.com/en-us/intune/deploy-use/configure-intune-certificate-profiles). | Yes.
See [How to create certificate profiles in System Center Configuration Manager](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/create-certificate-profiles). | Yes | +| Install trusted CA certificates | Use to deploy trusted root and intermediate CA certificates. | [RootCATrustedCertificates CSP](https://msdn.microsoft.com/library/windows/hardware/dn904970.aspx) | Yes.
See [Configure Intune certificate profiles](https://docs.microsoft.com/intune/deploy-use/configure-intune-certificate-profiles). | Yes.
See [How to create certificate profiles in System Center Configuration Manager](https://docs.microsoft.com/sccm/protect/deploy-use/create-certificate-profiles). | Yes | \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. @@ -160,7 +160,7 @@ The following tables include info on Windows 10 settings that have been validate | --- | --- | --- |---- | --- | --- | | Collect ETW logs | Use to remotely collect ETW logs from Surface Hub. | [DiagnosticLog CSP](https://msdn.microsoft.com/library/windows/hardware/mt219118.aspx) | No | No | Yes | +| Collect security auditing logs | Use to remotely collect security auditing logs from Surface Hub. | SecurityAuditing node in [Reporting CSP](https://msdn.microsoft.com/library/windows/hardware/mt608321.aspx) | No | No | Yes |--> \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. #### Set network quality of service (QoS) policy diff --git a/devices/surface-hub/manage-windows-updates-for-surface-hub.md b/devices/surface-hub/manage-windows-updates-for-surface-hub.md index 6dcce110f5..625ba99f34 100644 --- a/devices/surface-hub/manage-windows-updates-for-surface-hub.md +++ b/devices/surface-hub/manage-windows-updates-for-surface-hub.md @@ -39,7 +39,7 @@ You can also configure Surface Hub to receive updates from both Windows Update f Surface Hub uses the Windows 10 servicing model, referred to as [Windows as a Service (WaaS)](https://docs.microsoft.com/windows/deployment/update/waas-overview). Traditionally, new features were added only in new versions of Windows that were released every few years. Each new version required lengthy and expensive processes to deploy in an organization. As a result, end users and organizations don't frequently enjoy the benefits of new innovation. The goal of Windows as a Service is to continually provide new capabilities while maintaining a high level of quality. Microsoft publishes two types of Surface Hub releases broadly on an ongoing basis: -- **Feature updates** - Updates that install the latest new features, experiences, and capabilities. Microsoft expects to publish two tnew feature updates per year. +- **Feature updates** - Updates that install the latest new features, experiences, and capabilities. Microsoft expects to publish two new feature updates per year. - **Quality updates** - Updates that focus on the installation of security fixes, drivers, and other servicing updates. Microsoft expects to publish one cumulative quality update per month. In order to improve release quality and simplify deployments, all new releases that Microsoft publishes for Windows 10, including Surface Hub, will be cumulative. This means new feature updates and quality updates will contain the payloads of all previous releases (in an optimized form to reduce storage and networking requirements), and installing the release on a device will bring it completely up to date. Also, unlike earlier versions of Windows, you cannot install a subset of the contents of a Windows 10 quality update. For example, if a quality update contains fixes for three security vulnerabilities and one reliability issue, deploying the update will result in the installation of all four fixes. diff --git a/devices/surface-hub/monitor-surface-hub.md b/devices/surface-hub/monitor-surface-hub.md index ac60abe27d..a210f9834d 100644 --- a/devices/surface-hub/monitor-surface-hub.md +++ b/devices/surface-hub/monitor-surface-hub.md @@ -85,7 +85,7 @@ This table describes the sample queries in the Surface Hub solution: | Alert type | Impact | Recommended remediation | Details | | ---------- | ------ | ----------------------- | ------- | -| Software | Error | **Reboot the device**.
Reboot manually, or using the [Reboot configuration service provider](https://msdn.microsoft.com/en-us/library/windows/hardware/mt720802(v=vs.85).aspx).
Suggest doing this between meetings to minimize impact to your people in your organization. | Trigger conditions:
- A critical process in the Surface Hub operating system, such as the shell, projection, or Skype, crashes or becomes non-responsive.
- The device hasn't reported a heartbeat in the past 24 hours. This may be due to network connectivity issue or network-related hardware failure, or an error with the diagnostic data reporting system. | +| Software | Error | **Reboot the device**.
Reboot manually, or using the [Reboot configuration service provider](https://msdn.microsoft.com/library/windows/hardware/mt720802(v=vs.85).aspx).
Suggest doing this between meetings to minimize impact to your people in your organization. | Trigger conditions:
- A critical process in the Surface Hub operating system, such as the shell, projection, or Skype, crashes or becomes non-responsive.
- The device hasn't reported a heartbeat in the past 24 hours. This may be due to network connectivity issue or network-related hardware failure, or an error with the diagnostic data reporting system. | | Software | Error | **Check your Exchange service**.
Verify:
- The service is available.
- The device account password is up to date – see [Password management](password-management-for-surface-hub-device-accounts.md) for details.| Triggers when there's an error syncing the device calendar with Exchange. | | Software | Error | **Check your Skype for Business service**.
Verify:
- The service is available.
- The device account password is up to date – see [Password management](password-management-for-surface-hub-device-accounts.md) for details.
- The domain name for Skype for Business is properly configured - see [Configure a domain name](use-fully-qualified-domain-name-surface-hub.md). | Triggers when Skype fails to sign in. | | Software | Error | **Reset the device**.
This takes some time, so you should take the device offline.
For more information, see [Device reset](device-reset-surface-hub.md).| Triggers when there is an error cleaning up user and app data at the end of a session. When this operation repeatedly fails, the device is locked to protect user data. You must reset the device to continue. | @@ -95,7 +95,7 @@ This table describes the sample queries in the Surface Hub solution: **To set up an alert** 1. From the Surface Hub solution, select one of the sample queries. 2. Modify the query as desired. See Log Analytics search reference to learn more. -3. Click **Alert** at the top of the page to open the **Add Alert Rule** screen. See [Alerts in Log Analytics](https://azure.microsoft.com/en-us/documentation/articles/log-analytics-alerts/) for details on the options to configure the alert. +3. Click **Alert** at the top of the page to open the **Add Alert Rule** screen. See [Alerts in Log Analytics](https://azure.microsoft.com/documentation/articles/log-analytics-alerts/) for details on the options to configure the alert. 4. Click **Save** to complete the alert rule. It will start running immediately. ## Enroll your Surface Hub diff --git a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md index 953c771d7c..46877db4de 100644 --- a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md +++ b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md @@ -7,7 +7,7 @@ ms.prod: surface-hub ms.sitesec: library author: jdeckerms ms.author: jdecker -ms.date: 06/01/2018 +ms.date: 08/28/2018 ms.localizationpriority: medium --- @@ -99,7 +99,7 @@ If you have a single-forest on-premises deployment with Microsoft Exchange 2013 8. OPTIONAL: You can also allow your Surface Hub to make and receive public switched telephone network (PSTN) phone calls by enabling Enterprise Voice for your account. Enterprise Voice isn't a requirement for Surface Hub, but if you want PSTN dialing functionality for the Surface Hub client, here's how to enable it: ```PowerShell - Set-CsMeetingRoom -Identity HUB01 -DomainController DC-ND-001.contoso.com -LineURI “tel:+14255550555;ext=50555" -EnterpriseVoiceEnabled $true + Set-CsMeetingRoom -Identity HUB01 -DomainController DC-ND-001.contoso.com -LineURI "tel:+14255550555;ext=50555" -EnterpriseVoiceEnabled $true ``` Again, you need to replace the provided domain controller and phone number examples with your own information. The parameter value `$true` stays the same. @@ -108,8 +108,7 @@ If you have a single-forest on-premises deployment with Microsoft Exchange 2013  ## Disable anonymous email and IM ->[!WARNING] ->This information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + Surface Hub uses a device account to provide email and collaboration services (IM, video, voice). This device account is used as the originating identity (the “from” party) when sending email, IM, and placing calls. As this account is not coming from an individual, identifiable user, it is deemed “anonymous” because it originated from the Surface Hub's device account. diff --git a/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md b/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md index ff5af2b652..cae7e9639e 100644 --- a/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md +++ b/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md @@ -6,7 +6,7 @@ ms.prod: surface-hub ms.sitesec: library author: jdeckerms ms.author: jdecker -ms.date: 06/01/2018 +ms.date: 08/28/2018 ms.localizationpriority: medium --- @@ -80,7 +80,7 @@ If you have a multi-forest on-premises deployment with Microsoft Exchange 2013 o 6. You now need to change the room mailbox to a linked mailbox: ```PowerShell - $cred=Get-Credential AuthForest\LinkedRoomTest1 + $cred=Get-Credential AuthForest\ADAdmin Set-mailbox -Alias LinkedRoomTest1 -LinkedMasterAccount AuthForest\LinkedRoomTest1 -LinkedDomainController AuthForest-4939.AuthForest.extest.contoso.com -Name LinkedRoomTest1 -LinkedCredential $cred -Identity LinkedRoomTest1 ``` @@ -97,8 +97,7 @@ If you have a multi-forest on-premises deployment with Microsoft Exchange 2013 o ## Disable anonymous email and IM ->[!WARNING] ->This information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + Surface Hub uses a device account to provide email and collaboration services (IM, video, voice). This device account is used as the originating identity (the “from” party) when sending email, IM, and placing calls. As this account is not coming from an individual, identifiable user, it is deemed “anonymous” because it originated from the Surface Hub's device account. diff --git a/devices/surface-hub/skype-hybrid-voice.md b/devices/surface-hub/skype-hybrid-voice.md index 4b3c12deab..5537a823c7 100644 --- a/devices/surface-hub/skype-hybrid-voice.md +++ b/devices/surface-hub/skype-hybrid-voice.md @@ -65,7 +65,7 @@ If you deployed Skype for Business Cloud PBX with one of the hybrid voice option If you haven’t created a compatible policy yet, use the following cmdlet (this one creates a policy called "Surface Hubs"). After it’s created, you can apply the same policy to other device accounts. ``` - $easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false + $easPolicy = New-MobileDeviceMailboxPolicy -Name "SurfaceHubs" -PasswordEnabled $false ``` After you have a compatible policy, then you will need to apply the policy to the device account. However, policies can only be applied to user accounts and not resource mailboxes. Run the following cmdlets to convert the mailbox into a user type, apply the policy, and then convert it back into a mailbox (you may need to re-enable the account and set the password again). diff --git a/devices/surface-hub/surface-hub-authenticator-app.md b/devices/surface-hub/surface-hub-authenticator-app.md index d5f9dc8d57..a068fe1fab 100644 --- a/devices/surface-hub/surface-hub-authenticator-app.md +++ b/devices/surface-hub/surface-hub-authenticator-app.md @@ -23,7 +23,7 @@ To let people in your organization sign in to Surface Hub with their phones and - Make sure you have at minimum an Office 365 E3 subscription. -- [Configure Multi-Factor Authentication](https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings). Make sure **Notification through mobile app** is selected. +- [Configure Multi-Factor Authentication](https://docs.microsoft.com/azure/active-directory/authentication/howto-mfa-mfasettings). Make sure **Notification through mobile app** is selected. ![multi-factor authentication options](images/mfa-options.png) diff --git a/devices/surface-hub/surface-hub-downloads.md b/devices/surface-hub/surface-hub-downloads.md index 8ddafa924a..689358891c 100644 --- a/devices/surface-hub/surface-hub-downloads.md +++ b/devices/surface-hub/surface-hub-downloads.md @@ -16,22 +16,21 @@ This topic provides links to useful Surface Hub documents, such as product datas | Link | Description | | --- | --- | -| [Surface Hub Site Readiness Guide (PDF)](http://download.microsoft.com/download/3/8/8/3883E991-DFDB-4E70-8D28-20B26045FC5B/Surface-Hub-Site-Readiness-Guide_EN.pdf) | Make sure your site is ready for Surface Hub, including structural and power requirements, and get technical specs for Surface Hub. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/27/aa/27aa7dd7-7cb7-40ea-9bd6-c7de0795f68c.mov?n=04.07.16_installation_video_01_site_readiness.mov) | -| [Surface Hub Setup Guide (English, French, Spanish) (PDF)](http://download.microsoft.com/download/0/1/6/016363A4-8602-4F01-8281-9BE5C814DC78/Setup-Guide_EN-FR-SP.pdf) | Get a quick overview of how to set up the environment for your new Surface Hub. | -| [Surface Hub Quick Reference Guide (PDF)](http://download.microsoft.com/download/9/E/E/9EE660F8-3FC6-4909-969E-89EA648F06DB/Surface%20Hub%20Quick%20Reference%20Guide_en-us.pdf) | Use this quick reference guide to get information about key features and functions of the Surface Hub. | -| [Surface Hub User Guide (PDF)](http://download.microsoft.com/download/3/6/B/36B6331E-0C63-4E71-A05D-EE88D05081F8/surface-hub-user-guide-en-us.pdf) | Learn how to use Surface Hub in scheduled or ad-hoc meetings. Invite remote participants, use the built-in tools, save data from your meeting, and more. | +| [Surface Hub Site Readiness Guide (PDF)](https://download.microsoft.com/download/3/8/8/3883E991-DFDB-4E70-8D28-20B26045FC5B/Surface-Hub-Site-Readiness-Guide_EN.pdf) | Make sure your site is ready for Surface Hub, including structural and power requirements, and get technical specs for Surface Hub. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/27/aa/27aa7dd7-7cb7-40ea-9bd6-c7de0795f68c.mov?n=04.07.16_installation_video_01_site_readiness.mov) | +| [Surface Hub Setup Guide (English, French, Spanish) (PDF)](https://download.microsoft.com/download/0/1/6/016363A4-8602-4F01-8281-9BE5C814DC78/Setup-Guide_EN-FR-SP.pdf) | Get a quick overview of how to set up the environment for your new Surface Hub. | +| [Surface Hub Quick Reference Guide (PDF)](https://download.microsoft.com/download/9/E/E/9EE660F8-3FC6-4909-969E-89EA648F06DB/Surface%20Hub%20Quick%20Reference%20Guide_en-us.pdf) | Use this quick reference guide to get information about key features and functions of the Surface Hub. | +| [Surface Hub User Guide (PDF)](https://download.microsoft.com/download/3/6/B/36B6331E-0C63-4E71-A05D-EE88D05081F8/surface-hub-user-guide-en-us.pdf) | Learn how to use Surface Hub in scheduled or ad-hoc meetings. Invite remote participants, use the built-in tools, save data from your meeting, and more. | | [Surface Hub Replacement PC Drivers](https://www.microsoft.com/download/details.aspx?id=52210) | The Surface Hub Replacement PC driver set is available for those customers who have chosen to disable the Surface Hub’s internal PC and use an external computer with their 84” or 55” Surface Hub. This download is meant to be used with the Surface Hub Admin Guide , which contains further details on configuring a Surface Hub Replacement PC. | -| [Surface Hub SSD Replacement Guide (PDF)](http://download.microsoft.com/download/1/F/2/1F202254-7156-459F-ABD2-39CF903A25DE/surface-hub-ssd-replacement-guide_en-us.pdf) | Learn how to replace the solid state drive (SSD) for the 55- and 84-inch Surface Hub. | -| [Microsoft Surface Hub Rollout and Adoption Success Kit (ZIP)](http://download.microsoft.com/download/F/A/3/FA3ADEA4-4966-456B-8BDE-0A594FD52C6C/Surface_Hub_Adoption_Kit_Final_0519.pdf) | Best practices for generating awareness and implementing change management to maximize adoption, usage, and benefits of Microsoft Surface Hub. The Rollout and Adoption Success Kit zip file includes the Rollout and Adoption Success Kit detailed document, Surface Hub presentation, demo guidance, awareness graphics, and more. | -| [Unpacking Guide for 84-inch Surface Hub (PDF)](http://download.microsoft.com/download/5/2/B/52B4007E-D8C8-4EED-ACA9-FEEF93F6055C/84_Unpacking_Guide_English_French-Spanish.pdf) | Learn how to unpack your 84-inch Surface Hub efficiently and safely. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/75/2b/752b73dc-6e9d-4692-8ba1-0f9fc03bff6b.mov?n=04.07.16_installation_video_03_unpacking_84.mov) | -| [Unpacking Guide for 55-inch Surface Hub (PDF)](http://download.microsoft.com/download/2/E/7/2E7616A2-F936-4512-8052-1E2D92DFD070/55_Unpacking_Guide_English-French-Spanish.PDF) | Learn how to unpack your 55-inch Surface Hub efficiently and safely. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/a9/d6/a9d6b4d7-d33f-4e8b-be92-28f7fc2c06d7.mov?n=04.07.16_installation_video_02_unpacking_55.mov) | -| [Wall Mounting and Assembly Guide (PDF)](http://download.microsoft.com/download/7/0/2/702485E3-B55E-4DE8-B5DD-3B56F90DCF5D/SH-Guide_WACG_Wall_Mounts_EN-FR-ES-NL-DE-IT-PT-AR-DA-FI-NO-SV.pdf) | Detailed instructions on how to safely and securely assemble the wall brackets, and how to mount your Surface Hub onto them. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/bf/4d/bf4d6f06-370c-45ee-88e6-c409873914e8.mov?n=04.07.16_installation_video_05_wall_mount.mov) | -| [Floor-Supported Mounting and Assembly Guide (PDF)](http://download.microsoft.com/download/7/0/2/702485E3-B55E-4DE8-B5DD-3B56F90DCF5D/SH-Guide_WACG_Floor_Support_Mount_EN-FR-ES-NL-DE-IT-AR-DA-FI-NO-SV.pdf) | Detailed instructions on how to safely and securely assemble the floor-supported brackets, and how to mount your Surface Hub onto them. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/ed/de/edde468a-e1d4-4ce8-8b61-c4527dd25c81.mov?n=04.07.16_installation_video_06_floor_support_mount.mov) | -| [Rolling Stand Mounting and Assembly Guide (PDF)](http://download.microsoft.com/download/7/0/2/702485E3-B55E-4DE8-B5DD-3B56F90DCF5D/SH-Guide_WACG_Rolling_Stands_EN-FR-ES-NL-DE-IT-AR-DA-FI-NO-SV.pdf) | Detailed instructions on how to safely and securely assemble the rolling stand, and how to mount your Surface Hub onto it. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/1f/94/1f949613-3e4a-41e3-ad60-fe8aa7134115.mov?n=04.07.16_installation_video_04_rolling_stand_mount.mov) | -| [Mounts and Stands Datasheet (PDF)](http://download.microsoft.com/download/5/0/1/501F98D9-1BCC-4448-A1DB-47056CEE33B6/20160711_Surface_Hub_Mounts_and_Stands_Datasheet.pdf) | Specifications and prices for all Surface Hub add-on stands and mounts that turn your workspace into a Surface Hub workspace. | -| [Surface Hub Stand and Wall Mount Specifications (PDF)](http://download.microsoft.com/download/7/A/7/7A75BD0F-5A46-4BCE-B313-A80E47AEB581/20160720_Combined_Stand_Wall_Mount_Drawings.pdf) | Illustrated specifications for the 55” and 84” Surface Hub rolling stands, wall mounts, and floor-supported wall mounts. | +| [Surface Hub SSD Replacement Guide (PDF)](https://download.microsoft.com/download/1/F/2/1F202254-7156-459F-ABD2-39CF903A25DE/surface-hub-ssd-replacement-guide_en-us.pdf) | Learn how to replace the solid state drive (SSD) for the 55- and 84-inch Surface Hub. | +| [Microsoft Surface Hub Rollout and Adoption Success Kit (ZIP)](https://download.microsoft.com/download/F/A/3/FA3ADEA4-4966-456B-8BDE-0A594FD52C6C/Surface_Hub_Adoption_Kit_Final_0519.pdf) | Best practices for generating awareness and implementing change management to maximize adoption, usage, and benefits of Microsoft Surface Hub. The Rollout and Adoption Success Kit zip file includes the Rollout and Adoption Success Kit detailed document, Surface Hub presentation, demo guidance, awareness graphics, and more. | +| [Unpacking Guide for 84-inch Surface Hub (PDF)](https://download.microsoft.com/download/5/2/B/52B4007E-D8C8-4EED-ACA9-FEEF93F6055C/84_Unpacking_Guide_English_French-Spanish.pdf) | Learn how to unpack your 84-inch Surface Hub efficiently and safely. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/75/2b/752b73dc-6e9d-4692-8ba1-0f9fc03bff6b.mov?n=04.07.16_installation_video_03_unpacking_84.mov) | +| [Unpacking Guide for 55-inch Surface Hub (PDF)](https://download.microsoft.com/download/2/E/7/2E7616A2-F936-4512-8052-1E2D92DFD070/55_Unpacking_Guide_English-French-Spanish.PDF) | Learn how to unpack your 55-inch Surface Hub efficiently and safely. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/a9/d6/a9d6b4d7-d33f-4e8b-be92-28f7fc2c06d7.mov?n=04.07.16_installation_video_02_unpacking_55.mov) | +| [Wall Mounting and Assembly Guide (PDF)](https://download.microsoft.com/download/7/0/2/702485E3-B55E-4DE8-B5DD-3B56F90DCF5D/SH-Guide_WACG_Wall_Mounts_EN-FR-ES-NL-DE-IT-PT-AR-DA-FI-NO-SV.pdf) | Detailed instructions on how to safely and securely assemble the wall brackets, and how to mount your Surface Hub onto them. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/bf/4d/bf4d6f06-370c-45ee-88e6-c409873914e8.mov?n=04.07.16_installation_video_05_wall_mount.mov) | +| [Floor-Supported Mounting and Assembly Guide (PDF)](https://download.microsoft.com/download/7/0/2/702485E3-B55E-4DE8-B5DD-3B56F90DCF5D/SH-Guide_WACG_Floor_Support_Mount_EN-FR-ES-NL-DE-IT-AR-DA-FI-NO-SV.pdf) | Detailed instructions on how to safely and securely assemble the floor-supported brackets, and how to mount your Surface Hub onto them. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/ed/de/edde468a-e1d4-4ce8-8b61-c4527dd25c81.mov?n=04.07.16_installation_video_06_floor_support_mount.mov) | +| [Rolling Stand Mounting and Assembly Guide (PDF)](https://download.microsoft.com/download/7/0/2/702485E3-B55E-4DE8-B5DD-3B56F90DCF5D/SH-Guide_WACG_Rolling_Stands_EN-FR-ES-NL-DE-IT-AR-DA-FI-NO-SV.pdf) | Detailed instructions on how to safely and securely assemble the rolling stand, and how to mount your Surface Hub onto it. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/1f/94/1f949613-3e4a-41e3-ad60-fe8aa7134115.mov?n=04.07.16_installation_video_04_rolling_stand_mount.mov) | +| [Mounts and Stands Datasheet (PDF)](https://download.microsoft.com/download/5/0/1/501F98D9-1BCC-4448-A1DB-47056CEE33B6/20160711_Surface_Hub_Mounts_and_Stands_Datasheet.pdf) | Specifications and prices for all Surface Hub add-on stands and mounts that turn your workspace into a Surface Hub workspace. | +| [Surface Hub Stand and Wall Mount Specifications (PDF)](https://download.microsoft.com/download/7/A/7/7A75BD0F-5A46-4BCE-B313-A80E47AEB581/20160720_Combined_Stand_Wall_Mount_Drawings.pdf) | Illustrated specifications for the 55” and 84” Surface Hub rolling stands, wall mounts, and floor-supported wall mounts. | - \ No newline at end of file diff --git a/devices/surface-hub/surface-hub-recovery-tool.md b/devices/surface-hub/surface-hub-recovery-tool.md index 81c91723b7..262bcc5d2a 100644 --- a/devices/surface-hub/surface-hub-recovery-tool.md +++ b/devices/surface-hub/surface-hub-recovery-tool.md @@ -14,9 +14,12 @@ ms.localizationpriority: medium # Using the Surface Hub Recovery Tool -The [Microsoft Surface Hub Recovery Tool](https://www.microsoft.com/download/details.aspx?id=52210) helps you re-image your Surface Hub Solid State Drive (SSD) using a Windows 10 desktop device, without calling support or replacing the SSD. With this tool, you can reimage an SSD that has an unknown Administrator password, boot errors, was unable to complete a cloud recovery, or for a device that has an older version of the operating system. The tool will not fix physically damaged SSDs. +The [Microsoft Surface Hub Recovery Tool](https://www.microsoft.com/download/details.aspx?id=52210) helps you re-image your Surface Hub Solid State Drive (SSD) using a Windows 10 desktop device, without calling support or replacing the SSD. With this tool, you can reimage an SSD that has an unknown Administrator password, boot errors, was unable to complete a cloud recovery, or for a device that has an older version of the operating system. The tool will not fix physically damaged SSDs. -To re-image the Surface Hub SSD using the Recovery Tool, you'll need to remove the SSD from the Surface Hub, connect the drive to the USB-to-SATA cable, and then connect the cable to the desktop PC on which the Recovery Tool is installed. For more information on how to remove the existing drive from your Surface Hub, please refer to the [Surface Hub SSD Replacement Guide (PDF)](http://download.microsoft.com/download/1/F/2/1F202254-7156-459F-ABD2-39CF903A25DE/surface-hub-ssd-replacement-guide_en-us.pdf). +To re-image the Surface Hub SSD using the Recovery Tool, you'll need to remove the SSD from the Surface Hub, connect the drive to the USB-to-SATA cable, and then connect the cable to the desktop PC on which the Recovery Tool is installed. For more information on how to remove the existing drive from your Surface Hub, please refer to the [Surface Hub SSD Replacement Guide (PDF)](https://download.microsoft.com/download/1/F/2/1F202254-7156-459F-ABD2-39CF903A25DE/surface-hub-ssd-replacement-guide_en-us.pdf). + +>[!IMPORTANT] +>Do not let the device go to sleep or interrupt the download of the image file. If the tool is unsuccessful in reimaging your drive, please contact [Surface Hub Support](https://support.microsoft.com/help/4037644/surface-contact-surface-warranty-and-software-support). @@ -28,15 +31,15 @@ If the tool is unsuccessful in reimaging your drive, please contact [Surface Hub - Internet access - Open USB 2.0 or greater port - USB-to-SATA cable -- 10 GB of free disk space on the host computer -- SSDs shipped with Surface Hub or a SSD provided by Support as a replacement. SSDs not supplied by Microsoft are not supported. +- 10 GB of free disk space on the host computer +- SSDs shipped with Surface Hub or a SSD provided by Support as a replacement. SSDs not supplied by Microsoft are not supported. ### Recommended - High-speed Internet connection - Open USB 3.0 port - USB 3.0 or higher USB-to-SATA cable -- The imaging tool was tested with the following make and model of cables: +- The imaging tool was tested with the following make and model of cables: - Startech USB312SAT3CB - Rosewill RCUC16001 - Ugreen 20231 @@ -54,7 +57,7 @@ Install Surface Hub Recovery Tool on the host PC. ## Run Surface Hub Recovery Tool -1. On the host PC, select the **Start** button, scroll through the alphabetical list on the left, and select the recovery tool shortcut. +1. On the host PC, select the **Start** button, scroll through the alphabetical list on the left, and select the recovery tool shortcut. ![Microsoft Surface Hub Recovery Tool shortcut](images/shrt-shortcut.png) @@ -66,11 +69,11 @@ Install Surface Hub Recovery Tool on the host PC. ![Do not let your machine go to sleep guidance](images/shrt-guidance.png) -4. click **Yes** to download the image. Time to download the recovery image is dependent on internet connection speeds. On an average corporate connection, it can take up to an hour to download the 8GB image file. +4. click **Yes** to download the image. Time to download the recovery image is dependent on internet connection speeds. On an average corporate connection, it can take up to an hour to download the 8GB image file. ![Download the image?](images/shrt-download.png) -5. When the download is complete, the tool instructs you to connect an SSD drive. If the tool is unable to locate the attached drive, there is a good chance that the cable being used is not reporting the name of the SSD to Windows. The imaging tool must find the name of the drive as "LITEON L CH-128V2S USB Device" before it can continue. For more information on how to remove the existing drive from your Surface Hub, please refer to the [Surface Hub SSD Replacement Guide (PDF)](http://download.microsoft.com/download/1/F/2/1F202254-7156-459F-ABD2-39CF903A25DE/surface-hub-ssd-replacement-guide_en-us.pdf). +5. When the download is complete, the tool instructs you to connect an SSD drive. If the tool is unable to locate the attached drive, there is a good chance that the cable being used is not reporting the name of the SSD to Windows. The imaging tool must find the name of the drive as "LITEON L CH-128V2S USB Device" before it can continue. For more information on how to remove the existing drive from your Surface Hub, please refer to the [Surface Hub SSD Replacement Guide (PDF)](https://download.microsoft.com/download/1/F/2/1F202254-7156-459F-ABD2-39CF903A25DE/surface-hub-ssd-replacement-guide_en-us.pdf). ![Connect SSD](images/shrt-drive.png) diff --git a/devices/surface-hub/surface-hub-start-menu.md b/devices/surface-hub/surface-hub-start-menu.md index 5e6469aab1..dbd5b02e92 100644 --- a/devices/surface-hub/surface-hub-start-menu.md +++ b/devices/surface-hub/surface-hub-start-menu.md @@ -29,7 +29,7 @@ The customized Start menu is defined in a Start layout XML file. You have two op >[!TIP] >To add a tile with a web link to your desktop start menu, go to the link in Microsoft Edge, select `...` in the top right corner, and select **Pin this page to Start**. See [a Start layout that includes a Microsoft Edge link](#edge) for an example of how links will appear in the XML. -To edit the default XML or the exported layout, familiarize yourself with the [Start layout XML](https://docs.microsoft.com/en-us/windows/configuration/start-layout-xml-desktop). There are a few [differences between Start layout on a deskop and a Surface Hub.](#differences) +To edit the default XML or the exported layout, familiarize yourself with the [Start layout XML](https://docs.microsoft.com/windows/configuration/start-layout-xml-desktop). There are a few [differences between Start layout on a deskop and a Surface Hub.](#differences) When you have your Start menu defined in a Start layout XML, [create an MDM policy to apply the layout.](https://docs.microsoft.com/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management#a-href-idbkmk-domaingpodeploymentacreate-a-policy-for-your-customized-start-layout) @@ -38,7 +38,7 @@ When you have your Start menu defined in a Start layout XML, [create an MDM poli There are a few key differences between Start menu customization for Surface Hub and a Windows 10 desktop: -- You cannot use **DesktopApplicationTile** (https://docs.microsoft.com/en-us/windows/configuration/start-layout-xml-desktop#startdesktopapplicationtile) in your Start layout XML because Windows desktop applications (Win32) are not supported on Surface Hub. +- You cannot use **DesktopApplicationTile** (https://docs.microsoft.com/windows/configuration/start-layout-xml-desktop#startdesktopapplicationtile) in your Start layout XML because Windows desktop applications (Win32) are not supported on Surface Hub. - You cannot use the Start layout XML to configure the taskbar or the Welcome screen for Surface Hub. - Surface Hub supports a maximum of 6 columns (6 1x1 tiles), however, you **must** define `GroupCellWidth=8` even though Surface Hub will only display tiles in columns 0-5, not columns 6 and 7. - Surface Hub supports a maximum 6 rows (6 1x1 tiles) @@ -145,7 +145,7 @@ This example shows a link to a website and a link to a .pdf file. TileID="2678823080" DisplayName="Bing" Arguments="https://www.bing.com/" - Square150x150LogoUri="ms-appdata:///local/PinnedTiles/2678823080/lowres.png" + Square150x150LogoUri="ms-appx:///" Wide310x150LogoUri="ms-appx:///" ShowNameOnSquare150x150Logo="true" ShowNameOnWide310x150Logo="false" @@ -164,7 +164,10 @@ This example shows a link to a website and a link to a .pdf file. TileID="6153963000" DisplayName="cstrtqbiology.pdf" Arguments="-contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x45b7376e -pinnedTimeHigh 0x01d2356c -securityFlags 0x00000000 -tileType 0x00000000 -url 0x0000003a https://www.ada.gov/regs2010/2010ADAStandards/Guidance_2010ADAStandards.pdf" - Square150x150LogoUri="ms-appdata:///local/PinnedTiles/2678823080/lowres.png" Wide310x150LogoUri="ms-appx:///" ShowNameOnSquare150x150Logo="true" ShowNameOnWide310x150Logo="true" + Square150x150LogoUri="ms-appx:///" + Wide310x150LogoUri="ms-appx:///" + ShowNameOnSquare150x150Logo="true" + ShowNameOnWide310x150Logo="true" BackgroundColor="#ff4e4248" Size="4x2" Row="4" @@ -177,6 +180,11 @@ This example shows a link to a website and a link to a .pdf file. ``` +>[!NOTE] +>Microsoft Edge tile logos won't appear on secondary tiles because they aren't stored in Surface Hub. +> +>The default value for `ForegroundText` is light; you don't need to include `ForegroundText` in your XML unless you're changing the value to dark. + ## More information - [Blog post: Changing Surface Hub’s Start Menu](https://blogs.technet.microsoft.com/y0av/2018/02/13/47/) diff --git a/devices/surface-hub/surfacehub-whats-new-1703.md b/devices/surface-hub/surfacehub-whats-new-1703.md index 1473174177..985b44c3cd 100644 --- a/devices/surface-hub/surfacehub-whats-new-1703.md +++ b/devices/surface-hub/surfacehub-whats-new-1703.md @@ -34,7 +34,7 @@ Settings have been added to mobile device management (MDM) and configuration ser - Properties/DoNotShowMyMeetingsAndFiles - System/AllowStorageCard -Plus settings based on the new [NetworkQoSPolicy CSP](https://msdn.microsoft.com/en-us/windows/hardware/commercialize/customize/mdm/networkqospolicy-csp) and [NetworkProxy CSP](https://msdn.microsoft.com/en-us/windows/hardware/commercialize/customize/mdm/networkproxy-csp). +Plus settings based on the new [NetworkQoSPolicy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkqospolicy-csp) and [NetworkProxy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkproxy-csp).
## Provisioning wizard diff --git a/devices/surface/TOC.md b/devices/surface/TOC.md index 6bb7a33e57..b60f1c9480 100644 --- a/devices/surface/TOC.md +++ b/devices/surface/TOC.md @@ -10,10 +10,12 @@ ### [Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md) #### [Step by step: Surface Deployment Accelerator](step-by-step-surface-deployment-accelerator.md) #### [Using the Surface Deployment Accelerator deployment share](using-the-sda-deployment-share.md) +### [Maintain optimal power settings on Surface devices](maintain-optimal-power-settings-on-Surface-devices.md) +### [Battery Limit setting](battery-limit.md) +### [Surface Brightness Control](microsoft-surface-brightness-control.md) ## [Surface firmware and driver updates](update.md) ### [Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) ### [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md) -### [Manage Surface Dock firmware updates](manage-surface-dock-firmware-updates.md) ### [Surface Dock Updater](surface-dock-updater.md) ### [Wake On LAN for Surface devices](wake-on-lan-for-surface-devices.md) ## [Considerations for Surface and System Center Configuration Manager](considerations-for-surface-and-system-center-configuration-manager.md) @@ -25,6 +27,9 @@ ### [Enroll and configure Surface devices with SEMM](enroll-and-configure-surface-devices-with-semm.md) ### [Unenroll Surface devices from SEMM](unenroll-surface-devices-from-semm.md) ### [Use System Center Configuration Manager to manage devices with SEMM](use-system-center-configuration-manager-to-manage-devices-with-semm.md) +## [Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md) +### [Use Surface Diagnostic Toolkit for Business in desktop mode](surface-diagnostic-toolkit-desktop-mode.md) +### [Run Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md) ## [Surface Data Eraser](microsoft-surface-data-eraser.md) ## [Top support solutions for Surface devices](support-solutions-surface.md) ## [Change history for Surface documentation](change-history-for-surface.md) diff --git a/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md b/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md index edc8b8e993..d9d67fc9ab 100644 --- a/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md +++ b/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md @@ -24,7 +24,7 @@ To address more granular control over the security of Surface devices, the v3.11 ## Manually install the UEFI update -Before you can configure the advanced security features of your Surface device, you must first install the v3.11.760.0 UEFI update. This update is installed automatically if you receive your updates from Windows Update. For more information about how to configure Windows to update automatically by using Windows Update, see [How to configure and use Automatic Updates in Windows](https://support.microsoft.com/en-us/kb/306525). +Before you can configure the advanced security features of your Surface device, you must first install the v3.11.760.0 UEFI update. This update is installed automatically if you receive your updates from Windows Update. For more information about how to configure Windows to update automatically by using Windows Update, see [How to configure and use Automatic Updates in Windows](https://support.microsoft.com/kb/306525). To update the UEFI on Surface Pro 3, you can download and install the Surface UEFI updates as part of the Surface Pro 3 Firmware and Driver Pack. These firmware and driver packs are available from the [Surface Pro 3 page](https://www.microsoft.com/download/details.aspx?id=38826) on the Microsoft Download Center. You can find out more about the firmware and driver packs at [Download the latest firmware and drivers for Surface devices](https://technet.microsoft.com/itpro/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices). The firmware and driver packs are available as both self-contained Windows Installer (.msi) and archive (.zip) formats. You can find out more about these two formats and how you can use them to update your drivers at [Manage Surface driver and firmware updates](https://technet.microsoft.com/itpro/surface/manage-surface-pro-3-firmware-updates). diff --git a/devices/surface/battery-limit.md b/devices/surface/battery-limit.md new file mode 100644 index 0000000000..dce83705cc --- /dev/null +++ b/devices/surface/battery-limit.md @@ -0,0 +1,84 @@ +--- +title: Battery Limit setting (Surface) +description: Battery Limit is a UEFI setting that changes how the Surface device battery is charged and may prolong its longevity. +ms.prod: w10 +ms.mktglfcycl: manage +ms.pagetype: surface, devices +ms.sitesec: library +author: brecords +ms.date: 10/02/2018 +ms.author: jdecker +ms.topic: article +--- + +# Battery Limit setting + +Battery Limit option is a UEFI setting that changes how the Surface device battery is charged and may prolong its longevity. This setting is recommended in cases in which the device is continuously connected to power, for example when devices are integrated into kiosk solutions. + +## Battery Limit information + +Setting the device on Battery Limit changes the protocol for charging the device battery. When Battery Limit is enabled, the battery charge will be limited to 50% of its maximum capacity. The charge level reported in Windows will reflect this limit. Therefore, it will show that the battery is charged up to 50% and will not charge beyond this limit. If you enable Battery Limit while the device is above 50% charge, the Battery icon will show that the device is plugged in but discharging until the device reaches 50% of its maximum charge capacity. + +Adding the Battery Limit option to Surface UEFI will require a [Surface UEFI firmware update](update.md), which will be made available through Windows Update or via the MSI driver and firmware packages on the Microsoft Download Center. Check [Enable "Battery Limit" for Surface devices that have to be plugged in for extended periods of time](https://support.microsoft.com/help/4464941) for the specific Surface UEFI version required for each device and supported devices. Currently, Battery Limit is only supported on Surface Pro 4 and Surface Pro 3. However, the setting will be available in the future on other Surface device models. + +## Enabling Battery Limit in Surface UEFI (Surface Pro 4 and later) + +The Surface UEFI Battery Limit setting can be configured by booting into Surface UEFI (**Power + Vol Up** when turning on the device). Choose **boot configuration**, and then, under **Advanced Options**, toggle **Enable Battery Limit Mode** to **On**. + +![Screenshot of Advanced options](images/enable-bl.png) + +## Enabling Battery Limit in Surface UEFI (Surface Pro 3) + +The Surface UEFI Battery Limit setting can be configured by booting into Surface UEFI (**Power + Vol Up** when turning on the device). Choose **Kiosk Mode**, select **Battery Limit**, and then choose **Enabled**. + +![Screenshot of Advanced options](images/enable-bl-sp3.png) + +![Screenshot of Advanced options](images/enable-bl-sp3-2.png) + +## Enabling Battery Limit using Surface Enterprise Management Mode (SEMM) or Surface Pro 3 firmware PowerShell scripts + +The Surface UEFI battery limit is also available for configuration via the following methods: + +- Surface Pro 4 and later + - [Microsoft Surface UEFI Configurator](https://docs.microsoft.com/surface/surface-enterprise-management-mode) + - Surface UEFI Manager Powershell scripts (SEMM_Powershell.zip) in the [Surface Tools for IT downloads](https://www.microsoft.com/download/details.aspx?id=46703) +- Surface Pro 3 + - [SP3_Firmware_Powershell_Scripts.zip](https://www.microsoft.com/download/details.aspx?id=46703) + +### Using Microsoft Surface UEFI Configurator + +To configure Battery Limit mode, set the **Kiosk Overrides** setting on the **Advanced Settings** configuration page in SEMM (Surface Pro 4 and later). + +![Screenshot of advanced settings](images/semm-bl.png) + +### Using Surface UEFI Manager PowerShell scripts + +The battery limit feature is controlled via the following setting: + +`407 = Battery Profile` + +**Description**: Active management scheme for battery usage pattern + +**Default**: `0` + +Set this to `1` to enable Battery Limit. + +### Using Surface Pro 3 firmware tools + +The battery limit feature is controlled via the following setting: + +**Name**: BatteryLimitEnable + +**Description**: BatteryLimit + +**Current Value**: `0` + +**Default Value**: `0` + +**Proposed Value**: `0` + +Set this to `1` to enable Battery Limit. + +>[!NOTE] +>To configure this setting, you must use [SP3_Firmware_Powershell_Scripts.zip](https://www.microsoft.com/download/details.aspx?id=46703). + diff --git a/devices/surface/change-history-for-surface.md b/devices/surface/change-history-for-surface.md index 7b010ca138..ec72319593 100644 --- a/devices/surface/change-history-for-surface.md +++ b/devices/surface/change-history-for-surface.md @@ -7,13 +7,37 @@ ms.sitesec: library author: jdeckerms ms.author: jdecker ms.topic: article -ms.date: 05/15/2018 --- # Change history for Surface documentation This topic lists new and updated topics in the Surface documentation library. +## January 2019 + +New or changed topic | Description +--- | --- +[Surface Brightness Control](microsoft-surface-brightness-control.md) | New +[Maintain optimal power settings on Surface devices](maintain-optimal-power-settings-on-Surface-devices.md) | New +|[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Added Surface Studio 2 | + + +## November 2018 + +New or changed topic | Description +--- | --- +|[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Added Surface Pro 6 | +[Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md) | New +[Use Surface Diagnostic Toolkit for Business in desktop mode](surface-diagnostic-toolkit-desktop-mode.md) | New +[Run Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md) | New + +## October 2018 + +New or changed topic | Description +--- | --- +[Battery Limit setting](battery-limit.md) | New +|[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Added Surface GO | + ## May 2018 |New or changed topic | Description | @@ -108,4 +132,4 @@ New or changed topic | Description -  \ No newline at end of file +  diff --git a/devices/surface/customize-the-oobe-for-surface-deployments.md b/devices/surface/customize-the-oobe-for-surface-deployments.md index 0d4a26f5e9..4218ee9ba8 100644 --- a/devices/surface/customize-the-oobe-for-surface-deployments.md +++ b/devices/surface/customize-the-oobe-for-surface-deployments.md @@ -22,7 +22,7 @@ This article walks you through the process of customizing the Surface out-of-box It is common practice in a Windows deployment to customize the user experience for the first startup of deployed computers — the out-of-box experience, or OOBE. >[!NOTE] ->OOBE is also often used to describe the phase, or configuration pass, of Windows setup during which the user experience is displayed. For more information about the OOBE phase of setup, see [How Configuration Passes Work](http://msdn.microsoft.com/library/windows/hardware/dn898581.aspx). +>OOBE is also often used to describe the phase, or configuration pass, of Windows setup during which the user experience is displayed. For more information about the OOBE phase of setup, see [How Configuration Passes Work](https://msdn.microsoft.com/library/windows/hardware/dn898581.aspx). In some scenarios, you may want to provide complete automation to ensure that at the end of a deployment, computers are ready for use without any interaction from the user. In other scenarios, you may want to leave key elements of the experience for users to perform necessary actions or select between important choices. For administrators deploying to Surface devices, each of these scenarios presents a unique challenge to overcome. @@ -30,8 +30,8 @@ This article provides a summary of the scenarios where a deployment might requir >[!NOTE] >Although the OOBE phase of setup is still run during a deployment with an automated deployment solution such as the [Microsoft Deployment Toolkit (MDT)](https://go.microsoft.com/fwlink/p/?LinkId=618117) or System Center Configuration Manager Operating System Deployment (OSD), it is automated by the settings supplied in the Deployment Wizard and task sequence. For more information see:
->- [Deploy Windows 10 with the Microsoft Deployment Toolkit](http://technet.microsoft.com/itpro/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit) ->- [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](http://technet.microsoft.com/itpro/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager) +>- [Deploy Windows 10 with the Microsoft Deployment Toolkit](https://technet.microsoft.com/itpro/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit) +>- [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](https://technet.microsoft.com/itpro/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager)   diff --git a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md index d009237304..1d736b1ece 100644 --- a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md +++ b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md @@ -9,7 +9,6 @@ ms.mktglfcycl: deploy ms.pagetype: surface, devices ms.sitesec: library author: brecords -ms.date: 12/07/2017 ms.author: jdecker ms.topic: article --- @@ -23,11 +22,7 @@ As easy as it is to keep Surface device drivers and firmware up to date automati On the Microsoft Download Center page for your device, you will find several files available. These files allow you to deploy drivers and firmware in various ways. You can read more about the different deployment methods for Surface drivers and firmware in [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md). -Driver and firmware updates for Surface devices are released in one of two ways: - -- **Point updates** are released for specific drivers or firmware revisions and provide the latest update for a specific component of the Surface device. - -- **Cumulative updates** provide comprehensive roundups of all of the latest files for the Surface device running that version of Windows. +Driver and firmware updates for Surface devices are **cumulative updates** which provide comprehensive roundups of all of the latest files for the Surface device running that version of Windows. Installation files for administrative tools, drivers for accessories, and updates for Windows are also available for some devices and are detailed here in this article. @@ -42,32 +37,50 @@ Recent additions to the downloads for Surface devices provide you with options t >[!NOTE] >A battery charge of 40% or greater is required before you install firmware to a Surface device. See [Microsoft Support article KB2909710](https://go.microsoft.com/fwlink/p/?LinkId=618106) for more information. +## Surface Laptop 2 + +Download the following updates for [Surface Laptop 2 from the Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=57515). +* SurfaceLaptop2_Win10_XXXXX_XXXXXXX_X.msi – Cumulative firmware and driver update package for Windows 10 + +## Surface Pro 6 + +Download the following updates for [Surface Pro 6 from the Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=57514). + +* SurfacePro6_Win10_XXXXX_XXXXXXX_X.msi – Cumulative firmware and driver update package for Windows 10 + +## Surface GO + +Download the following updates for [Surface GO from the Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=57439). +* SurfaceGO_Win10_17134_1802010_6.msi - Cumulative firmware and driver update package for Windows 10 ## Surface Book 2 - Download the following updates for [Surface Book 2 from the Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=56261). * SurfaceBook2_Win10_xxxxx_xxxxxx.msi – Cumulative firmware and driver update package for Windows 10 ## Surface Laptop - Download the following updates for [Surface Laptop from the Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=55489). * SurfaceLaptop_Win10_xxxxx_xxxxxx.msi – Cumulative firmware and driver update package for Windows 10 ## Surface Pro - Download the following updates for [Surface Pro (Model 1796) from the Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=55484). * SurfacePro_Win10_xxxxx_xxxxxx.msi – Cumulative firmware and driver update package for Windows 10 ## Surface Pro with LTE Advanced - Download the following updates for [Surface Pro with LTE Advanced from the Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=56278). + * SurfacePro_LTE_Win10_xxxxx_xxxxxx.msi – Cumulative firmware and driver update package for Windows 10 +## Surface Pro 6 + +Download the following updates for [Surface Pro 6 from the Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=57514). + +* SurfacePro6_Win10_17134_xxxxx_xxxxxx.msi + ## Surface Studio @@ -75,6 +88,12 @@ Download the following updates for [Surface Studio from the Microsoft Download C * SurfaceStudio_Win10_xxxxx_xxxxxx.msi – Cumulative firmware and driver update package for Windows 10 +## Surface Studio 2 + +Download the following updates for [Surface Studio 2 from the Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=57593). + +* SurfaceStudio2_Win10_xxxxx_xxxxxx.msi – Cumulative firmware and driver update package for Windows 10 + ## Surface Book @@ -212,10 +231,10 @@ Download the following updates [for Surface Pro (Model 1514) from the Microsoft - Windows8.1-KB2969817-x64.msu – Fixes an issue that causes Surface devices to reboot twice after firmware updates are installed on all supported x64-based versions of Windows 8.1 -## Surface RT +## Surface devices with Windows RT -There are no downloadable firmware or driver updates available for Surface RT. Updates can only be applied using Windows Update. +There are no downloadable firmware or driver updates available for Surface devices with Windows RT, including Surface RT and Surface 2. Updates can only be applied using Windows Update. If you have additional questions on the driver pack and updates, please contact [Microsoft Surface support for business](https://www.microsoft.com/surface/support/business). diff --git a/devices/surface/deploy.md b/devices/surface/deploy.md index 00e7dc22e0..69865822f6 100644 --- a/devices/surface/deploy.md +++ b/devices/surface/deploy.md @@ -6,14 +6,14 @@ ms.mktglfcycl: manage ms.pagetype: surface, devices ms.sitesec: library author: brecords -ms.date: 01/29/2018 +ms.date: 10/02/2018 ms.author: jdecker ms.topic: article --- # Deploy Surface devices -Get deployment guidance for your Surface devices including information about MDT, OOBE customization, Ethernet adaptors, and Surface Deployment Accelerator. +Get deployment guidance for your Surface devices including information about Microsoft Deployment Toolkit (MDT), out-of-box-experience (OOBE) customization, Ethernet adaptors, Surface Deployment Accelerator, and the Battery Limit setting. ## In this section @@ -26,6 +26,7 @@ Get deployment guidance for your Surface devices including information about MDT | [Customize the OOBE for Surface deployments](customize-the-oobe-for-surface-deployments.md)| Walk through the process of customizing the Surface out-of-box experience for end users in your organization.| | [Ethernet adapters and Surface deployment](ethernet-adapters-and-surface-device-deployment.md)| Get guidance and answers to help you perform a network deployment to Surface devices.| | [Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md)| See how Microsoft Surface Deployment Accelerator provides a quick and simple deployment mechanism for organizations to reimage Surface devices. | +[Battery Limit setting](battery-limit.md) | Learn how to use Battery Limit, a UEFI setting that changes how the Surface device battery is charged and may prolong its longevity. diff --git a/devices/surface/docfx.json b/devices/surface/docfx.json index 86d594455f..8477cac86f 100644 --- a/devices/surface/docfx.json +++ b/devices/surface/docfx.json @@ -9,7 +9,7 @@ ], "resource": [ { - "files": ["**/images/**", "**/*.json"], + "files": ["**/images/**"], "exclude": ["**/obj/**"] } ], diff --git a/devices/surface/images/enable-bl-sp3-2.png b/devices/surface/images/enable-bl-sp3-2.png new file mode 100644 index 0000000000..f1940c403f Binary files /dev/null and b/devices/surface/images/enable-bl-sp3-2.png differ diff --git a/devices/surface/images/enable-bl-sp3.png b/devices/surface/images/enable-bl-sp3.png new file mode 100644 index 0000000000..7fa99786f1 Binary files /dev/null and b/devices/surface/images/enable-bl-sp3.png differ diff --git a/devices/surface/images/enable-bl.png b/devices/surface/images/enable-bl.png new file mode 100644 index 0000000000..a99cb994fb Binary files /dev/null and b/devices/surface/images/enable-bl.png differ diff --git a/devices/surface/images/powerintrofig1.png b/devices/surface/images/powerintrofig1.png new file mode 100644 index 0000000000..d33b9922fd Binary files /dev/null and b/devices/surface/images/powerintrofig1.png differ diff --git a/devices/surface/images/powerintrofig1a.png b/devices/surface/images/powerintrofig1a.png new file mode 100644 index 0000000000..e704b940c9 Binary files /dev/null and b/devices/surface/images/powerintrofig1a.png differ diff --git a/devices/surface/images/powerintrofig2.png b/devices/surface/images/powerintrofig2.png new file mode 100644 index 0000000000..eea52a8f3d Binary files /dev/null and b/devices/surface/images/powerintrofig2.png differ diff --git a/devices/surface/images/powerintrofig2a.png b/devices/surface/images/powerintrofig2a.png new file mode 100644 index 0000000000..e00fe81105 Binary files /dev/null and b/devices/surface/images/powerintrofig2a.png differ diff --git a/devices/surface/images/powerintrofig3.png b/devices/surface/images/powerintrofig3.png new file mode 100644 index 0000000000..08e9cd36a3 Binary files /dev/null and b/devices/surface/images/powerintrofig3.png differ diff --git a/devices/surface/images/powerintrofig4.png b/devices/surface/images/powerintrofig4.png new file mode 100644 index 0000000000..f983673f35 Binary files /dev/null and b/devices/surface/images/powerintrofig4.png differ diff --git a/devices/surface/images/sdt-1.png b/devices/surface/images/sdt-1.png new file mode 100644 index 0000000000..fb10753608 Binary files /dev/null and b/devices/surface/images/sdt-1.png differ diff --git a/devices/surface/images/sdt-2.png b/devices/surface/images/sdt-2.png new file mode 100644 index 0000000000..be951967f0 Binary files /dev/null and b/devices/surface/images/sdt-2.png differ diff --git a/devices/surface/images/sdt-3.png b/devices/surface/images/sdt-3.png new file mode 100644 index 0000000000..0d3077cc1b Binary files /dev/null and b/devices/surface/images/sdt-3.png differ diff --git a/devices/surface/images/sdt-4.png b/devices/surface/images/sdt-4.png new file mode 100644 index 0000000000..babddbb240 Binary files /dev/null and b/devices/surface/images/sdt-4.png differ diff --git a/devices/surface/images/sdt-5.png b/devices/surface/images/sdt-5.png new file mode 100644 index 0000000000..5c5346d93a Binary files /dev/null and b/devices/surface/images/sdt-5.png differ diff --git a/devices/surface/images/sdt-6.png b/devices/surface/images/sdt-6.png new file mode 100644 index 0000000000..acf8e684b3 Binary files /dev/null and b/devices/surface/images/sdt-6.png differ diff --git a/devices/surface/images/sdt-7.png b/devices/surface/images/sdt-7.png new file mode 100644 index 0000000000..5e16961c6b Binary files /dev/null and b/devices/surface/images/sdt-7.png differ diff --git a/devices/surface/images/sdt-desk-1.png b/devices/surface/images/sdt-desk-1.png new file mode 100644 index 0000000000..f1ecc03b30 Binary files /dev/null and b/devices/surface/images/sdt-desk-1.png differ diff --git a/devices/surface/images/sdt-desk-2.png b/devices/surface/images/sdt-desk-2.png new file mode 100644 index 0000000000..3d066cb3e5 Binary files /dev/null and b/devices/surface/images/sdt-desk-2.png differ diff --git a/devices/surface/images/sdt-desk-3.png b/devices/surface/images/sdt-desk-3.png new file mode 100644 index 0000000000..bbd9709300 Binary files /dev/null and b/devices/surface/images/sdt-desk-3.png differ diff --git a/devices/surface/images/sdt-desk-4.png b/devices/surface/images/sdt-desk-4.png new file mode 100644 index 0000000000..f533646605 Binary files /dev/null and b/devices/surface/images/sdt-desk-4.png differ diff --git a/devices/surface/images/sdt-desk-5.png b/devices/surface/images/sdt-desk-5.png new file mode 100644 index 0000000000..664828762e Binary files /dev/null and b/devices/surface/images/sdt-desk-5.png differ diff --git a/devices/surface/images/sdt-desk-6.png b/devices/surface/images/sdt-desk-6.png new file mode 100644 index 0000000000..1b9ce9f7e2 Binary files /dev/null and b/devices/surface/images/sdt-desk-6.png differ diff --git a/devices/surface/images/semm-bl.png b/devices/surface/images/semm-bl.png new file mode 100644 index 0000000000..3f8a375057 Binary files /dev/null and b/devices/surface/images/semm-bl.png differ diff --git a/devices/surface/images/surface-ent-mgmt-fig1-uefi-configurator.png b/devices/surface/images/surface-ent-mgmt-fig1-uefi-configurator.png index 7ed392d31d..e8fb93a1a7 100644 Binary files a/devices/surface/images/surface-ent-mgmt-fig1-uefi-configurator.png and b/devices/surface/images/surface-ent-mgmt-fig1-uefi-configurator.png differ diff --git a/devices/surface/images/surface-ent-mgmt-fig2-securepackage.png b/devices/surface/images/surface-ent-mgmt-fig2-securepackage.png index a1316359d3..fa47419ca0 100644 Binary files a/devices/surface/images/surface-ent-mgmt-fig2-securepackage.png and b/devices/surface/images/surface-ent-mgmt-fig2-securepackage.png differ diff --git a/devices/surface/images/surface-ent-mgmt-fig3-enabledisable.png b/devices/surface/images/surface-ent-mgmt-fig3-enabledisable.png index 39b0c797e7..0a34907def 100644 Binary files a/devices/surface/images/surface-ent-mgmt-fig3-enabledisable.png and b/devices/surface/images/surface-ent-mgmt-fig3-enabledisable.png differ diff --git a/devices/surface/images/surface-ent-mgmt-fig4-advancedsettings.png b/devices/surface/images/surface-ent-mgmt-fig4-advancedsettings.png index 405e8c4d7e..f425466056 100644 Binary files a/devices/surface/images/surface-ent-mgmt-fig4-advancedsettings.png and b/devices/surface/images/surface-ent-mgmt-fig4-advancedsettings.png differ diff --git a/devices/surface/images/surface-ent-mgmt-fig5-success.png b/devices/surface/images/surface-ent-mgmt-fig5-success.png index 508f76533c..e671570fee 100644 Binary files a/devices/surface/images/surface-ent-mgmt-fig5-success.png and b/devices/surface/images/surface-ent-mgmt-fig5-success.png differ diff --git a/devices/surface/index.md b/devices/surface/index.md index 477f6aaedf..20d2c00e79 100644 --- a/devices/surface/index.md +++ b/devices/surface/index.md @@ -18,7 +18,7 @@ ms.date: 10/16/2017 This library provides guidance to help you deploy Windows on Microsoft Surface devices, keep those devices up to date, and easily manage and support Surface devices in your organization. -For more information on planning for, deploying, and managing Surface devices in your organization, see the [Surface TechCenter](https://technet.microsoft.com/en-us/windows/surface). +For more information on planning for, deploying, and managing Surface devices in your organization, see the [Surface TechCenter](https://technet.microsoft.com/windows/surface). ## In this section diff --git a/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md b/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md new file mode 100644 index 0000000000..ce172d5600 --- /dev/null +++ b/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md @@ -0,0 +1,155 @@ +--- +title: Maintain optimal power settings +description: This topic provides best practice recommendations for maintaining optimal power settings and explains how Surface streamlines the power management experience. +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +author: coveminer +ms.author: v-jokai +ms.topic: article +ms.date: 01/17/2019 +--- + +# Maintain optimal power settings on Surface devices + +Surface devices are designed to take advantage of the latest advances in +mobile device energy consumption to deliver a streamlined experience +optimized across workloads. Depending on what you’re doing, Surface +dynamically fine tunes how power flows to individual hardware +components, momentarily waking up system components to handle background +tasks -- such as an incoming email or network traffic -- before returning to a +low power idle state (S0ix). + +The way Surface implements power management differs significantly from +the earlier OS standard that gradually reduces and turns off power via a +series of sleep states (S1, S2, S3). + +Instead, Surface is imaged with a custom power profile that replaces +legacy sleep and energy consumption functionality with modern standby +features and dynamic fine tuning. This custom power profile is +implemented via the Surface Serial Hub Driver and the system aggregator +module (SAM). The SAM chip functions as the Surface device power-policy +owner, using algorithms to calculate optimal power requirements. It +works in conjunction with Windows power manager to allocate or throttle +only the exact amount of power required for hardware components to +function. + +## Modern Standby + +The algorithmically embedded custom power profile enables modern standby +connectivity for Surface by maintaining a low power state for +instant on/instant off functionality typical of smartphones. S0ix, also +known as Deepest Runtime Idle Platform State (DRIPS), is the default +power mode for Surface devices. Modern standby has two modes: + + - **Connected standby.** The default mode for up-to-the minute + delivery of emails, messaging, and cloud-synced data, connected + standby keeps Wi-Fi on and maintains network connectivity. + + - **Disconnected standby.** An optional mode for extended battery + life, disconnected standby delivers the same instant-on experience + and saves power by turning off Wi-Fi, Bluetooth, and related network + connectivity. + +To learn more about modern standby, refer to the [Microsoft Hardware Dev +Center](https://docs.microsoft.com/windows-hardware/design/device-experiences/modern-standby-wake-sources). + +## How Surface streamlines the power management experience + +Surface integrates the following features designed to help users +optimize the power management experience: + + - [Singular power plan](#singular-power-plan) + + - [Simplified power settings user + interface](#simplified-power-settings-user-interface) + + - [Windows performance power + slider](#windows-performance-power-slider) + +### Singular power plan + +Surface is designed for a streamlined power management experience that +eliminates the need to create custom power plans or manually configure +power settings. Microsoft streamlines the user +experience by delivering a single power plan (balanced) that replaces +the multiple power plans from standard Windows builds. + +### Simplified power settings user interface +Surface provides a simplified UI in accord with best practice power +setting recommendations. In general, it's recommended to only adjust settings visible in the default user interface and avoid configuring advanced power settings or Group Policy settings. Using the default screen and sleep timeouts while avoiding maximum +brightness levels are the most effective ways for users to maintain +extended battery life. + +![Figure 1. Simplified power & sleep settings](images/powerintrofig1.png) + +Figure 1. Simplified power and sleep settings + +### Windows performance power slider + +Surface devices running Windows 10 build 1709 and later include a power +slider allowing you to prioritize battery life when needed or favor performance if desired. You +can access the power slider from the taskbar by clicking on the battery +icon. Slide left for longer battery life (battery saver mode) or slide +right for faster performance. + +![Figure 2. Power slider](images/powerintrofig2a.png) + +Figure 2. Power slider + +Power slider enables four states as described in the following table: + +| Slider mode| Description | +|---|---| +| Battery saver| Helps conserve power and prolong battery life when the system is disconnected from a power source. When battery saver is on, some Windows features are disabled, throttled, or behave differently. Screen brightness is also reduced. Battery saver is only available when using battery power (DC). To learn more, see [Battery Saver](https://docs.microsoft.com/en-us/windows-hardware/design/component-guidelines/battery-saver).| +| Recommended | Delivers longer battery life than the default settings in earlier versions of Windows. | +| Better Performance | Slightly favors performance over battery life, functioning as the default slider mode. | +| Best Performance | Favors performance over power for workloads requiring maximum performance and responsiveness, regardless of battery power consumption.| + +Power slider modes directly control specific hardware components shown +in the following table. + +| Component | Slider functionality | +|---|---| +| Intel Speed Shift (CPU energy registers) and Energy Performance Preference hint. | Selects the best operating frequency and voltage for optimal performance and power. The Energy Performance Preference (PERFEPP) is a global power efficiency hint to the CPU. | +| Fan speed (RPM)| Where applicable, adjusts for changing conditions such as keeping fan silent in battery saver slider mode.| +| Processor package power limits (PL1/PL2).| Requires the CPU to manage its frequency choices to accommodate a running average power limit for both steady state (PL1) and turbo (PL2) workloads.| +| Processor turbo frequency limits (IA turbo limitations). | Adjusts processor and graphics performance allowing processor cores to run faster or slower than the rated operating frequency. | + +>[!NOTE] +>The power slider is entirely independent of operating system power settings whether configured from Control Panel/ Power Options, Group Policy, or related methods. + +To learn more, see: + +- [Customize the Windows performance power + slider](https://docs.microsoft.com/windows-hardware/customize/desktop/customize-power-slider) + +- [Battery + saver.](https://docs.microsoft.com/windows-hardware/design/component-guidelines/battery-saver) + +## Best practices for extended battery life + + +| Best practice | Go to | Next steps | +|---|---|---| +| Ensure your Surface device is up to date| Windows Update | In the taskbar search box, type **Windows Update** and select **Check for updates**. | +| Choose the best power setting for what you’re doing | Power slider | In the taskbar, select the battery icon, then choose **Best performance**, **Best battery life**, or somewhere in between.| +| Conserve battery when it’s low | Battery saver | In the taskbar, select the battery icon and click **Battery settings**. Select **Turn battery saver on automatically if my battery falls below** and then move the slider further to the right for longer battery life. | +| Configure optimal screen brightness | Battery saver | In the taskbar, select the battery icon and click **Battery settings**, select **Lower screen brightness while in battery saver**. | +| Conserve power whenever you’re not plugged in | Battery saver| Select **Turn on battery saver status until next charge**.| +| Investigate problems with your power settings. | Power troubleshooter | In the Taskbar search for troubleshoot, select **Troubleshoot**, and then select **Power** and follow the instructions.| +| Check app usage | Your apps | Close apps.| +| Check your power cord for any damage.| Your power cord | Replace power cord if worn or damaged.| + +# Learn more + +- [Modern + standby](https://docs.microsoft.com/windows-hardware/design/device-experiences/modern-standby-wake-sources) + + + +- [Customize the Windows performance power + slider](https://docs.microsoft.com/windows-hardware/customize/desktop/customize-power-slider) + +- [Battery + saver](https://docs.microsoft.com/windows-hardware/design/component-guidelines/battery-saver) diff --git a/devices/surface/manage-surface-dock-firmware-updates.md b/devices/surface/manage-surface-dock-firmware-updates.md deleted file mode 100644 index 45bf61629f..0000000000 --- a/devices/surface/manage-surface-dock-firmware-updates.md +++ /dev/null @@ -1,124 +0,0 @@ ---- -title: Manage Surface Dock firmware updates (Surface) -description: Read about the different methods you can use to manage the process of Surface Dock firmware updates. -ms.assetid: 86DFC0C0-C842-4CD1-A2D7-4425471FFE3F -ms.localizationpriority: medium -keywords: firmware, update, install, drivers -ms.prod: w10 -ms.mktglfcycl: manage -ms.pagetype: surface, devices -ms.sitesec: library -author: jobotto -ms.author: jdecker -ms.topic: article -ms.date: 07/27/2017 ---- - -# Manage Surface Dock firmware updates - - -Read about the different methods you can use to manage the process of Surface Dock firmware updates. - -The Surface Dock provides external connectivity to Surface devices through a single cable connection that includes Power, Ethernet, Audio, USB 3.0, and DisplayPort. The numerous connections provided by the Surface Dock are enabled by a smart chipset within the Surface Dock device. Like a Surface device’s chipset, the chipset that is built into the Surface Dock is controlled by firmware. For more information about the Surface Dock, see the [Surface Dock demonstration](https://technet.microsoft.com/mt697552) video. - -Like the firmware for Surface devices, firmware for Surface Dock is also contained within a downloaded driver that is visible in Device Manager. This driver stages the firmware update files on the Surface device. When a Surface Dock is connected and the driver is loaded, the newer version of the firmware staged by the driver is detected and firmware files are copied to the Surface Dock. The Surface Dock then begins a two-phase process to apply the firmware internally. Each phase requires the Surface Dock to be disconnected from the Surface device before the firmware is applied. The driver copies the firmware into the dock, but only applies it when the user disconnects the Surface device from the Surface Dock. This ensures that there are no disruptions because the firmware is only applied when the user leaves their desk with the device. - - ->[!NOTE] ->You can learn more about the firmware update process for Surface devices and how firmware is updated through driver installation at the following links: ->- [How to manage and update Surface drivers and firmware](https://technet.microsoft.com/mt697551) from Microsoft Mechanics ->- [Windows Update Makes Surface Better](https://go.microsoft.com/fwlink/p/?LinkId=785354) on the Microsoft Devices Blog - - -  - -The Surface Dock firmware update process shown in Figure 1 follows these steps: - -1. Drivers for Surface Dock are installed on Surface devices that are connected, or have been previously connected, to a Surface Dock. - -2. The drivers for Surface Dock are loaded when a Surface Dock is connected to the Surface device. - -3. The firmware version installed in the Surface Dock is compared with the firmware version staged by the Surface Dock driver. - -4. If the firmware version on the Surface Dock is older than the firmware version contained in the Surface Dock driver, the main chipset firmware update files are copied from the driver to the Surface Dock. - -5. When the Surface Dock is disconnected, the Surface Dock installs the firmware update to the main chipset. - -6. When the Surface Dock is connected again, the main chipset firmware is verified against the firmware present in the Surface Dock driver. - -7. If the firmware update for the main chipset is installed successfully, the Surface Dock driver copies the firmware update for the DisplayPort. - -8. When the Surface Dock is disconnected for a second time, the Surface dock installs the firmware update to the DisplayPort chipset. This process takes up to 3 minutes to apply. - -![Surface Dock firmware update process](images/manage-surface-dock-fig1-updateprocess.png "Surface Dock firmware update process") - -*1- Driver installation can be performed by Windows Update, manual installation, or automatically downloaded with Microsoft Surface Dock Updater* - -*2 - The Surface Dock firmware installation process takes approximately 3 minutes* - -Figure 1. The Surface Dock firmware update process - -If the firmware installation process is interrupted (for example, if power is disconnected from the Surface Dock during firmware installation), the Surface Dock will automatically revert to the prior firmware without disruption to the user, and the update process will restart the next time the Surface Dock is disconnected. For most users this update process should be entirely transparent. - -## Methods for updating Surface Dock firmware - - -There are three methods you can use to update the firmware of the Surface Dock: - -- [Automatic installation of drivers with Windows Update](#automatic-installation) - -- [Deployment of drivers downloaded from the Microsoft Download Center](#deployment-dlc) - -- [Manually update with Microsoft Surface Dock Updater](#manual-updater) - -## Automatic installation with Windows Update - - -Windows Update is the method that most users will use. The drivers for the Surface Dock are downloaded automatically from Windows Update and the dock update process is initiated without additional user interaction. The two-phase dock update process described earlier occurs in the background as the user connects and disconnects the Surface Dock during normal use. - ->[!NOTE] ->The driver version that is displayed in Device Manager may be different from the firmware version that the Surface Dock is using. - -  - -## Deployment of drivers downloaded from the Microsoft Download Center - - -This method is used mostly in environments where Surface device drivers and firmware are managed separately from Windows Update. See [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md) for more information about the different methods to manage Surface device driver and firmware updates. Updating the Surface Dock firmware through this method involves downloading and deploying an MSI package to the Surface device that contains the updated Surface Dock drivers and firmware. This is the same method recommended for updating all other Surface drivers and firmware. The two-phase firmware update process occurs in the background each time the Surface Dock is disconnected, just like it does with the Windows Update method. - -For more information about how to deploy MSI packages see [Create and deploy an application with System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/get-started/create-and-deploy-an-application). - ->[!NOTE] ->When drivers are installed through Windows Update or the MSI package, registry keys are added that indicate the version of firmware installed on the Surface Dock and contained within the Surface Dock driver. These registry keys can be found in: -> **HKLM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\WUDF\\Services\\SurfaceDockFwUpdate\\Parameters** - -Firmware status is displayed for both the main chipset (displayed as **Component10**) and the DisplayPort chipset (displayed as **Component20**). For each chipset there are four keys, where *xx* is **10** or **20** corresponding to each chipset: - -- **Component*xx*CurrentFwVersion** – This key displays the version of firmware that is installed on the currently connected or most recently connected Surface Dock. - -- **Component*xx*OfferFwVersion** – This key displays the version of firmware staged by the Surface Dock driver. - -- **Component*xx*FirmwareUpdateStatus** – This key displays the stage of the Surface Dock firmware update process. - -- **Component*xx*FirmwareUpdateStatusRejectReason** – This key changes as the firmware update is processed. It should result in 0 after the successful installation of Surface Dock firmware. - ->[!NOTE] ->These registry keys are not present unless you have installed updated Surface Dock drivers through Windows Update or MSI deployment. - -  - -## Manually update with Microsoft Surface Dock Updater - - -The manual method using the Microsoft Surface Dock Updater tool to update the Surface Dock is used mostly in environments where IT prepares Surface Docks prior to delivery to the end user, or for troubleshooting of a Surface Dock. Microsoft Surface Dock Updater is a tool that you can run from any Surface device that is compatible with the Surface Dock, and will walk you through the process of performing the Surface Dock firmware update in the least possible amount of time. You can also use this tool to verify the firmware status of a connected Surface Dock. - -For more information about how to use the Microsoft Surface Dock Updater tool, please see [Microsoft Surface Dock Updater](surface-dock-updater.md). You can download the Microsoft Surface Dock Updater tool from the [Surface Tools for IT page](https://www.microsoft.com/download/details.aspx?id=46703) on the Microsoft Download Center. - -  - -  - - - - - diff --git a/devices/surface/microsoft-surface-brightness-control.md b/devices/surface/microsoft-surface-brightness-control.md new file mode 100644 index 0000000000..55cbec932a --- /dev/null +++ b/devices/surface/microsoft-surface-brightness-control.md @@ -0,0 +1,64 @@ +--- +title: Surface Brightness Control +description: This topic describes how you can use the Surface Brightness Control app to manage display brightness in point-of-sale and kiosk scenarios. +ms.prod: w10 +ms.mktglfcycl: manage +ms.pagetype: surface, devices +ms.sitesec: library +author: coveminer +ms.author: jdecker +ms.topic: article +ms.date: 1/15/2019 +--- + +# Surface Brightness Control + +When deploying Surface devices in point of sale or other “always-on” +kiosk scenarios, you can optimize power management using the new Surface +Brightness Control app. + +Available for download with [Surface Tools for +IT](https://www.microsoft.com/download/details.aspx?id=46703), Surface Brightness Control is +designed to help reduce thermal load and lower the overall carbon +footprint for deployed Surface devices. The tool automatically dims the screen when not in use and +includes the following configuration options: + + - Period of inactivity before dimming the display. + + - Brightness level when dimmed. + + - Maximum brightness level when in use. + +**To run Surface Brightness Control:** + + - Install surfacebrightnesscontrol.msi on the target device and Surface Brightness Control + will begin working immediately. + +## Configuring Surface Brightness Control + +You can adjust the default values via the Windows Registry. For more +information about using the Windows Registry, refer to the [Registry +documentation](https://docs.microsoft.com/windows/desktop/sysinfo/registry). + +1. Run regedit from a command prompt to open the Windows Registry + Editor. + + - Computer\HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Surface\Surface + Brightness Control\ + + +| Registry Setting | Data| Description +|-----------|------------|--------------- +| Brightness Control Enabled | Default: 01
Option: 01, 00 | This setting allows you to turn Surface Brightness Control on or off. To disable Surface Brightness Control, set the value to 00. If you do not configure this setting, Surface Brightness Control is on. | +| Brightness Control On Power Enabled| Default: 01
Options: 01, 00 | This setting allows you to turn off Surface Brightness Control when the device is directly connected to power. To disable Surface Brightness Control when power is plugged in, set the value to 00. If you do not configure this setting, Surface Brightness Control is on. | +| Dimmed Brightness | Default: 20
Option: Range of 0-100 percent of screen brightness
Data Type: Positive integer | This setting allows you to manage brightness range during periods of inactivity. If you do not configure this setting, the brightness level will drop to 20 percent of full brightness after 30 seconds of inactivity. | +Full Brightness | Default: 100
Option: Range of 0-100 percent of screen brightness
Data Type: Positive integer | This setting allows you to manage the maximum brightness range for the device. If you do not configure this setting, the maximum brightness range is 100 percent.| +| Inactivity Timeout| Default: 30 seconds
Option: Any numeric value
Data Type: Integer | This setting allows you to manage the period of inactivity before dimming the device. If you do not configure this setting, the inactivity timeout is 30 seconds.| +| Telemetry Enabled | Default: 01
Option: 01, 00 | This setting allows you to manage the sharing of app usage information to improve software and provide better user experience. To disable telemetry, set the value to 00. If you do not configure this setting, telemetry information is shared with Microsoft in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement). | + + + +## Related topics + +- [Battery limit setting](battery-limit.md) + diff --git a/devices/surface/microsoft-surface-data-eraser.md b/devices/surface/microsoft-surface-data-eraser.md index 9b9736af68..23e0c2dd91 100644 --- a/devices/surface/microsoft-surface-data-eraser.md +++ b/devices/surface/microsoft-surface-data-eraser.md @@ -26,6 +26,9 @@ Find out how the Microsoft Surface Data Eraser tool can help you securely wipe d Compatible Surface devices include: +* Surface Pro 6 +* Surface Laptop 2 +* Surface Go * Surface Book 2 * Surface Pro with LTE Advanced (Model 1807) * Surface Pro (Model 1796) @@ -54,13 +57,16 @@ Some scenarios where Microsoft Surface Data Eraser can be helpful include: >[!NOTE] >Because the ability to boot to USB is required to run Microsoft Surface Data Eraser, if the device is not configured to boot from USB or if the device is unable to boot or POST successfully, the Microsoft Surface Data Eraser tool will not function. +>[!NOTE] +>Surface Data Eraser on Surface Studio and Surface Studio 2 can take up to 6 minutes to boot into WinPE before disk erasure can occur. + ## How to create a Microsoft Surface Data Eraser USB stick To create a Microsoft Surface Data Eraser USB stick, first install the Microsoft Surface Data Eraser setup tool from the Microsoft Download Center using the link provided at the beginning of this article. You do not need a Surface device to *create* the USB stick. After you have downloaded the installation file to your computer, follow these steps to install the Microsoft Surface Data Eraser creation tool: -1. Run the DataEraserSetup.msi installation file that you downloaded from the Microsoft Download Center. +1. Run the DataEraserSetup.msi installation file that you downloaded from the [Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=46703). 2. Select the check box to accept the terms of the license agreement, and then click **Install**. @@ -147,10 +153,40 @@ After you create a Microsoft Surface Data Eraser USB stick, you can boot a suppo Microsoft Surface Data Eraser is periodically updated by Microsoft. For information about the changes provided in each new version, see the following: +### Version 3.2.78.0 +*Release Date: 4 Dec 2018* + +This version of Surface Data Eraser: + +- Includes bug fixes + + +### Version 3.2.75.0 +*Release Date: 12 November 2018* + +This version of Surface Data Eraser: + +- Adds support to Surface Studio 2 +- Fixes issues with SD card + +### Version 3.2.69.0 +*Release Date: 12 October 2018* + +This version of Surface Data Eraser adds support for the following: + +- Surface Pro 6 +- Surface Laptop 2 + +### Version 3.2.68.0 +This version of Microsoft Surface Data Eraser adds support for the following: + +- Surface Go + + ### Version 3.2.58.0 This version of Microsoft Surface Data Eraser adds support for the following: -- • Additional storage devices (drives) for Surface Pro and Surface Laptop devices +- Additional storage devices (drives) for Surface Pro and Surface Laptop devices ### Version 3.2.46.0 @@ -168,7 +204,7 @@ This version of Microsoft Surface Data Eraser adds support for the following: - Surface Pro 1TB >[!NOTE] ->Surface Data Eraser v3.2.45.0 and above can be used to restore Surface Pro or Surface Laptop devices with the 1TB storage option in the scenario that the device shows two separate 512GB volumes or encounters errors when attempting to deploy or install Windows 10. See [Surface Pro Model 1796 and Surface Laptop 1TB display two drives](https://support.microsoft.com/en-us/help/4046105/surface-pro-model-1796-and-surface-laptop-1tb-display-two-drives) for more information. +>Surface Data Eraser v3.2.45.0 and above can be used to restore Surface Pro or Surface Laptop devices with the 1TB storage option in the scenario that the device shows two separate 512GB volumes or encounters errors when attempting to deploy or install Windows 10. See [Surface Pro Model 1796 and Surface Laptop 1TB display two drives](https://support.microsoft.com/help/4046105/surface-pro-model-1796-and-surface-laptop-1tb-display-two-drives) for more information. ### Version 3.2.36.0 diff --git a/devices/surface/microsoft-surface-deployment-accelerator.md b/devices/surface/microsoft-surface-deployment-accelerator.md index da0e607baf..8dfbc020a2 100644 --- a/devices/surface/microsoft-surface-deployment-accelerator.md +++ b/devices/surface/microsoft-surface-deployment-accelerator.md @@ -94,6 +94,12 @@ SDA is periodically updated by Microsoft. For instructions on how these features >[!NOTE] >To install a newer version of SDA on a server with a previous version of SDA installed, you only need to run the installation file for the new version of SDA. The installer will handle the upgrade process automatically. If you used SDA to create a deployment share prior to the upgrade and want to use new features of the new version of SDA, you will need to create a new deployment share. SDA does not support upgrades of an existing deployment share. +### Version 2.8.136.0 +This version of SDA supports deployment of the following: +* Surface Book 2 +* Surface Laptop +* Surface Pro LTE + ### Version 2.0.8.0 This version of SDA supports deployment of the following: * Surface Pro diff --git a/devices/surface/step-by-step-surface-deployment-accelerator.md b/devices/surface/step-by-step-surface-deployment-accelerator.md index f6235d2f28..e239bcea68 100644 --- a/devices/surface/step-by-step-surface-deployment-accelerator.md +++ b/devices/surface/step-by-step-surface-deployment-accelerator.md @@ -126,7 +126,26 @@ The following steps show you how to create a deployment share for Windows 10 th ![The installatin progress window](images/sdasteps-fig5-installwindow.png "The installatin progress window") *Figure 5. The Installation Progress window* +>[!NOTE] +>The following error message may be hit while Installing the latest ADK or MDT: "An exception occurred during a WebClient request.". This is due to incompatibility between SDA and BITS. Here is the workaround for this: + ``` +In the following two PowerShell scripts: +%ProgramFiles%\Microsoft\Surface\Deployment Accelerator\Data\PowerShell\Install-MDT.ps1 +%ProgramFiles%\Microsoft\Surface\Deployment Accelerator\Data\PowerShell\INSTALL-WindowsADK.ps1 + +Edit the $BITSTransfer variable in the input parameters to $False as shown below: + +Param( + [Parameter( + Position=0, + Mandatory=$False, + HelpMessage="Download via BITS bool true/false" + )] + [string]$BITSTransfer = $False + ) + ``` + 8. When the SDA process completes the creation of your deployment share, a **Success** window is displayed. Click **Finish** to close the window. At this point your deployment share is now ready to perform a Windows deployment to Surface devices. ### Optional: Create a deployment share without an Internet connection @@ -263,7 +282,7 @@ After you have prepared the USB drive for boot, the next step is to generate off 21. In the **Deployment Workbench** under the **Media** folder, right-click the newly created **MEDIA001** and click **Update Media Content**, as shown in Figure 12. This will update the media files with the content of the **Microsoft Surface Deployment Accelerator** deployment share. ![Select the Update Media Content option](images/sdasteps-fig12-updatemedia.png "Select the Update Media Content option") - + *Figure 12. Select the Update Media Content option* 22. The **Update Media Content** window is displayed and shows the progress as the media files are created. When the process completes, click **Finish.** @@ -313,7 +332,7 @@ The **2 – Create Windows Reference Image** task sequence is used to perform a Like the **1 – Deploy Microsoft Surface** task sequence, the **2 – Create Windows Reference Image** task sequence performs a deployment of the unaltered Windows image directly from the installation media. Creation of a reference image should always be performed on a virtual machine. Using a virtual machine as your reference system helps to ensure that the resulting image is compatible with different hardware configurations. >[!NOTE] ->Using a virtual machine when you create a reference image for Windows deployment is a recommended practice for performing Windows deployments with Microsoft deployment tools including the Microsoft Deployment Toolkit and System Center Configuration Manager. These Microsoft deployment technologies use the hardware agnostic images produced from a virtual machine and a collection of managed drivers to deploy to different configurations of hardware. For more information, see [Deploy a Windows 10 image using MDT 2013 Update 2](http://technet.microsoft.com/itpro/windows/deploy/deploy-a-windows-10-image-using-mdt). +>Using a virtual machine when you create a reference image for Windows deployment is a recommended practice for performing Windows deployments with Microsoft deployment tools including the Microsoft Deployment Toolkit and System Center Configuration Manager. These Microsoft deployment technologies use the hardware agnostic images produced from a virtual machine and a collection of managed drivers to deploy to different configurations of hardware. For more information, see [Deploy a Windows 10 image using MDT 2013 Update 2](https://technet.microsoft.com/itpro/windows/deploy/deploy-a-windows-10-image-using-mdt). In addition to the information required by the **1 – Deploy Microsoft Surface** task sequence, you will also be prompted to capture an image when you run this task sequence on your reference virtual machine. The **Location** and **File name** fields are automatically populated with the proper information for your deployment share. All that you need to do is select the **Capture an image of this reference computer** option when you are prompted on the **Capture Image** page of the Windows Deployment Wizard. diff --git a/devices/surface/surface-diagnostic-toolkit-business.md b/devices/surface/surface-diagnostic-toolkit-business.md new file mode 100644 index 0000000000..7325a15492 --- /dev/null +++ b/devices/surface/surface-diagnostic-toolkit-business.md @@ -0,0 +1,165 @@ +--- +title: Surface Diagnostic Toolkit for Business +description: This topic explains how to use the Surface Diagnostic Toolkit for Business. +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +author: jdeckerms +ms.author: jdecker +ms.topic: article +ms.date: 11/15/2018 +--- + +# Surface Diagnostic Toolkit for Business + +The Microsoft Surface Diagnostic Toolkit for Business (SDT) enables IT administrators to quickly investigate, troubleshoot, and resolve hardware, software, and firmware issues with Surface devices. You can run a range of diagnostic tests and software repairs in addition to obtaining device health insights and guidance for resolving issues. + +Specifically, SDT for Business enables you to: + +- [Customize the package.](#create-custom-sdt) +- [Run the app using commands.](surface-diagnostic-toolkit-command-line.md) +- [Run multiple hardware tests to troubleshoot issues.](surface-diagnostic-toolkit-desktop-mode.md#multiple) +- [Generate logs for analyzing issues.](surface-diagnostic-toolkit-desktop-mode.md#logs) +- [Obtain detailed report comparing device vs optimal configuration.](surface-diagnostic-toolkit-desktop-mode.md#detailed-report) + + +## Primary scenarios and download resources + +To run SDT for Business, download the components listed in the following table. + +>[!NOTE] +>In contrast to the way you typically install MSI packages, the SDT distributable MSI package can only be created by running Windows Installer (msiexec.exe) at a command prompt and setting the custom flag `ADMINMODE = 1`. For details, see [Run Surface Diagnostic Toolkit using commands](surface-diagnostic-toolkit-command-line.md). + +Mode | Primary scenarios | Download | Learn more +--- | --- | --- | --- +Desktop mode | Assist users in running SDT on their Surface devices to troubleshoot issues.
Create a custom package to deploy on one or more Surface devices allowing users to select specific logs to collect and analyze. | SDT distributable MSI package:
Microsoft Surface Diagnostic Toolkit for Business Installer
[Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) | [Use Surface Diagnostic Toolkit in desktop mode](surface-diagnostic-toolkit-desktop-mode.md) +Command line | Directly troubleshoot Surface devices remotely without user interaction, using standard tools such as Configuration Manager. It includes the following commands:
`-DataCollector` collects all log files
`-bpa` runs health diagnostics using Best Practice Analyzer.
`-windowsupdate` checks Windows update for missing firmware or driver updates.

**Note:** Support for the ability to confirm warranty information will be available via the command `-warranty` | SDT console app:
Microsoft Surface Diagnostics App Console
[Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) | [Run Surface Diagnostic Toolkit using commands](surface-diagnostic-toolkit-command-line.md) + +## Supported devices + +SDT for Business is supported on Surface 3 and later devices, including: + +- Surface Pro 6 +- Surface Laptop 2 +- Surface Go +- Surface Go with LTE +- Surface Book 2 +- Surface Pro with LTE Advanced (Model 1807) +- Surface Pro (Model 1796) +- Surface Laptop +- Surface Studio +- Surface Studio 2 +- Surface Book +- Surface Pro 4 +- Surface 3 LTE +- Surface 3 +- Surface Pro 3 + +## Installing Surface Diagnostic Toolkit for Business + +To create an SDT package that you can distribute to users in your organization, you first need to install SDT at a command prompt and set a custom flag to install the tool in admin mode. SDT contains the following install option flags: + +- `SENDTELEMETRY` sends telemetry data to Microsoft. The flag accepts `0` for disabled or `1` for enabled. The default value is `1` to send telemetry. +- `ADMINMODE` configures the tool to be installed in admin mode. The flag accepts `0` for Business client mode or `1` for Business Administrator mode. The default value is `0`. + +**To install SDT in ADMINMODE:** + +1. Sign in to your Surface device using the Administrator account. +2. Download SDT Windows Installer Package (.msi) from the [Surface Tools for IT download page](https://www.microsoft.com/download/details.aspx?id=46703) and copy it to a preferred location on your Surface device, such as Desktop. +3. Open a command prompt and enter: + + ``` + msiexec.exe /i ADMINMODE=1. + ``` + **Example:** + + ``` + C:\Users\Administrator> msiexec.exe/I"C:\Users\Administrator\Desktop\Microsoft_Surface_Diagnostic_Toolkit_for_Business_Installer.msi" ADMINMODE=1 + ``` + +4. The SDT setup wizard appears, as shown in figure 1. Click **Next**. + + >[!NOTE] + >If the setup wizard does not appear, ensure that you are signed into the Administrator account on your computer. + + ![welcome to the Surface Diagnostic Toolkit setup wizard](images/sdt-1.png) + + *Figure 1. Surface Diagnostic Toolkit setup wizard* + +5. When the SDT setup wizard appears, click **Next**, accept the End User License Agreement (EULA), and select a location to install the package. + +6. Click **Next** and then click **Install**. + +## Locating SDT on your Surface device + +Both SDT and the SDT app console are installed at `C:\Program Files\Microsoft\Surface\Microsoft Surface Diagnostic Toolkit for Business`. + +In addition to the .exe file, SDT installs a JSON file and an admin.dll file (modules\admin.dll), as shown in figure 2. + +![list of SDT installed files in File Explorer](images/sdt-2.png) + +*Figure 2. Files installed by SDT* + + +## Preparing the SDT package for distribution + +Creating a custom package allows you to target the tool to specific known issues. + +1. Click **Start > Run**, enter **Surface** and then click **Surface Diagnostic Toolkit for Business**. +2. When the tool opens, click **Create Custom Package**, as shown in figure 3. + + ![Create custom package option](images/sdt-3.png) + + *Figure 3. Create custom package* + +### Language and telemetry page + + +When you start creating the custom package, you’re asked whether you agree to send data to Microsoft to help improve the application. For more information,see the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement). Sharing is on by default, so uncheck the box if you wish to decline. + +>[!NOTE] +>This setting is limited to only sharing data generated while running packages. + +![Select language and telemetry settings](images/sdt-4.png) + +*Figure 4. Select language and telemetry settings* + +### Windows Update page + +Select the option appropriate for your organization. Most organizations with multiple users will typically select to receive updates via Windows Server Update Services (WSUS), as shown in figure 5. If using local Windows update packages or WSUS, enter the path as appropriate. + +![Select Windows Update option](images/sdt-5.png) + +*Figure 5. Windows Update option* + +### Software repair page + +This allows you to select or remove the option to run software repair updates. + +![Select software repair option](images/sdt-6.png) + +*Figure 6. Software repair option* + +### Collecting logs and saving package page + +You can select to run a wide range of logs across applications, drivers, hardware, and the operating system. Click the appropriate area and select from the menu of available logs. You can then save the package to a software distribution point or equivalent location that users can access. + +![Select log options](images/sdt-7.png) + +*Figure 7. Log option and save package* + +## Next steps + +- [Use Surface Diagnostic Toolkit for Business in desktop mode](surface-diagnostic-toolkit-desktop-mode.md) +- [Use Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md) + + + + + + + + + + + diff --git a/devices/surface/surface-diagnostic-toolkit-command-line.md b/devices/surface/surface-diagnostic-toolkit-command-line.md new file mode 100644 index 0000000000..8d5cf4009c --- /dev/null +++ b/devices/surface/surface-diagnostic-toolkit-command-line.md @@ -0,0 +1,148 @@ +--- +title: Run Surface Diagnostic Toolkit for Business using commands +description: How to run Surface Diagnostic Toolkit in a command console +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +author: jdeckerms +ms.author: jdecker +ms.topic: article +ms.date: 11/15/2018 +--- + +# Run Surface Diagnostic Toolkit for Business using commands + +Running the Surface Diagnostic Toolkit (SDT) at a command prompt requires downloading the STD app console. After it's installed, you can run SDT at a command prompt via the Windows command console (cmd.exe) or using Windows PowerShell, including PowerShell Integrated Scripting Environment (ISE), which provides support for autocompletion of commands, copy/paste, and other features. + +>[!NOTE] +>To run SDT using commands, you must be signed in to the Administrator account or signed in to an account that is a member of the Administrator group on your Surface device. + +## Running SDT app console + +Download and install SDT app console from the [Surface Tools for IT download page](https://www.microsoft.com/download/details.aspx?id=46703). You can use the Windows command prompt (cmd.exe) or Windows PowerShell to: + +- Collect all log files. +- Run health diagnostics using Best Practice Analyzer. +- Check update for missing firmware or driver updates. + +>[!NOTE] +>In this release, the SDT app console supports single commands only. Running multiple command line options requires running the console exe separately for each command. + +By default, output files are saved in the same location as the console app. Refer to the following table for a complete list of commands. + +Command | Notes +--- | --- +-DataCollector "output file" | Collects system details into a zip file. "output file" is the file path to create system details zip file.

**Example**:
`Microsoft.Surface.Diagnostics.App.Console.exe -DataCollector SDT_DataCollection.zip` +-bpa "output file" | Checks several settings and health indicators in the device. “output file" is the file path to create the HTML report.

**Example**:
`Microsoft.Surface.Diagnostics.App.Console.exe -bpa BPA.html` +-windowsupdate | Checks Windows Update online servers for missing firmware and/or driver updates.

**Example**:
Microsoft.Surface.Diagnostics.App.Console.exe -windowsupdate +-warranty "output file" | Checks warranty information on the device (valid or invalid). The optional “output file” is the file path to create the xml file.

**Example**:
Microsoft.Surface.Diagnostics.App.Console.exe –warranty “warranty.xml” + + +>[!NOTE] +>To run the SDT app console remotely on target devices, you can use a configuration management tool such as System Center Configuration Manager. Alternatively, you can create a .zip file containing the console app and appropriate console commands and deploy per your organization’s software distribution processes. + +## Running Best Practice Analyzer + +You can run BPA tests across key components such as BitLocker, Secure Boot, and Trusted Platform Module (TPM) and then output the results to a shareable file. The tool generates a series of tables with color-coded headings and condition descriptors along with guidance about how to approach resolving the issue. + +- Green indicates the component is running in an optimal condition (optimal). +- Orange indicates the component is not running in an optimal condition (not optimal). +- Red indicates the component is in an abnormal state. + +### Sample BPA results output + + + + + + + +
BitLocker
Description:Checks if BitLocker is enabled on the system drive.
Value:Protection On
Condition:Optimal
Guidance:It is highly recommended to enable BitLocker to protect your data.
+ + + + + + + +
Secure Boot
Description:Checks if Secure Boot is enabled.
Value:True
Condition:Optimal
Guidance:It is highly recommended to enable Secure Boot to protect your PC.
+ + + + + + + +
Trusted Platform Module
Description:Ensures that the TPM is functional.
Value:True
Condition:Optimal
Guidance:Without a functional TPM, security-based functions such as BitLocker may not work properly.
+ + + + + + + +
Connected Standby
Description:Checks if Connected Standby is enabled.
Value:True
Condition:Optimal
Guidance:Connected Standby allows a Surface device to receive updates and notifications while not being used. For best experience, Connected Standby should be enabled.
+ + + + + + + +
Bluetooth
Description:Checks if Bluetooth is enabled.
Value:Enabled
Condition:Optimal
Guidance:
+ + + + + + + +
Debug Mode
Description:Checks if the operating system is in Debug mode.
Value:Normal
Condition:Optimal
Guidance:The debug boot option enables or disables kernel debugging of the Windows operating system. Enabling this option can cause system instability and can prevent DRM (digital rights managemend) protected media from playing.
+ + + + + + + +
Test Signing
Description:Checks if Test Signing is enabled.
Value:Normal
Condition:Optimal
Guidance:Test Signing is a Windows startup setting that should only be used to test pre-release drivers.
+ + + + + + + +
Active Power Plan
Description:Checks that the correct power plan is active.
Value:Balanced
Condition:Optimal
Guidance:It is highly recommended to use the "Balanced" power plan to maximize productivity and battery life.
+ + + + + + + +
Windows Update
Description:Checks if the device is up to date with Windows updates.
Value:Microsoft Silverlight (KB4023307), Definition Update for Windows Defender Antivirus - KB2267602 (Definition 1.279.1433.0)
Condition:Not Optimal
Guidance:Updating to the latest windows makes sure you are on the latest firmware and drivers. It is recommended to always keep your device up to date
+ + + + + + + +
Free Hard Drive Space
Description:Checks for low free hard drive space.
Value:66%
Condition:Optimal
Guidance:For best performance, your hard drive should have at least 10% of its capacity as free space.
+ + + + + + + +
Non-Functioning Devices
Description:List of non-functioning devices in Device Manager.
Value:
Condition:Optimal
Guidance:Non-functioning devices in Device Manager may cause unpredictable problems with Surface devices such as, but not limited to, no power savings for the respective hardware component.
+ + + + + + + +
External Monitor
Description:Checks for an external monitor that may have compatibility issues.
Value:
Condition:Optimal
Guidance:Check with the original equipment manufacturer for compatibility with your Surface device.
diff --git a/devices/surface/surface-diagnostic-toolkit-desktop-mode.md b/devices/surface/surface-diagnostic-toolkit-desktop-mode.md new file mode 100644 index 0000000000..ee76845656 --- /dev/null +++ b/devices/surface/surface-diagnostic-toolkit-desktop-mode.md @@ -0,0 +1,99 @@ +--- +title: Use Surface Diagnostic Toolkit for Business in desktop mode +description: How to use SDT to help users in your organization run the tool to identify and diagnose issues with the Surface device. +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +author: jdeckerms +ms.author: jdecker +ms.topic: article +ms.date: 11/15/2018 +--- + +# Use Surface Diagnostic Toolkit for Business in desktop mode + +This topic explains how to use the Surface Diagnostic Toolkit (SDT) to help users in your organization run the tool to identify and diagnose issues with the Surface device. Successfully running SDT can quickly determine if a reported issue is caused by failed hardware or user error. + +1. Direct the user to install [the SDT package](surface-diagnostic-toolkit-business.md#create-custom-sdt) from a software distribution point or network share. After it is installed, you’re ready to guide the user through a series of tests. + +2. Begin at the home page, which allows users to enter a description of the issue, and click **Continue**, as shown in figure 1. + + ![Start SDT in desktop mode](images/sdt-desk-1.png) + + *Figure 1. SDT in desktop mode* + +3. When SDT indicates the device has the latest updates, click **Continue** to advance to the catalog of available tests, as shown in figure 2. + + ![Select from SDT options](images/sdt-desk-2.png) + + *Figure 2. Select from SDT options* + +4. You can choose to run all the diagnostic tests. Or, if you already suspect a particular issue such as a faulty display or a power supply problem, click **Select** to choose from the available tests and click **Run Selected**, as shown in figure 3. See the following table for details of each test. + + ![Select hardware tests](images/sdt-desk-3.png) + + *Figure 3. Select hardware tests* + + Hardware test | Description + --- | --- + Power Supply and Battery | Checks Power supply is functioning optimally + Display and Sound | Checks brightness, stuck or dead pixels, speaker and microphone functioning + Ports and Accessories | Checks accessories, screen attach and USB functioning + Connectivity | Checks Bluetooth, wireless and LTE connectivity + Security | Checks security related issues + Touch | Checks touch related issues + Keyboard and touch | Checks integrated keyboard connection and type cover + Sensors | Checks functioning of different sensors in the device + Hardware | Checks issues with different hardware components such as graphics card and camera + + + + + + +## Running multiple hardware tests to troubleshoot issues + +SDT is designed as an interactive tool that runs a series of tests. For each test, SDT provides instructions summarizing the nature of the test and what users should expect or look for in order for the test to be successful. For example, to diagnose if the display brightness is working properly, SDT starts at zero and increases the brightness to 100 percent, asking users to confirm – by answering **Yes** or **No** -- that brightness is functioning as expected, as shown in figure 4. + +For each test, if functionality does not work as expected and the user clicks **No**, SDT generates a report of the possible causes and ways to troubleshoot it. + +![Running hardware diagnostics](images/sdt-desk-4.png) + +*Figure 4. Running hardware diagnostics* + +1. If the brightness successfully adjusts from 0-100 percent as expected, direct the user to click **Yes** and then click **Continue**. +2. If the brightness fails to adjust from 0-100 percent as expected, direct the user to click **No** and then click **Continue**. +3. Guide users through remaining tests as appropriate. When finished, SDT automatically provides a high-level summary of the report, including the possible causes of any hardware issues along with guidance for resolution. + + +### Repairing applications + +SDT enables you to diagnose and repair applications that may be causing issues, as shown in figure 5. + +![Running repairs](images/sdt-desk-5.png) + +*Figure 5. Running repairs* + + + + + +### Generating logs for analyzing issues + +SDT provides extensive log-enabled diagnosis support across applications, drivers, hardware, and operating system issues, as shown in figure 6. + +![Generating logs](images/sdt-desk-6.png) + +*Figure 6. Generating logs* + + + + +### Generating detailed report comparing device vs. optimal configuration + +Based on the logs, SDT generates a report for software- and firmware-based issues that you can save to a preferred location. + +## Related topics + +- [Run Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md) + diff --git a/devices/surface/surface-dock-updater.md b/devices/surface/surface-dock-updater.md index 227433e7b2..9c644b79eb 100644 --- a/devices/surface/surface-dock-updater.md +++ b/devices/surface/surface-dock-updater.md @@ -112,11 +112,28 @@ Microsoft Surface Dock Updater logs its progress into the Event Log, as shown in ## Changes and updates -Microsoft periodically updates Surface Dock Updater. To learn more about the application of firmware by Surface Dock Updater, see [Manage Surface Dock firmware updates](https://technet.microsoft.com/en-us/itpro/surface/manage-surface-dock-firmware-updates). +Microsoft periodically updates Surface Dock Updater. >[!Note] >Each update to Surface Dock firmware is included in a new version of Surface Dock Updater. To update a Surface Dock to the latest firmware, you must use the latest version of Surface Dock Updater. +### Version 2.23.139.0 +*Release Date: 10 October 2018* + +This version of Surface Dock Updater adds support for the following: + +- Add support for Surface Pro 6 +- Add support for Surface Laptop 2 + + +### Version 2.22.139.0 +*Release Date: 26 July 2018* + +This version of Surface Dock Updater adds support for the following: + +- Increase update reliability +- Add support for Surface Go + ### Version 2.12.136.0 *Release Date: 29 January 2018* @@ -174,7 +191,7 @@ This version of Surface Dock Updater adds support for the following: * Update for Surface Dock DisplayPort firmware -## Related topics + -[Manage Surface Dock firmware updates](manage-surface-dock-firmware-updates.md) + diff --git a/devices/surface/surface-enterprise-management-mode.md b/devices/surface/surface-enterprise-management-mode.md index 42df3fd641..e42a925b72 100644 --- a/devices/surface/surface-enterprise-management-mode.md +++ b/devices/surface/surface-enterprise-management-mode.md @@ -17,15 +17,15 @@ ms.date: 01/06/2017 Microsoft Surface Enterprise Management Mode (SEMM) is a feature of Surface devices with Surface UEFI that allows you to secure and manage firmware settings within your organization. With SEMM, IT professionals can prepare configurations of UEFI settings and install them on a Surface device. In addition to the ability to configure UEFI settings, SEMM also uses a certificate to protect the configuration from unauthorized tampering or removal. >[!NOTE] ->SEMM is only available on devices with Surface UEFI firmware, such as Surface Pro 4, Surface Book, and Surface Studio. For more information about Surface UEFI, see [Manage Surface UEFI Settings](https://technet.microsoft.com/itpro/surface/manage-surface-uefi-settings). +>SEMM is only available on devices with Surface UEFI firmware such as Surface Pro 4 and later, Surface Go, Surface Laptop, Surface Book, and Surface Studio. For more information about Surface UEFI, see [Manage Surface UEFI Settings](https://technet.microsoft.com/itpro/surface/manage-surface-uefi-settings). When Surface devices are configured by SEMM and secured with the SEMM certificate, they are considered *enrolled* in SEMM. When the SEMM certificate is removed and control of UEFI settings is returned to the user of the device, the Surface device is considered *unenrolled* in SEMM. -There are two administrative options you can use to manage SEMM and enrolled Surface devices – a standalone tool or integration with System Center Configuration Manager. The SEMM standalone tool, called the Microsoft Surface UEFI Configurator, is described in this article. For more information about how to manage SEMM with System Center Configuration Manager, see [Use System Center Configuration Manager to manage devices with SEMM](https://technet.microsoft.com/en-us/itpro/surface/use-system-center-configuration-manager-to-manage-devices-with-semm). +There are two administrative options you can use to manage SEMM and enrolled Surface devices – a standalone tool or integration with System Center Configuration Manager. The SEMM standalone tool, called the Microsoft Surface UEFI Configurator, is described in this article. For more information about how to manage SEMM with System Center Configuration Manager, see [Use System Center Configuration Manager to manage devices with SEMM](https://technet.microsoft.com/itpro/surface/use-system-center-configuration-manager-to-manage-devices-with-semm). ## Microsoft Surface UEFI Configurator -The primary workspace of SEMM is Microsoft Surface UEFI Configurator, as shown in Figure 1. Microsoft Surface UEFI Configurator is a tool that is used to create Windows Installer (.msi) packages that are used to enroll, configure, and unenroll SEMM on a Surface device. These packages contain a configuration file where the settings for UEFI are specified. SEMM packages also contain a certificate that is installed and stored in firmware and used to verify the signature of configuration files before UEFI settings are applied. +The primary workspace of SEMM is Microsoft Surface UEFI Configurator, as shown in Figure 1. Microsoft Surface UEFI Configurator is a tool that is used to create Windows Installer (.msi) packages or WinPE images that are used to enroll, configure, and unenroll SEMM on a Surface device. These packages contain a configuration file where the settings for UEFI are specified. SEMM packages also contain a certificate that is installed and stored in firmware and used to verify the signature of configuration files before UEFI settings are applied. ![Microsoft Surface UEFI Configurator](images\surface-ent-mgmt-fig1-uefi-configurator.png "Microsoft Surface UEFI Configurator") @@ -74,14 +74,15 @@ You can enable or disable the following devices with SEMM: * Docking USB Port * On-board Audio +* DGPU * Type Cover -* Micro SD or SD Card Slots +* Micro SD Card * Front Camera * Rear Camera * Infrared Camera, for Windows Hello * Bluetooth Only * Wi-Fi and Bluetooth -* Trusted Platform Module (TPM) +* LTE You can configure the following advanced settings with SEMM: @@ -89,9 +90,12 @@ You can configure the following advanced settings with SEMM: * Alternate boot order, where the Volume Down button and Power button can be pressed together during boot, to boot directly to a USB or Ethernet device * Lock the boot order to prevent changes * Support for booting to USB devices +* Enable Network Stack boot settings +* Enable Auto Power On boot settings * Display of the Surface UEFI **Security** page * Display of the Surface UEFI **Devices** page * Display of the Surface UEFI **Boot** page +* Display of the Surface UEFI **DateTime** page >[!NOTE] >When you create a SEMM configuration package, two characters are shown on the **Successful** page, as shown in Figure 5. @@ -116,9 +120,9 @@ These characters are the last two characters of the certificate thumbprint and s >6. **All** or **Properties Only** must be selected in the **Show** drop-down menu. >7. Select the field **Thumbprint**. -To enroll a Surface device in SEMM or to apply the UEFI configuration from a configuration package, all you need to do is run the .msi file on the intended Surface device. You can use application deployment or operating system deployment technologies such as [System Center Configuration Manager](https://technet.microsoft.com/library/mt346023) or the [Microsoft Deployment Toolkit](https://technet.microsoft.com/windows/dn475741). When you enroll a device in SEMM you must be present to confirm the enrollment on the device. User interaction is not required when you apply a configuration to devices that are already enrolled in SEMM. +To enroll a Surface device in SEMM or to apply the UEFI configuration from a configuration package, all you need to do is run the .msi file with administrative privileges on the intended Surface device. You can use application deployment or operating system deployment technologies such as [System Center Configuration Manager](https://technet.microsoft.com/library/mt346023) or the [Microsoft Deployment Toolkit](https://technet.microsoft.com/windows/dn475741). When you enroll a device in SEMM you must be present to confirm the enrollment on the device. User interaction is not required when you apply a configuration to devices that are already enrolled in SEMM. -For a step-by-step walkthrough of how to enroll a Surface device in SEMM or apply a Surface UEFI configuration with SEMM, see [Enroll and configure Surface devices with SEMM](https://technet.microsoft.com/en-us/itpro/surface/enroll-and-configure-surface-devices-with-semm). +For a step-by-step walkthrough of how to enroll a Surface device in SEMM or apply a Surface UEFI configuration with SEMM, see [Enroll and configure Surface devices with SEMM](https://technet.microsoft.com/itpro/surface/enroll-and-configure-surface-devices-with-semm). ### Reset package @@ -137,7 +141,7 @@ When you use the process on the **Enterprise Management** page to reset SEMM on >[!NOTE] >A Reset Request expires two hours after it is created. -For a step-by-step walkthrough of how to unenroll Surface devices from SEMM, see [Unenroll Surface devices from SEMM](https://technet.microsoft.com/en-us/itpro/surface/unenroll-surface-devices-from-semm). +For a step-by-step walkthrough of how to unenroll Surface devices from SEMM, see [Unenroll Surface devices from SEMM](https://technet.microsoft.com/itpro/surface/unenroll-surface-devices-from-semm). ## Surface Enterprise Management Mode certificate requirements @@ -189,8 +193,61 @@ For use with SEMM and Microsoft Surface UEFI Configurator, the certificate must >[!NOTE] >For organizations that use an offline root in their PKI infrastructure, Microsoft Surface UEFI Configurator must be run in an environment connected to the root CA to authenticate the SEMM certificate. The packages generated by Microsoft Surface UEFI Configurator can be transferred as files and therefore can be transferred outside the offline network environment with removable storage, such as a USB stick. +### Managing certificates FAQ + +The recommended *minimum* length is 15 months. You can use a +certificate that expires in less than 15 months or use a certificate +that expires in longer than 15 months. + +>[!NOTE] +>When a certificate expires, it does not automatically renew. + +**Will existing machines continue to apply the bios settings after 15 +months?** + +Yes, but only if the package itself was signed when the certificate was +valid. + +**Will** **the SEMM package and certificate need to be updated on all +machines that have it?** + +If you want SEMM reset or recovery to work, the certificate needs to be +valid and not expired. You can use the current valid ownership +certificate to sign a package that updates to a new certificate for +ownership. You do not need to create a reset package. + +**Can bulk reset packages be created for each surface that we order? Can +one be built that resets all machines in our environment?** + +The PowerShell samples that create a config package for a specific +device type can also be used to create a reset package that is +serial-number independent. If the certificate is still valid, you can +create a reset package using PowerShell to reset SEMM. + +## Version History + +### Version 2.26.136.0 +* Add support to Surface Studio 2 + +### Version 2.21.136.0 +* Add support to Surface Pro 6 +* Add support to Surface Laptop 2 + +### Version 2.14.136.0 +* Add support to Surface Go + +### Version 2.9.136.0 +* Add support to Surface Book 2 +* Add support to Surface Pro LTE +* Accessibility improvements + +### Version 1.0.74.0 +* Add support to Surface Laptop +* Add support to Surface Pro +* Bug fixes and general improvement + ## Related topics [Enroll and configure Surface devices with SEMM](enroll-and-configure-surface-devices-with-semm.md) -[Unenroll Surface devices from SEMM](unenroll-surface-devices-from-semm.md) \ No newline at end of file +[Unenroll Surface devices from SEMM](unenroll-surface-devices-from-semm.md) diff --git a/devices/surface/update.md b/devices/surface/update.md index 29e0b9517b..df7a6e3c5d 100644 --- a/devices/surface/update.md +++ b/devices/surface/update.md @@ -8,7 +8,7 @@ ms.sitesec: library author: heatherpoulsen ms.author: jdecker ms.topic: article -ms.date: 12/01/2016 +ms.date: 11/13/2018 --- # Surface firmware and driver updates @@ -22,7 +22,6 @@ Find out how to download and manage the latest firmware and driver updates for y |[Wake On LAN for Surface devices](wake-on-lan-for-surface-devices.md) | See how you can use Wake On LAN to remotely wake up devices to perform management or maintenance tasks, or to enable management solutions automatically. | | [Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)| Get a list of the available downloads for Surface devices and links to download the drivers and firmware for your device.| | [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md)| Explore the available options to manage firmware and driver updates for Surface devices.| -| [Manage Surface Dock firmware updates](manage-surface-dock-firmware-updates.md)| Read about the different methods you can use to manage the process of Surface Dock firmware updates.| | [Surface Dock Updater](surface-dock-updater.md)| Get a detailed walkthrough of Microsoft Surface Dock Updater.|   diff --git a/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md b/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md index 4e13cfd089..996293cae5 100644 --- a/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md +++ b/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md @@ -51,7 +51,7 @@ You will also need to have available the following resources: >[!NOTE] >Installation media for use with MDT must contain a Windows image in Windows Imaging Format (.wim). Installation media produced by the [Get Windows 10](https://www.microsoft.com/en-us/software-download/windows10/) page does not use a .wim file, instead using an Electronic Software Download (.esd) file, which is not compatible with MDT. -* [Surface firmware and drivers](https://technet.microsoft.com/en-us/itpro/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices) for Windows 10 +* [Surface firmware and drivers](https://technet.microsoft.com/itpro/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices) for Windows 10 * Application installation files for any applications you want to install, such as the Surface app diff --git a/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md b/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md index c5de082d9e..381ba2d8e1 100644 --- a/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md +++ b/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md @@ -42,7 +42,7 @@ Management of SEMM with Configuration Manager requires the installation of Micro #### Download SEMM scripts for Configuration Manager -After Microsoft Surface UEFI Manager is installed on the client Surface device, SEMM is deployed and managed with PowerShell scripts. You can download samples of the [SEMM management scripts](https://gallery.technet.microsoft.com/Sample-PowerShell-for-5eb5f03c) from the TechNet Gallery Script Center. +After Microsoft Surface UEFI Manager is installed on the client Surface device, SEMM is deployed and managed with PowerShell scripts. You can download samples of the [SEMM management scripts](https://www.microsoft.com/en-us/download/details.aspx?id=46703) from the Download Center. ## Deploy Microsoft Surface UEFI Manager @@ -50,7 +50,7 @@ Deployment of Microsoft Surface UEFI Manager is a typical application deployment The command to install Microsoft Surface UEFI Manager is: -`msiexec /i “SurfaceUEFIManagerSetup.msi” /q` +`msiexec /i "SurfaceUEFIManagerSetup.msi" /q` The command to uninstall Microsoft Surface UEFI Manager is: @@ -269,7 +269,7 @@ The following code fragment, found on lines 352-363, is used to write this regis ### Settings names and IDs -To configure Surface UEFI settings or permissions for Surface UEFI settings, you must refer to each setting by either its setting name or setting ID. With each new update for Surface UEFI, new settings may be added. The best way to get a complete list of the settings available on a Surface device, along with the settings name and settings IDs, is to use the ShowSettingsOptions.ps1 script from [SEMM management scripts for Configuration Manager](https://gallery.technet.microsoft.com/Sample-PowerShell-for-5eb5f03c) in the TechNet Gallery Script Center. +To configure Surface UEFI settings or permissions for Surface UEFI settings, you must refer to each setting by either its setting name or setting ID. With each new update for Surface UEFI, new settings may be added. The best way to get a complete list of the settings available on a Surface device, along with the settings name and settings IDs, is to use the ShowSettingsOptions.ps1 script from SEMM_Powershell.zip in [Surface Tools for IT Downloads](https://www.microsoft.com/en-us/download/details.aspx?id=46703) The computer where ShowSettingsOptions.ps1 is run must have Microsoft Surface UEFI Manager installed, but the script does not require a Surface device. @@ -334,11 +334,11 @@ After your scripts are prepared to configure and enable SEMM on the client devic The SEMM Configuration Manager scripts will be added to Configuration Manager as a script application. The command to install SEMM with ConfigureSEMM.ps1 is: -`Powershell.exe -file “.\ConfigureSEMM.ps1”` +`Powershell.exe -file ".\ConfigureSEMM.ps1"` The command to uninstall SEMM with ResetSEMM.ps1 is: -`Powershell.exe -file “.\ResetSEMM.ps1”` +`Powershell.exe -file ".\ResetSEMM.ps1"` To add the SEMM Configuration Manager scripts to Configuration Manager as an application, use the following process: @@ -424,4 +424,4 @@ Removal of SEMM from a device deployed with Configuration Manager using these sc >When you install a reset package, the Lowest Supported Value (LSV) is reset to a value of 1. You can reenroll a device by using an existing configuration package – the device will prompt for the certificate thumbprint before ownership is taken. ->For this reason, the reenrollment of a device in SEMM would require a new package to be created and installed on that device. Because this action is a new enrollment and not a change in configuration on a device already enrolled in SEMM, the device will prompt for the certificate thumbprint before ownership is taken. \ No newline at end of file +>For this reason, the reenrollment of a device in SEMM would require a new package to be created and installed on that device. Because this action is a new enrollment and not a change in configuration on a device already enrolled in SEMM, the device will prompt for the certificate thumbprint before ownership is taken. diff --git a/devices/surface/windows-autopilot-and-surface-devices.md b/devices/surface/windows-autopilot-and-surface-devices.md index 3550f35fd6..e4f3b0a922 100644 --- a/devices/surface/windows-autopilot-and-surface-devices.md +++ b/devices/surface/windows-autopilot-and-surface-devices.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.pagetype: surface, devices ms.sitesec: library author: brecords -ms.date: 01/31/2018 +ms.date: 09/12/2018 ms.author: jdecker ms.topic: article --- @@ -18,7 +18,7 @@ Windows Autopilot is a cloud-based deployment technology available in Windows 10 With Surface devices, you can choose to register your devices at the time of purchase when purchasing from a Surface partner enabled for Windows Autopilot. New devices can be shipped directly to your end-users and will be automatically enrolled and configured when the units are unboxed and turned on for the first time. This process can eliminate need to reimage your devices as part of your deployment process, reducing the work required of your deployment staff and opening up new, agile methods for device management and distribution. -In this article learn how to enroll your Surface devices in Windows Autopilot with a Surface partner and the options and considerations you will need to know along the way. This article focuses specifically on Surface devices, for more information about using Windows Autopilot with other devices, or to read more about Windows Autopilot and its capabilities, see [Overview of Windows Autopilot](https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-10-autopilot) in the Windows Docs Library. +In this article learn how to enroll your Surface devices in Windows Autopilot with a Surface partner and the options and considerations you will need to know along the way. This article focuses specifically on Surface devices, for more information about using Windows Autopilot with other devices, or to read more about Windows Autopilot and its capabilities, see [Overview of Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-10-autopilot) in the Windows Docs Library. ## Prerequisites Enrollment of Surface devices in Windows Autopilot with a Surface partner enabled for Windows Autopilot has the following licensing requirements for each enrolled Surface device: @@ -45,8 +45,13 @@ Surface devices with support for out-of-box deployment with Windows Autopilot, e * Surface Book 2 * Surface Laptop * Surface Studio +* Surface Go ## Surface partners enabled for Windows Autopilot Enrolling Surface devices in Windows Autopilot at the time of purchase is a capability provided by select Surface partners that are enabled with the capability to identify individual Surface devices during the purchase process and perform enrollment on an organization’s behalf. Devices enrolled by a Surface partner at time of purchase can be shipped directly to users and configured entirely through the zero-touch process of Windows Autopilot, Azure Active Directory, and Mobile Device Management. -You can find a list of Surface partners enabled for Windows Autopilot at the [Windows Autopilot for Surface portal](https://www.microsoft.com/en-us/itpro/surface/windows-autopilot-for-surface). \ No newline at end of file +When you purchase Surface devices from a Surface partner enabled for Windows Autopilot, your new devices can be enrolled in your Windows Autopilot deployment for you by the partner. Surface partners enabled for Windows Autopilot include: + +- [SHI](https://www.shi.com/?reseller=shi) +- [Insight](https://www.insight.com/en_US/buy/partner/microsoft/surface.html) +- [Atea](https://www.atea.com/) \ No newline at end of file diff --git a/education/docfx.json b/education/docfx.json index c01be28758..227546b56a 100644 --- a/education/docfx.json +++ b/education/docfx.json @@ -9,7 +9,7 @@ ], "resource": [ { - "files": ["**/images/**", "**/*.json"], + "files": ["**/images/**"], "exclude": ["**/obj/**"] } ], diff --git a/education/get-started/change-history-ms-edu-get-started.md b/education/get-started/change-history-ms-edu-get-started.md index 97ddde85fb..890ee785d2 100644 --- a/education/get-started/change-history-ms-edu-get-started.md +++ b/education/get-started/change-history-ms-edu-get-started.md @@ -1,43 +1,42 @@ ---- -title: Change history for Microsoft Education Get Started -description: New and changed topics in the Microsoft Education get started guide. -keywords: Microsoft Education get started guide, IT admin, IT pro, school, education, change history +--- +title: Change history for Microsoft Education Get Started +description: New and changed topics in the Microsoft Education get started guide. +keywords: Microsoft Education get started guide, IT admin, IT pro, school, education, change history ms.prod: w10 -ms.technology: Windows -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: edu -author: CelesteDG -ms.author: celested -ms.date: 07/07/2017 ---- - -# Change history for Microsoft Education Get Started - -This topic lists the changes in the Microsoft Education IT admin get started. - -## July 2017 - -| New or changed topic | Description | -| --- | ---- | -| [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md) | Broke up the get started guide to highlight each phase in the Microsoft Education deployment and management process. | -| [Set up an Office 365 Education tenant](set-up-office365-edu-tenant.md) | New. Shows the video and step-by-step guide on how to set up an Office 365 for Education tenant. | -| [Use School Data Sync to import student data](use-school-data-sync.md) | New. Shows the video and step-by-step guide on School Data Sync and sample CSV files to import student data in a trial environment. | -| [Enable Microsoft Teams for your school](enable-microsoft-teams.md) | New. Shows how IT admins can enable and deploy Microsoft Teams in schools. | -| [Configure Microsoft Store for Education](configure-microsoft-store-for-education.md) | New. Shows the video and step-by-step guide on how to accept the services agreement and ensure your Microsoft Store account is associated with Intune for Education. | -| [Use Intune for Education to manage groups, apps, and settings](use-intune-for-education.md) | New. Shows the video and step-by-step guide on how to set up Intune for Education, buy apps from the Microsoft Store for Education, and install the apps for all users in your tenant. | -| [Set up Windows 10 education devices](set-up-windows-10-education-devices.md) | New. Shows options available to you when you need to set up new Windows 10 devices and enroll them to your education tenant. Each option contains a video and step-by-step guide. | -| [Finish Windows 10 device setup and other tasks](finish-setup-and-other-tasks.md) | New. Shows the video and step-by-step guide on how to finish preparing your Windows 10 devices for use in the classroom. | - - -## June 2017 - -| New or changed topic | Description | -| --- | ---- | -| [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md) | Includes the following updates:

- New configuration guidance for IT administrators to deploy Microsoft Teams.
- Updated steps for School Data Sync to show the latest workflow and user experience.
- Updated steps for Option 2: Try out Microsoft Education in a trial environment. You no longer need the SDS promo code to try SDS in a trial environment. | - -## May 2017 - -| New or changed topic | Description | -| --- | ---- | -| [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md) | New. Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices. | +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: edu +author: CelesteDG +ms.author: celested +ms.date: 07/07/2017 +--- + +# Change history for Microsoft Education Get Started + +This topic lists the changes in the Microsoft Education IT admin get started. + +## July 2017 + +| New or changed topic | Description | +| --- | ---- | +| [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md) | Broke up the get started guide to highlight each phase in the Microsoft Education deployment and management process. | +| [Set up an Office 365 Education tenant](set-up-office365-edu-tenant.md) | New. Shows the video and step-by-step guide on how to set up an Office 365 for Education tenant. | +| [Use School Data Sync to import student data](use-school-data-sync.md) | New. Shows the video and step-by-step guide on School Data Sync and sample CSV files to import student data in a trial environment. | +| [Enable Microsoft Teams for your school](enable-microsoft-teams.md) | New. Shows how IT admins can enable and deploy Microsoft Teams in schools. | +| [Configure Microsoft Store for Education](configure-microsoft-store-for-education.md) | New. Shows the video and step-by-step guide on how to accept the services agreement and ensure your Microsoft Store account is associated with Intune for Education. | +| [Use Intune for Education to manage groups, apps, and settings](use-intune-for-education.md) | New. Shows the video and step-by-step guide on how to set up Intune for Education, buy apps from the Microsoft Store for Education, and install the apps for all users in your tenant. | +| [Set up Windows 10 education devices](set-up-windows-10-education-devices.md) | New. Shows options available to you when you need to set up new Windows 10 devices and enroll them to your education tenant. Each option contains a video and step-by-step guide. | +| [Finish Windows 10 device setup and other tasks](finish-setup-and-other-tasks.md) | New. Shows the video and step-by-step guide on how to finish preparing your Windows 10 devices for use in the classroom. | + + +## June 2017 + +| New or changed topic | Description | +| --- | ---- | +| [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md) | Includes the following updates:

- New configuration guidance for IT administrators to deploy Microsoft Teams.
- Updated steps for School Data Sync to show the latest workflow and user experience.
- Updated steps for Option 2: Try out Microsoft Education in a trial environment. You no longer need the SDS promo code to try SDS in a trial environment. | + +## May 2017 + +| New or changed topic | Description | +| --- | ---- | +| [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md) | New. Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices. | diff --git a/education/get-started/configure-microsoft-store-for-education.md b/education/get-started/configure-microsoft-store-for-education.md index caf9b51520..6da930b66d 100644 --- a/education/get-started/configure-microsoft-store-for-education.md +++ b/education/get-started/configure-microsoft-store-for-education.md @@ -3,7 +3,6 @@ title: Configure Microsoft Store for Education description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices. keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.topic: get-started diff --git a/education/get-started/enable-microsoft-teams.md b/education/get-started/enable-microsoft-teams.md index bab1e61628..5d3af7dc3d 100644 --- a/education/get-started/enable-microsoft-teams.md +++ b/education/get-started/enable-microsoft-teams.md @@ -3,7 +3,6 @@ title: Enable Microsoft Teams for your school description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices. keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.topic: get-started diff --git a/education/get-started/finish-setup-and-other-tasks.md b/education/get-started/finish-setup-and-other-tasks.md index b15394f6ac..120b357bc2 100644 --- a/education/get-started/finish-setup-and-other-tasks.md +++ b/education/get-started/finish-setup-and-other-tasks.md @@ -3,7 +3,6 @@ title: Finish Windows 10 device setup and other tasks description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices. keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.topic: get-started diff --git a/education/get-started/get-started-with-microsoft-education.md b/education/get-started/get-started-with-microsoft-education.md index 39dad1f8e4..6df81f8b27 100644 --- a/education/get-started/get-started-with-microsoft-education.md +++ b/education/get-started/get-started-with-microsoft-education.md @@ -3,7 +3,6 @@ title: Deploy and manage a full cloud IT solution with Microsoft Education description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices. keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.topic: hero-article diff --git a/education/get-started/inclusive-classroom-it-admin.md b/education/get-started/inclusive-classroom-it-admin.md index d5a982714e..5500fe19dc 100644 --- a/education/get-started/inclusive-classroom-it-admin.md +++ b/education/get-started/inclusive-classroom-it-admin.md @@ -26,10 +26,10 @@ You will also learn how to deploy apps using Microsoft Intune, turn on or off Ea ## Inclusive Classroom features |Reading features|Available in which apps|Office 2016 MSI|Office 2019| Office 365 ProPlus Monthly (C2R) | Office 365 ProPlus Semi Annual (C2R) | Office 365 ProPlus Annual (C2R) | |---|---|---|---|---|---|---| -| Read aloud with simultaneous highlighting |

  • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
  • Word 2016, Word Online, Word Mac, Word for iOS
  • Outlook 2016, Outlook Web Access
  • Office Lens on iOS, Android
| |

X

(N/A for Word for iOS, Word Online, Outlook Web Access, or Office Lens)

|

X

|

X

(N/A for Outlook PC)

|

X

(N/A for any OneNote apps or Outlook PC)

| -| Adjustable text spacing and font size |
  • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
  • Word 2016, Word Online, Word Mac, Word for iPad
  • Outlook Web Access
  • Office Lens on iOS, Android
| |

X

(N/A for Word for iOS, Word Online, Outlook Web Access, or Office Lens)

|

X

|

X

|

X

(N/A for any OneNote apps)

| +| Read aloud with simultaneous highlighting |
  • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
  • Word 2016, Word Online, Word Mac, Word for iOS
  • Outlook 2016, Outlook Web Access
  • Office Lens on iOS, Android
|

X

(N/A for Word for iOS, Word Online, Outlook Web Access, or Office Lens)

|

X

(N/A for Word for iOS, Word Online, Outlook Web Access, or Office Lens)

|

X

|

X

(N/A for Outlook PC)

|

X

(N/A for any OneNote apps or Outlook PC)

| +| Adjustable text spacing and font size |
  • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
  • Word 2016, Word Online, Word Mac, Word for iPad
  • Outlook Web Access
  • Office Lens on iOS, Android
|

X

(N/A for Word for iOS, Word Online, Outlook Web Access, or Office Lens)

|

X

(N/A for Word for iOS, Word Online, Outlook Web Access, or Office Lens)

|

X

|

X

|

X

(N/A for any OneNote apps)

| | Syllabification |
  • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
  • Word Online
  • Outlook Web Access
| |

X

(N/A for Word for iOS, Word Online, Outlook Web Access)

|

X

(N/A for Word iOS)

|

X

(N/A for Word iOS)

|

X

(N/A for any OneNote apps or Word iOS)

| -| Parts of speech identification |
  • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
  • Word 2016, Word Online, Word Mac, Word for iOS
  • Outlook 2016, Outlook Web Access
  • Office Lens on iOS, Android
| |

X

(N/A for Word Online, Outlook Web Access)

|

X

(N/A for any OneNote apps)

|

X

(N/A for any OneNote apps)

|

X

(N/A for any OneNote apps)

| +| Parts of speech identification |
  • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
  • Word 2016, Word Online, Word Mac, Word for iOS
  • Outlook 2016, Outlook Web Access
  • Office Lens on iOS, Android
|

X

(N/A for Word Online, Outlook Web Access)

|

X

(N/A for Word Online, Outlook Web Access)

|

X

(N/A for any OneNote apps)

|

X

(N/A for any OneNote apps)

|

X

(N/A for any OneNote apps)

| | Line focus mode |
  • Word 2016, Word Online, Word Mac, Word for iOS
  • Outlook 2016, Outlook Web Access
  • Office Lens on iOS, Android
| |

X

(N/A for Word Online, Outlook Web Access)

|

X

(N/A for any OneNote apps)

|

X

(N/A for any OneNote apps)

|

X

(N/A for any OneNote apps)

| | Picture Dictionary |
  • Word 2016, Word Online, Word Mac, Word for iOS
  • Outlook 2016, Outlook Web Access
  • Office Lens on iOS, Android
| |

X

(N/A for Word Online, Outlook Web Access)

|

X

(N/A for any OneNote apps)

|

X

(N/A for any OneNote apps)

|

X

(N/A for any OneNote apps)

|
@@ -40,18 +40,18 @@ You will also learn how to deploy apps using Microsoft Intune, turn on or off Ea | Spelling suggestions for phonetic misspellings |
  • Word 2016, Word Online, Word for Mac
  • Outlook 2016
| |

X

|

X

|

X

| | | Synonyms alongside spelling suggestions that can be read aloud |
  • Word 2016
  • Outlook 2016
| |

X

|

X

|

X

| | | Grammar checks |
  • Word 2016, Word Online, Word for Mac
  • Outlook 2016
| |

X

|

X

| | | -| Customizable writing critiques |
  • Word 2016, Word for Mac
  • Outlook 2016
| |

X

|

X

| | | -| Tell me what you want to do |
  • Office 2016
  • Office Online
  • Office on iOS, Android, Windows 10
| |

X

|

X

|

X

| | +| Customizable writing critiques |
  • Word 2016, Word for Mac
  • Outlook 2016
|

X

|

X

|

X

| | | +| Tell me what you want to do |
  • Office 2016
  • Office Online
  • Office on iOS, Android, Windows 10
|

X

|

X

|

X

|

X

| | | Editor |
  • Word 2016
| |

X

|

X

| | |
| Creating accessible content features | Available in which apps|Office 2016 MSI|Office 2019| Office 365 ProPlus Monthly (C2R) | Office 365 ProPlus Semi Annual (C2R) | Office 365 ProPlus Annual (C2R) | |---|---|---|---|---|---|---| -| Accessibility Checker |
  • All Office 365 authoring applications on PC, Mac, Web
| |

X

| | | | -| Accessible Templates |
  • Word for PCs, Mac
  • Excel for PCs, Mac
  • PowerPoint for PCs, Mac
  • Sway on iOS, Web, Windows 10
| |

X

| | | | -| Ability to add alt-text for images |
  • Word for PCs (includes automatic suggestions for image descriptions)
  • SharePoint Online (includes automatic suggestions for image descriptions)
  • PowerPoint for PCs (includes automatic suggestions for image descriptions)
  • OneNote (includes automatic extraction of text in images)
  • All Office 365 authoring applications (include ability to add alt-text manually)
| |

X

| | | | +| Accessibility Checker |
  • All Office 365 authoring applications on PC, Mac, Web
| |

X

|

X

| | | +| Accessible Templates |
  • Word for PCs, Mac
  • Excel for PCs, Mac
  • PowerPoint for PCs, Mac
  • Sway on iOS, Web, Windows 10
| |

X

|

X

| | | +| Ability to add alt-text for images |
  • Word for PCs (includes automatic suggestions for image descriptions)
  • SharePoint Online (includes automatic suggestions for image descriptions)
  • PowerPoint for PCs (includes automatic suggestions for image descriptions)
  • OneNote (includes automatic extraction of text in images)
  • All Office 365 authoring applications (include ability to add alt-text manually)
|

X

|

X

|

X

| | | | Ability to add captions to videos |
  • PowerPoint for PCs
  • Sway on iOS, Web, Windows 10
  • Microsoft Stream (includes ability to have captions auto-generated for videos in English and Spanish)
| |

X

| | | | -| Export as tagged PDF |
  • Word for PCs, Mac
  • Sway on iOS, Web, Windows 10
| | | | | | +| Export as tagged PDF |
  • Word for PCs, Mac
  • Sway on iOS, Web, Windows 10
| |

X

|

X

| | | | Ability to request accessible content |
  • Outlook Web Access
| | | | | |
@@ -79,4 +79,4 @@ Depending on how you plan to do billing, you can have Office 365 accounts that a 1. Sign-in to your services and subscriptions with your Microsoft account. 2. Find the subscription in the list, then select **Change how you pay**. >**Note:** If you don't see **Change how you pay**, it could be because auto-renew is not turned on. You won't be able to change how you pay if auto-renew is off because the subscription has already been paid and will end when its duration expires. -3. Choose a new way to pay from the list or select **Add a new way to pay** and follow the instructions. \ No newline at end of file +3. Choose a new way to pay from the list or select **Add a new way to pay** and follow the instructions. diff --git a/education/get-started/set-up-office365-edu-tenant.md b/education/get-started/set-up-office365-edu-tenant.md index 82ee6a90cd..01a5f5b4a9 100644 --- a/education/get-started/set-up-office365-edu-tenant.md +++ b/education/get-started/set-up-office365-edu-tenant.md @@ -3,7 +3,6 @@ title: Set up an Office 365 Education tenant description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices. keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.topic: get-started diff --git a/education/get-started/set-up-windows-10-education-devices.md b/education/get-started/set-up-windows-10-education-devices.md index 5b79384b77..a62a0e282d 100644 --- a/education/get-started/set-up-windows-10-education-devices.md +++ b/education/get-started/set-up-windows-10-education-devices.md @@ -3,7 +3,6 @@ title: Set up Windows 10 education devices description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices. keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.topic: get-started diff --git a/education/get-started/set-up-windows-education-devices.md b/education/get-started/set-up-windows-education-devices.md index ba8630edd9..e1f8ef557e 100644 --- a/education/get-started/set-up-windows-education-devices.md +++ b/education/get-started/set-up-windows-education-devices.md @@ -3,7 +3,6 @@ title: Set up Windows 10 devices using Windows OOBE description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices. keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.topic: get-started diff --git a/education/get-started/use-intune-for-education.md b/education/get-started/use-intune-for-education.md index baef903733..d1ab32cfa9 100644 --- a/education/get-started/use-intune-for-education.md +++ b/education/get-started/use-intune-for-education.md @@ -3,7 +3,6 @@ title: Use Intune for Education to manage groups, apps, and settings description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices. keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.topic: get-started diff --git a/education/get-started/use-school-data-sync.md b/education/get-started/use-school-data-sync.md index f880134137..f2bcfb50f9 100644 --- a/education/get-started/use-school-data-sync.md +++ b/education/get-started/use-school-data-sync.md @@ -3,7 +3,6 @@ title: Use School Data Sync to import student data description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices. keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.topic: get-started diff --git a/education/images/M365-education.svg b/education/images/M365-education.svg index 7f83629296..9591f90f68 100644 --- a/education/images/M365-education.svg +++ b/education/images/M365-education.svg @@ -1,4 +1,4 @@ - +
@@ -25,13 +26,13 @@ ms.date: 10/30/2017
  • - +
    - +
    @@ -50,7 +51,7 @@ ms.date: 10/30/2017
    - +
    @@ -71,7 +72,7 @@ ms.date: 10/30/2017
    - +
    @@ -125,245 +126,6 @@ ms.date: 10/30/2017
    • -
  • - Teachers - -
    • -
  • - Students - -
  • Developer
      diff --git a/education/trial-in-a-box/educator-tib-get-started.md b/education/trial-in-a-box/educator-tib-get-started.md index b9fffc43b3..0861f90f74 100644 --- a/education/trial-in-a-box/educator-tib-get-started.md +++ b/education/trial-in-a-box/educator-tib-get-started.md @@ -1,9 +1,8 @@ --- title: Educator Trial in a Box Guide -description: Need help or have a question about using Microsoft Education? Start here. +description: Need help or have a question about using Microsoft Education? Start here. keywords: support, troubleshooting, education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, Microsoft Store for Education, Set up School PCs ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.topic: article @@ -28,8 +27,8 @@ ms.date: 03/18/2018 | [![Launch Microsoft Teams](images/edu-TIB-setp-3-v3.png)](#edu-task3) | **Looking to foster collaboration, communication, and critical thinking in the classroom?**
      Launch [Microsoft Teams](#edu-task3) and learn how to set up digital classroom discussions, respond to student questions, and organize class content. | | [![Open OneNote](images/edu-TIB-setp-4-v3.png)](#edu-task4) | **Trying to expand classroom creativity and interaction between students?**
      Open [OneNote](#edu-task4) and create an example group project for your class. | | [![Try Photos app](images/edu-tib-setp-5-v4.png)](#edu-task5) | **Curious about telling stories through video?**
      Try the [Photos app](#edu-task5) to make your own example video. | -| [![Play with Minecraft: Education Edition](images/edu-tib-setp-6-v4.png)](#edu-task6) | **Want to teach kids to further collaborate and problem solve?**
      Play with [Minecraft: Education Edition](#edu-task6) to see how it can be used as a collaborative and versatile platform across subjects to encourage 21st century skills. | -| [![Do Math with Windows Ink](images/edu-tib-setp-7-v1.png)](#edu-task7) | **Want to provide a personal math tutor for your students?**
      Use [Windows Ink and the Math Assistant feature](#edu-task7) in OneNote to give students step-by-step instructions and interactive 2D graphs for math problems. | +| [![Play with Minecraft: Education Edition](images/edu-tib-setp-6-v4.png)](#edu-task6) | **Want to teach kids to further collaborate and problem solve?**
      Play with [Minecraft: Education Edition](#edu-task6) to see how it can be used as a collaborative and versatile platform across subjects to encourage 21st century skills. | +| [![Do Math with Windows Ink](images/edu-tib-setp-7-v1.png)](#edu-task7) | **Want to provide a personal math tutor for your students?**
      Use [Windows Ink and the Math Assistant feature](#edu-task7) in OneNote to give students step-by-step instructions and interactive 2D graphs for math problems. | | | |
      @@ -40,21 +39,21 @@ ms.date: 03/18/2018
      -![Log in to Device A and connect to the school network](images/edu-TIB-setp-1-jump.png) +![Log in to Device A and connect to the school network](images/edu-TIB-setp-1-jump.png) ## 1. Log in and connect to the school network To try out the educator tasks, start by logging in as a teacher. 1. Turn on **Device A** and ensure you plug in the PC to an electrical outlet. 2. Connect **Device A** to your school's Wi-Fi network or connect with a local Ethernet connection using the Ethernet adapter included in this kit. >**Note**: If your Wi-Fi network requires a web browser login page to connect to the Internet, connect using the Ethernet port. If your Wi-Fi network has additional restrictions that will prevent the device from connecting to the internet without registration, consider connecting **Device A** to a different network. - + 3. Log in to **Device A** using the **Teacher Username** and **Teacher Password** included in the **Credentials Sheet** located in your kit.

      -![Improve student reading speed and comprehension](images/edu-TIB-setp-2-jump.png) +![Improve student reading speed and comprehension](images/edu-TIB-setp-2-jump.png) ## 2. Significantly improve student reading speed and comprehension > [!VIDEO https://www.youtube.com/embed/GCzSAslq_2Y] @@ -65,7 +64,7 @@ To try out the educator tasks, start by logging in as a teacher. Learning Tools and the Immersive Reader can be used in the Microsoft Edge browser, Microsoft Word, and Microsoft OneNote to: * Increase fluency for English language learners * Build confidence for emerging readers -* Provide text decoding solutions for students with learning differences such as dyslexia +* Provide text decoding solutions for students with learning differences such as dyslexia **Try this!** @@ -75,7 +74,7 @@ Learning Tools and the Immersive Reader can be used in the Microsoft Edge browse 3. Select the **View** menu. -4. Select the **Immersive Reader** button. +4. Select the **Immersive Reader** button. ![Word Online's Immersive Reader](images/word_online_immersive_reader.png) @@ -92,7 +91,7 @@ Learning Tools and the Immersive Reader can be used in the Microsoft Edge browse -![Spark communication, critical thinking, and creativity with Microsoft Teams](images/edu-TIB-setp-3-jump.png) +![Spark communication, critical thinking, and creativity with Microsoft Teams](images/edu-TIB-setp-3-jump.png) ## 3. Spark communication, critical thinking, and creativity in the classroom > [!VIDEO https://www.youtube.com/embed/riQr4Dqb8B8] @@ -100,7 +99,7 @@ Learning Tools and the Immersive Reader can be used in the Microsoft Edge browse
      -Microsoft Teams is a digital hub that brings conversations, content, and apps together in one place. This guided tour walks you through the essential teaching features of the app. Then, through interactive prompts, experience how you can use this tool in your own classroom to spark digital classroom discussions, respond to student questions, organize content, and more! +Microsoft Teams is a digital hub that brings conversations, content, and apps together in one place. This guided tour walks you through the essential teaching features of the app. Then, through interactive prompts, experience how you can use this tool in your own classroom to spark digital classroom discussions, respond to student questions, organize content, and more! Take a guided tour of Microsoft Teams and test drive this digital hub. @@ -113,7 +112,7 @@ Take a guided tour of Microsoft Teams and test drive this digital hub.

      -![Expand classroom collaboration and interaction with OneNote](images/edu-TIB-setp-4-jump.png) +![Expand classroom collaboration and interaction with OneNote](images/edu-TIB-setp-4-jump.png) ## 4. Expand classroom collaboration and interaction between students > [!VIDEO https://www.youtube.com/embed/dzDSWMb_fIE] @@ -125,7 +124,7 @@ Microsoft OneNote organizes curriculum and lesson plans for teachers and student **Try this!** See how a group project comes together with opportunities to interact with other students and collaborate with peers. This one works best with the digital pen, included with your Trial in a Box. -When you're not using the pen, just use the magnet to stick it to the left side of the screen until you need it again. +When you're not using the pen, just use the magnet to stick it to the left side of the screen until you need it again. 1. On the **Start** menu, click the OneNote shortcut named **Imagine Giza** to open the **Reimagine the Great Pyramid of Giza project**. @@ -136,12 +135,12 @@ When you're not using the pen, just use the magnet to stick it to the left side ![OneNote Draw tab](images/onenote_draw.png) - - Type anywhere on the page! Just click your cursor where you want to place text. - - Use the checkmark in the **Home** tab to keep track of completed tasks. + - Type anywhere on the page! Just click your cursor where you want to place text. + - Use the checkmark in the **Home** tab to keep track of completed tasks. ![OneNote To Do Tag](images/onenote_checkmark.png) - - To find information without leaving OneNote, use the Researcher tool found under the Insert tab. + - To find information without leaving OneNote, use the Researcher tool found under the Insert tab. ![OneNote Researcher](images/onenote_researcher.png) @@ -160,18 +159,18 @@ The Photos app now has a built-in video editor, making it easy for you and your **Try this!** Use video to create a project summary. -1. Check you have the latest version of Microsoft Photos. Open the **Start** menu and search for **Store**. Select the **See more** button (**…**) and select **Downloads and updates**. Select **Get updates**. +1. Check you have the latest version of Microsoft Photos. Open the **Start** menu and search for **Store**. Select the **See more** button (**…**) and select **Downloads and updates**. Select **Get updates**. -2. Open Microsoft Edge and visit http://aka.ms/PhotosTIB to download a zip file of the project media. +2. Open Microsoft Edge and visit https://aka.ms/PhotosTIB to download a zip file of the project media. -3. Once the download has completed, open the zip file and select **Extract** > **Extract all**. Select **Browse** and choose the **Pictures** folder as the destination, and then select **Extract**. +3. Once the download has completed, open the zip file and select **Extract** > **Extract all**. Select **Browse** and choose the **Pictures** folder as the destination, and then select **Extract**. -4. In the **Start** menu, search for **Photos** or select the Photos tile to launch the app. +4. In the **Start** menu, search for **Photos** or select the Photos tile to launch the app. 5. Select the first video to preview it full screen. Select **Edit & Create**, then select **Create a video with text**. - 1. If you don't see the **Edit & Create** menu, select the video and the menu will appear at the top of the screen. + 1. If you don't see the **Edit & Create** menu, select the video and the menu will appear at the top of the screen. -6. Name your project “Laser Maze Project.” Hit Enter to continue. +6. Name your project “Laser Maze Project.” Hit Enter to continue. 7. Select **Add photos and videos** and then **From my collection**. Scroll to select the 6 additional videos and select **Add**. @@ -179,12 +178,12 @@ Use video to create a project summary. ![Photos app layout showing videos added in previous steps](images/photo_app_1.png) -9. Select the first card in the Storyboard (the video of the project materials) and select **Text**, type a title in, a text style, a layout, and select **Done**. +9. Select the first card in the Storyboard (the video of the project materials) and select **Text**, type a title in, a text style, a layout, and select **Done**. -10. Select the third card in the Storyboard (the video of the children assembling the maze) and select **Trim**. Drag the trim handle on the left to shorten the duration of the clip and select **Done**. +10. Select the third card in the Storyboard (the video of the children assembling the maze) and select **Trim**. Drag the trim handle on the left to shorten the duration of the clip and select **Done**. 11. Select the last card on the Storyboard and select **3D effects**. - 1. Position the playback indicator to be roughly 1 second into the video clip, or when the boy moves down to examine the laser. + 1. Position the playback indicator to be roughly 1 second into the video clip, or when the boy moves down to examine the laser. 2. Find the **lightning bolt** effect and click or drag to add it to the scene. Rotate, scale, and position the effect so it looks like the lightning is coming out of the laser beam and hitting the black back of the mirror. 3. Position the blue anchor over the end of the laser pointer in the video and toggle on **Attach to a point** for the lightning bolt effect to anchor the effect in the scene. 4. Play back your effect. @@ -196,30 +195,30 @@ Use video to create a project summary. 1. The music will update automatically to match the length of your video project, even as you make changes. 2. If you don’t see more than a few music options, confirm that you’re connected to Wi-Fi and then close and re-open Microsoft Photos (returning to your project via the **Albums** tab). Additional music files should download in the background. -13. You can adjust the volume for the background music using the **Music volume** button. +13. You can adjust the volume for the background music using the **Music volume** button. 14. Preview your video to see how it all came together. -15. Select **Export or share** and select either the **Small** or **Medium** file size. You can share your video to social media, email, or another apps. +15. Select **Export or share** and select either the **Small** or **Medium** file size. You can share your video to social media, email, or another apps. Check out this use case video of the Photos team partnering with the Bureau Of Fearless Ideas in Seattle to bring the Photos app to local middle school students: https://www.youtube.com/watch?v=0dFFAu6XwPg


      -![Further collaborate and problem solve with Minecraft: Education Edition](images/edu-TIB-setp-5-jump.png) +![Further collaborate and problem solve with Minecraft: Education Edition](images/edu-TIB-setp-5-jump.png) ## 6. Get kids to further collaborate and problem solve > [!VIDEO https://www.youtube.com/embed/QI_bRNUugog]
      -Minecraft: Education Edition provides an immersive environment to develop creativity, collaboration, and problem-solving in an immersive environment where the only limit is your imagination. +Minecraft: Education Edition provides an immersive environment to develop creativity, collaboration, and problem-solving in an immersive environment where the only limit is your imagination. **Try this!** Today, we'll explore a Minecraft world through the eyes of a student. -1. Connect the included mouse to your computer for optimal interaction. +1. Connect the included mouse to your computer for optimal interaction. 2. Open Microsoft Edge and visit https://aka.ms/lessonhub. @@ -242,7 +241,7 @@ Today, we'll explore a Minecraft world through the eyes of a student. * **A** moves left. * **S** moves right. * **D** moves backward. - + 10. Use your mouse as your "eyes". Just move it to look around. 11. For a bird's eye view, double-tap the SPACE BAR. Now press the SPACE BAR to fly higher. And then hold the SHIFT key to safely land. @@ -265,7 +264,7 @@ Today, we'll explore a Minecraft world through the eyes of a student.

      -![Help students understand new math concepts with the Math Assistant in OneNote](images/Inking.png) +![Help students understand new math concepts with the Math Assistant in OneNote](images/Inking.png) ## 7. Use Windows Ink to provide a personal math tutor for your students The **Math Assistant** and **Ink Replay** features available in the OneNote app for Windows 10 and OneNote Online give your students step-by-step instructions on how to solve their math problems and help them visualize math functions on an interactive 2D graph. @@ -284,7 +283,7 @@ To get started: ![Select add page button](images/plus-page.png) -4. Make sure your pen is paired to the device. To pair, see Connect to Bluetooth devices. +4. Make sure your pen is paired to the device. To pair, see Connect to Bluetooth devices. To solve the equation 3x+4=7, follow these instructions: 1. Write the equation 3x+4=7 in ink using the pen or type it in as text. @@ -293,7 +292,7 @@ To solve the equation 3x+4=7, follow these instructions: ![Lasso button](images/lasso.png) -3. On the **Draw** tab, click the **Math** button. +3. On the **Draw** tab, click the **Math** button. ![Math button](images/math-button.png) @@ -312,7 +311,7 @@ To graph the equation 3x+4=7, follow these instructions: ![Graph both sides in 2D](images/graph-for-x.png) -2. Click the **Insert on Page** button below the graph to add a screenshot of the graph to your page. +2. Click the **Insert on Page** button below the graph to add a screenshot of the graph to your page.

      @@ -327,13 +326,13 @@ Bring out the best in students by providing a platform for collaborating, explor ## Update your apps -Microsoft Education works hard to bring you the most current Trial in a Box program experience. As a result, you may need to update your apps to get our latest innovations. +Microsoft Education works hard to bring you the most current Trial in a Box program experience. As a result, you may need to update your apps to get our latest innovations. For more information about checking for updates, and how to optionally turn on automatic app updates, see the following articles: -- [Check updates for apps and games from Microsoft Store](https://support.microsoft.com/en-us/help/4026259/microsoft-store-check-updates-for-apps-and-games) +- [Check updates for apps and games from Microsoft Store](https://support.microsoft.com/help/4026259/microsoft-store-check-updates-for-apps-and-games) -- [Turn on automatic app updates](https://support.microsoft.com/en-us/help/15081/windows-turn-on-automatic-app-updates) +- [Turn on automatic app updates](https://support.microsoft.com/help/15081/windows-turn-on-automatic-app-updates) ## Get more info * Learn more at microsoft.com/education diff --git a/education/trial-in-a-box/images/it-admin1.svg b/education/trial-in-a-box/images/it-admin1.svg index f69dc4d324..695337f601 100644 --- a/education/trial-in-a-box/images/it-admin1.svg +++ b/education/trial-in-a-box/images/it-admin1.svg @@ -1,8 +1,8 @@ - + - diff --git a/education/trial-in-a-box/images/student1.svg b/education/trial-in-a-box/images/student1.svg index 832a1214ae..25c267bae9 100644 --- a/education/trial-in-a-box/images/student1.svg +++ b/education/trial-in-a-box/images/student1.svg @@ -1,8 +1,8 @@ - + - diff --git a/education/trial-in-a-box/images/student2.svg b/education/trial-in-a-box/images/student2.svg index 6566eab49b..5d473d1baf 100644 --- a/education/trial-in-a-box/images/student2.svg +++ b/education/trial-in-a-box/images/student2.svg @@ -1,8 +1,8 @@ - + - diff --git a/education/trial-in-a-box/images/teacher1.svg b/education/trial-in-a-box/images/teacher1.svg index 7db5c7dd32..00feb1e22a 100644 --- a/education/trial-in-a-box/images/teacher1.svg +++ b/education/trial-in-a-box/images/teacher1.svg @@ -1,8 +1,8 @@ - + - diff --git a/education/trial-in-a-box/images/teacher2.svg b/education/trial-in-a-box/images/teacher2.svg index e4f1cd4b74..592c516120 100644 --- a/education/trial-in-a-box/images/teacher2.svg +++ b/education/trial-in-a-box/images/teacher2.svg @@ -1,8 +1,8 @@ - + - diff --git a/education/trial-in-a-box/index.md b/education/trial-in-a-box/index.md index 4a891bb989..c91f1c0264 100644 --- a/education/trial-in-a-box/index.md +++ b/education/trial-in-a-box/index.md @@ -3,7 +3,6 @@ title: Microsoft Education Trial in a Box description: For IT admins, educators, and students, discover what you can do with Microsoft 365 Education. Try it out with our Trial in a Box program. keywords: education, Microsoft 365 Education, trial, full cloud IT solution, school, deploy, setup, IT admin, educator, student, explore, Trial in a Box ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.topic: article diff --git a/education/trial-in-a-box/itadmin-tib-get-started.md b/education/trial-in-a-box/itadmin-tib-get-started.md index 4e15edb03d..49d37afbff 100644 --- a/education/trial-in-a-box/itadmin-tib-get-started.md +++ b/education/trial-in-a-box/itadmin-tib-get-started.md @@ -3,7 +3,6 @@ title: IT Admin Trial in a Box Guide description: Try out Microsoft 365 Education to implement a full cloud infrastructure for your school, manage devices and apps, and configure and deploy policies to your Windows 10 devices. keywords: education, Microsoft 365 Education, trial, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, Microsoft Store for Education ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.topic: get-started @@ -59,7 +58,7 @@ To try out the IT admin tasks, start by logging in as an IT admin. ## 2. Configure Device B with Set up School PCs Now you're ready to learn how to configure a brand new device. You will start on **Device A** by downloading and running the Set up School PCs app. Then, you will configure **Device B**. -If you've previously used Set up School PCs to provision student devices, you can follow the instructions in this section to quickly configure **Device B**. Otherwise, we recommend you follow the instructions in [Use the Set up School PCs app](https://docs.microsoft.com/en-us/education/windows/use-set-up-school-pcs-app) for more detailed information, including tips for successfully running Set up School PCs. +If you've previously used Set up School PCs to provision student devices, you can follow the instructions in this section to quickly configure **Device B**. Otherwise, we recommend you follow the instructions in [Use the Set up School PCs app](https://docs.microsoft.com/education/windows/use-set-up-school-pcs-app) for more detailed information, including tips for successfully running Set up School PCs. ### Download, install, and get ready @@ -102,7 +101,7 @@ If you've previously used Set up School PCs to provision student devices, you ca - Set up School PCs will change some account management logic so that it sets the expiration time for an account to 180 days (without requiring sign-in). - This setting also increases the maximum storage to 100% of the available disk space. This prevents the student's account from being erased if the student stores a lot of files or data or if the student doesn't use the PC over a prolonged period. - **Let guests sign-in to these PCs** allows guests to use student PCs without a school account. If you select this option, a **Guest** account button will be added in the PC's sign-in screen to allow anyone to use the PC. - - **Enable Windows 10 Autopilot Reset** enables IT admins to quickly remove personal files, apps, and settings, and reset Windows 10 devices from the lock screen any time and apply original settings and management enrollment the student PC is returned to a fully configured or known approved state. For more info, see [Autopilot Reset](https://docs.microsoft.com/en-us/education/windows/autopilot-reset). + - **Enable Windows 10 Autopilot Reset** enables IT admins to quickly remove personal files, apps, and settings, and reset Windows 10 devices from the lock screen any time and apply original settings and management enrollment the student PC is returned to a fully configured or known approved state. For more info, see [Autopilot Reset](https://docs.microsoft.com/education/windows/autopilot-reset). - **Lock screen background** shows the default backgroudn used for student PCs provisioned by Set up School PCs. Select **Browse** to change the default. 7. **Set up the Take a Test app** configures the device for taking quizzes and high-stakes assessments by some providers like Smarter Balanced. Windows will lock down the student PC so that students can't access anything else while taking the test. @@ -245,7 +244,7 @@ Update settings for all devices in your tenant by adding the **Documents** and * ## Verify correct device setup and other IT admin tasks Follow these instructions to confirm if you configured your tenant correctly and the right apps and settings were applied to all users or devices on your tenant: -* [Verify correct device setup](https://docs.microsoft.com/en-us/education/get-started/finish-setup-and-other-tasks#verify-correct-device-setup) +* [Verify correct device setup](https://docs.microsoft.com/education/get-started/finish-setup-and-other-tasks#verify-correct-device-setup) 1. Confirm that the apps you bought from the Microsoft Store for Education appear in the Windows Start screen's **Recently added** section. @@ -255,13 +254,13 @@ Follow these instructions to confirm if you configured your tenant correctly and 2. Confirm that the folders you added, if you chose to customize the Windows interface from Intune for Education, appear in the Start menu. 3. If you added **Office 365 for Windows 10 S (Education Preview)** to the package and provisioned **Device B** with it, you need to click on one of the Office apps in the **Start** menu to complete app registration. -* [Verify the device is Azure AD joined](https://docs.microsoft.com/en-us/education/get-started/finish-setup-and-other-tasks#verify-the-device-is-azure-ad-joined) - Confirm that your devices are being managed in Intune for Education. -* [Add more users](https://docs.microsoft.com/en-us/education/get-started/finish-setup-and-other-tasks#add-more-users) - Go to the Office 365 admin center to add more users. +* [Verify the device is Azure AD joined](https://docs.microsoft.com/education/get-started/finish-setup-and-other-tasks#verify-the-device-is-azure-ad-joined) - Confirm that your devices are being managed in Intune for Education. +* [Add more users](https://docs.microsoft.com/education/get-started/finish-setup-and-other-tasks#add-more-users) - Go to the Office 365 admin center to add more users. * Get app updates (including updates for Office 365 for Windows 10 S) 1. Open the **Start** menu and go to the **Microsoft Store**. 2. From the **Microsoft Store**, click **...** (See more) and select **Downloads and updates**. 3. In the **Downloads and updates** page, click **Get updates**. -* [Try the BYOD scenario](https://docs.microsoft.com/en-us/education/get-started/finish-setup-and-other-tasks#connect-other-devices-to-your-cloud-infrastructure) +* [Try the BYOD scenario](https://docs.microsoft.com/education/get-started/finish-setup-and-other-tasks#connect-other-devices-to-your-cloud-infrastructure) ## Update your apps @@ -269,9 +268,9 @@ Microsoft Education works hard to bring you the most current Trial in a Box prog For more information about checking for updates, and how to optionally turn on automatic app updates, see the following articles: -- [Check updates for apps and games from Microsoft Store](https://support.microsoft.com/en-us/help/4026259/microsoft-store-check-updates-for-apps-and-games) +- [Check updates for apps and games from Microsoft Store](https://support.microsoft.com/help/4026259/microsoft-store-check-updates-for-apps-and-games) -- [Turn on automatic app updates](https://support.microsoft.com/en-us/help/15081/windows-turn-on-automatic-app-updates) +- [Turn on automatic app updates](https://support.microsoft.com/help/15081/windows-turn-on-automatic-app-updates) ## Get more info diff --git a/education/trial-in-a-box/support-options.md b/education/trial-in-a-box/support-options.md index 20bca6a920..cc82641391 100644 --- a/education/trial-in-a-box/support-options.md +++ b/education/trial-in-a-box/support-options.md @@ -3,7 +3,6 @@ title: Microsoft Education Trial in a Box Support description: Need help or have a question about using Microsoft Education Trial in a Box? Start here. keywords: support, troubleshooting, education, Microsoft 365 Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, Microsoft Store for Education, Set up School PCs ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.topic: article @@ -24,9 +23,9 @@ Microsoft Education works hard to bring you the most current Trial in a Box prog For more information about checking for updates, and how to optionally turn on automatic app updates, see the following articles: -- [Check updates for apps and games from Microsoft Store](https://support.microsoft.com/en-us/help/4026259/microsoft-store-check-updates-for-apps-and-games) +- [Check updates for apps and games from Microsoft Store](https://support.microsoft.com/help/4026259/microsoft-store-check-updates-for-apps-and-games) -- [Turn on automatic app updates](https://support.microsoft.com/en-us/help/15081/windows-turn-on-automatic-app-updates) +- [Turn on automatic app updates](https://support.microsoft.com/help/15081/windows-turn-on-automatic-app-updates) ## 2. Confirm your admin contact information is current diff --git a/education/windows/TOC.md b/education/windows/TOC.md index ca73e87080..1729553e5c 100644 --- a/education/windows/TOC.md +++ b/education/windows/TOC.md @@ -3,7 +3,11 @@ ## [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md) ## [Deployment recommendations for school IT administrators](edu-deployment-recommendations.md) ## [Set up Windows devices for education](set-up-windows-10.md) +### [What's new in Set up School PCs](set-up-school-pcs-whats-new.md) ### [Technical reference for the Set up School PCs app](set-up-school-pcs-technical.md) +#### [Azure AD Join for school PCs](set-up-school-pcs-azure-ad-join.md) +#### [Shared PC mode for school devices](set-up-school-pcs-shared-pc-mode.md) +#### [Provisioning package settings](set-up-school-pcs-provisioning-package.md) ### [Use the Set up School PCs app ](use-set-up-school-pcs-app.md) ### [Set up student PCs to join domain](set-up-students-pcs-to-join-domain.md) ### [Provision student PCs with apps](set-up-students-pcs-with-apps.md) @@ -18,6 +22,7 @@ ### [For IT administrators: get Minecraft Education Edition](school-get-minecraft.md) ### [Get Minecraft: Education Edition with Windows 10 device promotion](get-minecraft-device-promotion.md) ## [Test Windows 10 in S mode on existing Windows 10 education devices](test-windows10s-for-edu.md) +## [Enable Windows 10 in S mode on Surface Go devices](enable-s-mode-on-surface-go-devices.md) ## [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md) ## [Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md) ## [Switch to Windows 10 Pro Education in S mode from Windows 10 Pro in S mode](s-mode-switch-to-edu.md) diff --git a/education/windows/autopilot-reset.md b/education/windows/autopilot-reset.md index 8a5441c5cc..3ab4c50a66 100644 --- a/education/windows/autopilot-reset.md +++ b/education/windows/autopilot-reset.md @@ -3,7 +3,6 @@ title: Reset devices with Autopilot Reset description: Gives an overview of Autopilot Reset and how you can enable and use it in your schools. keywords: Autopilot Reset, Windows 10, education ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: edu diff --git a/education/windows/change-history-edu.md b/education/windows/change-history-edu.md index c14ad21e17..4185c9baae 100644 --- a/education/windows/change-history-edu.md +++ b/education/windows/change-history-edu.md @@ -3,7 +3,6 @@ title: Change history for Windows 10 for Education (Windows 10) description: New and changed topics in Windows 10 for Education keywords: Windows 10 education documentation, change history ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: edu @@ -143,5 +142,5 @@ The topics in this library have been updated for Windows 10, version 1607 (also | [Use the Set up School PCs app (Preview)](use-set-up-school-pcs-app.md) | New. Learn how the Set up School PCs app works and how to use it. | | [Set up School PCs app technical reference (Preview)](set-up-school-pcs-technical.md) | New. Describes the changes that the Set up School PCs app makes to a PC. | | [Take tests in Windows 10 (Preview)](take-tests-in-windows-10.md)
      [Set up Take a Test on a single PC (Preview)](take-a-test-single-pc.md)
      [Set up Take a Test on multiple PCs (Preview)](take-a-test-multiple-pcs.md)
      [Take a Test app technical reference (Preview)](take-a-test-app-technical.md) | New. Learn how to set up and use the Take a Test app. | -| [Chromebook migration guide](chromebook-migration-guide.md) | Moved from [Windows 10 and Windows 10 Mobile](https://technet.microsoft.com/en-us/itpro/windows/plan/index) library, originally published in November 2015 | -| [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md) | Moved from [Windows 10 and Windows 10 Mobile](https://technet.microsoft.com/en-us/itpro/windows/plan/index) library, originally published in May 2016 | +| [Chromebook migration guide](chromebook-migration-guide.md) | Moved from [Windows 10 and Windows 10 Mobile](https://technet.microsoft.com/itpro/windows/plan/index) library, originally published in November 2015 | +| [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md) | Moved from [Windows 10 and Windows 10 Mobile](https://technet.microsoft.com/itpro/windows/plan/index) library, originally published in May 2016 | diff --git a/education/windows/change-to-pro-education.md b/education/windows/change-to-pro-education.md index 5a4b583f7b..58dcd89d1e 100644 --- a/education/windows/change-to-pro-education.md +++ b/education/windows/change-to-pro-education.md @@ -3,13 +3,12 @@ title: Change to Windows 10 Education from Windows 10 Pro description: Learn how IT Pros can opt into changing to Windows 10 Pro Education from Windows 10 Pro. keywords: change, free change, Windows 10 Pro to Windows 10 Pro Education, Windows 10 Pro to Windows 10 Pro Education, education customers, Windows 10 Pro Education, Windows 10 Pro ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: edu ms.localizationpriority: medium author: MikeBlodge -ms.author: MikeBlodge +ms.author: jaimeo ms.date: 04/30/2018 --- @@ -17,7 +16,7 @@ ms.date: 04/30/2018 Windows 10 Pro Education is a new offering in Windows 10, version 1607. This edition builds on the commercial version of Windows 10 Pro and provides important management controls needed in schools by providing education-specific default settings. If you have an education tenant and use devices with Windows 10 Pro, global administrators can opt-in to a free change to Windows 10 Pro Education depending on your scenario. -- [Switch to Windows 10 Pro Education in S mode from Windows 10 Pro in S mode](https://docs.microsoft.com/en-us/education/windows/s-mode-switch-to-edu) +- [Switch to Windows 10 Pro Education in S mode from Windows 10 Pro in S mode](https://docs.microsoft.com/education/windows/s-mode-switch-to-edu) To take advantage of this offering, make sure you meet the [requirements for changing](#requirements-for-changing). For academic customers who are eligible to change to Windows 10 Pro Education, but are unable to use the above methods, contact Microsoft Support for assistance. @@ -78,7 +77,7 @@ You can use Windows Configuration Designer to create a provisioning package that 3. Complete the rest of the process for creating a provisioning package and then apply the package to the devices you want to change to Windows 10 Pro Education. - For more information about using Windows Configuration Designer, see [Set up student PCs to join domain](https://technet.microsoft.com/en-us/edu/windows/set-up-students-pcs-to-join-domain). + For more information about using Windows Configuration Designer, see [Set up student PCs to join domain](https://technet.microsoft.com/edu/windows/set-up-students-pcs-to-join-domain). ### Change using the Activation page @@ -303,7 +302,7 @@ You need to synchronize these identities so that users will have a *single ident ![Illustration of Azure Active Directory Connect](images/windows-ad-connect.png) For more information about integrating on-premises AD DS domains with Azure AD, see these resources: -- [Integrating your on-premises identities with Azure Active Directory](https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect/) +- [Integrating your on-premises identities with Azure Active Directory](https://azure.microsoft.com/documentation/articles/active-directory-aadconnect/) - [Azure AD + Domain Join + Windows 10](https://blogs.technet.microsoft.com/enterprisemobility/2016/02/17/azure-ad-domain-join-windows-10/) ## Related topics diff --git a/education/windows/chromebook-migration-guide.md b/education/windows/chromebook-migration-guide.md index 5ca42d662f..e981deb743 100644 --- a/education/windows/chromebook-migration-guide.md +++ b/education/windows/chromebook-migration-guide.md @@ -4,7 +4,6 @@ description: In this guide you will learn how to migrate a Google Chromebook-bas ms.assetid: 7A1FA48A-C44A-4F59-B895-86D4D77F8BEA keywords: migrate, automate, device, Chromebook migration ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: plan ms.sitesec: library ms.pagetype: edu, devices diff --git a/education/windows/configure-windows-for-education.md b/education/windows/configure-windows-for-education.md index 073496a0bb..9d1acc0a3c 100644 --- a/education/windows/configure-windows-for-education.md +++ b/education/windows/configure-windows-for-education.md @@ -5,7 +5,6 @@ keywords: Windows 10 deployment, recommendations, privacy settings, school, educ ms.mktglfcycl: plan ms.sitesec: library ms.prod: w10 -ms.technology: Windows ms.pagetype: edu ms.localizationpriority: medium author: CelesteDG @@ -19,7 +18,7 @@ ms.date: 08/31/2017 - Windows 10 -Privacy is important to us, we want to provide you with ways to customize the OS diagnostic data, consumer experiences, Cortana, search, as well as some of the preinstalled apps, for usage with [education editions of Windows 10](windows-editions-for-education-customers.md) in education environments. These features work on all Windows 10 editions, but education editions of Windows 10 have the settings preconfigured. We recommend that all Windows 10 devices in an education setting be configured with **[SetEduPolicies](https://docs.microsoft.com/en-us/education/windows/configure-windows-for-education#setedupolicies)** enabled. See the following table for more information. To learn more about Microsoft's commitment to privacy, see [Windows 10 and privacy](https://go.microsoft.com/fwlink/?LinkId=809305). +Privacy is important to us, we want to provide you with ways to customize the OS diagnostic data, consumer experiences, Cortana, search, as well as some of the preinstalled apps, for usage with [education editions of Windows 10](windows-editions-for-education-customers.md) in education environments. These features work on all Windows 10 editions, but education editions of Windows 10 have the settings preconfigured. We recommend that all Windows 10 devices in an education setting be configured with **[SetEduPolicies](https://docs.microsoft.com/education/windows/configure-windows-for-education#setedupolicies)** enabled. See the following table for more information. To learn more about Microsoft's commitment to privacy, see [Windows 10 and privacy](https://go.microsoft.com/fwlink/?LinkId=809305). We want all students to have the chance to use the apps they need for success in the classroom and all school personnel to have apps they need for their job. Students and school personnel who use assistive technology apps not available in the Microsoft Store for Education, and use devices running Windows 10 S, will be able to configure the device at no additional charge to Windows 10 Pro Education. To learn more about the steps to configure this, see [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md). @@ -27,12 +26,12 @@ In Windows 10, version 1703 (Creators Update), it is straightforward to configur | Area | How to configure | What this does | Windows 10 Education | Windows 10 Pro Education | Windows 10 S | | --- | --- | --- | --- | --- | --- | -| **Diagnostic Data** | **AllowTelemetry** | Sets Diagnostic Data to [Basic](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-telemetry-in-your-organization) | This is already set | This is already set | The policy must be set | +| **Diagnostic Data** | **AllowTelemetry** | Sets Diagnostic Data to [Basic](https://docs.microsoft.com/windows/configuration/configure-windows-telemetry-in-your-organization) | This is already set | This is already set | The policy must be set | | **Microsoft consumer experiences** | **SetEduPolicies** | Disables suggested content from Windows such as app recommendations | This is already set | This is already set | The policy must be set | | **Cortana** | **AllowCortana** | Disables Cortana

      * Cortana is enabled by default on all editions in Windows 10, version 1703 | If using Windows 10 Education, upgrading from Windows 10, version 1607 to Windows 10, version 1703 will enable Cortana.

      See the [Recommended configuration](#recommended-configuration) section below for recommended Cortana settings. | If using Windows 10 Pro Education, upgrading from Windows 10, version 1607 to Windows 10, version 1703 will enable Cortana.

      See the [Recommended configuration](#recommended-configuration) section below for recommended Cortana settings. | See the [Recommended configuration](#recommended-configuration) section below for recommended Cortana settings. | | **Safe search** | **SetEduPolicies** | Locks Bing safe search to Strict in Microsoft Edge | This is already set | This is already set | The policy must be set | | **Bing search advertising** | Ad free search with Bing | Disables ads when searching the internet with Bing in Microsoft Edge | Depending on your specific requirements, there are different ways to configure this as detailed in [Ad-free search with Bing](#ad-free-search-with-bing) | Depending on your specific requirements, there are different ways to configure this as detailed in [Ad-free search with Bing](#ad-free-search-with-bing) | Depending on your specific requirements, there are different ways to configure this as detailed in [Ad-free search with Bing](#ad-free-search-with-bing) | -| **Apps** | **SetEduPolicies** | Preinstalled apps like Microsoft Edge, Movies & TV, Groove, and Skype become education ready

      * Any app can detect Windows is running in an education ready configuration through [IsEducationEnvironment](https://docs.microsoft.com/en-us/uwp/api/windows.system.profile.educationsettings) | This is already set | This is already set | The policy must be set | +| **Apps** | **SetEduPolicies** | Preinstalled apps like Microsoft Edge, Movies & TV, Groove, and Skype become education ready

      * Any app can detect Windows is running in an education ready configuration through [IsEducationEnvironment](https://docs.microsoft.com/uwp/api/windows.system.profile.educationsettings) | This is already set | This is already set | The policy must be set | ## Recommended configuration @@ -49,7 +48,7 @@ It is easy to be education ready when using Microsoft products. We recommend the 3. On PCs running Windows 10, version 1703: 1. Provision the PC using one of these methods: * [Provision PCs with the Set up School PCs app](use-set-up-school-pcs-app.md) - This will automatically set both **SetEduPolicies** to True and **AllowCortana** to False. - * [Provision PCs with a custom package created with Windows Configuration Designer](https://technet.microsoft.com/en-us/itpro/windows/configure/provisioning-create-package) - Make sure to set both **SetEduPolicies** to True and **AllowCortana** to False. + * [Provision PCs with a custom package created with Windows Configuration Designer](https://technet.microsoft.com/itpro/windows/configure/provisioning-create-package) - Make sure to set both **SetEduPolicies** to True and **AllowCortana** to False. 2. Join the PC to Azure Active Directory. * Use Set up School PCs or Windows Configuration Designer to bulk enroll to Azure AD. * Manually Azure AD join the PC during the Windows device setup experience. @@ -73,7 +72,7 @@ You can configure Windows through provisioning or management tools including ind You can set all the education compliance areas through both provisioning and management tools. Additionally, these Microsoft education tools will ensure PCs that you set up are education ready: - [Set up School PCs](use-set-up-school-pcs-app.md) -- [Intune for Education](https://docs.microsoft.com/en-us/intune-education/available-settings) +- [Intune for Education](https://docs.microsoft.com/intune-education/available-settings) ## AllowCortana **AllowCortana** is a policy that enables or disables Cortana. It is a policy node in the Policy configuration service provider, [AllowCortana](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowcortana). @@ -102,13 +101,13 @@ Set **Computer Configuration > Administrative Templates > Windows Components > S ### Provisioning tools - [Set up School PCs](use-set-up-school-pcs-app.md) always sets this policy in provisioning packages it creates. -- [Windows Configuration Designer](https://technet.microsoft.com/en-us/itpro/windows/configure/provisioning-create-package) +- [Windows Configuration Designer](https://technet.microsoft.com/itpro/windows/configure/provisioning-create-package) - Under **Runtime settings**, click the **Policies** settings group, set **Experience > Cortana** to **No**. ![Set AllowCortana to No in Windows Configuration Designer](images/allowcortana_wcd.png) ## SetEduPolicies -**SetEduPolicies** is a policy that applies a set of configuration behaviors to Windows. It is a policy node in the [SharedPC configuration service provider](https://msdn.microsoft.com/en-us/windows/hardware/commercialize/customize/mdm/sharedpc-csp). +**SetEduPolicies** is a policy that applies a set of configuration behaviors to Windows. It is a policy node in the [SharedPC configuration service provider](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/sharedpc-csp). Use one of these methods to set this policy. @@ -125,7 +124,7 @@ Use one of these methods to set this policy. ![Create an OMA URI for SetEduPolices](images/setedupolicies_omauri.png) ### Group Policy -**SetEduPolicies** is not natively supported in Group Policy. Instead, use the [MDM Bridge WMI Provider](https://msdn.microsoft.com/en-us/library/windows/desktop/dn905224(v=vs.85).aspx) to set the policy in [MDM SharedPC](https://msdn.microsoft.com/en-us/library/windows/desktop/mt779129(v=vs.85).aspx). +**SetEduPolicies** is not natively supported in Group Policy. Instead, use the [MDM Bridge WMI Provider](https://msdn.microsoft.com/library/windows/desktop/dn905224(v=vs.85).aspx) to set the policy in [MDM SharedPC](https://msdn.microsoft.com/library/windows/desktop/mt779129(v=vs.85).aspx). For example: @@ -143,13 +142,13 @@ For example: ### Provisioning tools - [Set up School PCs](use-set-up-school-pcs-app.md) always sets this policy in provisioning packages it creates. -- [Windows Configuration Designer](https://technet.microsoft.com/en-us/itpro/windows/configure/provisioning-create-package) +- [Windows Configuration Designer](https://technet.microsoft.com/itpro/windows/configure/provisioning-create-package) - Under **Runtime settings**, click the **SharedPC** settings group, set **PolicyCustomization > SetEduPolicies** to **True**. ![Set SetEduPolicies to True in Windows Configuration Designer](images/setedupolicies_wcd.png) ## Ad-free search with Bing -Provide an ad-free experience that is a safer, more private search option for K–12 education institutions in the United States. Additional information is available at http://www.bing.com/classroom/about-us. +Provide an ad-free experience that is a safer, more private search option for K–12 education institutions in the United States. Additional information is available at https://www.bing.com/classroom/about-us. > [!NOTE] > If you enable the guest account in shared PC mode, students using the guest account will not have an ad-free experience searching with Bing in Microsoft Edge unless the PC is connected to your school network and your school network has been configured as described in [IP registration for entire school network using Microsoft Edge](#ip-registration-for-entire-school-network-using-microsoft-edge). diff --git a/education/windows/create-tests-using-microsoft-forms.md b/education/windows/create-tests-using-microsoft-forms.md index 3b0c7b4e62..f8c2aecdf4 100644 --- a/education/windows/create-tests-using-microsoft-forms.md +++ b/education/windows/create-tests-using-microsoft-forms.md @@ -1,32 +1,31 @@ ---- -title: Create tests using Microsoft Forms -description: Learn how to use Microsoft Forms with the Take a Test app to prevent access to other computers or online resources while completing a test. -keywords: school, Take a Test, Microsoft Forms +--- +title: Create tests using Microsoft Forms +description: Learn how to use Microsoft Forms with the Take a Test app to prevent access to other computers or online resources while completing a test. +keywords: school, Take a Test, Microsoft Forms ms.prod: w10 -ms.technology: Windows -ms.mktglfcycl: plan -ms.sitesec: library -ms.pagetype: edu -author: CelesteDG -ms.author: celested -redirect_url: https://support.microsoft.com/help/4000711/windows-10-create-tests-using-microsoft-forms ---- - -# Create tests using Microsoft Forms -**Applies to:** - -- Windows 10 - - -For schools that have an Office 365 Education subscription, teachers can use [Microsoft Forms](https://support.office.com/article/What-is-Microsoft-Forms-6b391205-523c-45d2-b53a-fc10b22017c8) to create a test and then require that students use the Take a Test app to block access to other computers or online resources while completing the test created through Microsoft Forms. - -To do this, teachers can select a check box to make it a secure test. Microsoft Forms will generate a link that you can use to embed into your OneNote or class website. When students are ready to take a test, they can click on the link to start the test. - -Microsoft Forms will perform checks to ensure students are taking the test in a locked down Take a Test session. If not, students are not permitted access to the assessment. - -[Learn how to block Internet access while students complete your form](https://support.office.com/article/6bd7e31d-5be0-47c9-a0dc-c0a74fc48959) - - -## Related topics - -[Take tests in Windows 10](take-tests-in-windows-10.md) +ms.mktglfcycl: plan +ms.sitesec: library +ms.pagetype: edu +author: CelesteDG +ms.author: celested +redirect_url: https://support.microsoft.com/help/4000711/windows-10-create-tests-using-microsoft-forms +--- + +# Create tests using Microsoft Forms +**Applies to:** + +- Windows 10 + + +For schools that have an Office 365 Education subscription, teachers can use [Microsoft Forms](https://support.office.com/article/What-is-Microsoft-Forms-6b391205-523c-45d2-b53a-fc10b22017c8) to create a test and then require that students use the Take a Test app to block access to other computers or online resources while completing the test created through Microsoft Forms. + +To do this, teachers can select a check box to make it a secure test. Microsoft Forms will generate a link that you can use to embed into your OneNote or class website. When students are ready to take a test, they can click on the link to start the test. + +Microsoft Forms will perform checks to ensure students are taking the test in a locked down Take a Test session. If not, students are not permitted access to the assessment. + +[Learn how to block Internet access while students complete your form](https://support.office.com/article/6bd7e31d-5be0-47c9-a0dc-c0a74fc48959) + + +## Related topics + +[Take tests in Windows 10](take-tests-in-windows-10.md) diff --git a/education/windows/deploy-windows-10-in-a-school-district.md b/education/windows/deploy-windows-10-in-a-school-district.md index b2630531e9..b8897a3042 100644 --- a/education/windows/deploy-windows-10-in-a-school-district.md +++ b/education/windows/deploy-windows-10-in-a-school-district.md @@ -3,7 +3,6 @@ title: Deploy Windows 10 in a school district (Windows 10) description: Learn how to deploy Windows 10 in a school district. Integrate the school environment with Office 365, Active Directory Domain Services (AD DS), and Microsoft Azure Active Directory (Azure AD), use System Center Configuration Manager, Intune, and Group Policy to manage devices. keywords: configure, tools, device, school district, deploy Windows 10 ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: plan ms.pagetype: edu ms.sitesec: library @@ -63,8 +62,8 @@ This district configuration has the following characteristics: * You install the 64-bit version of the Microsoft Deployment Toolkit (MDT) 2013 Update 2 on the admin device. >**Note**  In this guide, all references to MDT refer to the 64-bit version of MDT 2013 Update 2. * The devices use Azure AD in Office 365 Education for identity management. -* If you have on-premises AD DS, you can [integrate Azure AD with on-premises AD DS](https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect/). -* Use [Intune](https://docs.microsoft.com/en-us/intune/), [Mobile Device Management for Office 365](https://support.office.com/en-us/article/Set-up-Mobile-Device-Management-MDM-in-Office-365-dd892318-bc44-4eb1-af00-9db5430be3cd?ui=en-US&rs=en-US&ad=US), or [Group Policy in AD DS](https://technet.microsoft.com/en-us/library/cc725828.aspx) to manage devices. +* If you have on-premises AD DS, you can [integrate Azure AD with on-premises AD DS](https://azure.microsoft.com/documentation/articles/active-directory-aadconnect/). +* Use [Intune](https://docs.microsoft.com/intune/), [Mobile Device Management for Office 365](https://support.office.com/en-us/article/Set-up-Mobile-Device-Management-MDM-in-Office-365-dd892318-bc44-4eb1-af00-9db5430be3cd?ui=en-US&rs=en-US&ad=US), or [Group Policy in AD DS](https://technet.microsoft.com/library/cc725828.aspx) to manage devices. * Each device supports a one-student-per-device or multiple-students-per-device scenario. * The devices can be a mixture of different make, model, and processor architecture (32-bit or 64-bit) or be identical. * To initiate Windows 10 deployment, use a USB flash drive, DVD-ROM or CD-ROM, or Pre-Boot Execution Environment (PXE) boot. @@ -364,7 +363,7 @@ Record the configuration setting management methods you selected in Table 5. Alt #### Select the app and update management products -For a district, there are many ways to manage apps and software updates. Table 6 lists the products that this guide describes and recommends. Although you could manage updates by using [Windows Updates or Windows Server Update Services (WSUS)](https://technet.microsoft.com/en-us/windowsserver/bb332157.aspx), you still need to use System Center Configuration Manager or Intune to manage apps. Therefore, it only makes sense to use one or both of these tools for update management. +For a district, there are many ways to manage apps and software updates. Table 6 lists the products that this guide describes and recommends. Although you could manage updates by using [Windows Updates or Windows Server Update Services (WSUS)](https://technet.microsoft.com/windowsserver/bb332157.aspx), you still need to use System Center Configuration Manager or Intune to manage apps. Therefore, it only makes sense to use one or both of these tools for update management. Use the information in Table 6 to determine which combination of app and update management products is right for your district. @@ -505,7 +504,7 @@ When you install the Windows ADK on the admin device, select the following featu * Windows PE * USMT -For more information about installing the Windows ADK, see [Step 2-2: Install Windows ADK](https://technet.microsoft.com/en-us/library/dn781086.aspx#InstallWindowsADK). +For more information about installing the Windows ADK, see [Step 2-2: Install Windows ADK](https://technet.microsoft.com/library/dn781086.aspx#InstallWindowsADK). ### Install MDT @@ -514,7 +513,7 @@ You can use MDT to deploy 32-bit or 64-bit versions of Windows 10. Install the 6 >**Note**  If you install the 32-bit version of MDT, you can install only 32-bit versions of Windows 10. Ensure that you download and install the 64-bit version of MDT so that you can install 64-bit and 32-bit versions of the operating system. -For more information about installing MDT on the admin device, see [Installing a New Instance of MDT](https://technet.microsoft.com/en-us/library/dn759415.aspx#InstallingaNewInstanceofMDT). +For more information about installing MDT on the admin device, see [Installing a New Instance of MDT](https://technet.microsoft.com/library/dn759415.aspx#InstallingaNewInstanceofMDT). Now, you’re ready to create the MDT deployment share and populate it with the operating system, apps, and device drivers you want to deploy to your devices. @@ -522,7 +521,7 @@ Now, you’re ready to create the MDT deployment share and populate it with the MDT includes the Deployment Workbench, a graphical UI that you can use to manage MDT deployment shares. A *deployment share* is a shared folder that contains all the MDT deployment content. The LTI Deployment Wizard accesses the deployment content over the network or from a local copy of the deployment share (known as MDT *deployment media*). -For more information about how to create a deployment share, see [Step 3-1: Create an MDT Deployment Share](https://technet.microsoft.com/en-us/library/dn781086.aspx#CreateMDTDeployShare). +For more information about how to create a deployment share, see [Step 3-1: Create an MDT Deployment Share](https://technet.microsoft.com/library/dn781086.aspx#CreateMDTDeployShare). ### Install the Configuration Manager console @@ -530,7 +529,7 @@ For more information about how to create a deployment share, see [Step 3-1: Crea You can use System Center Configuration Manager to manage Windows 10 deployments, Windows desktop apps, Microsoft Store apps, and software updates. To manage System Center Configuration Manager, you use the Configuration Manager console. You must install the Configuration Manager console on every device you use to manage System Center Configuration Manager (specifically, the admin device). The Configuration Manager console is automatically installed when you install System Center Configuration Manager primary site servers. -For more information about how to install the Configuration Manager console, see [Install System Center Configuration Manager consoles](https://technet.microsoft.com/en-us/library/mt590197.aspx#bkmk_InstallConsole). +For more information about how to install the Configuration Manager console, see [Install System Center Configuration Manager consoles](https://technet.microsoft.com/library/mt590197.aspx#bkmk_InstallConsole). ### Configure MDT integration with the Configuration Manager console @@ -540,7 +539,7 @@ You can use MDT with System Center Configuration Manager to make ZTI operating s In addition to the admin device, run the Configure ConfigMgr Integration Wizard on each device that runs the Configuration Manager console to ensure that all Configuration Manager console installation can use the power of MDT–System Center Configuration Manager integration. -For more information, see [Enable Configuration Manager Console Integration for Configuration Manager](https://technet.microsoft.com/en-us/library/dn759415.aspx#EnableConfigurationManagerConsoleIntegrationforConfigurationManager). +For more information, see [Enable Configuration Manager Console Integration for Configuration Manager](https://technet.microsoft.com/library/dn759415.aspx#EnableConfigurationManagerConsoleIntegrationforConfigurationManager). #### Summary @@ -571,7 +570,7 @@ Complete the following steps to select the appropriate Office 365 Education lice 3. Determine whether students or faculty need Azure Rights Management. - You can use Azure Rights Management to protect classroom information against unauthorized access. Azure Rights Management protects your information inside or outside the classroom through encryption, identity, and authorization policies, securing your files and email. You can retain control of the information, even when it’s shared with people outside the classroom or your educational institution. Azure Rights Management is free to use with all Office 365 Education license plans. For more information, see [Azure Rights Management Documentation](https://docs.microsoft.com/en-us/rights-management/). + You can use Azure Rights Management to protect classroom information against unauthorized access. Azure Rights Management protects your information inside or outside the classroom through encryption, identity, and authorization policies, securing your files and email. You can retain control of the information, even when it’s shared with people outside the classroom or your educational institution. Azure Rights Management is free to use with all Office 365 Education license plans. For more information, see [Azure Rights Management Documentation](https://docs.microsoft.com/rights-management/). 4. Record the Office 365 Education license plans needed for the classroom in Table 9. @@ -672,13 +671,13 @@ Although all new Office 365 Education subscriptions have automatic licensing ena When you create your Office 365 subscription, you create an Office 365 tenant that includes an Azure AD directory, the centralized repository for all your student and faculty accounts in Office 365, Intune, and other Azure AD-integrated apps. Azure AD is available in Free, Basic, and Premium editions. Azure AD Free, which is included in Office 365 Education, has fewer features than Azure AD Basic, which in turn has fewer features than Azure AD Premium. -Educational institutions can obtain Azure AD Basic edition licenses at no cost if they have a volume license agreement. After your institution obtains its licenses, activate your Azure AD access by completing the steps in [Step 3: Activate your Azure Active Directory access](https://azure.microsoft.com/en-us/documentation/articles/active-directory-get-started-premium/#step-3-activate-your-azure-active-directory-access). +Educational institutions can obtain Azure AD Basic edition licenses at no cost if they have a volume license agreement. After your institution obtains its licenses, activate your Azure AD access by completing the steps in [Step 3: Activate your Azure Active Directory access](https://azure.microsoft.com/documentation/articles/active-directory-get-started-premium/#step-3-activate-your-azure-active-directory-access). The following Azure AD Premium features are not in Azure AD Basic: * Allow designated users to manage group membership * Dynamic group membership based on user metadata -* Azure multifactor authentication (MFA; see [What is Azure Multi-Factor Authentication](https://azure.microsoft.com/en-us/documentation/articles/multi-factor-authentication/)) +* Azure multifactor authentication (MFA; see [What is Azure Multi-Factor Authentication](https://azure.microsoft.com/documentation/articles/multi-factor-authentication/)) * Identify cloud apps that your users run * Self-service recovery of BitLocker * Add local administrator accounts to Windows 10 devices @@ -691,8 +690,8 @@ You can sign up for Azure AD Premium, and then assign licenses to users. In this For more information about: -* Azure AD editions and the features in each, see [Azure Active Directory editions](https://azure.microsoft.com/en-us/documentation/articles/active-directory-editions/). -* How to enable Azure AD premium, see [Associate an Azure AD directory with a new Azure subscription](https://msdn.microsoft.com/en-us/library/azure/jj573650.aspx#create_tenant3). +* Azure AD editions and the features in each, see [Azure Active Directory editions](https://azure.microsoft.com/documentation/articles/active-directory-editions/). +* How to enable Azure AD premium, see [Associate an Azure AD directory with a new Azure subscription](https://msdn.microsoft.com/library/azure/jj573650.aspx#create_tenant3). #### Summary @@ -709,7 +708,7 @@ Now that you have an Office 365 subscription, you must determine how you’ll cr In this method, you have an on-premises AD DS domain. As shown in Figure 5, the Azure AD Connector tool automatically synchronizes AD DS with Azure AD. When you add or change any user accounts in AD DS, the Azure AD Connector tool automatically updates Azure AD. ->**Note**  Azure AD Connect also supports synchronization from any Lightweight Directory Access Protocol version 3 (LDAPv3)–compliant directory by using the information provided in [Generic LDAP Connector for FIM 2010 R2 Technical Reference](https://technet.microsoft.com/en-us/library/dn510997.aspx). +>**Note**  Azure AD Connect also supports synchronization from any Lightweight Directory Access Protocol version 3 (LDAPv3)–compliant directory by using the information provided in [Generic LDAP Connector for FIM 2010 R2 Technical Reference](https://technet.microsoft.com/library/dn510997.aspx). ![Automatic synchronization between AD DS and Azure AD](images/edu-districtdeploy-fig5.png "Automatic synchronization between AD DS and Azure AD") @@ -762,7 +761,7 @@ You can deploy the Azure AD Connect tool: *Figure 8. Azure AD Connect in Azure* -This guide describes how to run Azure AD Connect on premises. For information about running Azure AD Connect in Azure, see [Deploy Office 365 Directory Synchronization (DirSync) in Microsoft Azure](https://technet.microsoft.com/en-us/library/dn635310.aspx). +This guide describes how to run Azure AD Connect on premises. For information about running Azure AD Connect in Azure, see [Deploy Office 365 Directory Synchronization (DirSync) in Microsoft Azure](https://technet.microsoft.com/library/dn635310.aspx). ### Deploy Azure AD Connect on premises @@ -770,13 +769,13 @@ In this synchronization model (illustrated in Figure 7), you run Azure AD Connec #### To deploy AD DS and Azure AD synchronization -1. Configure your environment to meet the prerequisites for installing Azure AD Connect by performing the steps in [Prerequisites for Azure AD Connect](https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-prerequisites/). +1. Configure your environment to meet the prerequisites for installing Azure AD Connect by performing the steps in [Prerequisites for Azure AD Connect](https://azure.microsoft.com/documentation/articles/active-directory-aadconnect-prerequisites/). 2. In the VM or on the physical device that will run Azure AD Connect, sign in with a domain administrator account. -3. Install Azure AD Connect by performing the steps in [Install Azure AD Connect](https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect/#install-azure-ad-connect). +3. Install Azure AD Connect by performing the steps in [Install Azure AD Connect](https://azure.microsoft.com/documentation/articles/active-directory-aadconnect/#install-azure-ad-connect). -4. Configure Azure AD Connect features based on your institution’s requirements by performing the steps in [Configure sync features](https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect/#configure-sync-features). +4. Configure Azure AD Connect features based on your institution’s requirements by performing the steps in [Configure sync features](https://azure.microsoft.com/documentation/articles/active-directory-aadconnect/#configure-sync-features). Now that you have used on premises Azure AD Connect to deploy AD DS and Azure AD synchronization, you’re ready to verify that Azure AD Connect is synchronizing AD DS user and group accounts with Azure AD. @@ -823,8 +822,8 @@ Several methods are available to bulk-import user accounts into AD DS domains. T |Method |Description and reason to select this method | |-------|---------------------------------------------| -|Ldifde.exe|This command-line tool allows you to import and export objects (such as user accounts) from AD DS. Select this method if you aren’t comfortable with Microsoft Visual Basic Scripting Edition (VBScript), Windows PowerShell, or other scripting languages. For more information about using Ldifde.exe, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/en-us/library/bb727091.aspx), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/en-us/kb/555636), [Import or Export Directory Objects Using Ldifde](https://technet.microsoft.com/library/cc816781.aspx), and [LDIFDE](https://technet.microsoft.com/library/cc755456.aspx).| -|VBScript|This scripting language uses the Active Directory Services Interfaces (ADSI) Component Object Model interface to manage AD DS objects, including user and group objects. Select this method if you’re comfortable with VBScript. For more information about using VBScript and ADSI, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/en-us/library/bb727091.aspx) and [ADSI Scriptomatic](https://technet.microsoft.com/en-us/scriptcenter/dd939958.aspx).| +|Ldifde.exe|This command-line tool allows you to import and export objects (such as user accounts) from AD DS. Select this method if you aren’t comfortable with Microsoft Visual Basic Scripting Edition (VBScript), Windows PowerShell, or other scripting languages. For more information about using Ldifde.exe, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/library/bb727091.aspx), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/kb/555636), [Import or Export Directory Objects Using Ldifde](https://technet.microsoft.com/library/cc816781.aspx), and [LDIFDE](https://technet.microsoft.com/library/cc755456.aspx).| +|VBScript|This scripting language uses the Active Directory Services Interfaces (ADSI) Component Object Model interface to manage AD DS objects, including user and group objects. Select this method if you’re comfortable with VBScript. For more information about using VBScript and ADSI, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/library/bb727091.aspx) and [ADSI Scriptomatic](https://technet.microsoft.com/scriptcenter/dd939958.aspx).| |Windows PowerShell|This scripting language natively supports cmdlets to manage AD DS objects, including user and group objects. Select this method if you’re comfortable with Window PowerShell scripting. For more information about using Windows PowerShell, see [Import Bulk Users to Active Directory](https://blogs.technet.microsoft.com/bettertogether/2011/01/09/import-bulk-users-to-active-directory/) and [PowerShell: Bulk create AD Users from CSV file](https://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx).| *Table 12. AD DS bulk-import account methods* @@ -835,8 +834,8 @@ After you have selected your user and group account bulk import method, you’re |Method |Source file format | |-------|-------------------| -|Ldifde.exe |Ldifde.exe requires a specific format for the source file. Use Ldifde.exe to export existing user and group accounts so that you can see the format. For examples of the format that Ldifde.exe requires, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/en-us/library/bb727091.aspx), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/en-us/kb/555636), [Import or Export Directory Objects Using Ldifde](https://technet.microsoft.com/library/cc816781.aspx), and [LDIFDE](https://technet.microsoft.com/library/cc755456.aspx).| -|VBScript |VBScript can use any .csv file format to create a source file for the bulk-import process. To create the .csv file, use software such as Excel. For examples of how to format your source file in comma-separated values (CSV) format, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/en-us/library/bb727091.aspx).| +|Ldifde.exe |Ldifde.exe requires a specific format for the source file. Use Ldifde.exe to export existing user and group accounts so that you can see the format. For examples of the format that Ldifde.exe requires, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/library/bb727091.aspx), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/kb/555636), [Import or Export Directory Objects Using Ldifde](https://technet.microsoft.com/library/cc816781.aspx), and [LDIFDE](https://technet.microsoft.com/library/cc755456.aspx).| +|VBScript |VBScript can use any .csv file format to create a source file for the bulk-import process. To create the .csv file, use software such as Excel. For examples of how to format your source file in comma-separated values (CSV) format, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/library/bb727091.aspx).| |Windows PowerShell |Windows PowerShell can use any .csv file format you want to create as a source file for the bulk-import process. To create the .csv file, use software such as Excel. For examples of how to format your source file in CSV format, see [Import Bulk Users to Active Directory](https://blogs.technet.microsoft.com/bettertogether/2011/01/09/import-bulk-users-to-active-directory/) and [PowerShell: Bulk create AD Users from CSV file](https://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx). | *Table 13. Source file format for each bulk import method* @@ -849,8 +848,8 @@ With the bulk-import source file finished, you’re ready to import the user and For more information about how to import user accounts into AD DS by using: -* Ldifde.exe, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/en-us/library/bb727091.aspx), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/en-us/kb/555636), [Import or Export Directory Objects Using Ldifde](https://technet.microsoft.com/library/cc816781.aspx), and [LDIFDE](https://technet.microsoft.com/library/cc755456.aspx). -* VBScript, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/en-us/library/bb727091.aspx). +* Ldifde.exe, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/library/bb727091.aspx), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/kb/555636), [Import or Export Directory Objects Using Ldifde](https://technet.microsoft.com/library/cc816781.aspx), and [LDIFDE](https://technet.microsoft.com/library/cc755456.aspx). +* VBScript, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/library/bb727091.aspx). * Windows PowerShell, see [Import Bulk Users to Active Directory](https://blogs.technet.microsoft.com/bettertogether/2011/01/09/import-bulk-users-to-active-directory/) and [PowerShell: Bulk create AD Users from CSV file](https://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx). #### Summary @@ -1101,13 +1100,13 @@ The first step in preparing for Windows 10 deployment is to configure—that is,
      1. Import operating systems -Import the operating systems that you selected in the [Select the operating systems](#select-the-operating-systems) section into the deployment share. For more information about how to import operating systems, see [Import an Operating System into the Deployment Workbench](https://technet.microsoft.com/en-us/library/dn759415.aspx#ImportanOperatingSystemintotheDeploymentWorkbench). +Import the operating systems that you selected in the [Select the operating systems](#select-the-operating-systems) section into the deployment share. For more information about how to import operating systems, see [Import an Operating System into the Deployment Workbench](https://technet.microsoft.com/library/dn759415.aspx#ImportanOperatingSystemintotheDeploymentWorkbench).
      2. Import device drivers Device drivers allow Windows 10 to know a device’s hardware resources and connected hardware accessories. Without the proper device drivers, certain features may be unavailable. For example, without the proper audio driver, a device cannot play sounds; without the proper camera driver, the device cannot take photos or use video chat.


      -Import device drivers for each device in your institution. For more information about how to import device drivers, see [Import Device Drivers into the Deployment Workbench](https://technet.microsoft.com/en-us/library/dn759415.aspx#ImportDeviceDriversintotheDeploymentWorkbench). +Import device drivers for each device in your institution. For more information about how to import device drivers, see [Import Device Drivers into the Deployment Workbench](https://technet.microsoft.com/library/dn759415.aspx#ImportDeviceDriversintotheDeploymentWorkbench). @@ -1123,8 +1122,8 @@ Import device drivers for each device in your institution. For more information If you have Intune or System Center Configuration Manager, you can deploy Microsoft Store apps after you deploy Windows 10, as described in the [Deploy and manage apps by using Intune](#deploy-and-manage-apps-by-using-intune) and [Deploy and manage apps by using System Center Configuration Manager](#deploy-and-manage-apps-by-using-system-center-configuration-manager) sections. This method provides granular deployment of Microsoft Store apps, and you can use it for ongoing management of Microsoft Store apps. This is the preferred method of deploying and managing Microsoft Store apps.

      In addition, you must prepare your environment for sideloading Microsoft Store apps. For more information about how to:

        -
      • Prepare your environment for sideloading, see [Try it out: sideload Microsoft Store apps](https://technet.microsoft.com/en-us/windows/jj874388.aspx).
        • -
      • Create an MDT application, see [Create a New Application in the Deployment Workbench](https://technet.microsoft.com/en-us/library/dn759415.aspx#CreateaNewApplicationintheDeploymentWorkbench).
        • +
      • Prepare your environment for sideloading, see [Try it out: sideload Microsoft Store apps](https://technet.microsoft.com/windows/jj874388.aspx).
        • +
      • Create an MDT application, see [Create a New Application in the Deployment Workbench](https://technet.microsoft.com/library/dn759415.aspx#CreateaNewApplicationintheDeploymentWorkbench).
      @@ -1133,12 +1132,12 @@ In addition, you must prepare your environment for sideloading Microsoft Store a 4. Create MDT applications for Windows desktop apps You need to create an MDT application for each Windows desktop app you want to deploy. You can obtain the Windows desktop apps from any source, but ensure that you have sufficient licenses for them.

      -To help reduce the effort needed to deploy Microsoft Office 2016 desktop apps, use the Office Deployment Tool, as described in [Deploy Click-to-Run for Office 365 products by using the Office Deployment Tool](https://technet.microsoft.com/en-us/library/jj219423.aspx).

      +To help reduce the effort needed to deploy Microsoft Office 2016 desktop apps, use the Office Deployment Tool, as described in [Deploy Click-to-Run for Office 365 products by using the Office Deployment Tool](https://technet.microsoft.com/library/jj219423.aspx).

      If you have Intune, you can deploy Windows desktop apps after you deploy Windows 10, as described in the [Deploy and manage apps by using Intune](#deploy-and-manage-apps-by-using-intune) section. This method provides granular deployment of Windows desktop apps, and you can use it for ongoing management of the apps. This is the preferred method for deploying and managing Windows desktop apps.

      **Note**  You can also deploy Windows desktop apps after you deploy Windows 10, as described in the [Deploy and manage apps by using Intune](#deploy-and-manage-apps-by-using-intune) section. -For more information about how to create an MDT application for Window desktop apps, see [Create a New Application in the Deployment Workbench](https://technet.microsoft.com/en-us/library/dn759415.aspx). +For more information about how to create an MDT application for Window desktop apps, see [Create a New Application in the Deployment Workbench](https://technet.microsoft.com/library/dn759415.aspx). @@ -1152,7 +1151,7 @@ For more information about how to create an MDT application for Window desktop a
    • Upgrade existing devices to 64-bit Windows 10 Education.
    • Upgrade existing devices to 32-bit Windows 10 Education.
    -
    Again, you will create the task sequences based on the operating systems that you imported in step 1. For more information about how to create a task sequence, see [Create a New Task Sequence in the Deployment Workbench](https://technet.microsoft.com/en-us/library/dn759415.aspx#CreateaNewTaskSequenceintheDeploymentWorkbench). +
    Again, you will create the task sequences based on the operating systems that you imported in step 1. For more information about how to create a task sequence, see [Create a New Task Sequence in the Deployment Workbench](https://technet.microsoft.com/library/dn759415.aspx#CreateaNewTaskSequenceintheDeploymentWorkbench). @@ -1160,7 +1159,7 @@ For more information about how to create an MDT application for Window desktop a 6. Update the deployment share Updating a deployment share generates the MDT boot images you use to initiate the Windows 10 deployment process. You can configure the process to create 32-bit and 64-bit versions of the .iso and .wim files you can use to create bootable media or in Windows Deployment Services.

    -For more information about how to update a deployment share, see [Update a Deployment Share in the Deployment Workbench](https://technet.microsoft.com/en-us/library/dn759415.aspx#UpdateaDeploymentShareintheDeploymentWorkbench). +For more information about how to update a deployment share, see [Update a Deployment Share in the Deployment Workbench](https://technet.microsoft.com/library/dn759415.aspx#UpdateaDeploymentShareintheDeploymentWorkbench). @@ -1179,30 +1178,30 @@ Before you can use System Center Configuration Manager to deploy Windows 10 and Deploying a new System Center Configuration Manager infrastructure is beyond the scope of this guide, but the following resources can help you deploy a new System Center Configuration Manager infrastructure: -* [Get ready for System Center Configuration Manager](https://technet.microsoft.com/en-us/library/mt608540.aspx) -* [Start using System Center Configuration Manager](https://technet.microsoft.com/en-us/library/mt608544.aspx) +* [Get ready for System Center Configuration Manager](https://technet.microsoft.com/library/mt608540.aspx) +* [Start using System Center Configuration Manager](https://technet.microsoft.com/library/mt608544.aspx) #### To configure an existing System Center Configuration Manager infrastructure for operating system deployment 1. Perform any necessary infrastructure remediation. - Ensure that your existing infrastructure can support the operating system deployment feature. For more information, see [Infrastructure requirements for operating system deployment in System Center Configuration Manager](https://technet.microsoft.com/en-us/library/mt627936.aspx). + Ensure that your existing infrastructure can support the operating system deployment feature. For more information, see [Infrastructure requirements for operating system deployment in System Center Configuration Manager](https://technet.microsoft.com/library/mt627936.aspx). 2. Add the Windows PE boot images, Windows 10 operating systems, and other content. You need to add the Windows PE boot images, Windows 10 operating system images, and other deployment content that you will use to deploy Windows 10 with ZTI. To add this content, use the Create MDT Task Sequence Wizard. - You can add this content by using System Center Configuration Manager only (without MDT), but the Create MDT Task Sequence Wizard is the preferred method because the wizard prompts you for all the deployment content you need for a task sequence and provides a much more intuitive user experience. For more information, see [Create ZTI Task Sequences Using the Create MDT Task Sequence Wizard in Configuration Manager](https://technet.microsoft.com/en-us/library/dn759415.aspx#CreateZTITaskSequencesUsingtheCreateMDTTaskSequenceWizardinConfigurationManager). + You can add this content by using System Center Configuration Manager only (without MDT), but the Create MDT Task Sequence Wizard is the preferred method because the wizard prompts you for all the deployment content you need for a task sequence and provides a much more intuitive user experience. For more information, see [Create ZTI Task Sequences Using the Create MDT Task Sequence Wizard in Configuration Manager](https://technet.microsoft.com/library/dn759415.aspx#CreateZTITaskSequencesUsingtheCreateMDTTaskSequenceWizardinConfigurationManager). 3. Add device drivers. You must add device drivers for the different device types in your district. For example, if you have a mixture of Surface, HP Stream, Dell Inspiron, and Lenovo Yoga devices, then you must have the device drivers for each device. - Create a System Center Configuration Manager driver package for each device type in your district. For more information, see [Manage drivers in System Center Configuration Manager](https://technet.microsoft.com/en-us/library/mt627934.aspx). + Create a System Center Configuration Manager driver package for each device type in your district. For more information, see [Manage drivers in System Center Configuration Manager](https://technet.microsoft.com/library/mt627934.aspx). 4. Add Windows apps. Install the Windows apps (Windows desktop and Microsoft Store apps) that you want to deploy after the task sequence deploys your customized image (a thick, reference image that include Windows 10 and your core Windows desktop apps). These apps are in addition to the apps included in your reference image. You can only deploy Microsoft Store apps after you deploy Windows 10 because you cannot capture Microsoft Store apps in a reference image. Microsoft Store apps target users, not devices. - Create a System Center Configuration Manager application for each Windows desktop or Microsoft Store app that you want to deploy after you apply the reference image to a device. For more information, see [Deploy and manage applications with System Center Configuration Manager](https://technet.microsoft.com/en-us/library/mt627959.aspx). + Create a System Center Configuration Manager application for each Windows desktop or Microsoft Store app that you want to deploy after you apply the reference image to a device. For more information, see [Deploy and manage applications with System Center Configuration Manager](https://technet.microsoft.com/library/mt627959.aspx). ### Configure Window Deployment Services for MDT @@ -1218,13 +1217,13 @@ You can use Windows Deployment Services in conjunction with MDT to automatically * [Windows Deployment Services Overview](https://technet.microsoft.com/library/hh831764.aspx) * The Windows Deployment Services Help file, included in Windows Deployment Services - * [Windows Deployment Services Getting Started Guide for Windows Server 2012](https://technet.microsoft.com/en-us/library/jj648426.aspx) + * [Windows Deployment Services Getting Started Guide for Windows Server 2012](https://technet.microsoft.com/library/jj648426.aspx) 2. Add LTI boot images (Windows PE images) to Windows Deployment Services. The LTI boot images (.wim files) that you will add to Windows Deployment Services are in the MDT deployment share. Locate the .wim files in the deployment share’s Boot subfolder. - For more information about how to perform this step, see [Add LTI Boot Images to Windows Deployment Services](https://technet.microsoft.com/en-us/library/dn759415.aspx#AddLTIBootImagestoWindowsDeploymentServices). + For more information about how to perform this step, see [Add LTI Boot Images to Windows Deployment Services](https://technet.microsoft.com/library/dn759415.aspx#AddLTIBootImagestoWindowsDeploymentServices). ### Configure Window Deployment Services for System Center Configuration Manager @@ -1241,17 +1240,17 @@ You can use Windows Deployment Services in conjunction with System Center Config For more information about how to perform this step, see the following resources: * [Windows Deployment Services Overview](https://technet.microsoft.com/library/hh831764.aspx) * The Windows Deployment Services Help file, included in Windows Deployment Services - * [Windows Deployment Services Getting Started Guide for Windows Server 2012](https://technet.microsoft.com/en-us/library/jj648426.aspx) + * [Windows Deployment Services Getting Started Guide for Windows Server 2012](https://technet.microsoft.com/library/jj648426.aspx) 2. Configure a distribution point to accept PXE requests in System Center Configuration Manager. To support PXE boot requests, you install the PXE service point site system role. Then, you must configure one or more distribution points to respond to PXE boot request. - For more information about how to perform this step, see [Install site system roles for System Center Configuration Manager](https://technet.microsoft.com/en-us/library/mt704036.aspx), [Use PXE to deploy Windows over the network with System Center Configuration Manager](https://technet.microsoft.com/en-us/library/mt627940.aspx), and [Configuring distribution points to accept PXE requests](https://technet.microsoft.com/en-us/library/mt627944.aspx#BKMK_PXEDistributionPoint). + For more information about how to perform this step, see [Install site system roles for System Center Configuration Manager](https://technet.microsoft.com/library/mt704036.aspx), [Use PXE to deploy Windows over the network with System Center Configuration Manager](https://technet.microsoft.com/library/mt627940.aspx), and [Configuring distribution points to accept PXE requests](https://technet.microsoft.com/library/mt627944.aspx#BKMK_PXEDistributionPoint). 3. Configure the appropriate boot images (Windows PE images) to deploy from the PXE-enabled distribution point. Before a device can start a boot image from a PXE-enabled distribution point, you must change the properties of the boot image to enable PXE booting. Typically, you create this boot image when you created your MDT task sequence in the Configuration Manager console. - For more information about how to perform this step, see [Configure a boot image to deploy from a PXE-enabled distribution point](https://technet.microsoft.com/en-us/library/mt627946.aspx#BKMK_BootImagePXE) and [Manage boot images with System Center Configuration Manager](https://technet.microsoft.com/en-us/library/mt627946.aspx). + For more information about how to perform this step, see [Configure a boot image to deploy from a PXE-enabled distribution point](https://technet.microsoft.com/library/mt627946.aspx#BKMK_BootImagePXE) and [Manage boot images with System Center Configuration Manager](https://technet.microsoft.com/library/mt627946.aspx). #### Summary @@ -1277,27 +1276,27 @@ You initially configured the MDT deployment share in the [Configure the MDT depl A task sequence can deploy only one Windows 10 edition or version, which means that you must create a task sequence for each Windows 10 edition and version you selected in the [Select the operating systems](#select-the-operating-systems) section earlier in this guide. To create task sequences, use the New Task Sequence Wizard. - For more information, see [Create a New Task Sequence in the Deployment Workbench](https://technet.microsoft.com/en-us/library/dn759415.aspx#CreateaNewTaskSequenceintheDeploymentWorkbench). + For more information, see [Create a New Task Sequence in the Deployment Workbench](https://technet.microsoft.com/library/dn759415.aspx#CreateaNewTaskSequenceintheDeploymentWorkbench). 2. Create an MDT application for each desktop app you want to include in your reference image. - You create MDT applications by using the New Application Wizard in the Deployment Workbench. As part of creating the MDT application, specify the command-line parameters used to install the app without user intervention (unattended installation). For more information, see [Create a New Application in the Deployment Workbench](https://technet.microsoft.com/en-us/library/dn759415.aspx#CreateaNewApplicationintheDeploymentWorkbench). + You create MDT applications by using the New Application Wizard in the Deployment Workbench. As part of creating the MDT application, specify the command-line parameters used to install the app without user intervention (unattended installation). For more information, see [Create a New Application in the Deployment Workbench](https://technet.microsoft.com/library/dn759415.aspx#CreateaNewApplicationintheDeploymentWorkbench). 3. Customize the task sequence to install the MDT applications that you created in step 2. You can add an **Install Application** task sequence step to your task sequence. Then, you can customize the **Install Application** task sequence step to install a specific app, which automatically installs the app with no user interaction required when your run the task sequence. - You need to add an **Install Application** task sequence step for each app you want to include in your reference image. For more information, see [Customize Application Installation in Task Sequences](https://technet.microsoft.com/en-us/library/dn759415.aspx#CustomizeApplicationInstallationinTaskSequences). + You need to add an **Install Application** task sequence step for each app you want to include in your reference image. For more information, see [Customize Application Installation in Task Sequences](https://technet.microsoft.com/library/dn759415.aspx#CustomizeApplicationInstallationinTaskSequences). 4. Create a selection profile that contains the drivers for the device. A *selection profile* lets you select specific device drivers. For example, if you want to deploy the device drivers for a Surface Pro 4 device, you can create a selection profile that contains only the Surface Pro 4 device drivers. First, in the Out-of-Box Drivers node in the Deployment Workbench, create a folder that will contain your device drivers. Next, import the device drivers into the folder you just created. Finally, create the selection profile and specify the folder that contains the device drivers. For more information, see the following resources: - * [Create Folders to Organize Device Drivers for LTI Deployments](https://technet.microsoft.com/en-us/library/dn759415.aspx#CreateFolderstoOrganizeDeviceDriversforLTIDeployments) - * [Create Selection Profiles to Select the Device Drivers for LTI Deployments](https://technet.microsoft.com/en-us/library/dn759415.aspx#CreateSelectionProfilestoSelecttheDeviceDriversforLTIDeployments) + * [Create Folders to Organize Device Drivers for LTI Deployments](https://technet.microsoft.com/library/dn759415.aspx#CreateFolderstoOrganizeDeviceDriversforLTIDeployments) + * [Create Selection Profiles to Select the Device Drivers for LTI Deployments](https://technet.microsoft.com/library/dn759415.aspx#CreateSelectionProfilestoSelecttheDeviceDriversforLTIDeployments) 5. Customize the task sequence to use the selection profile that you created in step 4. - You can customize the **Inject Driver** task sequence step in the **Preinstall** task sequence group in your task sequence to deploy only the device drivers in the selection profile. For more information, see [Configure Task Sequences to Deploy Device Drivers in Selection Profiles for LTI Deployments](https://technet.microsoft.com/en-us/library/dn759415.aspx#ConfigureTaskSequencestoDeployDeviceDriversinSelectionProfilesforLTIDeployments). + You can customize the **Inject Driver** task sequence step in the **Preinstall** task sequence group in your task sequence to deploy only the device drivers in the selection profile. For more information, see [Configure Task Sequences to Deploy Device Drivers in Selection Profiles for LTI Deployments](https://technet.microsoft.com/library/dn759415.aspx#ConfigureTaskSequencestoDeployDeviceDriversinSelectionProfilesforLTIDeployments). ### Capture reference image @@ -1305,7 +1304,7 @@ To capture the reference image, run the LTI task sequence that you created in th Use the Deployment Wizard to deploy Windows 10, your apps, and device drivers to the device, and then capture the .wim file. The LTI deployment process is almost fully automated: you provide only minimal information to the Deployment Wizard at the beginning of the process. After the wizard collects the necessary information, the remainder of the process is fully automated. ->**Note**  To fully automate the LTI deployment process, complete the steps in the “Fully Automated LTI Deployment Scenario” section of [Microsoft Deployment Toolkit Samples Guide](https://technet.microsoft.com/en-us/library/dn781089.aspx#Anchor_6). +>**Note**  To fully automate the LTI deployment process, complete the steps in the “Fully Automated LTI Deployment Scenario” section of [Microsoft Deployment Toolkit Samples Guide](https://technet.microsoft.com/library/dn781089.aspx#Anchor_6). In most instances, deployments occur without incident. Only in rare occasions do deployments experience problems. @@ -1313,7 +1312,7 @@ In most instances, deployments occur without incident. Only in rare occasions do 1. **Initiate the LTI deployment process.** Initiate the LTI deployment process booting over the network (PXE boot) or from local media. You selected the method for initiating the LTI deployment process in the [Select method to initiate deployment](#select-a-method-to-initiate-deployment) section earlier in this guide. -2. **Complete the Deployment Wizard.** For more information about how to complete the Deployment Wizard, see the “Running the Deployment Wizard” section in [Using the Microsoft Deployment Toolkit](https://technet.microsoft.com/en-us/library/dn759415.aspx#Anchor_5). +2. **Complete the Deployment Wizard.** For more information about how to complete the Deployment Wizard, see the “Running the Deployment Wizard” section in [Using the Microsoft Deployment Toolkit](https://technet.microsoft.com/library/dn759415.aspx#Anchor_5). ### Import reference image @@ -1323,8 +1322,8 @@ Both the Deployment Workbench and the Configuration Manager console have wizards For more information about how to import the reference image into: -* An MDT deployment share, see [Import a Previously Captured Image of a Reference Computer](https://technet.microsoft.com/en-us/library/dn759415.aspx#ImportaPreviouslyCapturedImageofaReferenceComputer). -* System Center Configuration Manager, see [Manage operating system images with System Center Configuration Manager](https://technet.microsoft.com/en-us/library/mt627939.aspx) and [Customize operating system images with System Center Configuration Manager](https://technet.microsoft.com/en-us/library/mt627938.aspx). +* An MDT deployment share, see [Import a Previously Captured Image of a Reference Computer](https://technet.microsoft.com/library/dn759415.aspx#ImportaPreviouslyCapturedImageofaReferenceComputer). +* System Center Configuration Manager, see [Manage operating system images with System Center Configuration Manager](https://technet.microsoft.com/library/mt627939.aspx) and [Customize operating system images with System Center Configuration Manager](https://technet.microsoft.com/library/mt627938.aspx). ### Create a task sequence to deploy the reference image @@ -1334,8 +1333,8 @@ As you might expect, both the Deployment Workbench and the Configuration Manager For more information about how to create a task sequence in the: -* Deployment Workbench for a deployment share, see [Create a New Task Sequence in the Deployment Workbench](https://technet.microsoft.com/en-us/library/dn759415.aspx#CreateaNewTaskSequenceintheDeploymentWorkbench). -* Configuration Manager console, see [Create a task sequence to install an operating system in System Center Configuration Manager](https://technet.microsoft.com/en-us/library/mt627927.aspx). +* Deployment Workbench for a deployment share, see [Create a New Task Sequence in the Deployment Workbench](https://technet.microsoft.com/library/dn759415.aspx#CreateaNewTaskSequenceintheDeploymentWorkbench). +* Configuration Manager console, see [Create a task sequence to install an operating system in System Center Configuration Manager](https://technet.microsoft.com/library/mt627927.aspx). ####Summary In this section, you customized the MDT deployment share to deploy Windows 10 and desktop apps to one or more reference devices by creating and customizing MDT applications, device drivers, and applications. Next, you ran the task sequence, which deploys Windows 10, deploys your apps, deploys the appropriate device drivers, and captures an image of the reference device. Then, you imported the captured reference image into a deployment share or System Center Configuration Manager. Finally, you created a task sequence to deploy your captured reference image to faculty and student devices. At this point in the process, you’re ready to deploy Windows 10 and your apps to your devices. @@ -1374,7 +1373,7 @@ Use the information in Table 17 to help you determine whether you need to config You want faculty and students to use only Azure AD accounts for institution-owned devices. For these devices, do not use Microsoft accounts or associate a Microsoft account with the Azure AD accounts.

    **Note**  Personal devices typically use Microsoft accounts. Faculty and students can associate their Microsoft account with their Azure AD account on these devices.

    -**Group Policy.** Configure the [Accounts: Block Microsoft accounts](https://technet.microsoft.com/en-us/library/jj966262.aspx) Group Policy setting to use the **Users can’t add Microsoft accounts** setting option.

    +**Group Policy.** Configure the [Accounts: Block Microsoft accounts](https://technet.microsoft.com/library/jj966262.aspx) Group Policy setting to use the **Users can’t add Microsoft accounts** setting option.

    **Intune.** To enable or disable the use of Microsoft accounts, use the **Allow Microsoft account**, **Allow adding non-Microsoft accounts manually**, and **Allow settings synchronization for Microsoft accounts** policy settings under the **Accounts and Synchronization** section of a **Windows 10 General Configuration** policy. @@ -1392,7 +1391,7 @@ Use the information in Table 17 to help you determine whether you need to config Manage the built-in administrator account created during device deployment When you use MDT to deploy Windows 10, the MDT deployment process automatically creates a local Administrator account with the password you specified. As a security best practice, rename the built-in Administrator account and (optionally) disable it.

    -**Group Policy.** To rename the built-in Administrator account, use the **Accounts: Rename administrator account** Group Policy setting. For more information about how to rename the built-in Administrator account, see [To rename the Administrator account using the Group Policy Management Console](https://technet.microsoft.com/en-us/library/cc747484.aspx). You specify the new name for the Administrator account. To disable the built-in Administrator account, use the **Accounts: Administrator account status** Group Policy setting. For more information about how to disable the built-in Administrator account, see [Accounts: Administrator account status](https://technet.microsoft.com/en-us/library/jj852165.aspx).

    +**Group Policy.** To rename the built-in Administrator account, use the **Accounts: Rename administrator account** Group Policy setting. For more information about how to rename the built-in Administrator account, see [To rename the Administrator account using the Group Policy Management Console](https://technet.microsoft.com/library/cc747484.aspx). You specify the new name for the Administrator account. To disable the built-in Administrator account, use the **Accounts: Administrator account status** Group Policy setting. For more information about how to disable the built-in Administrator account, see [Accounts: Administrator account status](https://technet.microsoft.com/library/jj852165.aspx).

    **Intune.** Not available. @@ -1401,7 +1400,7 @@ Use the information in Table 17 to help you determine whether you need to config Control Microsoft Store access You can control access to Microsoft Store and whether existing Microsoft Store apps receive updates. You can only disable the Microsoft Store app in Windows 10 Education and Windows 10 Enterprise.

    -**Group Policy.** To disable the Microsoft Store app, use the **Turn off the Store Application** group policy setting. To prevent Microsoft Store apps from receiving updates, use the **Turn off Automatic Download and Install of updates** Group Policy setting. For more information about configuring these settings, see [Can I use Group Policy to control the Microsoft Store in my enterprise environment?](https://technet.microsoft.com/en-us/library/hh832040.aspx#BKMK_UseGP).

    +**Group Policy.** To disable the Microsoft Store app, use the **Turn off the Store Application** group policy setting. To prevent Microsoft Store apps from receiving updates, use the **Turn off Automatic Download and Install of updates** Group Policy setting. For more information about configuring these settings, see [Can I use Group Policy to control the Microsoft Store in my enterprise environment?](https://technet.microsoft.com/library/hh832040.aspx#BKMK_UseGP).

    **Intune.** To enable or disable Microsoft Store access, use the **Allow application store** policy setting in the **Apps** section of a **Windows 10 General Configuration policy**. @@ -1429,7 +1428,7 @@ Use the information in Table 17 to help you determine whether you need to config Use of audio recording Audio recording (by using the Sound Recorder app) can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the Sound Recorder app on your devices.

    -**Group Policy.** To disable the Sound Recorder app, use the **Do not allow Sound Recorder to run** Group Policy setting. You can disable other audio recording apps by using AppLocker policies. To create AppLocker policies, use the information in [Editing an AppLocker Policy](https://technet.microsoft.com/en-us/library/ee791894.aspx) and [Create Your AppLocker Policies](https://technet.microsoft.com/en-us/library/ee791899.aspx).

    +**Group Policy.** To disable the Sound Recorder app, use the **Do not allow Sound Recorder to run** Group Policy setting. You can disable other audio recording apps by using AppLocker policies. To create AppLocker policies, use the information in [Editing an AppLocker Policy](https://technet.microsoft.com/library/ee791894.aspx) and [Create Your AppLocker Policies](https://technet.microsoft.com/library/ee791899.aspx).

    **Intune.** To enable or disable audio recording, use the **Allow voice recording** policy setting in the **Features** section of a **Windows 10 General Configuration** policy. @@ -1471,31 +1470,31 @@ Use the information in Table 17 to help you determine whether you need to config Now, you’re ready to use Group Policy to configure settings. The steps in this section assume that you have an AD DS infrastructure. Here, you configure the Group Policy settings you selected in the [Select Microsoft-recommended settings](#select-microsoft-recommended-settings) section. -For more information about Group Policy, see [Group Policy Planning and Deployment Guide](https://technet.microsoft.com/en-us/library/cc754948.aspx). +For more information about Group Policy, see [Group Policy Planning and Deployment Guide](https://technet.microsoft.com/library/cc754948.aspx). #### To configure Group Policy settings -1. Create a Group Policy object (GPO) to contain your Group Policy settings by completing the steps in [Create a new Group Policy object](https://technet.microsoft.com/en-us/library/cc738830.aspx). +1. Create a Group Policy object (GPO) to contain your Group Policy settings by completing the steps in [Create a new Group Policy object](https://technet.microsoft.com/library/cc738830.aspx). -2. Configure the settings in the GPO by completing the steps in [Edit a Group Policy object](https://technet.microsoft.com/en-us/library/cc739902.aspx). +2. Configure the settings in the GPO by completing the steps in [Edit a Group Policy object](https://technet.microsoft.com/library/cc739902.aspx). -3. Link the GPO to the appropriate AD DS site, domain, or organizational unit by completing the steps in [Link a Group Policy object to a site, domain, or organizational unit](https://technet.microsoft.com/en-us/library/cc738954.aspx). +3. Link the GPO to the appropriate AD DS site, domain, or organizational unit by completing the steps in [Link a Group Policy object to a site, domain, or organizational unit](https://technet.microsoft.com/library/cc738954.aspx). ### Configure settings by using Intune Now, you’re ready to use Intune to configure settings. The steps in this section assume that you have an Office 365 subscription. Here, you configure the Intune settings that you selected in the [Select Microsoft-recommended settings](#select-microsoft-recommended-settings) section. -For more information about Intune, see [Microsoft Intune Documentation](https://docs.microsoft.com/en-us/intune/). +For more information about Intune, see [Microsoft Intune Documentation](https://docs.microsoft.com/intune/). #### To configure Intune settings -1. Add Intune to your Office 365 subscription by completing the steps in [Manage Intune licenses](https://docs.microsoft.com/en-us/intune/get-started/start-with-a-paid-subscription-to-microsoft-intune-step-4). +1. Add Intune to your Office 365 subscription by completing the steps in [Manage Intune licenses](https://docs.microsoft.com/intune/get-started/start-with-a-paid-subscription-to-microsoft-intune-step-4). -2. Enroll devices with Intune by completing the steps in [Get ready to enroll devices in Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/get-ready-to-enroll-devices-in-microsoft-intune). +2. Enroll devices with Intune by completing the steps in [Get ready to enroll devices in Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/get-ready-to-enroll-devices-in-microsoft-intune). -3. Configure the settings in Intune Windows 10 policies by completing the steps in [Manage settings and features on your devices with Microsoft Intune policies](https://docs.microsoft.com/en-us/intune/deploy-use/manage-settings-and-features-on-your-devices-with-microsoft-intune-policies). +3. Configure the settings in Intune Windows 10 policies by completing the steps in [Manage settings and features on your devices with Microsoft Intune policies](https://docs.microsoft.com/intune/deploy-use/manage-settings-and-features-on-your-devices-with-microsoft-intune-policies). -4. Manage Windows 10 devices by completing the steps in [Manage Windows PCs with Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/manage-windows-pcs-with-microsoft-intune). +4. Manage Windows 10 devices by completing the steps in [Manage Windows PCs with Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/manage-windows-pcs-with-microsoft-intune). ### Deploy and manage apps by using Intune @@ -1505,11 +1504,11 @@ You can use Intune to deploy Microsoft Store and Windows desktop apps. Intune pr For more information about how to configure Intune to manage your apps, see the following resources: -- [Add apps with Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/add-apps) -- [Deploy apps with Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/deploy-apps) -- [Update apps using Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/update-apps-using-microsoft-intune) -- [Protect apps and data with Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/protect-apps-and-data-with-microsoft-intune) -- [Help protect your data with full or selective wipe using Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/use-remote-wipe-to-help-protect-data-using-microsoft-intune) +- [Add apps with Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/add-apps) +- [Deploy apps with Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/deploy-apps) +- [Update apps using Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/update-apps-using-microsoft-intune) +- [Protect apps and data with Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/protect-apps-and-data-with-microsoft-intune) +- [Help protect your data with full or selective wipe using Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/use-remote-wipe-to-help-protect-data-using-microsoft-intune) ### Deploy and manage apps by using System Center Configuration Manager @@ -1521,7 +1520,7 @@ For example, you could create a Skype application that contains a deployment typ System Center Configuration Manager helps you manage apps by monitoring app installation. You can determine how many of your devices have a specific app installed. Finally, you can allow users to install apps at their discretion or make apps mandatory. -For more information about how to configure System Center Configuration Manager to deploy and manage your apps, see [Deploy and manage applications with System Center Configuration Manager](https://technet.microsoft.com/en-us/library/mt627959.aspx). +For more information about how to configure System Center Configuration Manager to deploy and manage your apps, see [Deploy and manage applications with System Center Configuration Manager](https://technet.microsoft.com/library/mt627959.aspx). ### Manage updates by using Intune @@ -1533,8 +1532,8 @@ To help ensure that your users have the most current features and security prote For more information about how to configure Intune to manage updates and malware protection, see the following resources: -- [Keep Windows PCs up to date with software updates in Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/keep-windows-pcs-up-to-date-with-software-updates-in-microsoft-intune) -- [Help secure Windows PCs with Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune) +- [Keep Windows PCs up to date with software updates in Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/keep-windows-pcs-up-to-date-with-software-updates-in-microsoft-intune) +- [Help secure Windows PCs with Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune) ### Manage updates by using System Center Configuration Manager @@ -1544,7 +1543,7 @@ You configure the software updates feature to manage updates for specific versio >**Note**  When you configure System Center Configuration Manager and Intune in a hybrid model, you use System Center Configuration manager to manage updates as described in this section. -For more information about how to configure System Center Configuration Manager to manage Windows 10 and app updates, see [Deploy and manage software updates in System Center Configuration Manager](https://technet.microsoft.com/en-us/library/mt634340.aspx). +For more information about how to configure System Center Configuration Manager to manage Windows 10 and app updates, see [Deploy and manage software updates in System Center Configuration Manager](https://technet.microsoft.com/library/mt634340.aspx). #### Summary @@ -1571,7 +1570,7 @@ Prior to deployment of Windows 10, complete the tasks in Table 18. Most of these Use the Deployment Wizard to deploy Windows 10. With the LTI deployment process, you provide only minimal information to the Deployment Wizard at the beginning of the process. After the wizard collects the necessary information, the remainder of the process is fully automated. ->**Note**  To fully automate the LTI deployment process, complete the steps in the “Fully Automated LTI Deployment Scenario” section in the [Microsoft Deployment Toolkit Samples Guide](https://technet.microsoft.com/en-us/library/dn781089.aspx#Anchor_6). +>**Note**  To fully automate the LTI deployment process, complete the steps in the “Fully Automated LTI Deployment Scenario” section in the [Microsoft Deployment Toolkit Samples Guide](https://technet.microsoft.com/library/dn781089.aspx#Anchor_6). In most instances, deployments occur without incident. Only in rare occasions do deployments experience problems. @@ -1580,7 +1579,7 @@ In most instances, deployments occur without incident. Only in rare occasions do 1. **Initiate the LTI deployment process.** Initiate the LTI deployment process by booting over the network (PXE boot) or from local media. You selected the method for initiating the LTI deployment process in the [Select a method to initiate deployment](#select-a-method-to-initiate-deployment) section earlier in this guide. -2. **Complete the Deployment Wizard.** For more information about how to complete the Deployment Wizard, see the “Running the Deployment Wizard” section of [Using the Microsoft Deployment Toolkit](https://technet.microsoft.com/en-us/library/dn759415.aspx#Anchor_5). +2. **Complete the Deployment Wizard.** For more information about how to complete the Deployment Wizard, see the “Running the Deployment Wizard” section of [Using the Microsoft Deployment Toolkit](https://technet.microsoft.com/library/dn759415.aspx#Anchor_5). #### To use ZTI to deploy Windows 10 @@ -1658,10 +1657,10 @@ Table 19 lists the school and individual classroom maintenance tasks, the resour Verify that Windows Update is active and current with operating system and software updates.

    For more information about completing this task when you have:
      -
    • Intune, see [Keep Windows PCs up to date with software updates in Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/keep-windows-pcs-up-to-date-with-software-updates-in-microsoft-intune).
      • +
    • Intune, see [Keep Windows PCs up to date with software updates in Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/keep-windows-pcs-up-to-date-with-software-updates-in-microsoft-intune).
    • Group Policy, see [Windows Update for Business](https://technet.microsoft.com/itpro/windows/plan/windows-update-for-business).
      • -
    • WSUS, see [Windows Server Update Services](https://msdn.microsoft.com/en-us/library/bb332157.aspx).
      • -
    • Neither Intune, Group Policy, nor WSUS, see “Install, upgrade, & activate” in [Windows 10 help](https://support.microsoft.com/en-us/products/windows?os=windows-10).
      • +
    • WSUS, see [Windows Server Update Services](https://msdn.microsoft.com/library/bb332157.aspx).
      • +
    • Neither Intune, Group Policy, nor WSUS, see “Install, upgrade, & activate” in [Windows 10 help](https://support.microsoft.com/products/windows?os=windows-10).
    x @@ -1671,7 +1670,7 @@ For more information about completing this task when you have: Verify that Windows Defender is active and current with malware signatures.

    -For more information about completing this task, see [Turn Windows Defender on or off](https://support.microsoft.com/en-us/instantanswers/742778f2-6aad-4a8d-8f5d-db59cebc4f24/how-to-protect-your-windows-10-pc#v1h=tab02) and [Updating Windows Defender](https://support.microsoft.com/en-us/instantanswers/742778f2-6aad-4a8d-8f5d-db59cebc4f24/how-to-protect-your-windows-10-pc#v1h=tab03). +For more information about completing this task, see [Turn Windows Defender on or off](https://support.microsoft.com/instantanswers/742778f2-6aad-4a8d-8f5d-db59cebc4f24/how-to-protect-your-windows-10-pc#v1h=tab02) and [Updating Windows Defender](https://support.microsoft.com/instantanswers/742778f2-6aad-4a8d-8f5d-db59cebc4f24/how-to-protect-your-windows-10-pc#v1h=tab03). x x @@ -1680,7 +1679,7 @@ For more information about completing this task, see [Turn Windows Defender on o Verify that Windows Defender has run a scan in the past week and that no viruses or malware were found.

    -For more information about completing this task, see the “How do I find and remove a virus?” topic in [Protect my PC from viruses](https://support.microsoft.com/en-us/help/17228/windows-protect-my-pc-from-viruses). +For more information about completing this task, see the “How do I find and remove a virus?” topic in [Protect my PC from viruses](https://support.microsoft.com/help/17228/windows-protect-my-pc-from-viruses). x x @@ -1846,13 +1845,13 @@ You have now identified the tasks you need to perform monthly, at the end of an ## Related topics -* [Try it out: Windows 10 deployment (for educational institutions)](https://technet.microsoft.com/en-us/windows/mt574244.aspx) -* [Try it out: Windows 10 in the classroom](https://technet.microsoft.com/en-us/windows/mt574243.aspx) +* [Try it out: Windows 10 deployment (for educational institutions)](https://technet.microsoft.com/windows/mt574244.aspx) +* [Try it out: Windows 10 in the classroom](https://technet.microsoft.com/windows/mt574243.aspx) * [Chromebook migration guide](https://technet.microsoft.com/edu/windows/chromebook-migration-guide) * [Deploy Windows 10 in a school](https://technet.microsoft.com/edu/windows/deploy-windows-10-in-a-school) -* [Automate common Windows 10 deployment and configuration tasks for a school environment (video)](https://technet.microsoft.com/en-us/windows/mt723345) -* [Deploy a custom Windows 10 Start menu layout for a school (video)](https://technet.microsoft.com/en-us/windows/mt723346) -* [Manage Windows 10 updates and upgrades in a school environment (video)](https://technet.microsoft.com/en-us/windows/mt723347) -* [Reprovision devices at the end of the school year (video)](https://technet.microsoft.com/en-us/windows/mt723344) -* [Use MDT to deploy Windows 10 in a school (video)](https://technet.microsoft.com/en-us/windows/mt723343) -* [Use Microsoft Store for Business in a school environment (video)](https://technet.microsoft.com/en-us/windows/mt723348) +* [Automate common Windows 10 deployment and configuration tasks for a school environment (video)](https://technet.microsoft.com/windows/mt723345) +* [Deploy a custom Windows 10 Start menu layout for a school (video)](https://technet.microsoft.com/windows/mt723346) +* [Manage Windows 10 updates and upgrades in a school environment (video)](https://technet.microsoft.com/windows/mt723347) +* [Reprovision devices at the end of the school year (video)](https://technet.microsoft.com/windows/mt723344) +* [Use MDT to deploy Windows 10 in a school (video)](https://technet.microsoft.com/windows/mt723343) +* [Use Microsoft Store for Business in a school environment (video)](https://technet.microsoft.com/windows/mt723348) diff --git a/education/windows/deploy-windows-10-in-a-school.md b/education/windows/deploy-windows-10-in-a-school.md index ac1eb3952d..d226f570db 100644 --- a/education/windows/deploy-windows-10-in-a-school.md +++ b/education/windows/deploy-windows-10-in-a-school.md @@ -3,7 +3,6 @@ title: Deploy Windows 10 in a school (Windows 10) description: Learn how to integrate your school environment with Microsoft Office 365, Active Directory Domain Services (AD DS), and Microsoft Azure Active Directory (Azure AD). Deploy Windows 10 and apps to new devices or upgrade existing devices to Windows 10. Manage faculty, students, and devices by using Microsoft Intune and Group Policy. keywords: configure, tools, device, school, deploy Windows 10 ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: plan ms.pagetype: edu ms.sitesec: library @@ -56,8 +55,8 @@ This school configuration has the following characteristics: **Note**  In this guide, all references to MDT refer to the 64-bit version of MDT 2013 Update 2. - The devices use Azure AD in Office 365 Education for identity management. -- If you have on-premises AD DS, you can [integrate Azure AD with on-premises AD DS](https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect/).
    • -- Use [Intune](https://technet.microsoft.com/library/jj676587.aspx), [compliance settings in Office 365](https://support.office.com/en-us/article/Manage-mobile-devices-in-Office-365-dd892318-bc44-4eb1-af00-9db5430be3cd?ui=en-US&rs=en-US&ad=US), or [Group Policy](https://technet.microsoft.com/en-us/library/cc725828%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396) in AD DS to manage devices. +- If you have on-premises AD DS, you can [integrate Azure AD with on-premises AD DS](https://azure.microsoft.com/documentation/articles/active-directory-aadconnect/). +- Use [Intune](https://technet.microsoft.com/library/jj676587.aspx), [compliance settings in Office 365](https://support.office.com/en-us/article/Manage-mobile-devices-in-Office-365-dd892318-bc44-4eb1-af00-9db5430be3cd?ui=en-US&rs=en-US&ad=US), or [Group Policy](https://technet.microsoft.com/library/cc725828%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396) in AD DS to manage devices. - Each device supports a one-student-per-device or multiple-students-per-device scenario. - The devices can be a mixture of different make, model, and processor architecture (32 bit or 64 bit) or be identical. - To initiate Windows 10 deployment, use a USB flash drive, DVD-ROM or CD-ROM, or Pre-Boot Execution Environment Boot (PXE Boot). @@ -136,7 +135,7 @@ When you install the Windows ADK on the admin device, select the following featu - Windows Preinstallation Environment (Windows PE) - User State Migration Tool (USMT) -For more information about installing the Windows ADK, see [Step 2-2: Install the Windows ADK](https://technet.microsoft.com/en-us/library/dn781086.aspx?f=255&MSPPError=-2147217396#InstallWindowsADK). +For more information about installing the Windows ADK, see [Step 2-2: Install the Windows ADK](https://technet.microsoft.com/library/dn781086.aspx?f=255&MSPPError=-2147217396#InstallWindowsADK). ### Install MDT @@ -146,7 +145,7 @@ You can use MDT to deploy 32-bit or 64-bit versions of Windows 10. Install the 6 **Note**  If you install the 32-bit version of MDT, you can install only 32-bit versions of Windows 10. Ensure that you download and install the 64-bit version of MDT so that you can install 64-bit and 32 bit versions of the operating system. -For more information about installing MDT on the admin device, see [Installing a New Instance of MDT](https://technet.microsoft.com/en-us/library/dn759415.aspx#InstallingaNewInstanceofMDT). +For more information about installing MDT on the admin device, see [Installing a New Instance of MDT](https://technet.microsoft.com/library/dn759415.aspx#InstallingaNewInstanceofMDT). Now, you’re ready to create the MDT deployment share and populate it with the operating system, apps, and device drivers you want to deploy to your devices. @@ -154,7 +153,7 @@ Now, you’re ready to create the MDT deployment share and populate it with the MDT includes the Deployment Workbench, a graphical user interface that you can use to manage MDT deployment shares. A deployment share is a shared folder that contains all the MDT deployment content. The LTI Deployment Wizard accesses the deployment content over the network or from a local copy of the deployment share (known as MDT deployment media). -For more information about how to create a deployment share, see [Step 3-1: Create an MDT Deployment Share](https://technet.microsoft.com/en-us/library/dn781086.aspx?f=255&MSPPError=-2147217396#CreateMDTDeployShare). +For more information about how to create a deployment share, see [Step 3-1: Create an MDT Deployment Share](https://technet.microsoft.com/library/dn781086.aspx?f=255&MSPPError=-2147217396#CreateMDTDeployShare). ### Summary @@ -302,7 +301,7 @@ Although all new Office 365 Education subscriptions have automatic licensing ena When you create your Office 365 subscription, you create an Office 365 tenant that includes an Azure AD directory. Azure AD is the centralized repository for all your student and faculty accounts in Office 365, Intune, and other Azure AD–integrated apps. Azure AD is available in Free, Basic, and Premium editions. Azure AD Free, which is included in Office 365 Education, has fewer features than Azure AD Basic, which in turn has fewer features than Azure AD Premium. -Educational institutions can obtain Azure AD Basic edition licenses at no cost. After you obtain your licenses, activate your Azure AD access by completing the steps in [Step 3: Activate your Azure Active Directory access](https://azure.microsoft.com/en-us/documentation/articles/active-directory-get-started-premium/#step-3-activate-your-azure-active-directory-access). +Educational institutions can obtain Azure AD Basic edition licenses at no cost. After you obtain your licenses, activate your Azure AD access by completing the steps in [Step 3: Activate your Azure Active Directory access](https://azure.microsoft.com/documentation/articles/active-directory-get-started-premium/#step-3-activate-your-azure-active-directory-access). The Azure AD Premium features that are not in Azure AD Basic include: @@ -322,8 +321,8 @@ You can sign up for Azure AD Premium, and then assign licenses to users. In this For more information about: -- Azure AD editions and the features in each, see [Azure Active Directory editions](https://azure.microsoft.com/en-us/documentation/articles/active-directory-editions/). -- How to enable Azure AD premium, see [Associate an Azure AD directory with a new Azure subscription](https://msdn.microsoft.com/en-us/library/azure/jj573650.aspx#create_tenant3). +- Azure AD editions and the features in each, see [Azure Active Directory editions](https://azure.microsoft.com/documentation/articles/active-directory-editions/). +- How to enable Azure AD premium, see [Associate an Azure AD directory with a new Azure subscription](https://msdn.microsoft.com/library/azure/jj573650.aspx#create_tenant3). ### Summary You provision and initially configure Office 365 Education as part of the initial configuration. With the subscription in place, automatic tenant join configured, automatic licensing established, and Azure AD Premium enabled (if required), you’re ready to select the method you will use to create user accounts in Office 365. @@ -340,7 +339,7 @@ Now that you have an Office 365 subscription, you need to determine how you will In this method, you have an on-premises AD DS domain. As shown in Figure 4, the Azure AD Connector tool automatically synchronizes AD DS with Azure AD. When you add or change any user accounts in AD DS, the Azure AD Connector tool automatically updates Azure AD. -**Note**  Azure AD Connect also supports synchronization from any Lightweight Directory Access Protocol version 3 (LDAPv3)–compliant directory by using the information provided in [Generic LDAP Connector for FIM 2010 R2 Technical Reference](https://technet.microsoft.com/en-us/library/dn510997.aspx?f=255&MSPPError=-2147217396). +**Note**  Azure AD Connect also supports synchronization from any Lightweight Directory Access Protocol version 3 (LDAPv3)–compliant directory by using the information provided in [Generic LDAP Connector for FIM 2010 R2 Technical Reference](https://technet.microsoft.com/library/dn510997.aspx?f=255&MSPPError=-2147217396). ![fig 4](images/deploy-win-10-school-figure4.png) @@ -389,7 +388,7 @@ You can deploy the Azure AD Connect tool by using one of the following methods: *Figure 7. Azure AD Connect in Azure* -This guide describes how to run Azure AD Connect on premises. For information about running Azure AD Connect in Azure, see [Deploy Office 365 Directory Synchronization (DirSync) in Microsoft Azure](https://technet.microsoft.com/en-us/library/dn635310.aspx). +This guide describes how to run Azure AD Connect on premises. For information about running Azure AD Connect in Azure, see [Deploy Office 365 Directory Synchronization (DirSync) in Microsoft Azure](https://technet.microsoft.com/library/dn635310.aspx). ### Deploy Azure AD Connect on premises @@ -397,10 +396,10 @@ In this synchronization model (illustrated in Figure 6), you run Azure AD Connec #### To deploy AD DS and Azure AD synchronization -1. Configure your environment to meet the prerequisites for installing Azure AD Connect by performing the steps in [Prerequisites for Azure AD Connect](https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-prerequisites/). +1. Configure your environment to meet the prerequisites for installing Azure AD Connect by performing the steps in [Prerequisites for Azure AD Connect](https://azure.microsoft.com/documentation/articles/active-directory-aadconnect-prerequisites/). 2. On the VM or physical device that will run Azure AD Connect, sign in with a domain administrator account. -3. Install Azure AD Connect by performing the steps in [Install Azure AD Connect](https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect/#install-azure-ad-connect). -4. Configure Azure AD Connect features based on your institution’s requirements by performing the steps in [Configure features](https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect/#configure-sync-features). +3. Install Azure AD Connect by performing the steps in [Install Azure AD Connect](https://azure.microsoft.com/documentation/articles/active-directory-aadconnect/#install-azure-ad-connect). +4. Configure Azure AD Connect features based on your institution’s requirements by performing the steps in [Configure features](https://azure.microsoft.com/documentation/articles/active-directory-aadconnect/#configure-sync-features). Now that you have used on premises Azure AD Connect to deploy AD DS and Azure AD synchronization, you’re ready to verify that Azure AD Connect is synchronizing AD DS user and group accounts with Azure AD. @@ -440,8 +439,8 @@ Several methods are available to bulk-import user accounts into AD DS domains. T |Method | Description and reason to select this method | |-------| ---------------------------------------------| -|Ldifde.exe |This command-line tool allows you to import and export objects (such as user accounts) from AD DS. Select this method if you aren’t comfortable with Microsoft Visual Basic Scripting Edition (VBScript), Windows PowerShell, or other scripting languages. For more information about using Ldifde.exe, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/en-us/library/bb727091.aspx), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/en-us/kb/555636), [Import or Export Directory Objects Using Ldifde](https://technet.microsoft.com/library/cc816781.aspx), and [LDIFDE](https://technet.microsoft.com/library/cc755456.aspx).| -|VBScript | This scripting language uses the Active Directory Services Interfaces (ADSI) Component Object Model interface to manage AD DS objects, including user and group objects. Select this method if you’re comfortable with VBScript. For more information about using VBScript and ADSI, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/en-us/library/bb727091.aspx) and [ADSI Scriptomatic](https://technet.microsoft.com/en-us/scriptcenter/dd939958.aspx).| +|Ldifde.exe |This command-line tool allows you to import and export objects (such as user accounts) from AD DS. Select this method if you aren’t comfortable with Microsoft Visual Basic Scripting Edition (VBScript), Windows PowerShell, or other scripting languages. For more information about using Ldifde.exe, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/library/bb727091.aspx), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/kb/555636), [Import or Export Directory Objects Using Ldifde](https://technet.microsoft.com/library/cc816781.aspx), and [LDIFDE](https://technet.microsoft.com/library/cc755456.aspx).| +|VBScript | This scripting language uses the Active Directory Services Interfaces (ADSI) Component Object Model interface to manage AD DS objects, including user and group objects. Select this method if you’re comfortable with VBScript. For more information about using VBScript and ADSI, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/library/bb727091.aspx) and [ADSI Scriptomatic](https://technet.microsoft.com/scriptcenter/dd939958.aspx).| |Windows PowerShell| This scripting language natively supports cmdlets to manage AD DS objects, including user and group objects. Select this method if you’re comfortable with Window PowerShell scripting. For more information about using Windows PowerShell, see [Import Bulk Users to Active Directory](https://blogs.technet.microsoft.com/bettertogether/2011/01/09/import-bulk-users-to-active-directory/) and [PowerShell: Bulk create AD Users from CSV file](https://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx).|

    ### Create a source file that contains the user and group accounts @@ -452,8 +451,8 @@ After you have selected your user and group account bulk import method, you’re | Method | Source file format | |--------| -------------------| -|Ldifde.exe|Ldifde.exe requires a specific format for the source file. Use Ldifde.exe to export existing user and group accounts so that you can see the format. For examples of the format that Ldifde.exe requires, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/en-us/library/bb727091.aspx), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/en-us/kb/555636), [Import or Export Directory Objects Using Ldifde](https://technet.microsoft.com/library/cc816781.aspx), and [LDIFDE](https://technet.microsoft.com/library/cc755456.aspx).| -|VBScript | VBScript can use any .csv file format to create a source file for the bulk-import process. To create the .csv file, use software such as Excel. For examples of how to format your source file in comma-separated values (CSV) format, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/en-us/library/bb727091.aspx).| +|Ldifde.exe|Ldifde.exe requires a specific format for the source file. Use Ldifde.exe to export existing user and group accounts so that you can see the format. For examples of the format that Ldifde.exe requires, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/library/bb727091.aspx), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/kb/555636), [Import or Export Directory Objects Using Ldifde](https://technet.microsoft.com/library/cc816781.aspx), and [LDIFDE](https://technet.microsoft.com/library/cc755456.aspx).| +|VBScript | VBScript can use any .csv file format to create a source file for the bulk-import process. To create the .csv file, use software such as Excel. For examples of how to format your source file in comma-separated values (CSV) format, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/library/bb727091.aspx).| | Windows PowerShell| Windows PowerShell can use any .csv file format you want to create as a source file for the bulk-import process. To create the .csv file, use software such as Excel. For examples of how to format your source file in CSV format, see [Import Bulk Users to Active Directory](https://blogs.technet.microsoft.com/bettertogether/2011/01/09/import-bulk-users-to-active-directory/) and [PowerShell: Bulk create AD Users from CSV file](https://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx).|

    ### Import the user accounts into AD DS @@ -464,8 +463,8 @@ With the bulk-import source file finished, you’re ready to import the user and For more information about how to import user accounts into AD DS by using: -- Ldifde.exe, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/en-us/library/bb727091.aspx), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/en-us/kb/555636), [Import or Export Directory Objects Using Ldifde](https://technet.microsoft.com/library/cc816781.aspx), and [LDIFDE](https://technet.microsoft.com/library/cc755456.aspx). -- VBScript, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/en-us/library/bb727091.aspx). +- Ldifde.exe, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/library/bb727091.aspx), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/kb/555636), [Import or Export Directory Objects Using Ldifde](https://technet.microsoft.com/library/cc816781.aspx), and [LDIFDE](https://technet.microsoft.com/library/cc755456.aspx). +- VBScript, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/library/bb727091.aspx). - Windows PowerShell, see [Import Bulk Users to Active Directory](https://blogs.technet.microsoft.com/bettertogether/2011/01/09/import-bulk-users-to-active-directory/) and [PowerShell: Bulk create AD Users from CSV file](https://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx). ### Summary @@ -524,7 +523,7 @@ You can assign Azure AD Premium licenses to the users who need the features this For more information about: -- Azure AD editions, see [Azure Active Directory editions](https://azure.microsoft.com/en-us/documentation/articles/active-directory-editions/). +- Azure AD editions, see [Azure Active Directory editions](https://azure.microsoft.com/documentation/articles/active-directory-editions/). - How to assign user licenses for Azure AD Premium, see [How to assign EMS/Azure AD Premium licenses to user accounts](https://channel9.msdn.com/Series/Azure-Active-Directory-Videos-Demos/How-to-assign-Azure-AD-Premium-Licenses-to-user-accounts). ## Create and configure a Microsoft Store for Business portal @@ -705,14 +704,14 @@ The first step in preparation for Windows 10 deployment is to configure—that i 1. Import operating systems -Import the operating systems that you selected in the [Select operating systems](#select-the-operating-systems) section into the deployment share. For more information about how to import operating systems, see [Import an Operating System into the Deployment Workbench](https://technet.microsoft.com/en-us/library/dn759415.aspx#ImportanOperatingSystemintotheDeploymentWorkbench). +Import the operating systems that you selected in the [Select operating systems](#select-the-operating-systems) section into the deployment share. For more information about how to import operating systems, see [Import an Operating System into the Deployment Workbench](https://technet.microsoft.com/library/dn759415.aspx#ImportanOperatingSystemintotheDeploymentWorkbench). 2. Import device drives Device drivers allow Windows 10 to know a device’s hardware resources and connected hardware accessories. Without the proper device drivers, certain features may be unavailable. For example, without the proper audio driver, a device cannot play sounds; without the proper camera driver, the device cannot take photos or use video chat.

    -Import device drivers for each device in your institution. For more information about how to import device drivers, see [Import Device Drivers into the Deployment Workbench](https://technet.microsoft.com/en-us/library/dn759415.aspx#ImportDeviceDriversintotheDeploymentWorkbench). +Import device drivers for each device in your institution. For more information about how to import device drivers, see [Import Device Drivers into the Deployment Workbench](https://technet.microsoft.com/library/dn759415.aspx#ImportDeviceDriversintotheDeploymentWorkbench). @@ -727,8 +726,8 @@ If you have Intune, you can deploy Microsoft Store apps after you deploy Windows In addition, you must prepare your environment for sideloading (deploying) Microsoft Store apps. For more information about how to:

      -
    • Prepare your environment for sideloading, see [Sideload LOB apps in Windows 10](https://technet.microsoft.com/en-us/itpro/windows/deploy/sideload-apps-in-windows-10).
      • -
    • Create an MDT application, see [Create a New Application in the Deployment Workbench](https://technet.microsoft.com/en-us/library/dn759415.aspx#CreateaNewApplicationintheDeploymentWorkbench).
      • +
    • Prepare your environment for sideloading, see [Sideload LOB apps in Windows 10](https://technet.microsoft.com/itpro/windows/deploy/sideload-apps-in-windows-10).
      • +
    • Create an MDT application, see [Create a New Application in the Deployment Workbench](https://technet.microsoft.com/library/dn759415.aspx#CreateaNewApplicationintheDeploymentWorkbench).
    @@ -740,13 +739,13 @@ In addition, you must prepare your environment for sideloading (deploying) Micro You need to create an MDT application for each Windows desktop app you want to deploy. You can obtain the Windows desktop apps from any source, but ensure that you have sufficient licenses for them.

    -To help reduce the effort needed to deploy Microsoft Office 2016 desktop apps, use the Office Deployment Tool, as described in [Deploy Click-to-Run for Office 365 products by using the Office Deployment Tool](https://technet.microsoft.com/en-us/library/jj219423.aspx?f=255&MSPPError=-2147217396).

    +To help reduce the effort needed to deploy Microsoft Office 2016 desktop apps, use the Office Deployment Tool, as described in [Deploy Click-to-Run for Office 365 products by using the Office Deployment Tool](https://technet.microsoft.com/library/jj219423.aspx?f=255&MSPPError=-2147217396).

    If you have Intune, you can deploy Windows desktop apps after you deploy Windows 10, as described in the [Deploy apps by using Intune](#deploy-apps-by-using-intune) section. This method provides granular deployment of Windows desktop apps, and you can use it for ongoing management of the apps. This is the preferred method for deploying and managing Windows desktop apps.

    **Note**  You can also deploy Windows desktop apps after you deploy Windows 10, as described in the [Deploy apps by using Intune](#deploy-apps-by-using-intune) section.

    -For more information about how to create an MDT application for Window desktop apps, see [Create a New Application in the Deployment Workbench](https://technet.microsoft.com/en-us/library/dn759415.aspx#CreateaNewApplicationintheDeploymentWorkbench). +For more information about how to create an MDT application for Window desktop apps, see [Create a New Application in the Deployment Workbench](https://technet.microsoft.com/library/dn759415.aspx#CreateaNewApplicationintheDeploymentWorkbench). @@ -762,7 +761,7 @@ For more information about how to create an MDT application for Window desktop a
  • Upgrade existing devices to Windows 10 Education 32-bit.
    • -Again, you will create the task sequences based on the operating systems that you imported in Step 1. For more information about how to create a task sequence, see [Create a New Task Sequence in the Deployment Workbench](https://technet.microsoft.com/en-us/library/dn759415.aspx#CreateaNewTaskSequenceintheDeploymentWorkbench). +Again, you will create the task sequences based on the operating systems that you imported in Step 1. For more information about how to create a task sequence, see [Create a New Task Sequence in the Deployment Workbench](https://technet.microsoft.com/library/dn759415.aspx#CreateaNewTaskSequenceintheDeploymentWorkbench). @@ -772,7 +771,7 @@ Again, you will create the task sequences based on the operating systems that yo Updating a deployment share generates the MDT boot images you use to initiate the Windows 10 deployment process. You can configure the process to create 32 bit and 64 bit versions of the .iso and .wim files you can use to create bootable media or in Windows Deployment Services.

    -For more information about how to update a deployment share, see [Update a Deployment Share in the Deployment Workbench](https://technet.microsoft.com/en-us/library/dn759415.aspx#UpdateaDeploymentShareintheDeploymentWorkbench). +For more information about how to update a deployment share, see [Update a Deployment Share in the Deployment Workbench](https://technet.microsoft.com/library/dn759415.aspx#UpdateaDeploymentShareintheDeploymentWorkbench). @@ -787,9 +786,9 @@ You can use Windows Deployment Services in conjunction with MDT to automatically - [Windows Deployment Services overview](https://technet.microsoft.com/library/hh831764.aspx) - The Windows Deployment Services Help file, included in Windows Deployment Services - - [Windows Deployment Services Getting Started Guide for Windows Server 2012](https://technet.microsoft.com/en-us/library/jj648426.aspx) + - [Windows Deployment Services Getting Started Guide for Windows Server 2012](https://technet.microsoft.com/library/jj648426.aspx) -2. Add LTI boot images (Windows PE images) to Windows Deployment Services.

    The LTI boot images (.wim files) that you will add to Windows Deployment Services are in the MDT deployment share. Locate the .wim files in the Boot subfolder in the deployment share. For more information about how to perform this step, see [Add LTI Boot Images to Windows Deployment Services](https://technet.microsoft.com/en-us/library/dn759415.aspx#AddLTIBootImagestoWindowsDeploymentServices). +2. Add LTI boot images (Windows PE images) to Windows Deployment Services.

    The LTI boot images (.wim files) that you will add to Windows Deployment Services are in the MDT deployment share. Locate the .wim files in the Boot subfolder in the deployment share. For more information about how to perform this step, see [Add LTI Boot Images to Windows Deployment Services](https://technet.microsoft.com/library/dn759415.aspx#AddLTIBootImagestoWindowsDeploymentServices). ### Summary @@ -902,7 +901,7 @@ Microsoft has several recommended settings for educational institutions. Table 1 Use of Microsoft accounts You want faculty and students to use only Azure AD accounts for institution-owned devices. For these devices, do not use Microsoft accounts or associate a Microsoft account with the Azure AD accounts.

    **Note**  Personal devices typically use Microsoft accounts. Faculty and students can associate their Microsoft account with their Azure AD account on these devices.

    -**Group Policy.** Configure the [Accounts: Block Microsoft accounts](https://technet.microsoft.com/en-us/library/jj966262.aspx?f=255&MSPPError=-2147217396) Group Policy setting to use the Users can’t add Microsoft accounts setting option.

    +**Group Policy.** Configure the [Accounts: Block Microsoft accounts](https://technet.microsoft.com/library/jj966262.aspx?f=255&MSPPError=-2147217396) Group Policy setting to use the Users can’t add Microsoft accounts setting option.

    **Intune.** Enable or disable the camera by using the **Allow Microsoft account**, **Allow adding non-Microsoft accounts manually**, and **Allow settings synchronization for Microsoft accounts** policy settings under the **Accounts and Synchronization** section of a **Windows 10 General Configuration** policy. @@ -910,7 +909,7 @@ Microsoft has several recommended settings for educational institutions. Table 1 Restrict local administrator accounts on the devices Ensure that only authorized users are local administrators on institution-owned devices. Typically, you don’t want students to be administrators on instruction-owned devices. Explicitly specify the users who will be local administrators on a group of devices.

    -**Group Policy**. Create a **Local Group** Group Policy preference to limit the local administrators group membership. Select the **Delete all member users** and **Delete all member groups** check boxes to remove any existing members. For more information about how to configure Local Group preferences, see [Configure a Local Group Item](https://technet.microsoft.com/en-us/library/cc732525.aspx).

    +**Group Policy**. Create a **Local Group** Group Policy preference to limit the local administrators group membership. Select the **Delete all member users** and **Delete all member groups** check boxes to remove any existing members. For more information about how to configure Local Group preferences, see [Configure a Local Group Item](https://technet.microsoft.com/library/cc732525.aspx).

    **Intune**. Not available. @@ -918,7 +917,7 @@ Microsoft has several recommended settings for educational institutions. Table 1 Restrict the local administrator accounts on the devices Ensure that only authorized users are local administrators on institution-owned devices. Typically, you don’t want students to be administrators on instruction-owned devices. Explicitly specify the users who will be local administrators on a group of devices.

    -**Group Policy**. Create a **Local Group** Group Policy preference to limit the local administrators group membership. Select the **Delete all member users** and **Delete all member groups** check boxes to remove any existing members. For more information about how to configure Local Group preferences, see [Configure a Local Group Item](https://technet.microsoft.com/en-us/library/cc732525.aspx).

    +**Group Policy**. Create a **Local Group** Group Policy preference to limit the local administrators group membership. Select the **Delete all member users** and **Delete all member groups** check boxes to remove any existing members. For more information about how to configure Local Group preferences, see [Configure a Local Group Item](https://technet.microsoft.com/library/cc732525.aspx).

    **Intune**. Not available. @@ -926,7 +925,7 @@ Microsoft has several recommended settings for educational institutions. Table 1 Manage the built-in administrator account created during device deployment When you use MDT to deploy Windows 10, the MDT deployment process automatically creates a local Administrator account with the password you specified. As a security best practice, rename the built-in Administrator account and optionally disable it.

    -**Group Policy**. Rename the built-in Administrator account by using the **Accounts: Rename administrator account** Group Policy setting. For more information about how to rename the built-in Administrator account, see [To rename the Administrator account using the Group Policy Management Console](https://technet.microsoft.com/en-us/library/cc747484.aspx). You will specify the new name for the Administrator account. You can disable the built-in Administrator account by using the **Accounts: Administrator account status** Group Policy setting. For more information about how to disable the built-in Administrator account, see [Accounts: Administrator account status](https://technet.microsoft.com/en-us/library/jj852165.aspx).

    +**Group Policy**. Rename the built-in Administrator account by using the **Accounts: Rename administrator account** Group Policy setting. For more information about how to rename the built-in Administrator account, see [To rename the Administrator account using the Group Policy Management Console](https://technet.microsoft.com/library/cc747484.aspx). You will specify the new name for the Administrator account. You can disable the built-in Administrator account by using the **Accounts: Administrator account status** Group Policy setting. For more information about how to disable the built-in Administrator account, see [Accounts: Administrator account status](https://technet.microsoft.com/library/jj852165.aspx).

    **Intune**. Not available. @@ -934,7 +933,7 @@ Microsoft has several recommended settings for educational institutions. Table 1 Control Microsoft Store access You can control access to Microsoft Store and whether existing Microsoft Store apps receive updates. You can only disable the Microsoft Store app in Windows 10 Education and Windows 10 Enterprise.

    -**Group Policy**. You can disable the Microsoft Store app by using the **Turn off the Store Application** Group Policy setting. You can prevent Microsoft Store apps from receiving updates by using the **Turn off Automatic Download and Install of updates** Group Policy setting. For more information about configuring these settings, see [Can I use Group Policy to control the Microsoft Store in my enterprise environment?](https://technet.microsoft.com/en-us/library/hh832040.aspx#BKMK_UseGP).

    +**Group Policy**. You can disable the Microsoft Store app by using the **Turn off the Store Application** Group Policy setting. You can prevent Microsoft Store apps from receiving updates by using the **Turn off Automatic Download and Install of updates** Group Policy setting. For more information about configuring these settings, see [Can I use Group Policy to control the Microsoft Store in my enterprise environment?](https://technet.microsoft.com/library/hh832040.aspx#BKMK_UseGP).

    **Intune**. You can enable or disable the camera by using the **Allow application store** policy setting in the **Apps** section of a **Windows 10 General Configuration** policy. @@ -958,7 +957,7 @@ Microsoft has several recommended settings for educational institutions. Table 1 Use of audio recording Audio recording (by using the Sound Recorder app) can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the Sound Recorder app on your devices.

    -**Group Policy**. You can disable the Sound Recorder app by using the **Do not allow Sound Recorder to run** Group Policy setting. You can disable other audio recording apps by using AppLocker policies. Create AppLocker policies by using the information in [Editing an AppLocker Policy](https://technet.microsoft.com/en-us/library/ee791894(v=ws.10).aspx) and [Create Your AppLocker Policies](https://technet.microsoft.com/en-us/library/ee791899.aspx).

    +**Group Policy**. You can disable the Sound Recorder app by using the **Do not allow Sound Recorder to run** Group Policy setting. You can disable other audio recording apps by using AppLocker policies. Create AppLocker policies by using the information in [Editing an AppLocker Policy](https://technet.microsoft.com/library/ee791894(v=ws.10).aspx) and [Create Your AppLocker Policies](https://technet.microsoft.com/library/ee791899.aspx).

    **Intune**. You can enable or disable the camera by using the **Allow voice recording** policy setting in the **Features** section of a **Windows 10 General Configuration** policy. @@ -994,32 +993,32 @@ Microsoft has several recommended settings for educational institutions. Table 1 Now, you’re ready to configure settings by using Group Policy. The steps in this section assume that you have an AD DS infrastructure. You will configure the Group Policy settings you select in the [Select Microsoft-recommended settings](#select-microsoft-recommended-settings) section. -For more information about Group Policy, see [Group Policy Planning and Deployment Guide](https://technet.microsoft.com/en-us/library/cc754948.aspx). +For more information about Group Policy, see [Group Policy Planning and Deployment Guide](https://technet.microsoft.com/library/cc754948.aspx). #### To configure Group Policy settings -1. Create a Group Policy object (GPO) that will contain the Group Policy settings by completing the steps in [Create a new Group Policy object](https://technet.microsoft.com/en-us/library/cc738830.aspx). -2. Configure the settings in the GPO by completing the steps in [Edit a Group Policy object](https://technet.microsoft.com/en-us/library/cc739902.aspx). -3. Link the GPO to the appropriate AD DS site, domain, or organizational unit by completing the steps in [Link a Group Policy object to a site, domain, or organizational unit](https://technet.microsoft.com/en-us/library/cc738954(v=ws.10).aspx). +1. Create a Group Policy object (GPO) that will contain the Group Policy settings by completing the steps in [Create a new Group Policy object](https://technet.microsoft.com/library/cc738830.aspx). +2. Configure the settings in the GPO by completing the steps in [Edit a Group Policy object](https://technet.microsoft.com/library/cc739902.aspx). +3. Link the GPO to the appropriate AD DS site, domain, or organizational unit by completing the steps in [Link a Group Policy object to a site, domain, or organizational unit](https://technet.microsoft.com/library/cc738954(v=ws.10).aspx). ### Configure settings by using Intune Now, you’re ready to configure settings by using Intune. The steps in this section assume that you have an Office 365 subscription. You will configure the Intune settings that you selected in the [Select Microsoft-recommended settings](#select-microsoft-recommended-settings) section. -For more information about Intune, see [Documentation for Microsoft Intune](https://docs.microsoft.com/en-us/intune/). +For more information about Intune, see [Documentation for Microsoft Intune](https://docs.microsoft.com/intune/). #### To configure Intune settings -1. Add Intune to your Office 365 subscription by completing the steps in [Get started with a paid subscription to Microsoft Intune](https://docs.microsoft.com/en-us/intune/get-started/start-with-a-paid-subscription-to-microsoft-intune). -2. Enroll devices with Intune by completing the steps in [Get ready to enroll devices in Microsoft Intune](https://technet.microsoft.com/en-us/library/dn646962.aspx). -3. Configure the settings in Intune Windows 10 policies by completing the steps in [Manage settings and features on your devices with Microsoft Intune policies](https://technet.microsoft.com/en-us/library/dn646984.aspx). -4. Manage Windows 10 devices by completing the steps in [Manage Windows PCs with Microsoft Intune](https://technet.microsoft.com/en-us/library/dn646959.aspx). +1. Add Intune to your Office 365 subscription by completing the steps in [Get started with a paid subscription to Microsoft Intune](https://docs.microsoft.com/intune/get-started/start-with-a-paid-subscription-to-microsoft-intune). +2. Enroll devices with Intune by completing the steps in [Get ready to enroll devices in Microsoft Intune](https://technet.microsoft.com/library/dn646962.aspx). +3. Configure the settings in Intune Windows 10 policies by completing the steps in [Manage settings and features on your devices with Microsoft Intune policies](https://technet.microsoft.com/library/dn646984.aspx). +4. Manage Windows 10 devices by completing the steps in [Manage Windows PCs with Microsoft Intune](https://technet.microsoft.com/library/dn646959.aspx). ### Deploy apps by using Intune You can use Intune to deploy Microsoft Store and Windows desktop apps. Intune provides improved control over which users receive specific apps. In addition, Intune allows you deploy apps to companion devices (such as Windows 10 Mobile, iOS, or Android devices) Finally, Intune helps you manage app security and features, such as mobile application management policies that let you manage apps on devices that are not enrolled in Intune or are managed by another solution. -For more information about how to configure Intune to manage your apps, see [Deploy and configure apps with Microsoft Intune](https://docs.microsoft.com/en-us/intune/). +For more information about how to configure Intune to manage your apps, see [Deploy and configure apps with Microsoft Intune](https://docs.microsoft.com/intune/). ### Summary @@ -1046,14 +1045,14 @@ Prior to deployment of Windows 10, ensure that you complete the tasks listed in Use the Deployment Wizard to deploy Windows 10. The LTI deployment process is almost fully automated: You provide only minimal information to the Deployment Wizard at the beginning of the process. After the wizard collects the necessary information, the remainder of the process is fully automated. -**Note**  To fully automate the LTI deployment process, complete the steps in the “Fully Automated LTI Deployment Scenario” section in the [Microsoft Deployment Toolkit Samples Guide](https://technet.microsoft.com/en-us/library/dn781089.aspx). +**Note**  To fully automate the LTI deployment process, complete the steps in the “Fully Automated LTI Deployment Scenario” section in the [Microsoft Deployment Toolkit Samples Guide](https://technet.microsoft.com/library/dn781089.aspx). In most instances, deployments occur without incident. Only in rare occasions do deployments experience problems. #### To deploy Windows 10 1. **Initiate the LTI deployment process**. Initiate the LTI deployment process booting over the network (PXE boot) or from local media. You selected the method for initiating the LTI deployment process in the [Select a method to initiate deployment](#select-a-method-to-initiate-deployment) section earlier in this guide. -2. **Complete the Deployment Wizard**. For more information about how to complete the Deployment Wizard, see the “Running the Deployment Wizard” topic in [Using the Microsoft Deployment Toolkit](https://technet.microsoft.com/en-us/library/dn759415.aspx#Running%20the%20Deployment%20Wizard). +2. **Complete the Deployment Wizard**. For more information about how to complete the Deployment Wizard, see the “Running the Deployment Wizard” topic in [Using the Microsoft Deployment Toolkit](https://technet.microsoft.com/library/dn759415.aspx#Running%20the%20Deployment%20Wizard). ### Set up printers @@ -1124,9 +1123,9 @@ Table 13 lists the school and individual classroom maintenance tasks, the resour Verify that Windows Update is active and current with operating system and software updates.

    For more information about completing this task when you have:

      -
    • Intune, see [Keep Windows PCs up to date with software updates in Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/keep-windows-pcs-up-to-date-with-software-updates-in-microsoft-intune).
      • +
    • Intune, see [Keep Windows PCs up to date with software updates in Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/keep-windows-pcs-up-to-date-with-software-updates-in-microsoft-intune).
    • Group Policy, see [Windows Update for Business](https://technet.microsoft.com/itpro/windows/plan/windows-update-for-business).
      • -
    • Windows Server Update Services (WSUS), see [Windows Server Update Services](https://msdn.microsoft.com/en-us/library/bb332157.aspx?f=255&MSPPError=-2147217396).
      • +
    • Windows Server Update Services (WSUS), see [Windows Server Update Services](https://msdn.microsoft.com/library/bb332157.aspx?f=255&MSPPError=-2147217396).
    • Neither Intune, Group Policy, or WSUS, see [Update Windows 10](https://windows.microsoft.com/en-id/windows-10/update-windows-10)
    diff --git a/education/windows/edu-deployment-recommendations.md b/education/windows/edu-deployment-recommendations.md index 17435853f2..82c72e22f5 100644 --- a/education/windows/edu-deployment-recommendations.md +++ b/education/windows/edu-deployment-recommendations.md @@ -8,8 +8,7 @@ ms.localizationpriority: medium author: CelesteDG ms.author: celested ms.date: 10/13/2017 -ms.prod: W10 -ms.technology: Windows +ms.prod: w10 --- # Deployment recommendations for school IT administrators diff --git a/education/windows/education-scenarios-store-for-business.md b/education/windows/education-scenarios-store-for-business.md index d90e41f458..af93be32ee 100644 --- a/education/windows/education-scenarios-store-for-business.md +++ b/education/windows/education-scenarios-store-for-business.md @@ -2,7 +2,7 @@ title: Education scenarios Microsoft Store for Education description: Learn how IT admins and teachers can use Microsoft Store for Education to acquire and manage apps in schools. keywords: school, Microsoft Store for Education, Microsoft education store -ms.prod: W10 +ms.prod: w10 ms.mktglfcycl: plan ms.sitesec: library ms.localizationpriority: medium @@ -10,8 +10,7 @@ searchScope: - Store author: trudyha ms.author: trudyha -ms.date: 3/30/2018 -ms.technology: Windows +ms.date: 03/30/2018 --- # Working with Microsoft Store for Education diff --git a/education/windows/enable-s-mode-on-surface-go-devices.md b/education/windows/enable-s-mode-on-surface-go-devices.md new file mode 100644 index 0000000000..f58a24b82c --- /dev/null +++ b/education/windows/enable-s-mode-on-surface-go-devices.md @@ -0,0 +1,144 @@ +--- +title: Enable S mode on Surface Go devices for Education +description: Steps that an education customer can perform to enable S mode on Surface Go devices +keywords: Surface Go for Education, S mode +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: edu +ms.localizationpriority: medium +author: kaushika-msft +ms.author: kaushik +ms.date: 07/30/2018 +--- + +# Surface Go for Education - Enabling S mode + +Surface Go devices are available with both Windows 10 Home in S mode and Windows 10 Pro configurations. Education customers who purchase Surface Go devices with Windows 10 Pro may wish to take advantage of S mode on their Pro devices. These customers can create their own S mode image for Surface Go or enable S mode on a per-device basis. + +## Prerequisites + +Here are some things you’ll need before attempting any of these procedures: + +- A Surface Go device or Surface Go device image based on Windows 10 Pro + (1803) +- General understanding of [Windows deployment scenarios and related + tools](https://docs.microsoft.com/windows/deployment/windows-deployment-scenarios-and-tools) +- [Windows ADK for Windows 10 + 1803](https://docs.microsoft.com/windows/deployment/windows-adk-scenarios-for-it-pros) +- [Bootable Windows Preinstall Environment + (WinPE)](https://docs.microsoft.com/windows-hardware/manufacture/desktop/winpe-create-usb-bootable-drive) + +## Enabling S Mode – Windows Image (WIM) + +Like enterprise administrators performing large-scale deployment of customized Windows images, education customers can create their own customized Windows images for deployment to multiple classroom devices. An education customer who plans to follow [a traditional image-based deployment +process](https://docs.microsoft.com/windows/deployment/windows-10-deployment-scenarios#traditional-deployment) using a Windows 10 Pro (1803) image for Surface Go devices can enable S mode as follows: + +1. Use DISM to mount your offline Windows 10 Pro (1803) image. + + ``` + dism /Mount-image /imagefile:\ {/Index:\ | /Name:\} /MountDir:\ + ``` + +2. Create an unattend.xml answer file, adding the + amd64_Microsoft_Windows_CodeIntegrity component to Pass 2 offline Servicing + and setting amd64_Microsoft_Windows_CodeIntegrity\\SkuPolicyRequired to “1”. + The resulting xml should look like this… + + Copy + ``` + + + 1 + + + ``` +3. Save the answer file in the **Windows\Panther** folder of your mounted image as unattend.xml. +4. Use DISM to apply the unattend.xml file and enable S Mode: + + Copy + ``` + dism /image:C:\mount\windows /apply-unattend:C:\mount\windows\windows\panther\unattend.xml + ``` + + > Note: in the above example, C:\\mount\\ is the local directory used to mount + > the offline image. +5. Commit the image changes and unmount the image + + Copy + ``` + dism /Unmount-image /MountDir:C:\\mount /Commit + ``` +>Note: don’t forget the /Commit parameter to ensure you don’t lose your + changes. + +Your Windows 10 Pro (1803) image now has S mode enabled and is ready to deploy to Surface Go devices. + +## Enabling S Mode – Per Device + +Education customers who wish to avoid the additional overhead associated with Windows image creation, customization, and deployment can enable S mode on a per-device basis. Performing the following steps on a Surface Go device will enable S mode on an existing installation of Windows 10 Pro (1803). + +1. Create a bootable WinPE media. See [Create a bootable Windows PE USB + drive](https://msdn.microsoft.com/library/windows/hardware/dn938386.aspx) for details. + +2. Create an unattend.xml answer file, adding the + amd64_Microsoft_Windows_CodeIntegrity component to Pass 2 offline Servicing + and setting amd64_Microsoft_Windows_CodeIntegrity\\SkuPolicyRequired to “1”. The resulting xml should look like this… + + Copy + ``` + + + 1 + + + ``` + +3. Attach your bootable WinPE USB drive to a Surface Go device and perform a USB boot (hold the **volume down** button while powering on the device… continue to hold until the Surface logo appears) +4. Wait for WinPE to launch a command window (*X:\\windows\\system32\\cmd.exe*). +5. Apply the unattend.xml created in step 2 using DISM. + + Copy + ``` + dism /image:C:\ /apply-unattend:D:\unattend.xml + ``` + > Note: in the above example, C:\\ is the local OS drive (offline). D:\ is where the S mode unattend.xml file (from Step 2) resides. + +6. Once DISM has successfully applied the unattend.xml, reboot the Surface Go device. +Upon reboot, you should find your Surface Go device now is now in S mode. + +## Troubleshooting + +|ISSUE | RESOLUTION | +|------------------------ |-----------------------| +|DISM fails to apply the unattend.xml because the OS drive is encrypted. | This is one reason why it’s best to enable S mode before setting up and configuring a device. If the OS drive has already been encrypted, you’ll need to fully decrypt the drive before you can enable S mode. | +|Unattend.xml has been applied and dism reports success. However, when I boot the device, it’s not in S mode. This can happen when a device was booted to Windows 10 Pro before S mode was enabled. To resolve this issue, do the following: | 1. **Run** “shutdown.exe -p -f” to force a complete shutdown.
    2. Hold the **vol-up** button while pressing the **power** button to power on the device. Continue to hold **vol-up** until you see the Surface UEFI settings.
    3. Under **Security** find the **Secure Boot** option and disable it.
    4. With SecureBoot disabled choose **exit** -\> **restart now** to exit UEFI settings and reboot the device back to Windows.
    5. Confirm that S mode is now properly enabled.
    6. Once you’ve confirmed S mode, you should re-enable Secure Boot… repeat the above steps, choosing to **Enable** Secure Boot from the UEFI securitysettings. + +## Additional Info + +[Windows 10 deployment scenarios](https://docs.microsoft.com/windows/deployment/windows-10-deployment-scenarios) + +[Windows 10 deployment scenarios and tools](https://docs.microsoft.com/windows/deployment/windows-deployment-scenarios-and-tools) + +[Download and install the Windows ADK](https://docs.microsoft.com/windows-hardware/get-started/adk-install) + +[Windows ADK for Windows 10 scenarios for IT Pros](https://docs.microsoft.com/windows/deployment/windows-adk-scenarios-for-it-pros) + +[Modify a Windows Image Using DISM](https://docs.microsoft.com/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism) + +[Service a Windows Image Using DISM](https://docs.microsoft.com/windows-hardware/manufacture/desktop/service-a-windows-image-using-dism) + +[DISM Image Management Command-Line Options](https://docs.microsoft.com/windows-hardware/manufacture/desktop/dism-image-management-command-line-options-s14) + diff --git a/education/windows/get-minecraft-device-promotion.md b/education/windows/get-minecraft-device-promotion.md index 6fb8b22725..d0b001b4b7 100644 --- a/education/windows/get-minecraft-device-promotion.md +++ b/education/windows/get-minecraft-device-promotion.md @@ -2,7 +2,7 @@ title: Get Minecraft Education Edition with your Windows 10 device promotion description: Windows 10 device promotion for Minecraft Education Edition licenses keywords: school, Minecraft, education edition -ms.prod: W10 +ms.prod: w10 ms.mktglfcycl: plan ms.sitesec: library ms.localizationpriority: medium @@ -11,7 +11,6 @@ searchScope: - Store ms.author: trudyha ms.date: 06/05/2018 -ms.technology: Windows --- # Get Minecraft: Education Edition with Windows 10 device promotion diff --git a/education/windows/get-minecraft-for-education.md b/education/windows/get-minecraft-for-education.md index 11aeea97ed..aadf84aabc 100644 --- a/education/windows/get-minecraft-for-education.md +++ b/education/windows/get-minecraft-for-education.md @@ -2,7 +2,7 @@ title: Get Minecraft Education Edition description: Learn how to get and distribute Minecraft Education Edition. keywords: school, Minecraft, education edition -ms.prod: W10 +ms.prod: w10 ms.mktglfcycl: plan ms.sitesec: library ms.localizationpriority: medium @@ -11,7 +11,6 @@ searchScope: - Store ms.author: trudyha ms.date: 07/27/2017 -ms.technology: Windows ms.topic: conceptual --- @@ -22,7 +21,7 @@ ms.topic: conceptual - Windows 10 -[Minecraft: Education Edition](http://education.minecraft.net/) is built for learning. Watch this video to learn more about Minecraft. +[Minecraft: Education Edition](https://education.minecraft.net/) is built for learning. Watch this video to learn more about Minecraft. diff --git a/education/windows/images/1810_Name_Your_Package_SUSPC.png b/education/windows/images/1810_Name_Your_Package_SUSPC.png new file mode 100644 index 0000000000..69b81c91e4 Binary files /dev/null and b/education/windows/images/1810_Name_Your_Package_SUSPC.png differ diff --git a/education/windows/images/1810_SUSPC_Insert_USB.png b/education/windows/images/1810_SUSPC_Insert_USB.png new file mode 100644 index 0000000000..c3fdd47011 Binary files /dev/null and b/education/windows/images/1810_SUSPC_Insert_USB.png differ diff --git a/education/windows/images/1810_SUSPC_Package_ready.png b/education/windows/images/1810_SUSPC_Package_ready.png new file mode 100644 index 0000000000..b296fb3f84 Binary files /dev/null and b/education/windows/images/1810_SUSPC_Package_ready.png differ diff --git a/education/windows/images/1810_SUSPC_Product_key.png b/education/windows/images/1810_SUSPC_Product_key.png new file mode 100644 index 0000000000..3619edb5bf Binary files /dev/null and b/education/windows/images/1810_SUSPC_Product_key.png differ diff --git a/education/windows/images/1810_SUSPC_Take_Test.png b/education/windows/images/1810_SUSPC_Take_Test.png new file mode 100644 index 0000000000..d7920a492f Binary files /dev/null and b/education/windows/images/1810_SUSPC_Take_Test.png differ diff --git a/education/windows/images/1810_SUSPC_USB.png b/education/windows/images/1810_SUSPC_USB.png new file mode 100644 index 0000000000..9e6be13a46 Binary files /dev/null and b/education/windows/images/1810_SUSPC_USB.png differ diff --git a/education/windows/images/1810_SUSPC_add_apps.png b/education/windows/images/1810_SUSPC_add_apps.png new file mode 100644 index 0000000000..d7a296722f Binary files /dev/null and b/education/windows/images/1810_SUSPC_add_apps.png differ diff --git a/education/windows/images/1810_SUSPC_app_error.png b/education/windows/images/1810_SUSPC_app_error.png new file mode 100644 index 0000000000..a2d3a35e34 Binary files /dev/null and b/education/windows/images/1810_SUSPC_app_error.png differ diff --git a/education/windows/images/1810_SUSPC_available_settings.png b/education/windows/images/1810_SUSPC_available_settings.png new file mode 100644 index 0000000000..a208aa1fa8 Binary files /dev/null and b/education/windows/images/1810_SUSPC_available_settings.png differ diff --git a/education/windows/images/1810_SUSPC_personalization.png b/education/windows/images/1810_SUSPC_personalization.png new file mode 100644 index 0000000000..bbcbf878f0 Binary files /dev/null and b/education/windows/images/1810_SUSPC_personalization.png differ diff --git a/education/windows/images/1810_SUSPC_select_Wifi.png b/education/windows/images/1810_SUSPC_select_Wifi.png new file mode 100644 index 0000000000..f0f54c55c9 Binary files /dev/null and b/education/windows/images/1810_SUSPC_select_Wifi.png differ diff --git a/education/windows/images/1810_SUSPC_summary.png b/education/windows/images/1810_SUSPC_summary.png new file mode 100644 index 0000000000..de83332463 Binary files /dev/null and b/education/windows/images/1810_SUSPC_summary.png differ diff --git a/education/windows/images/1810_Sign_In_SUSPC.png b/education/windows/images/1810_Sign_In_SUSPC.png new file mode 100644 index 0000000000..b4ac241f72 Binary files /dev/null and b/education/windows/images/1810_Sign_In_SUSPC.png differ diff --git a/education/windows/images/1810_choose_account_SUSPC.png b/education/windows/images/1810_choose_account_SUSPC.png new file mode 100644 index 0000000000..c702fc87ea Binary files /dev/null and b/education/windows/images/1810_choose_account_SUSPC.png differ diff --git a/education/windows/images/1810_name-devices_SUSPC.png b/education/windows/images/1810_name-devices_SUSPC.png new file mode 100644 index 0000000000..6cfe014572 Binary files /dev/null and b/education/windows/images/1810_name-devices_SUSPC.png differ diff --git a/education/windows/images/1810_suspc_settings.png b/education/windows/images/1810_suspc_settings.png new file mode 100644 index 0000000000..c42bf2337e Binary files /dev/null and b/education/windows/images/1810_suspc_settings.png differ diff --git a/education/windows/images/1810_suspc_timezone.png b/education/windows/images/1810_suspc_timezone.png new file mode 100644 index 0000000000..1a4dfb7aa1 Binary files /dev/null and b/education/windows/images/1810_suspc_timezone.png differ diff --git a/education/windows/images/1812_Add_Apps_SUSPC.png b/education/windows/images/1812_Add_Apps_SUSPC.png new file mode 100644 index 0000000000..b494aea2dd Binary files /dev/null and b/education/windows/images/1812_Add_Apps_SUSPC.png differ diff --git a/education/windows/images/suspc-add-recommended-apps-1807.png b/education/windows/images/suspc-add-recommended-apps-1807.png new file mode 100644 index 0000000000..61a674e363 Binary files /dev/null and b/education/windows/images/suspc-add-recommended-apps-1807.png differ diff --git a/education/windows/images/suspc-admin-token-delete-1807.png b/education/windows/images/suspc-admin-token-delete-1807.png new file mode 100644 index 0000000000..0656dbb899 Binary files /dev/null and b/education/windows/images/suspc-admin-token-delete-1807.png differ diff --git a/education/windows/images/suspc-assessment-url-1807.png b/education/windows/images/suspc-assessment-url-1807.png new file mode 100644 index 0000000000..c799e26271 Binary files /dev/null and b/education/windows/images/suspc-assessment-url-1807.png differ diff --git a/education/windows/images/suspc-available-student-settings-1807.png b/education/windows/images/suspc-available-student-settings-1807.png new file mode 100644 index 0000000000..d39fc2ceba Binary files /dev/null and b/education/windows/images/suspc-available-student-settings-1807.png differ diff --git a/education/windows/images/suspc-configure-student-settings-1807.png b/education/windows/images/suspc-configure-student-settings-1807.png new file mode 100644 index 0000000000..553fb4d689 Binary files /dev/null and b/education/windows/images/suspc-configure-student-settings-1807.png differ diff --git a/education/windows/images/suspc-createpackage-signin-1807.png b/education/windows/images/suspc-createpackage-signin-1807.png new file mode 100644 index 0000000000..7a80f5c751 Binary files /dev/null and b/education/windows/images/suspc-createpackage-signin-1807.png differ diff --git a/education/windows/images/suspc-createpackage-summary-1807.png b/education/windows/images/suspc-createpackage-summary-1807.png new file mode 100644 index 0000000000..e78ac67856 Binary files /dev/null and b/education/windows/images/suspc-createpackage-summary-1807.png differ diff --git a/education/windows/images/suspc-current-os-version-1807.png b/education/windows/images/suspc-current-os-version-1807.png new file mode 100644 index 0000000000..bc2ba6a08d Binary files /dev/null and b/education/windows/images/suspc-current-os-version-1807.png differ diff --git a/education/windows/images/suspc-current-os-version-next-1807.png b/education/windows/images/suspc-current-os-version-next-1807.png new file mode 100644 index 0000000000..a0b6632bd3 Binary files /dev/null and b/education/windows/images/suspc-current-os-version-next-1807.png differ diff --git a/education/windows/images/suspc-device-names-1807.png b/education/windows/images/suspc-device-names-1807.png new file mode 100644 index 0000000000..f3ad674b99 Binary files /dev/null and b/education/windows/images/suspc-device-names-1807.png differ diff --git a/education/windows/images/suspc-enable-shared-pc-1807.png b/education/windows/images/suspc-enable-shared-pc-1807.png new file mode 100644 index 0000000000..52fb68f830 Binary files /dev/null and b/education/windows/images/suspc-enable-shared-pc-1807.png differ diff --git a/education/windows/images/suspc-savepackage-insertusb-1807.png b/education/windows/images/suspc-savepackage-insertusb-1807.png new file mode 100644 index 0000000000..cd75795863 Binary files /dev/null and b/education/windows/images/suspc-savepackage-insertusb-1807.png differ diff --git a/education/windows/images/suspc-savepackage-ppkgisready-1807.png b/education/windows/images/suspc-savepackage-ppkgisready-1807.png new file mode 100644 index 0000000000..fd82b1e50b Binary files /dev/null and b/education/windows/images/suspc-savepackage-ppkgisready-1807.png differ diff --git a/education/windows/images/suspc-select-wifi-1807.png b/education/windows/images/suspc-select-wifi-1807.png new file mode 100644 index 0000000000..c8b94d6aad Binary files /dev/null and b/education/windows/images/suspc-select-wifi-1807.png differ diff --git a/education/windows/images/suspc-select-wifi-network-1807.png b/education/windows/images/suspc-select-wifi-network-1807.png new file mode 100644 index 0000000000..5a362daaa0 Binary files /dev/null and b/education/windows/images/suspc-select-wifi-network-1807.png differ diff --git a/education/windows/images/suspc-sign-in-select-1807.png b/education/windows/images/suspc-sign-in-select-1807.png new file mode 100644 index 0000000000..abffbec690 Binary files /dev/null and b/education/windows/images/suspc-sign-in-select-1807.png differ diff --git a/education/windows/images/suspc-take-a-test-1807.png b/education/windows/images/suspc-take-a-test-1807.png new file mode 100644 index 0000000000..ea6295658f Binary files /dev/null and b/education/windows/images/suspc-take-a-test-1807.png differ diff --git a/education/windows/images/suspc-take-a-test-app-1807.png b/education/windows/images/suspc-take-a-test-app-1807.png new file mode 100644 index 0000000000..9d6c503f3c Binary files /dev/null and b/education/windows/images/suspc-take-a-test-app-1807.png differ diff --git a/education/windows/images/suspc-time-zone-1807.png b/education/windows/images/suspc-time-zone-1807.png new file mode 100644 index 0000000000..274e411a4d Binary files /dev/null and b/education/windows/images/suspc-time-zone-1807.png differ diff --git a/education/windows/images/suspc-wifi-network-1807.png b/education/windows/images/suspc-wifi-network-1807.png new file mode 100644 index 0000000000..6e03d35363 Binary files /dev/null and b/education/windows/images/suspc-wifi-network-1807.png differ diff --git a/education/windows/index.md b/education/windows/index.md index 6e21549be3..d30a753c88 100644 --- a/education/windows/index.md +++ b/education/windows/index.md @@ -3,7 +3,6 @@ title: Windows 10 for Education (Windows 10) description: Learn how to use Windows 10 in schools. keywords: Windows 10, education ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: edu @@ -60,5 +59,5 @@ Follow these links to find step-by-step guidance on how to deploy Windows 8.1 in - [Windows 10 and Windows 10 Mobile](https://technet.microsoft.com/itpro/windows/index) diff --git a/education/windows/s-mode-switch-to-edu.md b/education/windows/s-mode-switch-to-edu.md index 1dca2c3783..363cc0b93e 100644 --- a/education/windows/s-mode-switch-to-edu.md +++ b/education/windows/s-mode-switch-to-edu.md @@ -5,11 +5,10 @@ keywords: Windows 10 S switch, S mode Switch, switch in S mode, Switch S mode, W ms.mktglfcycl: deploy ms.localizationpriority: medium ms.prod: w10 -ms.technology: Windows ms.sitesec: library ms.pagetype: edu -ms.date: 04/30/2018 -author: Mikeblodge +ms.date: 12/03/2018 +author: jaimeo --- # Switch to Windows 10 Pro Education in S mode from Windows 10 Pro in S mode @@ -54,7 +53,7 @@ Tenant-wide Windows 10 Pro in S mode > Pro Education in S mode
    Tenant-wide Windows 10 Pro > Pro Education > [!IMPORTANT] -> While it’s free to switch to Windows 10 Pro, it’s not reversible. The only way to rollback this kind of switch is through a [bare metal recover (BMR)](https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/create-media-to-run-push-button-reset-features-s14) reset. This restores a Windows device to the factory state, even if the user needs to replace the hard drive or completely wipe the drive clean. If a device is switched out of S mode via the Microsoft Store, it will remain out of S mode even after the device is reset. +> While it’s free to switch to Windows 10 Pro, it’s not reversible. The only way to roll back this kind of switch is through a [bare metal recovery (BMR)](https://docs.microsoft.com/windows-hardware/manufacture/desktop/create-media-to-run-push-button-reset-features-s14) reset. This restores a Windows device to the factory state, even if the user needs to replace the hard drive or completely wipe the drive clean. If a device is switched out of S mode via the Microsoft Store, it will remain out of S mode even after the device is reset. ### Devices running Windows 10, version 1709 @@ -66,7 +65,7 @@ Tenant-wide Windows 10 Pro > Pro Education > There is currently no "bulk-switch" option for devices running Windows 10, version 1803. ## Related Topics -[FAQs](https://support.microsoft.com/en-us/help/4020089/windows-10-in-s-mode-faq)
    +[FAQs](https://support.microsoft.com/help/4020089/windows-10-in-s-mode-faq)
    [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)
    [Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md)
    [Compare Windows 10 editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare) \ No newline at end of file diff --git a/education/windows/school-get-minecraft.md b/education/windows/school-get-minecraft.md index d2daacd44e..2def962415 100644 --- a/education/windows/school-get-minecraft.md +++ b/education/windows/school-get-minecraft.md @@ -2,7 +2,7 @@ title: For IT administrators get Minecraft Education Edition description: Learn how IT admins can get and distribute Minecraft in their schools. keywords: Minecraft, Education Edition, IT admins, acquire -ms.prod: W10 +ms.prod: w10 ms.mktglfcycl: plan ms.sitesec: library ms.localizationpriority: medium @@ -10,8 +10,7 @@ author: trudyha searchScope: - Store ms.author: trudyha -ms.date: 1/5/2018 -ms.technology: Windows +ms.date: 01/05/2018 ms.topic: conceptual --- @@ -21,7 +20,7 @@ ms.topic: conceptual - Windows 10 -When you sign up for a [Minecraft: Education Edition](http://education.minecraft.net) trial, or purchase a [Minecraft: Education Edition](http://education.minecraft.net) subscription. Minecraft will be added to the inventory in your Microsoft Store for Education which is associated with your Azure Active Directory (Azure AD) tenant. Your Microsoft Store for Education is only displayed to members of your organization. +When you sign up for a [Minecraft: Education Edition](https://education.minecraft.net) trial, or purchase a [Minecraft: Education Edition](https://education.minecraft.net) subscription. Minecraft will be added to the inventory in your Microsoft Store for Education which is associated with your Azure Active Directory (Azure AD) tenant. Your Microsoft Store for Education is only displayed to members of your organization. >[!Note] >If you don't have an Azure AD or Office 365 tenant, you can set up a free Office 365 Education subscription when you request Minecraft: Education Edition. For more information see [Office 365 Education plans and pricing](https://products.office.com/academic/compare-office-365-education-plans). @@ -34,7 +33,7 @@ If you’ve been approved and are part of the Enrollment for Education Solutions ### Minecraft: Education Edition - direct purchase -1. Go to [http://education.minecraft.net/](http://education.minecraft.net/) and select **GET STARTED**. +1. Go to [https://education.minecraft.net/](https://education.minecraft.net/) and select **GET STARTED**. diff --git a/education/windows/set-up-school-pcs-azure-ad-join.md b/education/windows/set-up-school-pcs-azure-ad-join.md new file mode 100644 index 0000000000..ecfbf5b1fc --- /dev/null +++ b/education/windows/set-up-school-pcs-azure-ad-join.md @@ -0,0 +1,94 @@ +--- +title: Azure AD Join with Setup School PCs app +description: Describes how Azure AD Join is configured in the Set up School PCs app. +keywords: shared cart, shared PC, school, set up school pcs +ms.prod: w10 +ms.mktglfcycl: plan +ms.sitesec: library +ms.pagetype: edu +ms.localizationpriority: medium +author: lenewsad +ms.author: lanewsad +ms.date: 01/11/2019 +--- + +# Azure AD Join for school PCs + +> [!NOTE] +> Set up School PCs app uses Azure AD Join to configure PCs. The app is helpful if you use the cloud based directory, Azure Active Directory (AD). If your organization uses Active Directory or requires no account to connect, install and use [Windows Configuration +> Designer](set-up-students-pcs-to-join-domain.md) to +> join your PCs to your school's domain. + +Set up School PCs lets you create a provisioning package that automates Azure AD +Join on your devices. This feature eliminates the need to manually: + +- Connect to your school’s network. + +- Join your organization's domain. + +## Automated connection to school domain + +During initial device setup, Azure AD Join automatically connects your PCs to your school's Azure AD domain. You can skip all of the Windows setup experience that is typically a part of the out-of-the-box-experience (OOBE). Devices that are managed by a mobile device manager, such as Intune, are automatically enrolled with the provider upon initial device startup. + +Students who sign in to their PCs with their Azure AD credentials get access to on-premises apps and the following cloud apps: +* Office 365 +* OneDrive +* OneNote. + +## Enable Azure AD Join + +Learn how to enable Azure AD Join for your school. After you configure this setting, you'll be able to request an automated Azure AD bulk token, which you need to create a provisioning package. + +1. Sign in to the Azure portal with your organization's credentials. +2. Go to **Azure +Active Directory** \> **Devices** \> **Device settings**. +3. Enable the setting +for Azure AD by selecting **All** or **Selected**. If you choose the latter +option, select the teachers and IT staff to allow them to connect to Azure AD. + +![Select the users you want to let join devices to Azure AD](images/suspc-enable-shared-pc-1807.png) + +You can also create an account that holds the exclusive rights to join devices. When a student PC needs to be set up, provide the account credentials to the appropriate teachers or staff. + +## All Device Settings + +The following table describes each setting within **Device Settings**. + +| Setting | Description | +|------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Users may join devices to Azure AD | Choose the scope of people in your organization that are allowed to join devices to Azure AD. **All** allows all users and groups within your tenant to join devices. **Selected** prompts you to choose specific users or groups to allow. **None** allows no one in your tenant to join devices to Azure AD. | +| Additional local administrators on Azure AD joined devices | Only applicable to Azure AD Premium tenants. Grant additional local administrator rights on devices, to selected users. Global administrators and the device owner are granted local administrator rights by default. | +| Users may register their devices with Azure AD | Allow all or none of your users to register their devices with Azure AD (Workplace Join). If you are enrolled in Microsoft Intune or Mobile Device Management for Office 365, your devices are required to be registered. In this case, **All** is automatically selected for you. | +| Require Multi-Factor Authentication to join devices | Recommended when adding devices to Azure AD. When set to **Yes**, users that are setting up devices must enter a second method of authentication. | +| Maximum number of devices per user | Set the maximum number of devices a user is allowed to have in Azure AD. If the maximum is exceeded, the user must remove one or more existing devices before additional ones are added. | +| Users may sync settings and enterprise app data | Allow all or none of your users to sync settings and app data across multiple devices. Tenants with Azure AD Premium are permitted to select specific users to allow. | + +## Clear Azure AD tokens + +Your Intune tenant can only have 500 active Azure AD tokens, or packages, at a time. You'll receive a notification in the Intune portal when you reach 500 active tokens. + +To reduce your inventory, clear out all unnecessary and inactive tokens. +1. Go to **Azure Active Directory** \> **Users** \> **All users** +2. In the **User Name** column, select and delete all accounts with a **package\ _** +prefix. These accounts are created at a 1:1 ratio for every token and are safe +to delete. +3. Select and delete inactive and expired user accounts. + +### How do I know if my package expired? +Automated Azure AD tokens expire after 180 days. The expiration date for each token is appended to the end of the saved provisioning package, on the USB drive. After this date, you must create a new package. Be careful that you don't delete active accounts. + +![Screenshot of the Azure portal, Azure Active Directory, All Users page. Highlights all accounts that start with the prefix package_ and can be deleted.](images/suspc-admin-token-delete-1807.png) + +## Next steps +Learn more about setting up devices with the Set up School PCs app. +* [What's in my provisioning package?](set-up-school-pcs-provisioning-package.md) +* [Shared PC mode for schools](set-up-school-pcs-shared-pc-mode.md) +* [Set up School PCs technical reference](set-up-school-pcs-technical.md) +* [Set up Windows 10 devices for education](set-up-windows-10.md) + +When you're ready to create and apply your provisioning package, see [Use Set up School PCs app](use-set-up-school-pcs-app.md). + + + + + diff --git a/education/windows/set-up-school-pcs-provisioning-package.md b/education/windows/set-up-school-pcs-provisioning-package.md new file mode 100644 index 0000000000..030e698372 --- /dev/null +++ b/education/windows/set-up-school-pcs-provisioning-package.md @@ -0,0 +1,135 @@ +--- +title: What's in Set up School PCs provisioning package +description: Lists the provisioning package settings that are configured in the Set up School PCs app. +keywords: shared cart, shared PC, school, set up school pcs +ms.prod: w10 +ms.mktglfcycl: plan +ms.sitesec: library +ms.pagetype: edu +ms.localizationpriority: medium +author: lenewsad +ms.author: lanewsad +ms.date: 10/17/2018 +--- + +# What's in my provisioning package? +The Set up School PCs app builds a specialized provisioning package with school-optimized settings. + +A key feature of the provisioning package is Shared PC mode. To view the technical framework of Shared PC mode, including the description of each setting, see the [SharedPC configuration service provider (CSP)](https://msdn.microsoft.com/library/windows/hardware/mt723294%28v=vs.85%29.aspx) article. + +## Shared PC Mode policies +This table outlines the policies applied to devices in shared PC mode. If you [selected to optimize a device for use by a single student](set-up-school-pcs-shared-pc-mode.md#optimize-device-for-use-by-a-single-student), the table notes the differences. Specifically, you'll see differences in the following policies: +* Disk level deletion +* Inactive threshold +* Restrict local storage + +In the table, *True* means that the setting is enabled, allowed, or applied. Use the **Description** column to help you understand the context for each setting. + +For a more detailed look at the policies, see the Windows article [Set up shared or guest PC](https://docs.microsoft.com/windows/configuration/set-up-shared-or-guest-pc#policies-set-by-shared-pc-mode). + +|Policy name|Default value|Description| +|---------|---------|---------| +|Enable Shared PC mode|True| Configures the PCs so they are in shared PC mode.| +|Set education policies | True | School-optimized settings are applied to the PCs so that they are appropriate for an educational environment. To see all recommended and enabled policies, see [Windows 10 configuration recommendation for education customers](https://docs.microsoft.com/education/windows/configure-windows-for-education). | +|Account Model| Only guest, Domain-joined only, or Domain-joined and guest |Controls how users can sign in on the PC. Configurable from the Set up School PCs app. Choosing domain-joined will enable any user in the domain to sign in. Specifying the guest option will add the Guest option to the sign-in screen and enable anonymous guest access to the PC. | +|Deletion policy | Delete at disk space threshold and inactive threshold | Delete at disk space threshold will start deleting accounts when available disk space falls below the threshold you set for disk level deletion. It will stop deleting accounts when the available disk space reaches the threshold you set for disk level caching. Accounts are deleted in order of oldest accessed to most recently accessed. Also deletes accounts if they have not signed in within the number of days specified by inactive threshold policy. | +|Disk level caching | 50% | Sets 50% of total disk space to be used as the disk space threshold for account caching. | +|Disk level deletion | For shared device setup, 25%; for single device-student setup, 0%. | When your devices are optimized for shared use across multiple PCs, this policy sets 25% of total disk space to be used as the disk space threshold for account caching. When your devices are optimized for use by a single student, this policy sets the value to 0% and does not delete accounts. | +|Enable account manager | True | Enables automatic account management. | +|Inactive threshold| For shared device setup, 30 days; for single device-student setup, 180 days.| After 30 or 180 days, respectively, if an account has not signed in, it will be deleted. +|Kiosk Mode AMUID | Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App | Configures the kiosk account on student devices to only run the Take a Test secure assessment browser. | +|Kiosk Mode User Tile Display Text | Take a Test | Displays "Take a Test" as the name of the kiosk account on student devices. | +|Restrict local storage | For shared device setup, True; for single device-student setup, False. | When devices are optimized for shared use across multiple PCs, this policy forces students to save to the cloud to prevent data loss. When your devices are optimized for use by a single student, this policy does not prevent students from saving on the PCs local hard drive. | +|Maintenance start time | 0 - midnight | The maintenance start time when automatic maintenance tasks, such as Windows Update, run on student devices. | +|Max page file size in MB| 1024| Sets the maximum size of the paging file to 1024 MB. Applies only to systems with less than 32-GB storage and at least 3 GB of RAM.| +|Set power policies | True | Prevents users from changing power settings and turns off hibernate. Also overrides all power state transitions to sleep, such as lid close. | +|Sign in on resume | True | Requires the device user to sign in with a password when the PC wakes from sleep. | +|Sleep timeout | 3600 seconds | Specifies the maximum idle time before the PC should sleep. If you don't set sleep timeout, the default time, 3600 seconds (1 hour), is applied. | + +## MDM and local group policies +This section lists only the MDM and local group policies that are configured uniquely for the Set up School PCs app. + +For a more detailed look of each policy listed, see [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider) in the Windows IT Pro Center documentation. + + +|Policy name |Default value |Description | +|---------|---------|---------| +|Authority|User-defined | Authenticates the admin user. Value is set automatically when signed in to Azure AD. +|BPRT|User-defined| Value is set automatically when signed in to Azure AD. Allows you to create the provisioning package. | +|WLAN Setting| XML is generated from the Wi-Fi profile in the Set up School PCs app.| Configures settings for wireless connectivity.| +|Hide OOBE for desktop| True | Hides the interactive OOBE flow for Windows 10.| +|Download Mode|1 - HTTP blended with peering behind the same NAT|Specifies the download method that Delivery Optimization can use in downloads of Windows Updates, Apps, and App updates| +|Select when Preview Builds and Feature Updates are received | 32 - Semi-annual Channel. Device gets feature updates from Semi-annual Channel| Specifies how frequently devices receive preview builds and feature updates.| +|Allow auto update | 4 - Auto-installs and restarts without device-user control | When an auto update is available, it auto-installs and restarts the device without any input or action from the device user.| +|Configure automatic updates | 3 - Set to install at 3am | Scheduled time to install updates.| +|Update power policy for cart restarts | 1 - Configured| Skips all restart checks to ensure that the reboot will happen at the scheduled install time. | +|Select when Preview Builds and Feature Updates are received | 365 days | Defers Feature Updates for the specified number of days. When not specified, defaults to 365 days.| +|Allow all trusted apps | Disabled | Prevents untrusted apps from being installed to device | +|Allow developer unlock | Disabled | Students cannot unlock the PC and use it in developer mode | +|Allow Cortana | Disabled | Cortana is not allowed on the device. +|Allow manual MDM unenrollment | Disabled | Students cannot remove the mobile device manager from their device. | +|Settings page visibility|Enabled |Specific pages in the System Settings app are not visible or accessible to students.| +|Allow add provisioning package | Disabled | Students cannot add and upload new provisioning packages to their device. | +|Allow remove provisioning package | Disabled | Students cannot remove packages that you've uploaded to their device, including the Set up School PCs app | +|Start Layout|Enabled |Lets you specify the Start layout for users and prevents them from changing the configuration.| +|Import Edge Assets| Enabled| Import Microsoft Edge assets, such as PNG and JPG files, for secondary tiles on the Start layout. Tiles will appear as weblinks and will be tied to the relevant image asset files.| +|Allow pinned folder downloads|1 - The shortcut is visible and disables the setting in the Settings app |Makes the Downloads shortcut on the Start menu visible to students.| +|Allow pinned folder File Explorer|1 - The shortcut is visible and disables the setting in the Settings app |Makes the File Explorer shortcut on the Start menu visible to students.| +|Personalization | Deploy lock screen image | Set to the image you picked when you customized the lock screen during device setup. If you didn't customize the image, the computer will show the default. | Deploys a jpg, jpeg, or png image to be used as lock screen image on the device. +|Personalization| Lock screen image URL| Image filename| You can specify a jpg, jpeg, or png image to be used as the device lock screen image. This setting can take an http or https URL to a remote image to be downloaded, or a file URLto an existing local image. +|Update|Active hours end | 5 PM | There will be no update reboots before this time. | +|Update|Active hours start | 7 AM | There will be no update reboots after this time. | +|Updates Windows | Nightly | Sets Windows to update on a nightly basis. | + +## Apps uninstalled from Windows 10 devices +Set up School PCs app uses the Universal app uninstall policy. This policy identifies default apps that are not relevant to the classroom experience, and uninstalls them from each device. ALl apps uninstalled from Windows 10 devices include: + + +* Mixed Reality Viewer +* Weather +* Desktop App Installer +* Tips +* Messaging +* My Office +* Microsoft Solitaire Collection +* Mobile Plans +* Feedback Hub +* Xbox +* Mail/Calendar +* Skype + +## Apps installed on Windows 10 devices +Set up School PCs uses the Universal app install policy to install school-relevant apps on all Windows 10 devices. Apps that are installed include: +* OneDrive +* OneNote +* Sway + +## Provisioning time estimates +The time it takes to install a package on a device depends on the: + +* Strength of network connection +* Number of policies and apps within the package +* Additional configurations made to the device + +Review the table below to estimate your expected provisioning time. A package that only applies Set Up School PC's default configurations will provision the fastest. A package that removes pre-installed apps, through CleanPC, will take much longer to provision. + +|Configurations |Connection type |Estimated provisioning time | +|---------|---------|---------| +|Default settings only | Wi-Fi | 3 to 5 minutes | +|Default settings + apps | Wi-Fi | 10 to 15 minutes | +|Default settings + remove pre-installed apps (CleanPC) | Wi-Fi | 60 minutes | +|Default settings + other settings (Not CleanPC) | Wi-Fi | 5 minutes | + +## Next steps +Learn more about setting up devices with the Set up School PCs app. +* [Azure AD Join with Set up School PCs](set-up-school-pcs-azure-ad-join.md) +* [Shared PC mode for schools](set-up-school-pcs-shared-pc-mode.md) +* [Set up School PCs technical reference](set-up-school-pcs-technical.md) +* [Set up Windows 10 devices for education](set-up-windows-10.md) + +When you're ready to create and apply your provisioning package, see [Use Set up School PCs app](use-set-up-school-pcs-app.md). + + + + + diff --git a/education/windows/set-up-school-pcs-shared-pc-mode.md b/education/windows/set-up-school-pcs-shared-pc-mode.md new file mode 100644 index 0000000000..3b3a9148a0 --- /dev/null +++ b/education/windows/set-up-school-pcs-shared-pc-mode.md @@ -0,0 +1,79 @@ +--- +title: Shared PC mode for school devices +description: Describes how shared PC mode is set for devices set up with the Set up School PCs app. +keywords: shared cart, shared PC, school, set up school pcs +ms.prod: w10 +ms.mktglfcycl: plan +ms.sitesec: library +ms.pagetype: edu +ms.localizationpriority: medium +author: lenewsad +ms.author: lanewsad +ms.date: 07/13/2018 +--- + +# Shared PC mode for school devices + +Shared PC mode optimizes Windows 10 for shared use scenarios, such as classrooms and school libraries. A Windows 10 PC in shared PC mode requires minimal to zero maintenance and management. Update settings are optimized for classroom settings, so that they automatically occur outside of school hours. + +Shared PC mode can be applied on devices running: +* Windows 10 Pro +* Windows 10 Pro Education +* Windows 10 Education +* Windows 10 Enterprise + +To learn more about how to set up a device in shared PC mode, see [Set up a shared or guest PC with Windows 10](https://docs.microsoft.com/windows/configuration/set-up-shared-or-guest-pc). + +## Windows Updates +Shared PC mode configures power and Windows Update settings so that computers update regularly. Computers that are set up through the Set up School PCs app are configured to: +* Wake nightly. +* Check for and install updates. +* Forcibly reboot, when necessary, to complete updates. + +These configurations reduce the need to update and reboot computers during daytime work hours. Notifications about needed updates are also blocked from disrupting students. + +## Default admin accounts in Azure Active Directory +By default, the account that joins your computer to Azure AD will be given admin permissions on the computer. Global administrators in the joined Azure AD domain will also have admin permissions when signed in to the joined computer. + +An Azure AD Premium subscription lets you specify the accounts that get admin accounts on a computer. These accounts are configured in Intune in the Azure portal. + +## Account deletion policies +This section describes the deletion behavior for the accounts configured in shared PC mode. A delete policy makes sure that outdated or stale accounts are regularly removed to make room for new accounts. + +### Azure AD accounts + +The default deletion policy is set to automatically cache accounts. Cached accounts are automatically deleted when disk space gets too low, or when there's an extended period of inactivity. Accounts continue to delete until the computer reclaims sufficient disk space. Deletion policies behave the same for Azure AD and Active Directory domain accounts. + +### Guest and Kiosk accounts +Guest accounts and accounts created through Kiosk are deleted after they sign out of their account. + +### Local accounts +Local accounts that you created before enabling shared PC mode aren't deleted. Local accounts that you create through the following path, after enabling PC mode, are not deleted: **Settings** app > **Accounts** > **Other people** > **Add someone** + +## Create custom Windows images +Shared PC mode is compatible with custom Windows images. + +To create a compatible image, first create your custom Windows image with all software, updates, and drivers. Then use the System Preparation (Sysprep) tool with the `/oobe` flag to create the SharedPC-compatible version. For example, `sysrep/oobe`. + +Teachers can then run the Set up School PCs package on the computer. + +## Optimize device for use by a single student +Shared PC mode is enabled by default. This mode optimizes device settings for schools where PCs are shared by students. The Set up School PCs app also offers the option to configure settings for devices that aren't shared. + +If you select this setting, the app modifies shared PC mode so that it's appropriate for a single device. To see how the settings differ, refer to the Shared PC mode policy table in the article [What's in my provisioning package?](set-up-school-pcs-provisioning-package.md) +1. In the app, go to the **Create package** > **Settings** step. +2. Select **Optimize device for a single student, instead of a shared cart or lab**. + +## Next steps +Learn more about setting up devices with the Set up School PCs app. +* [Azure AD Join with Set up School PCs](set-up-school-pcs-azure-ad-join.md) +* [Set up School PCs technical reference](set-up-school-pcs-technical.md) +* [What's in my provisioning package](set-up-school-pcs-provisioning-package.md) +* [Set up Windows 10 devices for education](set-up-windows-10.md) + +When you're ready to create and apply your provisioning package, see [Use Set up School PCs app](use-set-up-school-pcs-app.md). + + + + + diff --git a/education/windows/set-up-school-pcs-technical.md b/education/windows/set-up-school-pcs-technical.md index e53e78ec35..957af5e711 100644 --- a/education/windows/set-up-school-pcs-technical.md +++ b/education/windows/set-up-school-pcs-technical.md @@ -1,309 +1,80 @@ --- -title: Set up School PCs app technical reference -description: Describes the changes that the Set up School PCs app makes to a PC. +title: Set up School PCs app technical reference overview +description: Describes the purpose of the Set up School PCs app for Windows 10 devices. keywords: shared cart, shared PC, school, set up school pcs ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: plan ms.sitesec: library ms.pagetype: edu ms.localizationpriority: medium -author: CelesteDG -ms.author: celested -ms.date: 04/04/2018 +author: lenewsad +ms.author: lanewsad +ms.date: 07/11/2018 --- -# Technical reference for the Set up School PCs app +What is Set up School PCs? +================================================= + **Applies to:** -- Windows 10 +- Windows 10 + +The **Set up School PCs** app helps you configure new Windows 10 PCs for school use. The +app, which is available for Windows 10 version 1703 and later, configures and saves +school-optimized settings, apps, and policies into a single provisioning package. You can then save the package to a USB drive and distribute it to your school PCs. + +If your school uses Azure Active Directory (Azure AD) or Office 365, the Set up +School PCs app will create a setup file. This file joins the PC to your Azure Active Directory tenant. The app also helps set up PCs for use with or without Internet connectivity. + + +## Join PC to Azure Active Directory +If your school uses Azure Active Directory (Azure AD) or Office 365, the Set up +School PCs app creates a setup file that joins your PC to your Azure Active +Directory tenant. + +The app also helps set up PCs for use with or without Internet connectivity. + +## List of Set up School PCs features +The following table describes the Set up School PCs app features and lists each type of Intune subscription. An X indicates that the feature is available with the specific subscription. + +| Feature | No Internet | Azure AD | Office 365 | Azure AD Premium | +|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|----------|------------|------------------| +| **Fast sign-in** | X | X | X | X | +| Students sign in and start using the computer in under a minute, even on initial sign-in. | | | | | +| **Custom Start experience** | X | X | X | X | +| Necessary classroom apps are pinned to Start and unnecessary apps are removed. | | | | | +| **Guest account, no sign-in required** | X | X | X | X | +| Set up computers for use by anyone with or without an account. | | | | | +| **School policies** | X | X | X | X | +| Settings create a relevant, useful learning environment and optimal computer performance. | | | | | +| **Azure AD Join** | | X | X | X | +| Computers join with your existing Azure AD or Office 365 subscription for centralized management. | | | | | +| **Single sign-on to Office 365** | | | X | X | +| Students sign in with their IDs to access all Office 365 web apps or installed Office apps. | | | | | +| **Take a Test app** | | | | X | +| Administer quizzes and assessments through test providers such as Smarter Balanced. | | | | | +| [Settings roaming](https://azure.microsoft.com/documentation/articles/active-directory-windows-enterprise-state-roaming-overview/) **via Azure AD** | | | | X | +| Synchronize student and application data across devices for a personalized experience. | | | | | + +> [!NOTE] +> If your school uses Active Directory, use [Windows Configuration +> Designer](set-up-students-pcs-to-join-domain.md) +> to configure your PCs to join the domain. You can only use the Set up School +> PCs app to set up PCs that are connected to Azure AD. -The **Set up School PCs** app helps you set up new Windows 10 PCs that work great in your school by configuring shared PC mode. The latest Set up School PCs app is available for Windows 10, version 1703 (Creators Update). Set up School PCs also configures school-specific settings and policies, described in this topic. +## Next steps +Learn more about setting up devices with the Set up School PCs app. +* [Azure AD Join with Set up School PCs](set-up-school-pcs-azure-ad-join.md) +* [Shared PC mode for schools](set-up-school-pcs-shared-pc-mode.md) +* [What's in my provisioning package](set-up-school-pcs-provisioning-package.md) +* [Set up Windows 10 devices for education](set-up-windows-10.md) + +When you're ready to create and apply your provisioning package, see [Use Set up School PCs app](use-set-up-school-pcs-app.md). + + -If your school uses Azure Active Directory (Azure AD) or Office 365, the Set up School PCs app will create a setup file that joins the PC to your Azure Active Directory tenant. You can also use the app to set up school PCs that anyone can use, with or without Internet connectivity. - -Here's a list of what you get when using the Set up School PCs app in your school. - -| Feature | No Internet | Azure AD | Office 365 | Azure AD Premium | -| --- | :---: | :---: | :---: | :---: | -| **Fast sign-in**
    Each student can sign in and start using the computer in less than a minute, even on their first sign-in. | X | X | X | X | -| **Custom Start experience**
    The apps students need are pinned to Start, and unnecessary apps are removed. | X | X | X | X | -| **Guest account, no sign-in required**
    This option sets up computers for common use. Anyone can use the computer without an account. | X | X | X | X | -| **School policies**
    Settings specific to education create a useful learning environment and the best computer performance. | X | X | X | X | -| **Azure AD Join**
    The computers are joined to your Azure AD or Office 365 subscription for centralized management. | | X | X | X | -| **Single sign-on to Office 365**
    By signing on with student IDs, students have fast access to Office 365 web apps or installed Office apps. | | | X | X | -| **Take a Test**
    Configure the Take a Test app and use it for taking quizzes and high-stakes assessments by some providers like Smarter Balanced. | | | | X | -| **[Settings roaming](https://azure.microsoft.com/en-us/documentation/articles/active-directory-windows-enterprise-state-roaming-overview/) via Azure AD**
    Student user and application settings data can be synchronized across devices for a personalized experience. | | | | X | - - -> [!NOTE] -> If your school uses Active Directory, use [Windows Configuration Designer](set-up-students-pcs-to-join-domain.md) to configure your PCs to join the domain. You can only use the Set up School PCs app to set up PCs that are connected to Azure AD. - -## Automated Azure AD join -One of the most important features in Set up School PCs is the ability to create a provisioning package that performs automated Azure AD join. With this feature, you no longer have to spend minutes going through Windows setup, manually connecting to a network, and manually joining your Azure AD domain. With the automated Azure AD join feature in Set up School PCs, this process is reduced to zero clicks! You can skip all of the Windows setup experience and the OS automatically joins the PC to your Azure AD domain and enrolls it into MDM if you have a MDM provider activated. - -To make this as seamless as possible, in your Azure AD tenant: -- Allow your teacher and other IT staff to join devices to Azure AD so they can sucessfully request an automated Azure AD join token. - - In the Azure portal, select **Azure Active Directory**. Go to **Users and groups > Device Settings** and in **Users may join devices to Azure AD**, click **Selected** and choose the members you want to enable to join devices to Azure AD. - - **Figure 1** - Select the users you want to enable to join devices to Azure AD - - ![Select the users you want to enable to join devices to Azure AD](images/azuread_usersandgroups_devicesettings_usersmayjoin.png) - -- Consider creating a special account that uses a username and password that you provide, and which has the rights to join devices if you don't want to add all teachers and IT staff. - - When teachers or IT staff need to set up PCs, they can use this account in the Set up School PCs app. - - If you use a service to set up PCs for you, you can give them this special account so they can deliver PCs to you that are already Azure AD joined and ready to be given to a student. - -- Turn off multifactor authentication. - - In the Azure portal, select **Azure Active Directory**. Go to **Users and groups > Device Settings** and set **Require Multi-Factor Auth to join devices** to **No**. - - **Figure 2** - Turn off multi-factor authentication in Azure AD - - ![Turn off multi-factor authentication in Azure AD](images/azuread_usersandgroups_devicesettings_requiremultifactorauth.png) - -- Set the maximum number of devices a user can add to unlimited. - - In the Azure portal, select **Azure Active Directory**. Go to **Users and groups > Device Settings** and set **Maximum number of devices per user** to **Unlimited**. - - **Figure 3** - Set maximum number of devices per user to unlimited - - ![Set maximum number of devices per user to unlimited](images/azuread_usersandgroups_devicesettings_maxnumberofdevicesperuser.png) - -- Clear your Azure AD tokens from time to time. Your tenant can only have 500 automated Azure AD tokens active at any one time. - - In the Azure portal, select **Azure Active Directory**. Go to **Users and groups > All users** and look at the list of user names. User names that start with **package_** followed by a string of letters and numbers. These are the user accounts that are created automatically for the tokens and you can safely delete these. - - **Figure 4** - Delete the accounts automatically created for the Azure AD tokens - - ![Delete the accounts automatically created for the Azure AD tokens](images/azuread_usersandgroups_allusers_automaticaccounts.png) - -- Note that automated Azure AD tokens have expiration dates. Set up School PCs creates them with an expiration date of one month. You will see the specific expiration date for the package in the **Review package summary** page in Set up School PCs. - - **Figure 5** - Sample summary page showing the expiration date - - ![Sample summary page showing the expiration date](images/suspc_choosesettings_summary.png) - - - - - -## Information about Windows Update - -Shared PC mode helps ensure that computers are always up-to-date. If a PC is configured using the Set up School PCs app, shared PC mode sets the power states and Windows Update to: -* Wake nightly -* Check and install updates -* Forcibly reboot if necessary to finish applying updates - -The PC is also configured to not interrupt the user during normal daytime hours with updates or reboots. Notfications are also blocked. - -## Guidance for accounts on shared PCs - -* We recommend no local admin accounts on the PC to improve the reliability and security of the PC. -* When a PC is set up in shared PC mode with the default deletion policy, accounts will be cached automatically until disk space is low. Then, accounts will be deleted to reclaim disk space. This account management happens automatically. Both Azure AD and Active Directory domain accounts are managed in this way. Any accounts created through **Guest** or **Kiosk** will also be deleted automatically at sign out. -* On a Windows PC joined to Azure Active Directory: - * By default, the account that joined the PC to Azure AD will have an admin account on that PC. Global administrators for the Azure AD domain will also have admin accounts on the PC. - * With Azure AD Premium, you can specify which accounts have admin accounts on a PC using the **Additional administrators on Azure AD Joined devices** setting on the Azure portal. -* Local accounts that already exist on a PC won’t be deleted when turning on shared PC mode. New local accounts created through **Settings > Accounts > Other people > Add someone else to this PC** after shared PC mode is turned on won't be deleted. However, any new local accounts created by the **Guest** or **Kiosk** selection on the sign-in screen, if enabled, will automatically be deleted at sign-out. -* If admin accounts are necessary on the PC - * Ensure the PC is joined to a domain that enables accounts to be signed on as admin, or - * Create admin accounts before setting up shared PC mode, or - * Create exempt accounts before signing out. -* The account management service supports accounts that are exempt from deletion. - * An account can be marked exempt from deletion by adding the account SID to the `HKEY_LOCAL_MACHINE\SOFTARE\Microsoft\Windows\CurrentVersion\SharedPC\Exemptions\` registry key. - * To add the account SID to the registry key using PowerShell: - - ``` - $adminName = "LocalAdmin" - $adminPass = 'Pa$$word123' - iex "net user /add $adminName $adminPass" - $user = New-Object System.Security.Principal.NTAccount($adminName) - $sid = $user.Translate([System.Security.Principal.SecurityIdentifier]) - $sid = $sid.Value; - New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\SharedPC\Exemptions\$sid" -Force - ``` - -## Custom images -Shared PC mode is fully compatible with custom images that may be created by IT departments. Create a custom image and then use sysprep with the `/oobe` flag to create an image that teachers can then apply the Set up School PCs provisioning package to. [Learn more about sysprep](https://technet.microsoft.com/en-us/library/cc721940(v=ws.10).aspx). - -## Provisioning package details - -The Set up School PCs app produces a specialized provisioning package that makes use of the [SharedPC configuration service provider (CSP)](https://msdn.microsoft.com/en-us/library/windows/hardware/mt723294%28v=vs.85%29.aspx). - -### Education customizations set by local MDM policy - -- By default, saving content locally to the PC is blocked, but you can choose to enable it. This prevents data loss by forcing students to save to the cloud. -- A custom Start layout, taskbar layout, and lock screen image are set. -- Prohibits unlocking the PC to developer mode. -- Prohibits untrusted Microsoft Store apps from being installed. -- Prohibits students from removing MDM. -- Prohibits students from adding new provisioning packages. -- Prohibits student from removing existing provisioning packages (including the one set by Set up School PCs). -- Sets Windows Update to update nightly. - - -### Uninstalled apps - -- 3D Builder (Microsoft.3DBuilder_8wekyb3d8bbwe) -- Weather (Microsoft.BingWeather_8wekyb3d8bbwe) -- Tips (Microsoft.Getstarted_8wekyb3d8bbwe) -- Get Office (Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe) -- Microsoft Solitaire Collection (Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) -- Paid Wi-Fi & Cellular (Microsoft.OneConnect_8wekyb3d8bbwe) -- Feedback Hub (Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe) -- Xbox (Microsoft.XboxApp_8wekyb3d8bbwe) -- Mail/Calendar (microsoft.windowscommunicationsapps_8wekyb3d8bbwe) - -### Local Group Policies - -> [!IMPORTANT] -> We do not recommend setting additional policies on PCs configured with the Set up School PCs app. The shared PC mode is optimized to be fast and reliable over time with minimal to no manual maintenance required. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Policy path

    Policy name

    Value

    Admin Templates > Control Panel > Personalization

    Prevent enabling lock screen slide show

    Enabled

    Prevent changing lock screen and logon image

    Enabled

    Admin Templates > System > Power Management > Button Settings

    Select the Power button action (plugged in)

    Sleep

    Select the Power button action (on battery)

    Sleep

    Select the Sleep button action (plugged in)

    Sleep

    Select the lid switch action (plugged in)

    Sleep

    Select the lid switch action (on battery)

    Sleep

    Admin Templates > System > Power Management > Sleep Settings

    Require a password when a computer wakes (plugged in)

    Enabled

    Require a password when a computer wakes (on battery)

    Enabled

    Specify the system sleep timeout (plugged in)

    5 minutes

    Specify the system sleep timeout (on battery)

    5 minutes

    Turn off hybrid sleep (plugged in)

    Enabled

    Turn off hybrid sleep (on battery)

    Enabled

    Specify the unattended sleep timeout (plugged in)

    5 minutes

    Specify the unattended sleep timeout (on battery)

    5 minutes

    Allow standby states (S1-S3) when sleeping (plugged in)

    Enabled

    Allow standby states (S1-S3) when sleeping (on battery)

    Enabled

    Specify the system hibernate timeout (plugged in)

    Enabled, 0

    Specify the system hibernate timeout (on battery)

    Enabled, 0

    Admin Templates>System>Power Management>Video and Display Settings

    Turn off the display (plugged in)

    5 minutes

    Turn off the display (on battery)

    5 minutes

    Admin Templates>System>Power Management>Energy Saver Settings

    Energy Saver Battery Threshold (on battery)

    70

    Admin Templates>System>Logon

    Show first sign-in animation

    Disabled

    Hide entry points for Fast User Switching

    Enabled

    Turn on convenience PIN sign-in

    Disabled

    Turn off picture password sign-in

    Enabled

    Turn off app notification on the lock screen

    Enabled

    Allow users to select when a password is required when resuming from connected standby

    Disabled

    Block user from showing account details on sign-in

    Enabled

    Admin Templates>System>User Profiles

    Turn off the advertising ID

    Enabled

    Admin Templates>Windows Components>Biometrics

    Allow the use of biometrics

    Disabled

    Allow users to log on using biometrics

    Disabled

    Allow domain users to log on using biometrics

    Disabled

    Admin Templates>Windows Components>Cloud Content

    Do not show Windows Tips

    Enabled

    Turn off Microsoft consumer experiences

    Enabled

    Admin Templates>Windows Components>Data Collection and Preview Builds

    Toggle user control over Insider builds

    Disabled

    Disable pre-release features or settings

    Disabled

    Do not show feedback notifications

    Enabled

    Allow Telemetry

    Basic, 0

    Admin Templates > Windows Components > File Explorer

    Show lock in the user tile menu

    Disabled

    Admin Templates > Windows Components > Maintenance Scheduler

    Automatic Maintenance Activation Boundary

    *MaintenanceStartTime*

    Automatic Maintenance Random Delay

    Enabled, 2 hours

    Automatic Maintenance WakeUp Policy

    Enabled

    Admin Templates > Windows Components > OneDrive

    Prevent the usage of OneDrive for file storage

    Enabled

    Admin Templates > Windows Components > Windows Hello for Business

    Use phone sign-in

    Disabled

    Use Windows Hello for Business

    Disabled

    Use biometrics

    Disabled

    Windows Settings > Security Settings > Local Policies > Security Options

    Accounts: Block Microsoft accounts

    **Note** Microsoft accounts can still be used in apps.

    Enabled

    Interactive logon: Do not display last user name

    Enabled

    Interactive logon: Sign-in last interactive user automatically after a system-initiated restart

    Disabled

    User Account Control: Behavior of the elevation prompt for standard users

    Auto deny


    - -## Use the app -When you're ready to use the app, see [Use Set up School PCs app](use-set-up-school-pcs-app.md). - -## Related topics - -[Set up Windows devices for education](set-up-windows-10.md) diff --git a/education/windows/set-up-school-pcs-whats-new.md b/education/windows/set-up-school-pcs-whats-new.md new file mode 100644 index 0000000000..4d555813ad --- /dev/null +++ b/education/windows/set-up-school-pcs-whats-new.md @@ -0,0 +1,67 @@ +--- +title: What's new in the Windows Set up School PCs app +description: Find out about app updates and new features in Set up School PCs. +keywords: shared cart, shared PC, school, set up school pcs +ms.prod: w10 +ms.mktglfcycl: plan +ms.sitesec: library +ms.pagetype: edu +ms.localizationpriority: medium +author: lenewsad +ms.author: lanewsad +ms.date: 01/11/2019 +--- + +# What's new in Set up School PCs +Learn what’s new with the Set up School PCs app each week. Find out about new app features and functionality, and see updated screenshots. You'll also find information about past releases. + +## Week of December 31, 2019 + +### Add Microsoft Whiteboard to provisioning package +Microsoft Whiteboard has been added to the list of Microsoft-recommended apps for schools. Whiteboard is a freeform digital canvas where ideas, content, and people come together so students can create and collaborate in real time in the classroom. You can add Whiteboard to your provisioning package in Set up School PCs, on the **Add apps** page. For more information see [Use Set up School PCs app](use-set-up-school-pcs-app.md#create-the-provisioning-package). + +## Week of November 5, 2018 + +### Sync school app inventory from Microsoft Store +During setup, you can now add apps from your school's Microsoft Store inventory. After you sign in with your school's Office 365 account, Set up School PCs will sync the apps from Microsoft Store, and make them visible on the **Add apps** page. For more information about adding apps, see [Use Set Up School PCs app](use-set-up-school-pcs-app.md#create-the-provisioning-package). + + +## Week of October 15, 2018 + +The Set up School PCs app was updated with the following changes: + +### Three new setup screens added to the app +The following screens and functionality were added to the setup workflow. Select any screenname to view the relevant steps and screenshots in the Set Up School PCs docs. + +* [**Package name**](use-set-up-school-pcs-app.md#package-name): Customize a package name to make it easy to recognize it from your school's other packages. The name is generated by Azure Active Directory and appears as the filename and as the token name in Azure AD in the Azure portal. + +* [**Product key**](use-set-up-school-pcs-app.md#product-key): Enter a product key to upgrade your current edition of Windows 10, or change the existing product key. + +* [**Personalization**](use-set-up-school-pcs-app.md#personalization): Upload images from your computer to customize how the lock screen and background appears on student devices. + +### Azure AD token expiration extended to 180 days +Packages now expire 180 days from the date you create them. + +### Updated apps with more helpful, descriptive text +We've updated the app's **Skip** buttons to clarify the intent of each action. You'll also see an **Exit** button on the last page of the app. + +### Option to keep existing device names +The [**Name these devices** screen](use-set-up-school-pcs-app.md#device-names) now gives you the option to keep the orginal or existing names of your student devices. + +### Skype and Messaging apps to be removed from student PCs by default +We've added the Skype and Messaging app to a selection of apps that are, by default, removed from student devices. + + +## Next steps +Learn more about setting up devices with the Set up School PCs app. +* [What's in my provisioning package?](set-up-school-pcs-provisioning-package.md) +* [Shared PC mode for schools](set-up-school-pcs-shared-pc-mode.md) +* [Set up School PCs technical reference](set-up-school-pcs-technical.md) +* [Set up Windows 10 devices for education](set-up-windows-10.md) + +When you're ready to create and apply your provisioning package, see [Use Set up School PCs app](use-set-up-school-pcs-app.md). + + + + + diff --git a/education/windows/set-up-students-pcs-to-join-domain.md b/education/windows/set-up-students-pcs-to-join-domain.md index 35a9fc88f6..a14aa4c69b 100644 --- a/education/windows/set-up-students-pcs-to-join-domain.md +++ b/education/windows/set-up-students-pcs-to-join-domain.md @@ -2,8 +2,7 @@ title: Set up student PCs to join domain description: Learn how to use Configuration Designer to easily provision student devices to join Active Directory. keywords: school, student PC setup, Windows Configuration Designer -ms.prod: W10 -ms.technology: Windows +ms.prod: w10 ms.mktglfcycl: plan ms.sitesec: library ms.localizationpriority: medium @@ -23,7 +22,7 @@ If your school uses Active Directory, use the Windows Configuration Designer too Follow the instructions in [Install Windows Configuration Designer](https://technet.microsoft.com/itpro/windows/configure/provisioning-install-icd). ## Create the provisioning package -Follow the steps in [Provision PCs with common settings for initial deployment (desktop wizard)](https://technet.microsoft.com/en-us/itpro/windows/configure/provision-pcs-for-initial-deployment). However, make a note of these steps to further customize the provisioning package for use in a school that will join a student PC to a domain: +Follow the steps in [Provision PCs with common settings for initial deployment (desktop wizard)](https://technet.microsoft.com/itpro/windows/configure/provision-pcs-for-initial-deployment). However, make a note of these steps to further customize the provisioning package for use in a school that will join a student PC to a domain: 1. In the **Account Management** step: @@ -56,7 +55,7 @@ Follow the steps in [Provision PCs with common settings for initial deployment ( 5. To configure other settings to make Windows education ready, see [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md) and follow the guidance on what settings you can set using Windows Configuration Designer. -6. Follow the steps to [build a package](https://technet.microsoft.com/en-us/itpro/windows/configure/provisioning-create-package#build-package). +6. Follow the steps to [build a package](https://technet.microsoft.com/itpro/windows/configure/provisioning-create-package#build-package). - You will see the file path for your provisioning package. By default, this is set to %windir%\Users\*your_username*\Windows Imaging and Configuration Designer (WICD)\*Project name*). - Copy the provisioning package to a USB drive. @@ -65,7 +64,7 @@ Follow the steps in [Provision PCs with common settings for initial deployment ( ## Apply package -Follow the steps in [Apply a provisioning package](https://technet.microsoft.com/en-us/itpro/windows/configure/provisioning-apply-package) to apply the package that you created. +Follow the steps in [Apply a provisioning package](https://technet.microsoft.com/itpro/windows/configure/provisioning-apply-package) to apply the package that you created. diff --git a/education/windows/set-up-students-pcs-with-apps.md b/education/windows/set-up-students-pcs-with-apps.md index 225541c3e4..77b6702db0 100644 --- a/education/windows/set-up-students-pcs-with-apps.md +++ b/education/windows/set-up-students-pcs-with-apps.md @@ -3,7 +3,6 @@ title: Provision student PCs with apps description: Learn how to use Configuration Designer to easily provision student devices to join Active Directory. keywords: shared cart, shared PC, school, provision PCs with apps, Windows Configuration Designer ms.prod: w10 -ms.technology: Windows ms.pagetype: edu ms.mktglfcycl: plan ms.sitesec: library @@ -19,13 +18,13 @@ ms.date: 10/13/2017 - Windows 10 -To create and apply a provisioning package that contains apps to a device running all desktop editions of Windows 10 except Windows 10 Home, follow the steps in [Provision PCs with apps](https://technet.microsoft.com/en-us/itpro/windows/configure/provision-pcs-with-apps). +To create and apply a provisioning package that contains apps to a device running all desktop editions of Windows 10 except Windows 10 Home, follow the steps in [Provision PCs with apps](https://technet.microsoft.com/itpro/windows/configure/provision-pcs-with-apps). Provisioning packages can include management instructions and policies, installation of specific apps, customization of network connections and policies, and more. You can apply a provisioning package on a USB drive to off-the-shelf devices during setup, making it fast and easy to configure new devices. -- If you want to [provision a school PC to join a domain](set-up-students-pcs-to-join-domain.md) and add apps in the same provisioning package, follow the steps in [Provision PCs with apps](https://technet.microsoft.com/en-us/itpro/windows/configure/provision-pcs-with-apps). -- If you want to provision a school PC to join Azure AD, set up the PC using the steps in [Use Set up School PCs App](use-set-up-school-pcs-app.md). Set up School PCs now lets you add recommended apps from the Store so you can add these apps while you're creating your package through Set up School PCs. You can also follow the steps in [Provision PCs with apps](https://technet.microsoft.com/en-us/itpro/windows/configure/provision-pcs-with-apps) if you want to add apps to student PCs after initial setup with the Set up School PCs package. +- If you want to [provision a school PC to join a domain](set-up-students-pcs-to-join-domain.md) and add apps in the same provisioning package, follow the steps in [Provision PCs with apps](https://technet.microsoft.com/itpro/windows/configure/provision-pcs-with-apps). +- If you want to provision a school PC to join Azure AD, set up the PC using the steps in [Use Set up School PCs App](use-set-up-school-pcs-app.md). Set up School PCs now lets you add recommended apps from the Store so you can add these apps while you're creating your package through Set up School PCs. You can also follow the steps in [Provision PCs with apps](https://technet.microsoft.com/itpro/windows/configure/provision-pcs-with-apps) if you want to add apps to student PCs after initial setup with the Set up School PCs package. + + + + + + .. -</MachineConfiguration> + + +``` + +#### Subsystems + +AppExtensions and other subsystems arranged as subnodes. + +```XML + + + .. -</MachineConfiguration> + -</DeploymentConfiguration> +.. -**User Configuration** - use the previous **Dynamic User Configuration file** section for information on settings that are provided in the user configuration section of the Deployment Configuration file. + -Machine Configuration - the Machine configuration section of the Deployment Configuration File is used to configure information that can be set only for an entire machine, not for a specific user on the computer. For example, HKEY\_LOCAL\_MACHINE registry keys in the Virtual Registry. There are four subsections allowed in under this element +``` -1. **Subsystems** - AppExtensions and other subsystems are arranged as subnodes under <Subsystems>: +You can enable or disable each subsystem using the **Enabled** attribute. - <MachineConfiguration> +**Extensions** -   <Subsystems> +Some subsystems (extension subsystems) control extensions. Those subsystems are Shortcuts, File-Type associations, URL Protocols, AppPaths, Software Clients, and COM. -   .. +Extension subsystems can be enabled and disabled independently of the content. For example, if you enable Shortcuts, the client uses the Shortcuts contained within the manifest by default. Each extension subsystem can contain an \ node. If this child element is present, the client ignores the content in the manifest file for that subsystem and only use the content in the configuration file. -   </Subsystems> +_**Examples:**_ - .. +- If you define this in either the user or deployment config file, the content in the manifest gets ignored. - </MachineConfiguration> + ```XML - The following section displays the various subsystems and usage samples. + - **Extensions**: + - Some subsystems (Extension Subsystems) control Extensions which can only apply to all users. The subsystem is application capabilities. Because this can only apply to all users, the package must be published globally in order for this type of extension to be integrated into the local system. The same rules for controls and settings that apply to the Extensions in the User Configuration also apply to those in the MachineConfiguration section. + ... - **Application Capabilities**: Used by default programs in windows operating system Interface. Allows an application to register itself as capable of opening certain file extensions, as a contender for the start menu internet browser slot, as capable of opening certain windows MIME types.  This extension also makes the virtual application visible in the Set Default Programs UI.: + - <ApplicationCapabilities Enabled="true"> + -   <Extensions> + ``` +- If you define only the following, the content in the manifest gets integrated during publishing. + + ```XML -    <Extension Category="AppV.ApplicationCapabilities"> + -     <ApplicationCapabilities> + ``` -      <ApplicationId>\[{PackageRoot}\]\\LitView\\LitViewBrowser.exe</ApplicationId> +- If you define the following, all Shortcuts within the manifest still get ignored. In other words, no Shortcuts get integrated. -      <Reference> + ```XML -       <Name>LitView Browser</Name> + -       <Path>SOFTWARE\\LitView\\Browser\\Capabilities</Path> + -      </Reference> + -    <CapabilityGroup> + ``` -     <Capabilities> +_**Supported extension subsystems:**_ -      <Name>@\[{ProgramFilesX86}\]\\LitView\\LitViewBrowser.exe,-12345</Name> +**Shortcuts** extension subsystem controls what shortcuts get integrated into the local system. -      <Description>@\[{ProgramFilesX86}\]\\LitView\\LitViewBrowser.exe,-12346</Description> +```XML -      <Hidden>0</Hidden> + -      <EMailSoftwareClient>Lit View E-Mail Client</EMailSoftwareClient> + -      <FileAssociationList> + -       <FileAssociation Extension=".htm" ProgID="LitViewHTML" /> + -       <FileAssociation Extension=".html" ProgID="LitViewHTML" /> + -       <FileAssociation Extension=".shtml" ProgID="LitViewHTML" /> + [{Common Programs}]\Microsoft Contoso\Microsoft ContosoApp Filler 2010.lnk -      </FileAssociationList> + [{PackageRoot}]\Contoso\ContosoApp.EXE -      <MIMEAssociationList> + + [{Windows}]\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe -       <MIMEAssociation Type="audio/mp3" ProgID="LitViewHTML" /> + -       <MIMEAssociation Type="audio/mpeg" ProgID="LitViewHTML" /> + -      </MIMEAssociationList> + ContosoApp.Filler.3 -     <URLAssociationList> + Fill out dynamic forms to gather and reuse information throughout the organization using Microsoft ContosoApp. -       <URLAssociation Scheme="http" ProgID="LitViewHTML.URL.http" /> + 0 -      </URLAssociationList> + 1 + + [{PackageRoot}]\Contoso\ContosoApp.EXE -      </Capabilities> + -   </CapabilityGroup> + -    </ApplicationCapabilities> + -   </Extension> + + + [{AppData}]\Microsoft\Contoso\Recent\Templates.LNK - </Extensions> + [{AppData}]\Microsoft\Templates - </ApplicationCapabilities> + - **Other Settings**: + - In addition to Extensions, other subsystems can be edited: + - **Machine Wide Virtual Registry**: Used when you want to set a registry key in the virtual registry within HKEY\_Local\_Machine + - <Registry> + - <Include> + 0 -   <Key Path="\\REGISTRY\\Machine\\Software\\ABC"> + 1 -     <Value Type="REG\_SZ" Name="Bar" Data="Baz" /> + -    </Key> + -   <Key Path="\\REGISTRY\\Machine\\Software\\EmptyKey" /> + -  </Include> + - <Delete> + - </Registry> +``` - **Machine Wide Virtual Kernel Objects** +**File-Type Associates** extension subsystem associates file types with programs to open by default as well as set up the context menu. - <Objects> +>[!TIP] +>You can set up the subsystem with MIME types. - <NotIsolate> +```XML -    <Object Name="testObject" /> + -  </NotIsolate> + - </Objects> + -2. **ProductSourceURLOptOut**: Indicates whether the URL for the package can be modified globally through PackageSourceRoot (to support branch office scenarios). Default is false and the setting change takes effect on the next launch.   + - <MachineConfiguration> + -   ..  + .docm -   <ProductSourceURLOptOut Enabled="true" /> + contosowordpad.DocumentMacroEnabled.12 -   .. + document + + application/vnd.ms-contosowordpad.document.macroEnabled.12 - </MachineConfiguration> + -3. **MachineScripts** – Package can be configured to execute scripts at time of deployment, publishing or removal. Please reference a sample deployment configuration file that is generated by the sequencer to see a sample script. The Scripts section below provides more information on the various triggers that can be used + wincontosowordpad.exe -4. **TerminateChildProcess**:- An application executable can be specified, whose child processes will be terminated when the application exe process is terminated. + - <MachineConfiguration> + -   ..    + contosowordpad.8 -   <TerminateChildProcesses> + -     <Application Path="\[{PackageRoot}\]\\Contoso\\ContosoApp.EXE" /> + -     <Application Path="\[{PackageRoot}\]\\LitView\\LitViewBrowser.exe" /> + -     <Application Path="\[{ProgramFilesX86}\]\\Microsoft Contoso\\Contoso\\contosomail.EXE" /> + -   </TerminateChildProcesses> + -   .. + - </MachineConfiguration> + true -### Scripts + + + + + + + + + + + + + + + contosowordpad.DocumentMacroEnabled.12 + + [{Windows}]\Installer\{90140000-0011-0000-0000-000000FF1CE}\contosowordpadicon.exe,15 + + Blah Blah Blah + + [{FOLDERID_ProgramFilesX86}]\Microsoft Contoso 14\res.dll,9182 + + [{FOLDERID_ProgramFilesX86}]\Microsoft Contoso 14\res.dll,1424 + + 0 + + + + Open + + + + {e56fa627-c35f-4a01-9e79-7d36aed8225a} + + Edit + + &Edit + + "[{PackageRoot}]\Contoso\WINcontosowordpad.EXE" /vu "%1" + + + + + + {e56fa627-c35f-4a01-9e79-7d36aed8225a} + + Open + + &Open + + "[{PackageRoot}]\Contoso\WINcontosowordpad.EXE" /n "%1" + + + + + + mscontosowordpad + + ShellSystem + + [SHELLNOOP] + + [SetForeground][ShellNewDatabase"%1"] + + + + + + + + + + + + + + + + + +``` + +**URL Protocols** extension subsystem controls the URL protocols integrated into the local registry of the client machine, for example, _mailto:_. + +```XML + + + + + + + + + + mailto + + + + [{ProgramFilesX86}]\MicrosoftContoso\Contoso\contosomail.EXE,-9403 + + 2 + + + + + + + + + + + + + + + + 2 + + + + + + open + + + + [{ProgramFilesX86}]\Microsoft Contoso\Contoso\contosomail.EXE + + open + + [{ProgramFilesX86}\Microsoft Contoso\Contoso\contosomail.EXE" -c OEP.Note /m "%1" + + + + + + 0 + + 0 + + 2 + + + + + + contosomail + + ShellSystem + + [SHELLNOOP] + + [SetForeground][ShellNewDatabase "%1"] + + + + + + + + + + + + + + + + + +``` + +**Software Clients** extension subsystem allows the app to register as an email client, news reader, media player and makes the app visible in the Set program access and Computer defaults UI. In most cases, you should only need to enable and disable it. There is also a control to enable and disable the email client specifically if you want the other clients still enabled except for that client. + +```XML + + + + + + + +``` + +**AppPaths** extension subsystem opens apps registered with an application path. For example, if contoso.exe has an apppath name of _myapp_, users can type _myapp_ from the run menu, opening contoso.exe. + +```XML + + + + + + + + + + [{ProgramFilesX86}]\Microsoft Contoso\Contoso\contosomail.EXE + + contosomail.exe + + [{ProgramFilesX86}]\Microsoft Contoso\Contoso\contosomail.EXE + + + + false + + + + + + + + + + + +``` + +**COM** extensions subsystem allows an application registered to local COM servers. The mode can be: + +- Integration +- Isolated +- Off + +```XML + + + +``` + +**Virtual Kernel Objects** + +```XML + + + +``` + +**Virtual Registry** sets a registry in the virtual registry within HKCU. + +```XML + + + + + + + + + + + + + + + + + + + +``` + +**Virtual File System** + +```XML + + + +``` + +**Virtual Fonts** + +```XML + + + +``` + +**Virtual Environment Variables** + +```XML + + + + + + + + + + + + + + + + + + + +``` + +**Virtual services** + +```XML + + + +``` + +#### UserScripts + +Use UserScripts to set up or alter the virtual environment. You can also execute scripts at the time of deployment or to clean up the environment after the application terminates. To see a sample script, refer to the user configuration file generated by the sequencer. +The Scripts section below provides more information on the various triggers that can be used. + +#### ManagingAuthority + +Use ManagingAuthority when two versions of your package co-exist on the same machine, one deployed to App-V 4.6 and another deployed on App-V 5.0. To allow App-V vNext to take over App-V 4.6 extension points for the named package enter the following in the UserConfig file (where PackageName is the Package GUID in App-V 4.6: + +```XML + + + +``` + +## Deployment configuration file (DeploymentConfig.xml) + +The DeploymentConfig file provides configuration settings for machine context and user context, providing the same capabilities listed in the UserConfig file. The setting get applied when deploying the package to a computer running the App-V 5.1 client. + +Use the DeploymentConfig file to specify or modify custom settings for a package: + +- All UserConfig settings +- Extensions that can only be applied globally for all users +- Virtual subsystems for global machine locations, for example, registry +- Product source URL +- Scripts (machine context only) +- Controls to terminate child processes + +### Header + +The header of a dynamic deployment configuration file looks like: + +```XML + +``` + +The **PackageId** is the same value as exists in the manifest file. + +### Body + +The body of the dynamic deployment configuration file includes two sections: + +- **UserConfiguration:** allows the same content as the user configuration file described in the previous section. When publishing the package to a user, any appextensions configuration settings in this section override corresponding settings in the manifest within the package, unless you provide a user configuration file. If also providing a UserConfig file, it gets used instead of the User settings in the deployment configuration file. If publishing the package globally, then only the contents of the deployment configuration file get used in combination with the manifest. For more details, see [User configuration file contents (UserConfig.xml)](#user-configuration-file-contents-userconfigxml). + +- **MachineConfiguration:** contains information that can be configured only for an entire machine, not for a specific user on the machine. For example, HKEY_LOCAL_MACHINE registry keys in the VFS. + +```XML + + + + + +... + + + + + +... + + + +... + + + + + +``` + +### UserConfiguration + +Refer to [User configuration file contents (UserConfig.xml)](#user-configuration-file-contents-userconfigxml) for information on the settings provided for this section. + +### MachineConfiguration + +Use the MachineConfiguration section to configure information for an entire machine; not for a specific user on the computer. For example, HKEY_LOCAL_MACHINE registry keys in the virtual registry. There are four subsections allowed in under this element: + +1. **[Subsystems](#subsystems-1)** +2. **[ProductSourceURLOptOut](#productsourceurloptout)** +3. **[MachineScripts](#machinescripts)** +4. **[TerminateChildProcess](#terminatechildprocess)** + +#### Subsystems + +AppExtensions and other subsystems arranged as subnodes. + +```XML + + + + + + … + + + +… + + + +``` + +You can enable or disable each subsystem using the **Enabled** attribute. + +**Extensions** + +Some subsystems (extension subsystems) control extensions. The subsystem is Application Capabilities that default programs use. For this type of extension, the package must be published globally for integration into the local system. The same rules for controls and settings that apply to the Extensions in the User Configuration also, apply to those in the MachineConfiguration section. + +**Application Capabilities**: Used by default programs that allow an application to register itself as: + +- Capable of opening specific file extensions +- A contender for the start menu internet browser slot +- Capable of opening specific windows MIME types + +This extension also makes the virtual application visible in the Set default programs UI. + +```XML + + + + + + + + + + + [{PackageRoot}]\LitView\LitViewBrowser.exe + + + + LitView Browser + + SOFTWARE\LitView\Browser\Capabilities + + + + + + + + + @[{ProgramFilesX86}]\LitView\LitViewBrowser.exe,-12345 + + + @[{ProgramFilesX86}]\LitView\LitViewBrowser.exe,-12346 + + 0 + + Lit View E-Mail Client + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +``` + +_**Supported extension subsystems:**_ + +**Machine Wide Virtual Registry** extension subsystem sets a registry key in the virtual registry within HKEY_Local_Machine. + +```XML + + + + + + + + + + + + + + + + + + + +``` + +**Machine Wide Virtual Kernel Objects** + +```XML + + + + + + + + + + + +``` + +#### ProductSourceURLOptOut + +Use ProductSourceURLOptOut to indicate that the URL for the package can be modified globally through _PackageSourceRoot_ (to support branch office scenarios). Changes take effect on the next launch. + +```XML + + + + ... + + + + ... + + + +``` + +#### MachineScripts + +The package can be configured to execute scripts at time of deployment, publishing or removal. To see a sample script, refer to the deployment configuration file generated by the sequencer. + +The Scripts section below provides more information on the various triggers that can be used. + +#### TerminateChildProcess + +An application executable can be specified, whose child processes get terminated when the application exe process terminates. + +```XML + + + + ... + + + + + + + + + + + + ... + + + +``` + + + +## Scripts The following table describes the various script events and the context under which they can be run. - -------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Script Execution TimeCan be specified in Deployment ConfigurationCan be specified in User ConfigurationCan run in the Virtual Environment of the packageCan be run in the context of a specific applicationRuns in system/user context: (Deployment Configuration, User Configuration)

    AddPackage

    X

    (SYSTEM, N/A)

    PublishPackage

    X

    X

    (SYSTEM, User)

    UnpublishPackage

    X

    X

    (SYSTEM, User)

    RemovePackage

    X

    (SYSTEM, N/A)

    StartProcess

    X

    X

    X

    X

    (User, User)

    ExitProcess

    X

    X

    X

    (User, User)

    StartVirtualEnvironment

    X

    X

    X

    (User, User)

    TerminateVirtualEnvironment

    X

    X

    (User, User)

    - -  +| Script Execution Time | Can be specified in Deployment Configuration | Can be specified in User Configuration | Can run in the Virtual Environment of the package | Can be run in the context of a specific application | Runs in system/user context: (Deployment Configuration, User Configuration) | +|-----------------------------|----------------------------------------------|----------------------------------------|---------------------------------------------------|-----------------------------------------------------|-----------------------------------------------------------------------------| +| AddPackage | X | | | | (SYSTEM, N/A) | +| PublishPackage | X | X | | | (SYSTEM, User) | +| UnpublishPackage | X | X | | | (SYSTEM, User) | +| RemovePackage | X | | | | (SYSTEM, N/A) | +| StartProcess | X | X | X | X | (User, User) | +| ExitProcess | X | X | | X | (User, User) | +| StartVirtualEnvironment | X | X | X | | (User, User) | +| TerminateVirtualEnvironment | X | X | | | (User, User) | ### Using multiple scripts on a single event trigger -App-V 5.1 supports the use of multiple scripts on a single event trigger for App-V packages, including packages that you convert from App-V 4.6 to App-V 5.0 or later. To enable the use of multiple scripts, App-V 5.1 uses a script launcher application, named ScriptRunner.exe, which is installed as part of the App-V client installation. +App-V 5.1 supports the use of multiple scripts on a single event trigger for +App-V packages, including packages that you convert from App-V 4.6 to App-V 5.0 +or later. To enable the use of multiple scripts, App-V 5.1 uses a script +launcher application, named ScriptRunner.exe, which is installed as part of the +App-V client installation. -**How to use multiple scripts on a single event trigger:** +### How to use multiple scripts on a single event trigger -For each script that you want to run, pass that script as an argument to the ScriptRunner.exe application. The application then runs each script separately, along with the arguments that you specify for each script. Use only one script (ScriptRunner.exe) per trigger. +For each script that you want to run, pass that script as an argument to the +ScriptRunner.exe application. The application then runs each script separately, +along with the arguments that you specify for each script. Use only one script +(ScriptRunner.exe) per trigger. -**Note**   -We recommended that you run the multi-script line from a command prompt first to make sure that all arguments are built correctly before adding them to the deployment configuration file. +>[!NOTE] -  +>We recommended that you run the multi-script line from a command prompt +first to make sure that all arguments are built correctly before adding them to +the deployment configuration file. -**Example script and parameter descriptions** +### Example script and parameter descriptions -Using the following example file and table, modify the deployment or user configuration file to add the scripts that you want to run. +Using the following example file and table, modify the deployment or user +configuration file to add the scripts that you want to run. -``` syntax +```XML ScriptRunner.exe @@ -885,89 +913,64 @@ Using the following example file and table, modify the deployment or user config ``` - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
    Parameter in the example fileDescription

    <AddPackage>

    Name of the event trigger for which you are running a script, such as adding a package or publishing a package.

    <Path>ScriptRunner.exe</Path>

    The script launcher application that is installed as part of the App-V client installation.

    -
    -Note   -

    Although ScriptRunner.exe is installed as part of the App-V client, the location of the App-V client must be in %path% or ScriptRunner will not run. ScriptRunner.exe is typically located in the C:\Program Files\Microsoft Application Virtualization\Client folder.

    -
    -
    -  -
    <Arguments>
--appvscript script1.exe arg1 arg2 –appvscriptrunnerparameters –wait –timeout=10
 
--appvscript script2.vbs arg1 arg2
+**Parameters in the example file include:**
 
--appvscript script3.bat arg1 arg2 –appvscriptrunnerparameters –wait –timeout=30 -rollbackonerror
-</Arguments>

    -appvscript - Token that represents the actual script that you want to run.

    -

    script1.exe – Name of the script that you want to run.

    -

    arg1 arg2 – Arguments for the script that you want to run.

    -

    -appvscriptrunnerparameters – Token that represents the execution options for script1.exe

    -

    -wait – Token that informs ScriptRunner to wait for execution of script1.exe to complete before proceeding to the next script.

    -

    -timeout=x – Token that informs ScriptRunner to stop running the current script after x number of seconds. All other specified scripts will still run.

    -

    -rollbackonerror – Token that informs ScriptRunner to stop running all scripts that haven't yet run and to roll back an error to the App-V client.

    <Wait timeout=”40” RollbackOnError=”true”/>

    Waits for overall completion of ScriptRunner.exe.

    -

    Set the timeout value for the overall runner to be greater than or equal to the sum of the timeout values on the individual scripts.

    -

    If any individual script reported an error and rollbackonerror was set to true, then ScriptRunner would report the error to App-V client.

    +#### \ -  +Name of the event trigger for which you are running a script, such as adding a package or publishing a package. -ScriptRunner will run any script whose file type is associated with an application installed on the computer. If the associated application is missing, or the script’s file type is not associated with any application on the computer, the script will not run. +#### \ScriptRunner.exe\ -### Create a Dynamic Configuration file using an App-V 5.1 Manifest file +The script launcher application that is installed as part of the App-V client installation. -You can create the Dynamic Configuration file using one of three methods: either manually, using the App-V 5.1 Management Console or sequencing a package, which will be generated with 2 sample files. +>[!NOTE] -For more information about how to create the file using the App-V 5.1 Management Console see, [How to Create a Custom Configuration File by Using the App-V 5.1 Management Console](how-to-create-a-custom-configuration-file-by-using-the-app-v-51-management-console.md). +>Although ScriptRunner.exe is installed as part of the App-V client, the location of the App-V client must be in %path% or ScriptRunner will not run. ScriptRunner.exe is typically located in the C:FilesApplication Virtualizationfolder. + +#### \ + +`-appvscript` - Token that represents the actual script that you want to run. + +`script1.exe` – Name of the script that you want to run. + +`arg1 arg2` – Arguments for the script that you want to run. + +`-appvscriptrunnerparameters` – Token that represents the execution options for script1.exe. + +`-wait` – Token that informs ScriptRunner to wait for execution of script1.exe to complete before proceeding to the next script. + +`-timeout=x` – Token that informs ScriptRunner to stop running the current script after x number of seconds. All other specified scripts still runs. + +`-rollbackonerror` – Token that informs ScriptRunner to stop running all scripts that haven't yet run and to roll back an error to the App-V client. + +#### \ + +Waits for overall completion of ScriptRunner.exe. + +Set the timeout value for the overall runner to be greater than or equal to the sum of the timeout values on the individual scripts. + +If any individual script reported an error and rollbackonerror was set to true, then ScriptRunner would report the error to App-V client. + +ScriptRunner runs any script whose file type is associated with an application installed on the computer. If the associated application is missing, or the script’s file type is not associated with any application on the computer, the script does not run. + +### Create a dynamic configuration file using an App-V 5.1 manifest file + +You can create the dynamic configuration file using one of three methods: either manually, using the App-V 5.1 Management Console or sequencing a package, which generates two sample files. For more information about how to create the file using the App-V 5.1 Management Console see, [How to create a custom configuration File by using the App-V 5.1 Management Console](how-to-create-a-custom-configuration-file-by-using-the-app-v-51-management-console.md). To create the file manually, the information above in previous sections can be combined into a single file. We recommend you use files generated by the sequencer. ## Got a suggestion for App-V? - -Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). +- Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). +- For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics +- [How to Apply the Deployment Configuration File by Using PowerShell](how-to-apply-the-deployment-configuration-file-by-using-powershell51.md) -[How to Apply the Deployment Configuration File by Using PowerShell](how-to-apply-the-deployment-configuration-file-by-using-powershell51.md) - -[How to Apply the User Configuration File by Using PowerShell](how-to-apply-the-user-configuration-file-by-using-powershell51.md) - -[Operations for App-V 5.1](operations-for-app-v-51.md) - -  - -  - - - +- [How to Apply the User Configuration File by Using PowerShell](how-to-apply-the-user-configuration-file-by-using-powershell51.md) +- [Operations for App-V 5.1](operations-for-app-v-51.md) +--- \ No newline at end of file diff --git a/mdop/appv-v5/about-app-v-51.md b/mdop/appv-v5/about-app-v-51.md index 9f0cdd5170..700251df9c 100644 --- a/mdop/appv-v5/about-app-v-51.md +++ b/mdop/appv-v5/about-app-v-51.md @@ -96,7 +96,7 @@ Review the following information before you start the upgrade:
    Note   -

    Prior to App-V 5.0 SP2, the Client Management User Interface (UI) was provided with the App-V Client installation. For App-V 5.0 SP2 installations (or later), you can use the Client Management UI by downloading from [Application Virtualization 5.0 Client UI Application](http://www.microsoft.com/download/details.aspx?id=41186).

    +

    Prior to App-V 5.0 SP2, the Client Management User Interface (UI) was provided with the App-V Client installation. For App-V 5.0 SP2 installations (or later), you can use the Client Management UI by downloading from [Application Virtualization 5.0 Client UI Application](https://www.microsoft.com/download/details.aspx?id=41186).

      diff --git a/mdop/appv-v5/app-v-50-prerequisites.md b/mdop/appv-v5/app-v-50-prerequisites.md index 8d90940d1b..986a0450c7 100644 --- a/mdop/appv-v5/app-v-50-prerequisites.md +++ b/mdop/appv-v5/app-v-50-prerequisites.md @@ -60,7 +60,7 @@ The following table lists prerequisite information that pertains to specific ope

  • Windows Server 2008

    • You may want to download the following KB:

    -

    [Microsoft Security Advisory: Insecure library loading could allow remote code execution](http://support.microsoft.com/kb/2533623)

    +

    [Microsoft Security Advisory: Insecure library loading could allow remote code execution](https://support.microsoft.com/kb/2533623)

    Be sure to check for subsequent KBs that have superseded this one, and note that some KBs may require that you uninstall previous updates.

    @@ -97,8 +97,8 @@ The following table lists the installation prerequisites for the App-V 5.0 clien

    Software requirements

      -

    • [Microsoft .NET Framework 4 (Full Package)](http://www.microsoft.com/download/details.aspx?id=17718) (http://www.microsoft.com/download/details.aspx?id=17718)

      • -

    • [Windows PowerShell 3.0](http://www.microsoft.com/download/details.aspx?id=34595) (http://www.microsoft.com/download/details.aspx?id=34595)

      +

    • [Microsoft .NET Framework 4 (Full Package)](https://www.microsoft.com/download/details.aspx?id=17718) (http://www.microsoft.com/download/details.aspx?id=17718)

      • +

    • [Windows PowerShell 3.0](https://www.microsoft.com/download/details.aspx?id=34595) (http://www.microsoft.com/download/details.aspx?id=34595)

      Note   @@ -107,7 +107,7 @@ The following table lists the installation prerequisites for the App-V 5.0 clien
       
      • -

    • Download and install [KB2533623](http://support.microsoft.com/kb/2533623) (http://support.microsoft.com/kb/2533623)

      +

    • Download and install [KB2533623](https://support.microsoft.com/kb/2533623) (http://support.microsoft.com/kb/2533623)

      Important   @@ -119,12 +119,12 @@ The following table lists the installation prerequisites for the App-V 5.0 clien

    • The client installer (.exe) will detect if it is necessary to install the following prerequisites, and it will do so accordingly:

        -

      • [Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784) (http://www.microsoft.com/download/details.aspx?id=40784)

        +

      • [Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784) (http://www.microsoft.com/download/details.aspx?id=40784)

        This prerequisite is only required if you have installed Hotfix Package 4 for Application Virtualization 5.0 SP2 or later.

        • -

      • [The Microsoft Visual C++ 2010 Redistributable](http://www.microsoft.com/download/details.aspx?id=26999) (https://go.microsoft.com/fwlink/?LinkId=26999)

        +

      • [The Microsoft Visual C++ 2010 Redistributable](https://www.microsoft.com/download/details.aspx?id=26999) (https://go.microsoft.com/fwlink/?LinkId=26999)

        • -

      • [Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](http://www.microsoft.com/download/details.aspx?id=5638) (http://www.microsoft.com/download/details.aspx?id=5638)

        • +

      • [Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](https://www.microsoft.com/download/details.aspx?id=5638) (http://www.microsoft.com/download/details.aspx?id=5638)

    @@ -157,8 +157,8 @@ The following table lists the installation prerequisites for the App-V 5.0 Remot

    Software requirements

      -

    • [Microsoft.NET Framework 4 (Full Package)](http://www.microsoft.com/download/details.aspx?id=17718) (http://www.microsoft.com/download/details.aspx?id=17718)

      • -

    • [Windows PowerShell 3.0](http://www.microsoft.com/download/details.aspx?id=34595) (http://www.microsoft.com/download/details.aspx?id=34595)

      +

    • [Microsoft.NET Framework 4 (Full Package)](https://www.microsoft.com/download/details.aspx?id=17718) (http://www.microsoft.com/download/details.aspx?id=17718)

      • +

    • [Windows PowerShell 3.0](https://www.microsoft.com/download/details.aspx?id=34595) (http://www.microsoft.com/download/details.aspx?id=34595)

      Note   @@ -179,12 +179,12 @@ The following table lists the installation prerequisites for the App-V 5.0 Remot

    • The client (.exe) installer will detect if it is necessary to install the following prerequisites, and it will do so accordingly:

        -

      • [Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784) (http://www.microsoft.com/download/details.aspx?id=40784)

        +

      • [Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784) (http://www.microsoft.com/download/details.aspx?id=40784)

        This prerequisite is required only if you have installed Hotfix Package 4 for Application Virtualization 5.0 SP2 or later.

        • -

      • [The Microsoft Visual C++ 2010 Redistributable](http://www.microsoft.com/download/details.aspx?id=26999) (https://go.microsoft.com/fwlink/?LinkId=26999)

        +

      • [The Microsoft Visual C++ 2010 Redistributable](https://www.microsoft.com/download/details.aspx?id=26999) (https://go.microsoft.com/fwlink/?LinkId=26999)

        • -

      • [Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](http://www.microsoft.com/download/details.aspx?id=5638) (http://www.microsoft.com/download/details.aspx?id=5638)

        • +

      • [Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](https://www.microsoft.com/download/details.aspx?id=5638) (http://www.microsoft.com/download/details.aspx?id=5638)

    @@ -222,14 +222,14 @@ If the system requirements of a locally installed application exceed the require

    Software requirements

      -

    • [Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784) (http://www.microsoft.com/download/details.aspx?id=40784)

      +

    • [Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784) (http://www.microsoft.com/download/details.aspx?id=40784)

      This prerequisite is required only if you have installed Hotfix Package 4 for Application Virtualization 5.0 SP2.

      • -

    • [Microsoft .NET Framework 4 (Full Package)](http://www.microsoft.com/download/details.aspx?id=17718) (http://www.microsoft.com/download/details.aspx?id=17718)

      +

    • [Microsoft .NET Framework 4 (Full Package)](https://www.microsoft.com/download/details.aspx?id=17718) (http://www.microsoft.com/download/details.aspx?id=17718)

      • -

    • [Windows PowerShell 3.0](http://www.microsoft.com/download/details.aspx?id=34595) (http://www.microsoft.com/download/details.aspx?id=34595)

      +

    • [Windows PowerShell 3.0](https://www.microsoft.com/download/details.aspx?id=34595) (http://www.microsoft.com/download/details.aspx?id=34595)

      • -

    • Download and install [KB2533623](http://support.microsoft.com/kb/2533623) (http://support.microsoft.com/kb/2533623)

      +

    • Download and install [KB2533623](https://support.microsoft.com/kb/2533623) (http://support.microsoft.com/kb/2533623)

    • For computers running Microsoft Windows Server 2008 R2 SP1, download and install [KB2533623](https://go.microsoft.com/fwlink/?LinkId=286102 ) (https://go.microsoft.com/fwlink/?LinkId=286102)

      @@ -256,7 +256,7 @@ The following prerequisites are already installed for computers that run Windows - Windows PowerShell 3.0 -- Download and install [KB2533623](http://support.microsoft.com/kb/2533623) (http://support.microsoft.com/kb/2533623) +- Download and install [KB2533623](https://support.microsoft.com/kb/2533623) (http://support.microsoft.com/kb/2533623) **Important**   You can still download install the previous KB. However, it may have been replaced with a more recent version. @@ -294,8 +294,8 @@ The installation of the App-V 5.0 server on a computer that runs any previous ve

      Management Server

        -

      • [Microsoft .NET Framework 4 (Full Package)](http://www.microsoft.com/download/details.aspx?id=17718) (http://www.microsoft.com/download/details.aspx?id=17718)

        • -

      • [Windows PowerShell 3.0](http://www.microsoft.com/download/details.aspx?id=34595) (http://www.microsoft.com/download/details.aspx?id=34595)

        +

      • [Microsoft .NET Framework 4 (Full Package)](https://www.microsoft.com/download/details.aspx?id=17718) (http://www.microsoft.com/download/details.aspx?id=17718)

        • +

      • [Windows PowerShell 3.0](https://www.microsoft.com/download/details.aspx?id=34595) (http://www.microsoft.com/download/details.aspx?id=34595)

        Note  

        Installing PowerShell 3.0 requires a restart.

        @@ -304,7 +304,7 @@ The installation of the App-V 5.0 server on a computer that runs any previous ve  

      • Windows Web Server with the IIS role enabled and the following features: Common HTTP Features (static content and default document), Application Development (ASP.NET, .NET Extensibility, ISAPI Extensions and ISAPI Filters), Security (Windows Authentication, Request Filtering), Management Tools (IIS Management Console).

        • -

      • Download and install [KB2533623](http://support.microsoft.com/kb/2533623) (http://support.microsoft.com/kb/2533623)

        +

      • Download and install [KB2533623](https://support.microsoft.com/kb/2533623) (http://support.microsoft.com/kb/2533623)

        Important   @@ -313,7 +313,7 @@ The installation of the App-V 5.0 server on a computer that runs any previous ve
         
        • -

      • [Microsoft Visual C++ 2010 SP1 Redistributable Package (x64)](http://www.microsoft.com/download/details.aspx?id=13523) (http://www.microsoft.com/download/details.aspx?id=13523)

        • +

      • [Microsoft Visual C++ 2010 SP1 Redistributable Package (x64)](https://www.microsoft.com/download/details.aspx?id=13523) (http://www.microsoft.com/download/details.aspx?id=13523)

      • [Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=267110) (https://go.microsoft.com/fwlink/?LinkId=267110)

      • 64-bit ASP.NET registration

      @@ -345,7 +345,7 @@ The installation of the App-V 5.0 server on a computer that runs any previous ve  
      -

    • [Microsoft .NET Framework 4 (Full Package)](http://www.microsoft.com/download/details.aspx?id=17718) (http://www.microsoft.com/download/details.aspx?id=17718)

      • +

    • [Microsoft .NET Framework 4 (Full Package)](https://www.microsoft.com/download/details.aspx?id=17718) (http://www.microsoft.com/download/details.aspx?id=17718)

    • [Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=267110)(https://go.microsoft.com/fwlink/?LinkId=267110)

    The App-V 5.0 server components are dependent but they have varying requirements and installation options that must be deployed. Use the following information to prepare your environment to run the App-V 5.0 management database.

    @@ -361,7 +361,7 @@ The installation of the App-V 5.0 server on a computer that runs any previous ve

    Reporting Server

      -

    • [Microsoft .NET Framework 4 (Full Package)](http://www.microsoft.com/download/details.aspx?id=17718) (http://www.microsoft.com/download/details.aspx?id=17718)

      • +

    • [Microsoft .NET Framework 4 (Full Package)](https://www.microsoft.com/download/details.aspx?id=17718) (http://www.microsoft.com/download/details.aspx?id=17718)

    • [Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=267110)(https://go.microsoft.com/fwlink/?LinkId=267110)

    • Note   @@ -388,7 +388,7 @@ The installation of the App-V 5.0 server on a computer that runs any previous ve  
        -

      • [Microsoft .NET Framework 4 (Full Package)](http://www.microsoft.com/download/details.aspx?id=17718) (http://www.microsoft.com/download/details.aspx?id=17718)

        • +

      • [Microsoft .NET Framework 4 (Full Package)](https://www.microsoft.com/download/details.aspx?id=17718) (http://www.microsoft.com/download/details.aspx?id=17718)

      • [Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=267110)(https://go.microsoft.com/fwlink/?LinkId=267110)

      The App-V 5.0 server components are dependent but they have varying requirements and installation options that must be deployed. Use the following information to prepare your environment to run the App-V 5.0 reporting database.

      @@ -404,7 +404,7 @@ The installation of the App-V 5.0 server on a computer that runs any previous ve

      Publishing Server

        -

      • [Microsoft .NET Framework 4 (Full Package)](http://www.microsoft.com/download/details.aspx?id=17718) (http://www.microsoft.com/download/details.aspx?id=17718)

        • +

      • [Microsoft .NET Framework 4 (Full Package)](https://www.microsoft.com/download/details.aspx?id=17718) (http://www.microsoft.com/download/details.aspx?id=17718)

      • [Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=267110)(https://go.microsoft.com/fwlink/?LinkId=267110)

      • Windows Web Server with the IIS role with the following features: Common HTTP Features (static content and default document), Application Development (ASP.NET, .NET Extensibility, ISAPI Extensions and ISAPI Filters), Security (Windows Authentication, Request Filtering), Security (Windows Authentication, Request Filtering), Management Tools (IIS Management Console)

      • 64-bit ASP.NET registration

        • diff --git a/mdop/appv-v5/app-v-50-sp3-prerequisites.md b/mdop/appv-v5/app-v-50-sp3-prerequisites.md index c1277e22ab..da61af1bfa 100644 --- a/mdop/appv-v5/app-v-50-sp3-prerequisites.md +++ b/mdop/appv-v5/app-v-50-sp3-prerequisites.md @@ -135,19 +135,19 @@ Install the required prerequisite software for the App-V 5.0 SP3 Server componen

        For supported versions, see [App-V 5.0 SP3 Supported Configurations](app-v-50-sp3-supported-configurations.md).

        -

        [Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)

        +

        [Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)

        -

        [Windows PowerShell 3.0](http://www.microsoft.com/download/details.aspx?id=34595)

        +

        [Windows PowerShell 3.0](https://www.microsoft.com/download/details.aspx?id=34595)

        Installing PowerShell 3.0 requires a restart.

        -

        Download and install [KB2533623](http://support.microsoft.com/kb/2533623)

        +

        Download and install [KB2533623](https://support.microsoft.com/kb/2533623)

        Applies to Windows 7 only.

        -

        [Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)

        +

        [Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)

        @@ -232,11 +232,11 @@ The Management database is required only if you are using the App-V 5.0 SP3 Mana -

        [Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)

        +

        [Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)

        -

        [Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)

        +

        [Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)

        @@ -266,7 +266,7 @@ The Management database is required only if you are using the App-V 5.0 SP3 Mana

        Microsoft SQL Server Service Agent

        -

        Configure the Management database computer so that the Microsoft SQL Server Agent service is restarted automatically. For instructions, see [Configure SQL Server Agent to Restart Services Automatically](http://technet.microsoft.com/magazine/gg313742.aspx).

        +

        Configure the Management database computer so that the Microsoft SQL Server Agent service is restarted automatically. For instructions, see [Configure SQL Server Agent to Restart Services Automatically](https://technet.microsoft.com/magazine/gg313742.aspx).

        @@ -288,11 +288,11 @@ The Management database is required only if you are using the App-V 5.0 SP3 Mana -

        [Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)

        +

        [Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)

        -

        [Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)

        +

        [Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)

        @@ -395,11 +395,11 @@ The Management database is required only if you are using the App-V 5.0 SP3 Mana

        For supported versions, see [App-V 5.0 SP3 Supported Configurations](app-v-50-sp3-supported-configurations.md).

        -

        [Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)

        +

        [Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)

        -

        [Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)

        +

        [Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)

        @@ -473,11 +473,11 @@ The Reporting database is required only if you are using the App-V 5.0 SP3 Repor -

        [Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)

        +

        [Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)

        -

        [Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)

        +

        [Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)

        @@ -532,20 +532,20 @@ Install the following prerequisite software for the App-V client. -

        [Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)

        +

        [Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)

        -

        [Windows PowerShell 3.0](http://www.microsoft.com/download/details.aspx?id=34595)

        +

        [Windows PowerShell 3.0](https://www.microsoft.com/download/details.aspx?id=34595)

        Installing PowerShell 3.0 requires a restart.

        -

        [KB2533623](http://support.microsoft.com/kb/2533623)

        +

        [KB2533623](https://support.microsoft.com/kb/2533623)

        Applies to Windows 7 only: Download and install the KB.

        -

        [Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)

        +

        [Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)

        @@ -571,20 +571,20 @@ Install the following prerequisite software for the App-V Remote Desktop Service -

        [Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)

        +

        [Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)

        -

        [Windows PowerShell 3.0](http://www.microsoft.com/download/details.aspx?id=34595)

        +

        [Windows PowerShell 3.0](https://www.microsoft.com/download/details.aspx?id=34595)

        Installing PowerShell 3.0 requires a restart.

        -

        [KB2533623](http://support.microsoft.com/kb/2533623)

        +

        [KB2533623](https://support.microsoft.com/kb/2533623)

        Applies to Windows 7 only: Download and install the KB.

        -

        [Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)

        +

        [Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)

        @@ -614,20 +614,20 @@ Install the following prerequisite software for the App-V Remote Desktop Service -

        [Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)

        +

        [Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)

        -

        [Windows PowerShell 3.0](http://www.microsoft.com/download/details.aspx?id=34595)

        +

        [Windows PowerShell 3.0](https://www.microsoft.com/download/details.aspx?id=34595)

        Installing PowerShell 3.0 requires a restart.

        -

        [KB2533623](http://support.microsoft.com/kb/2533623)

        +

        [KB2533623](https://support.microsoft.com/kb/2533623)

        Applies to Windows 7 only: Download and install the KB.

        -

        [Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)

        +

        [Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)

        diff --git a/mdop/appv-v5/app-v-50-sp3-supported-configurations.md b/mdop/appv-v5/app-v-50-sp3-supported-configurations.md index fb07569e2a..fdd9c0c8ac 100644 --- a/mdop/appv-v5/app-v-50-sp3-supported-configurations.md +++ b/mdop/appv-v5/app-v-50-sp3-supported-configurations.md @@ -440,7 +440,7 @@ The App-V client supports the following versions of System Center Configuration - System Center 2012 R2 Configuration Manager SP1 -For more information about how Configuration Manager integrates with App-V, see [Planning for App-V Integration with Configuration Manager](http://technet.microsoft.com/library/jj822982.aspx). +For more information about how Configuration Manager integrates with App-V, see [Planning for App-V Integration with Configuration Manager](https://technet.microsoft.com/library/jj822982.aspx). ## Got a suggestion for App-V? diff --git a/mdop/appv-v5/app-v-50-supported-configurations.md b/mdop/appv-v5/app-v-50-supported-configurations.md index ea0cd97733..c45a8eda10 100644 --- a/mdop/appv-v5/app-v-50-supported-configurations.md +++ b/mdop/appv-v5/app-v-50-supported-configurations.md @@ -508,7 +508,7 @@ You can use Microsoft System Center 2012 Configuration Manager or System Cen   -For more information about how Configuration Manager integrates with App-V, see [Planning for App-V Integration with Configuration Manager](http://technet.microsoft.com/library/jj822982.aspx). +For more information about how Configuration Manager integrates with App-V, see [Planning for App-V Integration with Configuration Manager](https://technet.microsoft.com/library/jj822982.aspx). ## Got a suggestion for App-V? diff --git a/mdop/appv-v5/app-v-51-prerequisites.md b/mdop/appv-v5/app-v-51-prerequisites.md index 5289f56ed3..f8078582a5 100644 --- a/mdop/appv-v5/app-v-51-prerequisites.md +++ b/mdop/appv-v5/app-v-51-prerequisites.md @@ -145,19 +145,19 @@ Install the required prerequisite software for the App-V 5.1 Server components.

        For supported versions, see [App-V 5.1 Supported Configurations](app-v-51-supported-configurations.md).

        -

        [Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)

        +

        [Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)

        -

        [Windows PowerShell 3.0](http://www.microsoft.com/download/details.aspx?id=34595)

        +

        [Windows PowerShell 3.0](https://www.microsoft.com/download/details.aspx?id=34595)

        Installing PowerShell 3.0 requires a restart.

        -

        Download and install [KB2533623](http://support.microsoft.com/kb/2533623)

        +

        Download and install [KB2533623](https://support.microsoft.com/kb/2533623)

        Applies to Windows 7 only.

        -

        [Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)

        +

        [Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)

        @@ -243,11 +243,11 @@ The Management database is required only if you are using the App-V 5.1 Manageme -

        [Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)

        +

        [Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)

        -

        [Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)

        +

        [Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)

        @@ -277,7 +277,7 @@ The Management database is required only if you are using the App-V 5.1 Manageme

        Microsoft SQL Server Service Agent

        -

        Configure the Management database computer so that the Microsoft SQL Server Agent service is restarted automatically. For instructions, see [Configure SQL Server Agent to Restart Services Automatically](http://technet.microsoft.com/magazine/gg313742.aspx).

        +

        Configure the Management database computer so that the Microsoft SQL Server Agent service is restarted automatically. For instructions, see [Configure SQL Server Agent to Restart Services Automatically](https://technet.microsoft.com/magazine/gg313742.aspx).

        @@ -299,11 +299,11 @@ The Management database is required only if you are using the App-V 5.1 Manageme -

        [Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)

        +

        [Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)

        -

        [Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)

        +

        [Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)

        @@ -406,11 +406,11 @@ The Management database is required only if you are using the App-V 5.1 Manageme

        For supported versions, see [App-V 5.1 Supported Configurations](app-v-51-supported-configurations.md).

        -

        [Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)

        +

        [Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)

        -

        [Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)

        +

        [Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)

        @@ -484,11 +484,11 @@ The Reporting database is required only if you are using the App-V 5.1 Reporting -

        [Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)

        +

        [Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)

        -

        [Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)

        +

        [Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)

        @@ -543,20 +543,20 @@ Install the following prerequisite software for the App-V client. -

        [Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)

        +

        [Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)

        -

        [Windows PowerShell 3.0](http://www.microsoft.com/download/details.aspx?id=34595)

        +

        [Windows PowerShell 3.0](https://www.microsoft.com/download/details.aspx?id=34595)

        Installing PowerShell 3.0 requires a restart.

        -

        [KB2533623](http://support.microsoft.com/kb/2533623)

        +

        [KB2533623](https://support.microsoft.com/kb/2533623)

        Applies to Windows 7 only: Download and install the KB.

        -

        [Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)

        +

        [Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)

        @@ -582,20 +582,20 @@ Install the following prerequisite software for the App-V Remote Desktop Service -

        [Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)

        +

        [Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)

        -

        [Windows PowerShell 3.0](http://www.microsoft.com/download/details.aspx?id=34595)

        +

        [Windows PowerShell 3.0](https://www.microsoft.com/download/details.aspx?id=34595)

        Installing PowerShell 3.0 requires a restart.

        -

        [KB2533623](http://support.microsoft.com/kb/2533623)

        +

        [KB2533623](https://support.microsoft.com/kb/2533623)

        Applies to Windows 7 only: Download and install the KB.

        -

        [Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)

        +

        [Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)

        @@ -625,16 +625,16 @@ Install the following prerequisite software for the App-V Remote Desktop Service -

        [Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)

        +

        [Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)

        -

        [Windows PowerShell 3.0](http://www.microsoft.com/download/details.aspx?id=34595)

        +

        [Windows PowerShell 3.0](https://www.microsoft.com/download/details.aspx?id=34595)

        Installing PowerShell 3.0 requires a restart.

        -

        [KB2533623](http://support.microsoft.com/kb/2533623)

        +

        [KB2533623](https://support.microsoft.com/kb/2533623)

        Applies to Windows 7 only: Download and install the KB.

        diff --git a/mdop/appv-v5/app-v-51-supported-configurations.md b/mdop/appv-v5/app-v-51-supported-configurations.md index 715eccb830..b60c43d593 100644 --- a/mdop/appv-v5/app-v-51-supported-configurations.md +++ b/mdop/appv-v5/app-v-51-supported-configurations.md @@ -467,7 +467,7 @@ The App-V client supports the following versions of System Center Configuration The following App-V and System Center Configuration Manager version matrix shows all officially supported combinations of App-V and Configuration Manager. -**Note:** Both App-V 4.5 and 4.6 have exited Mainstream support. +**Note:** Both App-V 4.5 and 4.6 have exited Mainstream support. @@ -518,7 +518,7 @@ The following App-V and System Center Configuration Manager version matrix shows   -For more information about how Configuration Manager integrates with App-V, see [Planning for App-V Integration with Configuration Manager](http://technet.microsoft.com/library/jj822982.aspx). +For more information about how Configuration Manager integrates with App-V, see [Planning for App-V Integration with Configuration Manager](https://technet.microsoft.com/library/jj822982.aspx). ## Got a suggestion for App-V? diff --git a/mdop/appv-v5/application-publishing-and-client-interaction.md b/mdop/appv-v5/application-publishing-and-client-interaction.md index 48a137c6bb..b3bd9b1dbb 100644 --- a/mdop/appv-v5/application-publishing-and-client-interaction.md +++ b/mdop/appv-v5/application-publishing-and-client-interaction.md @@ -38,7 +38,7 @@ This article provides technical information about common App-V client operations - [Client logging](#bkmk-client-logging) -For additional reference information, see [Microsoft Application Virtualization (App-V) Documentation Resources Download Page](http://www.microsoft.com/download/details.aspx?id=27760). +For additional reference information, see [Microsoft Application Virtualization (App-V) Documentation Resources Download Page](https://www.microsoft.com/download/details.aspx?id=27760). ## App-V package files created by the Sequencer @@ -93,7 +93,7 @@ The Sequencer creates App-V packages and produces a virtualized application. The   -For information about sequencing, see [Application Virtualization 5.0 Sequencing Guide](http://www.microsoft.com/download/details.aspx?id=27760). +For information about sequencing, see [Application Virtualization 5.0 Sequencing Guide](https://www.microsoft.com/download/details.aspx?id=27760). ## What’s in the appv file? @@ -241,7 +241,7 @@ The App-V Client manages the applications assets mounted in the package store. T Example of a path to a specific application: ``` syntax -C:\ProgramData\App-V\PackGUID\VersionGUID +C:\ProgramData\App-V\PackGUID\VersionGUID ``` To change the default location of the package store during setup, see [How to Deploy the App-V Client](how-to-deploy-the-app-v-client-gb18030.md). diff --git a/mdop/appv-v5/application-publishing-and-client-interaction51.md b/mdop/appv-v5/application-publishing-and-client-interaction51.md index 59628e39ad..dfaa56d9c0 100644 --- a/mdop/appv-v5/application-publishing-and-client-interaction51.md +++ b/mdop/appv-v5/application-publishing-and-client-interaction51.md @@ -38,7 +38,7 @@ This article provides technical information about common App-V client operations - [Client logging](#bkmk-client-logging) -For additional reference information, see [Microsoft Application Virtualization (App-V) Documentation Resources Download Page](http://www.microsoft.com/download/details.aspx?id=27760). +For additional reference information, see [Microsoft Application Virtualization (App-V) Documentation Resources Download Page](https://www.microsoft.com/download/details.aspx?id=27760). ## App-V package files created by the Sequencer @@ -241,7 +241,7 @@ The App-V Client manages the applications assets mounted in the package store. T Example of a path to a specific application: ``` syntax -C:\ProgramData\App-V\PackGUID\VersionGUID +C:\ProgramData\App-V\PackGUID\VersionGUID ``` To change the default location of the package store during setup, see [How to Deploy the App-V Client](how-to-deploy-the-app-v-client-51gb18030.md). diff --git a/mdop/appv-v5/creating-and-managing-app-v-50-virtualized-applications.md b/mdop/appv-v5/creating-and-managing-app-v-50-virtualized-applications.md index 0b805161f8..69af0d0e77 100644 --- a/mdop/appv-v5/creating-and-managing-app-v-50-virtualized-applications.md +++ b/mdop/appv-v5/creating-and-managing-app-v-50-virtualized-applications.md @@ -17,7 +17,7 @@ ms.date: 06/16/2016 After you have properly deployed the Microsoft Application Virtualization (App-V) 5.0 sequencer, you can use it to monitor and record the installation and setup process for an application to be run as a virtualized application. **Note**   -For more information about configuring the Microsoft Application Virtualization (App-V) 5.0 sequencer, sequencing best practices, and an example of creating and updating a virtual application, see the [Microsoft Application Virtualization 5.0 Sequencing Guide](http://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx) (http://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx). +For more information about configuring the Microsoft Application Virtualization (App-V) 5.0 sequencer, sequencing best practices, and an example of creating and updating a virtual application, see the [Microsoft Application Virtualization 5.0 Sequencing Guide](https://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx) (http://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx).   diff --git a/mdop/appv-v5/creating-and-managing-app-v-51-virtualized-applications.md b/mdop/appv-v5/creating-and-managing-app-v-51-virtualized-applications.md index 4b78b20309..4062dd1379 100644 --- a/mdop/appv-v5/creating-and-managing-app-v-51-virtualized-applications.md +++ b/mdop/appv-v5/creating-and-managing-app-v-51-virtualized-applications.md @@ -17,9 +17,9 @@ ms.date: 06/16/2016 After you have properly deployed the Microsoft Application Virtualization (App-V) 5.1 sequencer, you can use it to monitor and record the installation and setup process for an application to be run as a virtualized application. **Note**   -For more information about configuring the App-V 5.1 sequencer, sequencing best practices, and an example of creating and updating a virtual application, see the [Microsoft Application Virtualization 5.0 Sequencing Guide](http://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx). +For more information about configuring the App-V 5.1 sequencer, sequencing best practices, and an example of creating and updating a virtual application, see the [Microsoft Application Virtualization 5.0 Sequencing Guide](https://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx). -**Note** +**Note** The App-V 5.x Sequencer cannot sequence applications with filenames matching "CO_<x>" where x is any numeral. Error 0x8007139F will be generated. ## Sequencing an application diff --git a/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v.md b/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v.md index b2a242e96e..6a30148ca3 100644 --- a/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v.md +++ b/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v.md @@ -102,7 +102,7 @@ Before you deploy Office by using App-V, review the following requirements.

      • Visio Pro for Office 365

      • Project Pro for Office 365

        • - @@ -204,7 +204,7 @@ Create Office 2013 App-V packages on 64-bit Windows computers. Once created, the Office 2013 App-V Packages are created using the Office Deployment Tool, which generates an Office 2013 App-V Package. The package cannot be created or modified through the App-V sequencer. To begin package creation: -1. Download the [Office Deployment Tool for Click-to-Run](http://www.microsoft.com/download/details.aspx?id=36778). +1. Download the [Office Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=36778). 2. Run the .exe file and extract its features into the desired location. To make this process easier, you can create a shared network folder where the features will be saved. @@ -233,7 +233,7 @@ The XML file that is included in the Office Deployment Tool specifies the produc - + ``` @@ -418,7 +418,7 @@ After you download the Office 2013 applications through the Office Deployment To <Product ID="VisioProRetail"> <Language ID="en-us" /> </Product> - </Add> + </Add> </Configuration>

        In this example, the following changes were made to create a package with Subscription licensing:

        You must enable [shared computer activation](http://technet.microsoft.com/library/dn782860.aspx).

        +

        You must enable [shared computer activation](https://technet.microsoft.com/library/dn782860.aspx).

        You don’t use shared computer activation if you’re deploying a volume licensed product, such as:

        • Office Professional Plus 2013

          • @@ -135,7 +135,7 @@ The following table describes the recommended methods for excluding specific Off

        Use the ExcludeApp setting when you create the package by using the Office Deployment Tool.

        • Enables you to exclude specific Office applications from the package when the Office Deployment Tool creates the package. For example, you can use this setting to create a package that contains only Microsoft Word.

          • -

        • For more information, see [ExcludeApp element](http://technet.microsoft.com/library/jj219426.aspx#bkmk-excludeappelement).

          • +

        • For more information, see [ExcludeApp element](https://technet.microsoft.com/library/jj219426.aspx#bkmk-excludeappelement).
        @@ -452,7 +452,7 @@ After you download the Office 2013 applications through the Office Deployment To <Product ID="VisioProVolume"> <Language ID="en-us" /> </Product> - </Add> + </Add> </Configuration>

        In this example, the following changes were made to create a package with Volume licensing:

        @@ -668,7 +668,7 @@ Use the steps in this section to enable Office plug-ins with your Office package You may want to disable specific applications in your Office App-V package. For instance, you can disable Access, but leave all other Office application main available. When you disable an application, the end user will no longer see the shortcut for that application. You do not have to re-sequence the application. When you change the Deployment Configuration File after the Office 2013 App-V package has been published, you will save the changes, add the Office 2013 App-V package, and then republish it with the new Deployment Configuration File to apply the new settings to Office 2013 App-V Package applications. **Note**   -To exclude specific Office applications (for example, Access and InfoPath) when you create the App-V package with the Office Deployment Tool, use the **ExcludeApp** setting. For more information, see [Reference for Click-to-Run configuration.xml file](http://technet.microsoft.com/library/jj219426.aspx). +To exclude specific Office applications (for example, Access and InfoPath) when you create the App-V package with the Office Deployment Tool, use the **ExcludeApp** setting. For more information, see [Reference for Click-to-Run configuration.xml file](https://technet.microsoft.com/library/jj219426.aspx).   @@ -721,7 +721,7 @@ You may want to disable shortcuts for certain Office applications instead of unp 2. To disable certain shortcuts, delete or comment out the specific shortcuts you don’t want. You must keep the subsystem present and enabled. For example, in the example below, delete the Microsoft Access shortcuts, while keeping the subsystems <shortcut> </shortcut> intact to disable the Microsoft Access shortcut. ``` syntax - Shortcuts + Shortcuts --> @@ -836,7 +836,7 @@ The following table describes the requirements and options for deploying Visio 2

        1. Create a package that contains Office, Visio, and Project.

        2. Deploy the package to all users.

          3. -

        3. Use [Microsoft AppLocker](http://technet.microsoft.com/library/dd723678.aspx) to prevent specific users from using Visio and Project.

          4. +

        4. Use [Microsoft AppLocker](https://technet.microsoft.com/library/dd723678.aspx) to prevent specific users from using Visio and Project.

        diff --git a/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v51.md b/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v51.md index 91c0f3ed75..8b3ad7e937 100644 --- a/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v51.md +++ b/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v51.md @@ -101,7 +101,7 @@ Before you deploy Office by using App-V, review the following requirements.

      • Visio Pro for Office 365

      • Project Pro for Office 365

        • -         @@ -206,7 +206,7 @@ Create Office 2013 App-V packages on 64-bit Windows computers. Once created, the Office 2013 App-V Packages are created using the Office Deployment Tool, which generates an Office 2013 App-V Package. The package cannot be created or modified through the App-V sequencer. To begin package creation: -1. Download the [Office Deployment Tool for Click-to-Run](http://www.microsoft.com/download/details.aspx?id=36778). +1. Download the [Office Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=36778). 2. Run the .exe file and extract its features into the desired location. To make this process easier, you can create a shared network folder where the features will be saved. @@ -235,7 +235,7 @@ The XML file that is included in the Office Deployment Tool specifies the produc - + ``` @@ -424,7 +424,7 @@ After you download the Office 2013 applications through the Office Deployment To <Product ID="VisioProRetail"> <Language ID="en-us" /> </Product> - </Add> + </Add> </Configuration>

        In this example, the following changes were made to create a package with Subscription licensing:

        You must enable [shared computer activation](http://technet.microsoft.com/library/dn782860.aspx).

        +

        You must enable [shared computer activation](https://technet.microsoft.com/library/dn782860.aspx).

        You don’t use shared computer activation if you’re deploying a volume licensed product, such as:

        • Office Professional Plus 2013

          • @@ -134,7 +134,7 @@ The following table describes the recommended methods for excluding specific Off

        Use the ExcludeApp setting when you create the package by using the Office Deployment Tool.

        • Enables you to exclude specific Office applications from the package when the Office Deployment Tool creates the package. For example, you can use this setting to create a package that contains only Microsoft Word.

          • -

        • For more information, see [ExcludeApp element](http://technet.microsoft.com/library/jj219426.aspx#bkmk-excludeappelement).

          • +

        • For more information, see [ExcludeApp element](https://technet.microsoft.com/library/jj219426.aspx#bkmk-excludeappelement).
        @@ -458,7 +458,7 @@ After you download the Office 2013 applications through the Office Deployment To <Product ID="VisioProVolume"> <Language ID="en-us" /> </Product> - </Add> + </Add> </Configuration>

        In this example, the following changes were made to create a package with Volume licensing:

        @@ -674,7 +674,7 @@ Use the steps in this section to enable Office plug-ins with your Office package You may want to disable specific applications in your Office App-V package. For instance, you can disable Access, but leave all other Office application main available. When you disable an application, the end user will no longer see the shortcut for that application. You do not have to re-sequence the application. When you change the Deployment Configuration File after the Office 2013 App-V package has been published, you will save the changes, add the Office 2013 App-V package, and then republish it with the new Deployment Configuration File to apply the new settings to Office 2013 App-V Package applications. **Note**   -To exclude specific Office applications (for example, Access and InfoPath) when you create the App-V package with the Office Deployment Tool, use the **ExcludeApp** setting. For more information, see [Reference for Click-to-Run configuration.xml file](http://technet.microsoft.com/library/jj219426.aspx). +To exclude specific Office applications (for example, Access and InfoPath) when you create the App-V package with the Office Deployment Tool, use the **ExcludeApp** setting. For more information, see [Reference for Click-to-Run configuration.xml file](https://technet.microsoft.com/library/jj219426.aspx).   @@ -727,7 +727,7 @@ You may want to disable shortcuts for certain Office applications instead of unp 2. To disable certain shortcuts, delete or comment out the specific shortcuts you don’t want. You must keep the subsystem present and enabled. For example, in the example below, delete the Microsoft Access shortcuts, while keeping the subsystems <shortcut> </shortcut> intact to disable the Microsoft Access shortcut. ``` syntax - Shortcuts + Shortcuts --> @@ -842,7 +842,7 @@ The following table describes the requirements and options for deploying Visio 2

        1. Create a package that contains Office, Visio, and Project.

        2. Deploy the package to all users.

          3. -

        3. Use [Microsoft AppLocker](http://technet.microsoft.com/library/dd723678.aspx) to prevent specific users from using Visio and Project.

          4. +

        4. Use [Microsoft AppLocker](https://technet.microsoft.com/library/dd723678.aspx) to prevent specific users from using Visio and Project.

        diff --git a/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v.md b/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v.md index d397429c2f..2473c384ee 100644 --- a/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v.md +++ b/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v.md @@ -56,7 +56,7 @@ Use the following table to get information about supported versions of Office an         - + @@ -103,7 +103,7 @@ Before you deploy Office by using App-V, review the following requirements.

      • Visio Pro for Office 365

      • Project Pro for Office 365

        • - @@ -131,7 +131,7 @@ The following table describes the recommended methods for excluding specific Off @@ -228,7 +228,7 @@ The XML file that is included in the Office Deployment Tool specifies the produc - + ``` @@ -410,7 +410,7 @@ After you download the Office 2016 applications through the Office Deployment To <Product ID="VisioProRetail"> <Language ID="en-us" /> </Product> - </Add> + </Add> </Configuration>

        In this example, the following changes were made to create a package with Subscription licensing:

        [Planning for Using App-V with coexsiting versions of Office](planning-for-using-app-v-with-office.md#bkmk-plan-coexisting)

        [Planning for Using App-V with coexisting versions of Office](planning-for-using-app-v-with-office.md#bkmk-plan-coexisting)

        Considerations for installing different versions of Office on the same computer

        You must enable [shared computer activation](http://technet.microsoft.com/library/dn782860.aspx).

        +

        You must enable [shared computer activation](https://technet.microsoft.com/library/dn782860.aspx).

        Use the ExcludeApp setting when you create the package by using the Office Deployment Tool.

        • Enables you to exclude specific Office applications from the package when the Office Deployment Tool creates the package. For example, you can use this setting to create a package that contains only Microsoft Word.

          • -

        • For more information, see [ExcludeApp element](http://technet.microsoft.com/library/jj219426.aspx#bkmk-excludeappelement).

          • +

        • For more information, see [ExcludeApp element](https://technet.microsoft.com/library/jj219426.aspx#bkmk-excludeappelement).
        @@ -658,7 +658,7 @@ You may want to disable shortcuts for certain Office applications instead of unp 2. To disable certain shortcuts, delete or comment out the specific shortcuts you don’t want. You must keep the subsystem present and enabled. For example, in the example below, delete the Microsoft Access shortcuts, while keeping the subsystems <shortcut> </shortcut> intact to disable the Microsoft Access shortcut. ``` syntax - Shortcuts + Shortcuts --> @@ -754,7 +754,7 @@ The following table describes the requirements and options for deploying Visio 2

        1. Create a package that contains Office, Visio, and Project.

        2. Deploy the package to all users.

          3. -

        3. Use [Microsoft AppLocker](http://technet.microsoft.com/library/dd723678.aspx) to prevent specific users from using Visio and Project.

          4. +

        4. Use [Microsoft AppLocker](https://technet.microsoft.com/library/dd723678.aspx) to prevent specific users from using Visio and Project.

        diff --git a/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v51.md b/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v51.md index 2439d3d384..3cf91ddf99 100644 --- a/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v51.md +++ b/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v51.md @@ -56,7 +56,7 @@ Use the following table to get information about supported versions of Office an         - + @@ -103,7 +103,7 @@ Before you deploy Office by using App-V, review the following requirements.

      • Visio Pro for Office 365

      • Project Pro for Office 365

        • - @@ -131,7 +131,7 @@ The following table describes the recommended methods for excluding specific Off @@ -228,7 +228,7 @@ The XML file that is included in the Office Deployment Tool specifies the produc - + ``` @@ -410,7 +410,7 @@ After you download the Office 2016 applications through the Office Deployment To <Product ID="VisioProRetail"> <Language ID="en-us" /> </Product> - </Add> + </Add> </Configuration>

        In this example, the following changes were made to create a package with Subscription licensing:

        [Planning for Using App-V with coexsiting versions of Office](planning-for-using-app-v-with-office.md#bkmk-plan-coexisting)

        [Planning for Using App-V with coexisting versions of Office](planning-for-using-app-v-with-office.md#bkmk-plan-coexisting)

        Considerations for installing different versions of Office on the same computer

        You must enable [shared computer activation](http://technet.microsoft.com/library/dn782860.aspx).

        +

        You must enable [shared computer activation](https://technet.microsoft.com/library/dn782860.aspx).

        Use the ExcludeApp setting when you create the package by using the Office Deployment Tool.

        • Enables you to exclude specific Office applications from the package when the Office Deployment Tool creates the package. For example, you can use this setting to create a package that contains only Microsoft Word.

          • -

        • For more information, see [ExcludeApp element](http://technet.microsoft.com/library/jj219426.aspx#bkmk-excludeappelement).

          • +

        • For more information, see [ExcludeApp element](https://technet.microsoft.com/library/jj219426.aspx#bkmk-excludeappelement).
        @@ -442,7 +442,7 @@ After you download the Office 2016 applications through the Office Deployment To @@ -658,7 +658,7 @@ You may want to disable shortcuts for certain Office applications instead of unp 2. To disable certain shortcuts, delete or comment out the specific shortcuts you don’t want. You must keep the subsystem present and enabled. For example, in the example below, delete the Microsoft Access shortcuts, while keeping the subsystems <shortcut> </shortcut> intact to disable the Microsoft Access shortcut. ``` syntax - Shortcuts + Shortcuts --> @@ -754,7 +754,7 @@ The following table describes the requirements and options for deploying Visio 2

        1. Create a package that contains Office, Visio, and Project.

        2. Deploy the package to all users.

          3. -

        3. Use [Microsoft AppLocker](http://technet.microsoft.com/library/dd723678.aspx) to prevent specific users from using Visio and Project.

          4. +

        4. Use [Microsoft AppLocker](https://technet.microsoft.com/library/dd723678.aspx) to prevent specific users from using Visio and Project.

         diff --git a/mdop/appv-v5/how-to-create-and-use-a-project-template.md b/mdop/appv-v5/how-to-create-and-use-a-project-template.md index 32a7d63c07..89e44e559b 100644 --- a/mdop/appv-v5/how-to-create-and-use-a-project-template.md +++ b/mdop/appv-v5/how-to-create-and-use-a-project-template.md @@ -19,8 +19,6 @@ You can use an App-V 5.0 project template to save commonly applied settings asso **Note**   You can, and often should apply an App-V 5.0 project template during a package upgrade. For example, if you sequenced an application with a custom exclusion list, it is recommended that an associated template is created and saved for later use while upgrading the sequenced application. -  - App-V 5.0 project templates differ from App-V 5.0 Application Accelerators because App-V 5.0 Application Accelerators are application-specific, and App-V 5.0 project templates can be applied to multiple applications. Use the following procedures to create and apply a new template. @@ -29,25 +27,20 @@ Use the following procedures to create and apply a new template. 1. To start the App-V 5.0 sequencer, on the computer that is running the sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. -2. **Note**   +**Note**   If the virtual application package is currently open in the App-V 5.0 Sequencer console, skip to step 3 of this procedure. -   - - To open the existing virtual application package that contains the settings you want to save with the App-V 5.0 project template, click **File** / **Open**, and then click **Edit Package**. On the **Select Package** page, click **Browse** and locate the virtual application package that you want to open. Click **Edit**. +2. To open the existing virtual application package that contains the settings you want to save with the App-V 5.0 project template, click **File** / **Open**, and then click **Edit Package**. On the **Select Package** page, click **Browse** and locate the virtual application package that you want to open. Click **Edit**. 3. In the App-V 5.0 Sequencer console, to save the template file, click **File** / **Save As Template**. After you have reviewed the settings that will be saved with the new template, click **OK**. Specify a name that will be associated with the new App-V 5.0 project template. Click Save. - - The new App-V 5.0 project template is saved in the directory specified in step 3 of this procedure. +The new App-V 5.0 project template is saved in the directory specified in step 3 of this procedure. **To apply a project template** -1. **Important**   +**Important**   Creating a virtual application package using a project template in conjunction with a Package Accelerator is not supported. -   - - To start the App-V 5.0 sequencer, on the computer that is running the sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. +1. To start the App-V 5.0 sequencer, on the computer that is running the sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. 2. To create or upgrade a new virtual application package by using an App-V 5.0 project template, click **File** / **New From Template**. @@ -62,9 +55,9 @@ Use the following procedures to create and apply a new template. [Operations for App-V 5.0](operations-for-app-v-50.md) -  - -  + + + diff --git a/mdop/appv-v5/how-to-deploy-the-app-v-46-and-the-app-v--50-client-on-the-same-computer.md b/mdop/appv-v5/how-to-deploy-the-app-v-46-and-the-app-v--50-client-on-the-same-computer.md index 521ad09c45..b9dfd5d542 100644 --- a/mdop/appv-v5/how-to-deploy-the-app-v-46-and-the-app-v--50-client-on-the-same-computer.md +++ b/mdop/appv-v5/how-to-deploy-the-app-v-46-and-the-app-v--50-client-on-the-same-computer.md @@ -34,7 +34,7 @@ Use the following information to install the App-V 5.0 client (preferably, with - [How to Convert a Package Created in a Previous Version of App-V](how-to-convert-a-package-created-in-a-previous-version-of-app-v.md) -5. Test that your App-V 5.0 packages are successful, and then remove the 4.6 packages. To check the user state of your client computers, we recommend that you use [User Experience Virtualization](http://technet.microsoft.com/library/dn458947.aspx) or another user environment management tool. +5. Test that your App-V 5.0 packages are successful, and then remove the 4.6 packages. To check the user state of your client computers, we recommend that you use [User Experience Virtualization](https://technet.microsoft.com/library/dn458947.aspx) or another user environment management tool. **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). diff --git a/mdop/appv-v5/how-to-deploy-the-app-v-46-and-the-app-v--51-client-on-the-same-computer.md b/mdop/appv-v5/how-to-deploy-the-app-v-46-and-the-app-v--51-client-on-the-same-computer.md index 65546d80c5..e617718801 100644 --- a/mdop/appv-v5/how-to-deploy-the-app-v-46-and-the-app-v--51-client-on-the-same-computer.md +++ b/mdop/appv-v5/how-to-deploy-the-app-v-46-and-the-app-v--51-client-on-the-same-computer.md @@ -20,7 +20,7 @@ Use the following information to install the Microsoft Application Virtualizatio 1. Install the following version of the App-V client on the computer that is running App-V 4.6. - - [Microsoft Application Virtualization 4.6 Service Pack 3](http://www.microsoft.com/download/details.aspx?id=41187) + - [Microsoft Application Virtualization 4.6 Service Pack 3](https://www.microsoft.com/download/details.aspx?id=41187) 2. Install the App-V 5.1 client on the computer that is running the App-V 4.6 SP3 version of the client. For best results, we recommend that you install all available updates to the App-V 5.1 client. @@ -42,7 +42,7 @@ Use the following information to install the Microsoft Application Virtualizatio - [How to Convert a Package Created in a Previous Version of App-V](how-to-convert-a-package-created-in-a-previous-version-of-app-v51.md) -6. Test that your App-V 5.1 packages are successful, and then remove the 4.6 packages. To check the user state of your client computers, we recommend that you use [User Experience Virtualization](http://technet.microsoft.com/library/dn458947.aspx) or another user environment management tool. +6. Test that your App-V 5.1 packages are successful, and then remove the 4.6 packages. To check the user state of your client computers, we recommend that you use [User Experience Virtualization](https://technet.microsoft.com/library/dn458947.aspx) or another user environment management tool. **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). diff --git a/mdop/appv-v5/how-to-deploy-the-app-v-client-gb18030.md b/mdop/appv-v5/how-to-deploy-the-app-v-client-gb18030.md index 5142ecf01f..143ee0777c 100644 --- a/mdop/appv-v5/how-to-deploy-the-app-v-client-gb18030.md +++ b/mdop/appv-v5/how-to-deploy-the-app-v-client-gb18030.md @@ -1,13 +1,14 @@ --- title: How to Deploy the App-V Client description: How to Deploy the App-V Client +ms.author: pashort author: jamiejdt ms.assetid: 9c4e67ae-ddaf-4e23-8c16-72d029a74a27 ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 -ms.date: 11/01/2016 +ms.date: 11/05/2018 --- @@ -18,341 +19,137 @@ Use the following procedure to install the Microsoft Application Virtualization **What to do before you start** -1. Review and install the software prerequisites: +1. Review and install the software prerequisites: - Install the prerequisite software that corresponds to the version of App-V that you are installing: + Install the prerequisite software that corresponds to the version of App-V that you are installing: - - [About App-V 5.0 SP3](about-app-v-50-sp3.md) + - [About App-V 5.0 SP3](about-app-v-50-sp3.md) - - App-V 5.0 SP1 and App-V 5.0 SP2 – no new prerequisites in these versions + - App-V 5.0 SP1 and App-V 5.0 SP2 – no new prerequisites in these versions - - [App-V 5.0 Prerequisites](app-v-50-prerequisites.md) + - [App-V 5.0 Prerequisites](app-v-50-prerequisites.md) -2. Review the client coexistence and unsupported scenarios, as applicable to your installation: +2. Review the client coexistence and unsupported scenarios, as applicable to your installation: -

        PACKAGEGUID (optional)

        By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use PACKAGEGUID to specify a different package ID for each package, which allows you to publish multiple App-V packages, created by the Office Deployment Tool, and manage them by using the App-V Server.

        An example of when to use this parameter is if you create different packages for different users. For example, you can create a package with just Office 2016 for some users, and create another package with Office 2016 and Visio 2016 for another set of users.

        - + >**Note** Even if you use unique package IDs, you can still deploy only one App-V package to a single device.
        - - - - - - - - - - - - - - -

        Deploying coexisting App-V clients

        [Planning for the App-V 5.0 Sequencer and Client Deployment](planning-for-the-app-v-50-sequencer-and-client-deployment.md)

        Unsupported or limited installation scenarios

        See the client section in [App-V 5.0 Supported Configurations](app-v-50-supported-configurations.md)

        + | | | + |---|---| + |Deploying coexisting App-V clients |[Planning for the App-V 5.0 Sequencer and Client Deployment](planning-for-the-app-v-50-sequencer-and-client-deployment.md) | + |Unsupported or limited installation scenarios |[App-V 5.0 Supported Configurations](app-v-50-supported-configurations.md) | + --- +   +3. Review the locations for client registry, log, and troubleshooting information: -   - -3. Review the locations for client registry, log, and troubleshooting information: - - ---- - - - - - - - - - - - - - - -

        Client registry information

          -

        • By default, after you install the App-V 5.0 client, the client information is stored in the registry in the following registry key:

          -

          HKEY_LOCAL_MACHINE \ SOFTWARE \ MICROSOFT \ APPV \ CLIENT

          • -

        • When you deploy a virtualized package to a computer that is running the App-V client, the associated package data is stored in the following location:

          -

          C: \ ProgramData \ App-V

          -

          However, you can reconfigure this location with the following registry key:

          -

          HKEY_LOCAL_MACHINE \ SOFTWARE \ MICROSOFT \ SOFTWARE \ MICROSOFT \ APPV \ CLIENT \ STREAMING \ PACKAGEINSTALLATIONROOT

          • -

        Client log files

          -

        • For log file information that is associated with the App-V 5.0 Client, search in the following log:

          -

          Event logs / Applications and Services Logs / Microsoft / AppV

          • -

        • In App-V 5.0 SP3, some logs have been consolidated and moved to the following location:

          -

          Event logs/Applications and Services Logs/Microsoft/AppV/ServiceLog

          -

          For a list of the moved logs, see [About App-V 5.0 SP3](about-app-v-50-sp3.md#bkmk-event-logs-moved).

          • -

        • Packages that are currently stored on computers that run the App-V 5.0 Client are saved to the following location:

          -

          C:\ProgramData\App-V\<package id>\<version id>

          • -

        Client installation troubleshooting information

        See the error log in the %temp% folder. To review the log files, click Start, type %temp%, and then look for the appv_ log.

        - -  + | | | + |---|---| + |Client registry information |
        • By default, after you install the App-V 5.0 client, the client information is stored in the registry in the following registry key:

          HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\APPV\CLIENT

        • When you deploy a virtualized package to a computer that is running the App-V client, the associated package data is stored in the following location:

          C:\ProgramData\App-V

          However, you can reconfigure this location with the following registry key:

          HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\SOFTWARE\MICROSOFT\APPV\CLIENT\STREAMING\PACKAGEINSTALLATIONROOT

        | + |Client log files |
        • For log file information that is associated with the App-V 5.0 Client, search in the following log:

          Event logs/Applications and Services Logs/Microsoft/AppV

        • In App-V 5.0 SP3, some logs have been consolidated and moved to the following location:

          Event logs/Applications and Services Logs/Microsoft/AppV/ServiceLog

          For a list of the moved logs, see [About App-V 5.0 SP3](about-app-v-50-sp3.md#bkmk-event-logs-moved).

        • Packages that are currently stored on computers that run the App-V 5.0 Client are saved to the following location:

          C:\ProgramData\App-V\<_package id_>\<_version id_>

        | + |Client installation troubleshooting information |See the error log in the **%temp%** folder. To review the log files, click **Start**, type **%temp%**, and then look for the **appv_ log**. | + --- + **To install the App-V 5.0 Client** -1. Copy the App-V 5.0 client installation file to the computer on which it will be installed. Choose from the following client types: +1. Copy the App-V 5.0 client installation file to the computer on which it will be installed.

        Choose from the following client types: - - - - - - - - - - - - - - - - - - - - - -
        Client typeFile to use

        Standard version of the client

        appv_client_setup.exe

        Remote Desktop Services version of the client

        appv_client_setup_rds.exe

        + |Client type |File to use | + |---|---| + |Standard version of the client |**appv_client_setup.exe** | + |Remote Desktop Services version of the client |**appv_client_setup_rds.exe** | + --- -   +2. Double-click the installation file, and click **Install**. Before the installation begins, the installer checks the computer for any missing [App-V 5.0 Prerequisites](app-v-50-prerequisites.md). -2. Double-click the installation file, and click **Install**. Before the installation begins, the installer checks the computer for any missing [App-V 5.0 Prerequisites](app-v-50-prerequisites.md). +3. Review and accept the Software License Terms, choose whether to use Microsoft Update and whether to participate in the Microsoft Customer Experience Improvement Program, and click **Install**. -3. Review and accept the Software License Terms, choose whether to use Microsoft Update and whether to participate in the Microsoft Customer Experience Improvement Program, and click **Install**. +4. On the **Setup completed successfully** page, click **Close**. -4. On the **Setup completed successfully** page, click **Close**. + The installation creates the following entries for the App-V client in **Programs**: - The installation creates the following entries for the App-V client in **Programs**: + - **.exe** - - **.exe** + - **.msi** - - **.msi** + - **language pack** + + >[!NOTE] + >After the installation, only the .exe file can be uninstalled. - - **language pack** - - **Note**   - After the installation, only the .exe file can be uninstalled. - -   **To install the App-V 5.0 client using a script** -1. Install all of the required prerequisite software on the target computers. See [What to do before you start](#bkmk-clt-install-prereqs). If you install the client by using an .msi file, the installation will fail if any prerequisites are missing. +1. Install all of the required prerequisite software on the target computers. See [What to do before you start](#bkmk-clt-install-prereqs). If you install the client by using an .msi file, the installation will fail if any prerequisites are missing. -2. To use a script to install the App-V 5.0 client, use the following parameters with **appv\_client\_setup.exe**. +2. To use a script to install the App-V 5.0 client, use the following parameters with **appv\_client\_setup.exe**. - **Note**   - The client Windows Installer (.msi) supports the same set of switches, except for the **/LOG** parameter. + >[!NOTE] + >The client Windows Installer (.msi) supports the same set of switches, except for the **/LOG** parameter. -   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

        /INSTALLDIR

        Specifies the installation directory. Example usage: /INSTALLDIR=C:\Program Files\AppV Client

        /CEIPOPTIN

        Enables participation in the Customer Experience Improvement Program. Example usage: /CEIPOPTIN=[0|1]

        /MUOPTIN

        Enables Microsoft Update. Example usage: /MUOPTIN=[0|1]

        /PACKAGEINSTALLATIONROOT

        Specifies the directory in which to install all new applications and updates. Example usage: /PACKAGEINSTALLATIONROOT='C:\App-V Packages'

        /PACKAGESOURCEROOT

        Overrides the source location for downloading package content. Example usage: /PACKAGESOURCEROOT='http://packageStore'

        /AUTOLOAD

        Specifies how new packages will be loaded by App-V 5.0 on a specific computer. The following options are enabled: [1]; automatically load all packages [2]; or automatically load no packages [0].Example usage: /AUTOLOAD=[0|1|2]

        /SHAREDCONTENTSTOREMODE

        Specifies that streamed package contents will be not be saved to the local hard disk. Example usage: /SHAREDCONTENTSTOREMODE=[0|1]

        /MIGRATIONMODE

        Allows the App-V 5.0 client to modify the shortcuts and FTAs that are associated with the packages that are created with a previous version. Example usage: /MIGRATIONMODE=[0|1]

        /ENABLEPACKAGESCRIPTS

        Enables the scripts that are defined in the package manifest file or configuration files that should run. Example usage: /ENABLEPACKAGESCRIPTS=[0|1]

        /ROAMINGREGISTRYEXCLUSIONS

        Specifies the registry paths that will not roam with a user profile. Example usage: /ROAMINGREGISTRYEXCLUSIONS=software\classes;software\clients

        /ROAMINGFILEEXCLUSIONS

        Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /ROAMINGFILEEXCLUSIONS 'desktop;my pictures'

        /S[1-5]PUBLISHINGSERVERNAME

        Displays the name of the publishing server. Example usage: /S2PUBLISHINGSERVERNAME=MyPublishingServer

        /S[1-5]PUBLISHINGSERVERURL

        Displays the URL of the publishing server. Example usage: /S2PUBLISHINGSERVERURL=\\pubserver

        /S[1-5]GLOBALREFRESHENABLED -

        Enables a global publishing refresh. Example usage: /S2GLOBALREFRESHENABLED=[0|1]

        /S[1-5]GLOBALREFRESHONLOGON

        Initiates a global publishing refresh when a user logs on. Example usage: /S2LOGONREFRESH=[0|1]

        /S[1-5]GLOBALREFRESHINTERVAL -

        Specifies the publishing refresh interval, where 0 indicates do not periodically refresh. Example usage: /S2PERIODICREFRESHINTERVAL=[0-744]

        /S[1-5]GLOBALREFRESHINTERVALUNIT

        Specifies the interval unit (Hours[0], Days[1]). Example usage: /S2GLOBALREFRESHINTERVALUNIT=[0|1]

        /S[1-5]USERREFRESHENABLED

        Enables user publishing refresh. Example usage: /S2USERREFRESHENABLED=[0|1]

        /S[1-5]USERREFRESHONLOGON

        Initiates a user publishing refresh when a user logs on. Example usage: /S2LOGONREFRESH=[0|1]

        /S[1-5]USERREFRESHINTERVAL -

        Specifies the publishing refresh interval, where 0 indicates do not periodically refresh. Example usage: /S2PERIODICREFRESHINTERVAL=[0-744]

        /S[1-5]USERREFRESHINTERVALUNIT

        Specifies the interval unit (Hours[0], Days[1]). Example usage: /S2USERREFRESHINTERVALUNIT=[0|1]

        /Log

        Specifies a location where the log information is saved. The default location is %Temp%. Example usage: /log C:\logs\log.log

        /q

        Specifies an unattended installation.

        /REPAIR

        Repairs a previous client installation.

        /NORESTART

        Prevents the computer from rebooting after the client installation.

        -

        The parameter prevents the end-user computer from rebooting after each update is installed and lets you schedule the reboot at your convenience. For example, you can install App-V 5.0 SPX and then install Hotfix Package Y without rebooting after the Service Pack installation. After the installation, you must reboot before you start using App-V.

        /UNINSTALL

        Uninstalls the client.

        /ACCEPTEULA

        Accepts the license agreement. This is required for an unattended installation. Example usage: /ACCEPTEULA or /ACCEPTEULA=1.

        /LAYOUT

        Specifies the associated layout action. It also extracts the Windows Installer (.msi) and script files to a folder without installing App-V 5.0. No value is expected.

        /LAYOUTDIR

        Specifies the layout directory. Requires a string value. Example usage: /LAYOUTDIR=”C:\Application Virtualization Client”.

        /?, /h, /help

        Requests help about the previous installation parameters.

        - -   + | | | + |---|---| + |/INSTALLDIR |Specifies the installation directory. Example usage:

        **/INSTALLDIR=C:\Program Files\AppV Client** | + |/CEIPOPTIN |Enables participation in the Customer Experience Improvement Program. Example usage:

        **/CEIPOPTIN=[0\|1\]** | + |/MUOPTIN |Enables Microsoft Update. Example usage:

        **/MUOPTIN=[0\|1\]** | + |/PACKAGEINSTALLATIONROOT |Specifies the directory in which to install all new applications and updates. Example usage:

        **/PACKAGEINSTALLATIONROOT='C:\App-V Packages'** | + |/PACKAGESOURCEROOT |Overrides the source location for downloading package content. Example usage:

        **/PACKAGESOURCEROOT='http://packageStore'** | + |/AUTOLOAD |Specifies how new packages will be loaded by App-V 5.0 on a specific computer. The following options are enabled: [1]; automatically load all packages [2]; or automatically load no packages [0]. Example usage:

        **/AUTOLOAD=[0\|1\|2\]** | + |/SHAREDCONTENTSTOREMODE |Specifies that streamed package contents will be not be saved to the local hard disk. Example usage:

        **/SHAREDCONTENTSTOREMODE=[0\|1\]** | + |/MIGRATIONMODE |Allows the App-V 5.0 client to modify the shortcuts and FTAs that are associated with the packages that are created with a previous version. Example usage:

        **/MIGRATIONMODE=[0\|1\]** | + |/ENABLEPACKAGESCRIPTS |Enables the scripts that are defined in the package manifest file or configuration files that should run. Example usage:

        **/ENABLEPACKAGESCRIPTS=[0\|1\]** | + |/ROAMINGREGISTRYEXCLUSIONS |Specifies the registry paths that will not roam with a user profile. Example usage:

        **/ROAMINGREGISTRYEXCLUSIONS=software\classes;software\clients** | + |/ROAMINGFILEEXCLUSIONS |Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage:

        **/ROAMINGFILEEXCLUSIONS 'desktop;my pictures'** | + |/S[1-5]PUBLISHINGSERVERNAME |Displays the name of the publishing server. Example usage:

        **/S2PUBLISHINGSERVERNAME=MyPublishingServer** | + |/S[1-5]PUBLISHINGSERVERURL |Displays the URL of the publishing server. Example usage:

        **/S2PUBLISHINGSERVERURL=\\pubserver** | + |/S[1-5]GLOBALREFRESHENABLED|Enables a global publishing refresh. Example usage:

        **/S2GLOBALREFRESHENABLED=[0\|1\]** | + |/S[1-5]GLOBALREFRESHONLOGON |Initiates a global publishing refresh when a user logs on. Example usage:

        **/S2LOGONREFRESH=[0\|1\]** | + |/S[1-5]GLOBALREFRESHINTERVAL |Specifies the publishing refresh interval, where **0** indicates do not periodically refresh. Example usage: **/S2PERIODICREFRESHINTERVAL=[0-744]** | + |/S[1-5]GLOBALREFRESHINTERVALUNIT |Specifies the interval unit (Hours[0], Days[1]). Example usage:

        **/S2GLOBALREFRESHINTERVALUNIT=[0\|1\]** | + |/S[1-5]USERREFRESHENABLED |Enables user publishing refresh. Example usage: **/S2USERREFRESHENABLED=[0\|1\]** | + |/S[1-5]USERREFRESHONLOGON |Initiates a user publishing refresh when a user logs on. Example usage:

        **/S2LOGONREFRESH=[0\|1\]** | + |/S[1-5]USERREFRESHINTERVAL |Specifies the publishing refresh interval, where **0** indicates do not periodically refresh. Example usage: **/S2PERIODICREFRESHINTERVAL=[0-744]** | + |/S[1-5]USERREFRESHINTERVALUNIT |Specifies the interval unit (Hours[0], Days[1]). Example usage:

        **/S2USERREFRESHINTERVALUNIT=[0\|1\]** | + |/Log |Specifies a location where the log information is saved. The default location is %Temp%. Example usage:

        **/log C:\logs\log.log** | + |/q |Specifies an unattended installation. | + |/REPAIR |Repairs a previous client installation. | + |/NORESTART |Prevents the computer from rebooting after the client installation.

        The parameter prevents the end-user computer from rebooting after each update is installed and lets you schedule the reboot at your convenience. For example, you can install App-V 5.0 SPX and then install Hotfix Package Y without rebooting after the Service Pack installation. After the installation, you must reboot before you start using App-V. | + |/UNINSTALL |Uninstalls the client. | + |/ACCEPTEULA |Accepts the license agreement. This is required for an unattended installation. Example usage:

        **/ACCEPTEULA** or **/ACCEPTEULA=1** | + |/LAYOUT |Specifies the associated layout action. It also extracts the Windows Installer (.msi) and script files to a folder without installing App-V 5.0. No value is expected. | + |/LAYOUTDIR |Specifies the layout directory. Requires a string value. Example usage:

        **/LAYOUTDIR=”C:\Application Virtualization Client”** | + |/?, /h, /help |Requests help about the previous installation parameters. | + --- **To install the App-V 5.0 client by using the Windows Installer (.msi) file** -1. Install the required prerequisites on the target computers. See [What to do before you start](#bkmk-clt-install-prereqs). If any prerequisites are not met, the installation will fail. +1. Install the required prerequisites on the target computers. See [What to do before you start](#bkmk-clt-install-prereqs). If any prerequisites are not met, the installation will fail. -2. Ensure that the target computers do not have any pending restarts before you install the client using the App-V 5.0 Windows Installer (.msi) files. The Windows Installer files do not flag a pending restart. +2. Ensure that the target computers do not have any pending restarts before you install the client using the App-V 5.0 Windows Installer (.msi) files. The Windows Installer files do not flag a pending restart. -3. Deploy one of the following Windows Installer files to the target computer. The file that you specify must match the configuration of the target computer. +3. Deploy one of the following Windows Installer files to the target computer. The file that you specify must match the configuration of the target computer. - - - - - - - - - - - - - - - - - - - - - - - - - -
        Type of deploymentDeploy this file

        Computer is running a 32-bit Microsoft Windows operating system

        appv_client_MSI_x86.msi

        Computer is running a 64-bit Microsoft Windows operating system

        appv_client_MSI_x64.msi

        You are deploying the App-V 5.0 Remote Desktop Services client

        appv_client_rds_MSI_x64.msi

        + |Type of deployment |Deploy this file | + |---|---| + |Computer is running a 32-bit Microsoft Windows operating system |appv_client_MSI_x86.msi | + |Computer is running a 64-bit Microsoft Windows operating system |appv_client_MSI_x64.msi | + |You are deploying the App-V 5.0 Remote Desktop Services client |appv_client_rds_MSI_x64.msi | + --- +  +4. Using the information in the following table, select the appropriate language pack **.msi** to install, based on the desired language for the target computer. The **xxxx** in the table refers to the target locale of the language pack. -   + **What to know before you start:** -4. Using the information in the following table, select the appropriate language pack **.msi** to install, based on the desired language for the target computer. The **xxxx** in the table refers to the target locale of the language pack. + - The language packs are common to both the standard App-V 5.0 client and the Remote Desktop Services version of the App-V 5.0 client. - **What to know before you start:** + - If you install the App-V 5.0 client using the **.exe**, the installer will deploy only the language pack that matches the operating system running on the target computer. - - The language packs are common to both the standard App-V 5.0 client and the Remote Desktop Services version of the App-V 5.0 client. + - To deploy additional language packs on a target computer, use the procedure **To install the App-V 5.0 client by using Windows Installer (.msi) file**. - - If you install the App-V 5.0 client using the **.exe**, the installer will deploy only the language pack that matches the operating system running on the target computer. - - - To deploy additional language packs on a target computer, use the procedure **To install the App-V 5.0 client by using Windows Installer (.msi) file**. - - - - - - - - - - - - - - - - - - - - - - -
        Type of deploymentDeploy this file

        Computer is running a 32-bit Microsoft Windows operating system

        appv_client_LP_xxxx_ x86.msi

        Computer is running a 64-bit Microsoft Windows operating system

        appv_client_LP_xxxx_ x64.msi

        - -   - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + |Type of deployment |Deploy this file | + |---|---| + |Computer is running a 32-bit Microsoft Windows operating system |appv_client_LP_xxxx_ x86.msi | + |Computer is running a 64-bit Microsoft Windows operating system |appv_client_LP_xxxx_ x64.msi | + --- + + **Got a suggestion for App-V**? Add or vote on [suggestions](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).

        **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics @@ -362,12 +159,3 @@ Use the following procedure to install the Microsoft Application Virtualization [About Client Configuration Settings](about-client-configuration-settings.md) [How to Uninstall the App-V 5.0 Client](how-to-uninstall-the-app-v-50-client.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/how-to-deploy-the-app-v-databases-by-using-sql-scripts.md b/mdop/appv-v5/how-to-deploy-the-app-v-databases-by-using-sql-scripts.md index 0a450eda33..cfd6725e5d 100644 --- a/mdop/appv-v5/how-to-deploy-the-app-v-databases-by-using-sql-scripts.md +++ b/mdop/appv-v5/how-to-deploy-the-app-v-databases-by-using-sql-scripts.md @@ -49,7 +49,7 @@ Use the following instructions to use SQL scripts, rather than the Windows Insta

        ManagementDatabase subfolder

        Important   -

        If you are upgrading to or installing the App-V 5.0 SP3 Management database, see [SQL scripts to install or upgrade the App-V 5.0 SP3 Management Server database fail](http://support.microsoft.com/kb/3031340).

        +

        If you are upgrading to or installing the App-V 5.0 SP3 Management database, see [SQL scripts to install or upgrade the App-V 5.0 SP3 Management Server database fail](https://support.microsoft.com/kb/3031340).

          diff --git a/mdop/appv-v5/how-to-load-the-powershell-cmdlets-and-get-cmdlet-help-50-sp3.md b/mdop/appv-v5/how-to-load-the-powershell-cmdlets-and-get-cmdlet-help-50-sp3.md index a3898dfd1d..c552e9a3a8 100644 --- a/mdop/appv-v5/how-to-load-the-powershell-cmdlets-and-get-cmdlet-help-50-sp3.md +++ b/mdop/appv-v5/how-to-load-the-powershell-cmdlets-and-get-cmdlet-help-50-sp3.md @@ -193,7 +193,7 @@ Starting in App-V 5.0 SP3, cmdlet help is available in two formats:

        On TechNet as web pages

        -

        See the App-V node under [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](http://technet.microsoft.com/library/dn520245.aspx).

        +

        See the App-V node under [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](https://technet.microsoft.com/library/dn520245.aspx).

        diff --git a/mdop/appv-v5/how-to-load-the-powershell-cmdlets-and-get-cmdlet-help-51.md b/mdop/appv-v5/how-to-load-the-powershell-cmdlets-and-get-cmdlet-help-51.md index 6e024f6302..253c7dc664 100644 --- a/mdop/appv-v5/how-to-load-the-powershell-cmdlets-and-get-cmdlet-help-51.md +++ b/mdop/appv-v5/how-to-load-the-powershell-cmdlets-and-get-cmdlet-help-51.md @@ -192,7 +192,7 @@ Starting in App-V 5.0 SP3, cmdlet help is available in two formats:

        On TechNet as web pages

        -

        See the App-V node under [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](http://technet.microsoft.com/library/dn520245.aspx).

        +

        See the App-V node under [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](https://technet.microsoft.com/library/dn520245.aspx).

        diff --git a/mdop/appv-v5/how-to-modify-client-configuration-by-using-powershell.md b/mdop/appv-v5/how-to-modify-client-configuration-by-using-powershell.md index c6f0c89d68..ded98a3926 100644 --- a/mdop/appv-v5/how-to-modify-client-configuration-by-using-powershell.md +++ b/mdop/appv-v5/how-to-modify-client-configuration-by-using-powershell.md @@ -24,9 +24,9 @@ Use the following procedure to configure the App-V 5.0 client configuration. `$config = Get-AppvClientConfiguration` - `Set-AppcClientConfiguration $config` + `Set-AppvClientConfiguration $config` - `Set-AppcClientConfiguration –Name1 MyConfig –Name2 “xyz”` + `Set-AppvClientConfiguration –AutoLoad 2` **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). diff --git a/mdop/appv-v5/how-to-modify-client-configuration-by-using-powershell51.md b/mdop/appv-v5/how-to-modify-client-configuration-by-using-powershell51.md index 4bf8017105..af53d695b0 100644 --- a/mdop/appv-v5/how-to-modify-client-configuration-by-using-powershell51.md +++ b/mdop/appv-v5/how-to-modify-client-configuration-by-using-powershell51.md @@ -24,9 +24,9 @@ Use the following procedure to configure the App-V 5.1 client configuration. `$config = Get-AppvClientConfiguration` - `Set-AppcClientConfiguration $config` + `Set-AppvClientConfiguration $config` - `Set-AppcClientConfiguration –Name1 MyConfig –Name2 “xyz”` + `Set-AppvClientConfiguration –AutoLoad 2` **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). diff --git a/mdop/appv-v5/performance-guidance-for-application-virtualization-50.md b/mdop/appv-v5/performance-guidance-for-application-virtualization-50.md index 0a5aa62dcf..bbc5378d44 100644 --- a/mdop/appv-v5/performance-guidance-for-application-virtualization-50.md +++ b/mdop/appv-v5/performance-guidance-for-application-virtualization-50.md @@ -265,9 +265,9 @@ The following table displays the required steps to prepare the base image and th We recommend using Microsoft User Experience Virtualization (UE-V) to capture and centralize application settings and Windows operating system settings for a specific user. These settings are then applied to the different computers that are accessed by the user, including desktop computers, laptop computers, and virtual desktop infrastructure (VDI) sessions. UE-V is optimized for RDS and VDI scenarios. -For more information see [Getting Started With User Experience Virtualization 2.0](http://technet.microsoft.com/library/dn458936.aspx) +For more information see [Getting Started With User Experience Virtualization 2.0](https://technet.microsoft.com/library/dn458936.aspx) -In essence all that is required is to install the UE-V client and download the following Microsoft authored App-V settings template from the [Microsoft User Experience Virtualization (UE-V) template gallery](http://gallery.technet.microsoft.com/Authored-UE-V-Settings-bb442a33). Register the template. For more information around UE-V templates see [The UE-V specific resource for acquiring and registering the template](http://technet.microsoft.com/library/dn458936.aspx). +In essence all that is required is to install the UE-V client and download the following Microsoft authored App-V settings template from the [Microsoft User Experience Virtualization (UE-V) template gallery](https://gallery.technet.microsoft.com/Authored-UE-V-Settings-bb442a33). Register the template. For more information around UE-V templates see [The UE-V specific resource for acquiring and registering the template](https://technet.microsoft.com/library/dn458936.aspx). **Note**   Without performing an additional configuration step, the Microsoft User Environment Virtualization (UE-V) will not be able to synchronize the Start menu shortcuts (.lnk files) on the target computer. The .lnk file type is excluded by default. @@ -341,7 +341,7 @@ Registry – HKEY\_CURRENT\_USER Additionally, we recommend using Microsoft User Experience Virtualization (UE-V) to capture and centralize application settings and Windows operating system settings for a specific user. These settings are then applied to the different computers that are accessed by the user, including desktop computers, laptop computers, and virtual desktop infrastructure (VDI) sessions. -For more information see [Getting Started With User Experience Virtualization 1.0](http://technet.microsoft.com/library/jj680015.aspx) and [Sharing Settings Location Templates with the UE-V Template Gallery](http://technet.microsoft.com/library/jj679972.aspx). +For more information see [Getting Started With User Experience Virtualization 1.0](https://technet.microsoft.com/library/jj680015.aspx) and [Sharing Settings Location Templates with the UE-V Template Gallery](https://technet.microsoft.com/library/jj679972.aspx). ### User Experience Walk-through @@ -445,37 +445,37 @@ The following section contains lists with information about Microsoft documentat About NGEN technology -- [How to speed up NGEN optimaztion](http://blogs.msdn.com/b/dotnet/archive/2013/08/06/wondering-why-mscorsvw-exe-has-high-cpu-usage-you-can-speed-it-up.aspx) +- [How to speed up NGEN optimaztion](https://blogs.msdn.com/b/dotnet/archive/2013/08/06/wondering-why-mscorsvw-exe-has-high-cpu-usage-you-can-speed-it-up.aspx) -- [Script](http://aka.ms/DrainNGenQueue) +- [Script](https://aka.ms/DrainNGenQueue) **Windows Server and Server Roles** Server Performance Tuning Guidelines for -- [Microsoft Windows Server 2012 R2](http://msdn.microsoft.com/library/windows/hardware/dn529133.aspx) +- [Microsoft Windows Server 2012 R2](https://msdn.microsoft.com/library/windows/hardware/dn529133.aspx) -- [Microsoft Windows Server 2012](http://download.microsoft.com/download/0/0/B/00BE76AF-D340-4759-8ECD-C80BC53B6231/performance-tuning-guidelines-windows-server-2012.docx) +- [Microsoft Windows Server 2012](https://download.microsoft.com/download/0/0/B/00BE76AF-D340-4759-8ECD-C80BC53B6231/performance-tuning-guidelines-windows-server-2012.docx) -- [Microsoft Windows Server 2008 R2](http://download.microsoft.com/download/6/B/2/6B2EBD3A-302E-4553-AC00-9885BBF31E21/Perf-tun-srv-R2.docx) +- [Microsoft Windows Server 2008 R2](https://download.microsoft.com/download/6/B/2/6B2EBD3A-302E-4553-AC00-9885BBF31E21/Perf-tun-srv-R2.docx) **Server Roles** -- [Remote Desktop Virtualization Host](http://msdn.microsoft.com/library/windows/hardware/dn567643.aspx) +- [Remote Desktop Virtualization Host](https://msdn.microsoft.com/library/windows/hardware/dn567643.aspx) -- [Remote Desktop Session Host](http://msdn.microsoft.com/library/windows/hardware/dn567648.aspx) +- [Remote Desktop Session Host](https://msdn.microsoft.com/library/windows/hardware/dn567648.aspx) -- [IIS Relevance: App-V Management, Publishing, Reporting Web Services](http://msdn.microsoft.com/library/windows/hardware/dn567678.aspx) +- [IIS Relevance: App-V Management, Publishing, Reporting Web Services](https://msdn.microsoft.com/library/windows/hardware/dn567678.aspx) -- [File Server (SMB) Relevance: If used for App-V Content Storage and Delivery in SCS Mode](http://technet.microsoft.com/library/jj134210.aspx) +- [File Server (SMB) Relevance: If used for App-V Content Storage and Delivery in SCS Mode](https://technet.microsoft.com/library/jj134210.aspx) **Windows Client (Guest OS) Performance Tuning Guidance** -- [Microsoft Windows 7](http://download.microsoft.com/download/E/5/7/E5783D68-160B-4366-8387-114FC3E45EB4/Performance Tuning Guidelines for Windows 7 Desktop Virtualization v1.9.docx) +- [Microsoft Windows 7](https://download.microsoft.com/download/E/5/7/E5783D68-160B-4366-8387-114FC3E45EB4/Performance Tuning Guidelines for Windows 7 Desktop Virtualization v1.9.docx) - [Optimization Script: (Provided by Microsoft Support)](http://blogs.technet.com/b/jeff_stokes/archive/2012/10/15/the-microsoft-premier-field-engineer-pfe-view-on-virtual-desktop-vdi-density.aspx) -- [Microsoft Windows 8](http://download.microsoft.com/download/6/0/1/601D7797-A063-4FA7-A2E5-74519B57C2B4/Windows_8_VDI_Image_Client_Tuning_Guide.pdf) +- [Microsoft Windows 8](https://download.microsoft.com/download/6/0/1/601D7797-A063-4FA7-A2E5-74519B57C2B4/Windows_8_VDI_Image_Client_Tuning_Guide.pdf) - [Optimization Script: (Provided by Microsoft Support)](http://blogs.technet.com/b/jeff_stokes/archive/2013/04/09/hot-off-the-presses-get-it-now-the-windows-8-vdi-optimization-script-courtesy-of-pfe.aspx) diff --git a/mdop/appv-v5/performance-guidance-for-application-virtualization-51.md b/mdop/appv-v5/performance-guidance-for-application-virtualization-51.md index f97427ff85..2f09ab6f22 100644 --- a/mdop/appv-v5/performance-guidance-for-application-virtualization-51.md +++ b/mdop/appv-v5/performance-guidance-for-application-virtualization-51.md @@ -267,7 +267,7 @@ We recommend using Microsoft User Experience Virtualization (UE-V) to capture an For more information see [Getting Started With User Experience Virtualization 2.0](https://technet.microsoft.com/library/dn458926.aspx) -In essence all that is required is to install the UE-V client and download the following Microsoft authored App-V settings template from the [Microsoft User Experience Virtualization (UE-V) template gallery](http://gallery.technet.microsoft.com/Authored-UE-V-Settings-bb442a33). Register the template. For more information around UE-V templates see [The UE-V specific resource for acquiring and registering the template](https://technet.microsoft.com/library/dn458926.aspx). +In essence all that is required is to install the UE-V client and download the following Microsoft authored App-V settings template from the [Microsoft User Experience Virtualization (UE-V) template gallery](https://gallery.technet.microsoft.com/Authored-UE-V-Settings-bb442a33). Register the template. For more information around UE-V templates see [The UE-V specific resource for acquiring and registering the template](https://technet.microsoft.com/library/dn458926.aspx). **Note**   Without performing an additional configuration step, the Microsoft User Environment Virtualization (UE-V) will not be able to synchronize the Start menu shortcuts (.lnk files) on the target computer. The .lnk file type is excluded by default. @@ -348,7 +348,7 @@ Registry – HKEY\_CURRENT\_USER Additionally, we recommend using Microsoft User Experience Virtualization (UE-V) to capture and centralize application settings and Windows operating system settings for a specific user. These settings are then applied to the different computers that are accessed by the user, including desktop computers, laptop computers, and virtual desktop infrastructure (VDI) sessions. -For more information see [Getting Started With User Experience Virtualization 1.0](http://technet.microsoft.com/library/jj680015.aspx) and [Sharing Settings Location Templates with the UE-V Template Gallery](http://technet.microsoft.com/library/jj679972.aspx). +For more information see [Getting Started With User Experience Virtualization 1.0](https://technet.microsoft.com/library/jj680015.aspx) and [Sharing Settings Location Templates with the UE-V Template Gallery](https://technet.microsoft.com/library/jj679972.aspx). ### User Experience Walk-through @@ -452,37 +452,37 @@ The following section contains lists with information about Microsoft documentat About NGEN technology -- [How to speed up NGEN optimaztion](http://blogs.msdn.com/b/dotnet/archive/2013/08/06/wondering-why-mscorsvw-exe-has-high-cpu-usage-you-can-speed-it-up.aspx) +- [How to speed up NGEN optimaztion](https://blogs.msdn.com/b/dotnet/archive/2013/08/06/wondering-why-mscorsvw-exe-has-high-cpu-usage-you-can-speed-it-up.aspx) -- [Script](http://aka.ms/DrainNGenQueue) +- [Script](https://aka.ms/DrainNGenQueue) **Windows Server and Server Roles** Server Performance Tuning Guidelines for -- [Microsoft Windows Server 2012 R2](http://msdn.microsoft.com/library/windows/hardware/dn529133.aspx) +- [Microsoft Windows Server 2012 R2](https://msdn.microsoft.com/library/windows/hardware/dn529133.aspx) -- [Microsoft Windows Server 2012](http://download.microsoft.com/download/0/0/B/00BE76AF-D340-4759-8ECD-C80BC53B6231/performance-tuning-guidelines-windows-server-2012.docx) +- [Microsoft Windows Server 2012](https://download.microsoft.com/download/0/0/B/00BE76AF-D340-4759-8ECD-C80BC53B6231/performance-tuning-guidelines-windows-server-2012.docx) -- [Microsoft Windows Server 2008 R2](http://download.microsoft.com/download/6/B/2/6B2EBD3A-302E-4553-AC00-9885BBF31E21/Perf-tun-srv-R2.docx) +- [Microsoft Windows Server 2008 R2](https://download.microsoft.com/download/6/B/2/6B2EBD3A-302E-4553-AC00-9885BBF31E21/Perf-tun-srv-R2.docx) **Server Roles** -- [Remote Desktop Virtualization Host](http://msdn.microsoft.com/library/windows/hardware/dn567643.aspx) +- [Remote Desktop Virtualization Host](https://msdn.microsoft.com/library/windows/hardware/dn567643.aspx) -- [Remote Desktop Session Host](http://msdn.microsoft.com/library/windows/hardware/dn567648.aspx) +- [Remote Desktop Session Host](https://msdn.microsoft.com/library/windows/hardware/dn567648.aspx) -- [IIS Relevance: App-V Management, Publishing, Reporting Web Services](http://msdn.microsoft.com/library/windows/hardware/dn567678.aspx) +- [IIS Relevance: App-V Management, Publishing, Reporting Web Services](https://msdn.microsoft.com/library/windows/hardware/dn567678.aspx) -- [File Server (SMB) Relevance: If used for App-V Content Storage and Delivery in SCS Mode](http://technet.microsoft.com/library/jj134210.aspx) +- [File Server (SMB) Relevance: If used for App-V Content Storage and Delivery in SCS Mode](https://technet.microsoft.com/library/jj134210.aspx) **Windows Client (Guest OS) Performance Tuning Guidance** -- [Microsoft Windows 7](http://download.microsoft.com/download/E/5/7/E5783D68-160B-4366-8387-114FC3E45EB4/Performance Tuning Guidelines for Windows 7 Desktop Virtualization v1.9.docx) +- [Microsoft Windows 7](https://download.microsoft.com/download/E/5/7/E5783D68-160B-4366-8387-114FC3E45EB4/Performance Tuning Guidelines for Windows 7 Desktop Virtualization v1.9.docx) - [Optimization Script: (Provided by Microsoft Support)](http://blogs.technet.com/b/jeff_stokes/archive/2012/10/15/the-microsoft-premier-field-engineer-pfe-view-on-virtual-desktop-vdi-density.aspx) -- [Microsoft Windows 8](http://download.microsoft.com/download/6/0/1/601D7797-A063-4FA7-A2E5-74519B57C2B4/Windows_8_VDI_Image_Client_Tuning_Guide.pdf) +- [Microsoft Windows 8](https://download.microsoft.com/download/6/0/1/601D7797-A063-4FA7-A2E5-74519B57C2B4/Windows_8_VDI_Image_Client_Tuning_Guide.pdf) - [Optimization Script: (Provided by Microsoft Support)](http://blogs.technet.com/b/jeff_stokes/archive/2013/04/09/hot-off-the-presses-get-it-now-the-windows-8-vdi-optimization-script-courtesy-of-pfe.aspx) diff --git a/mdop/appv-v5/planning-for-migrating-from-a-previous-version-of-app-v.md b/mdop/appv-v5/planning-for-migrating-from-a-previous-version-of-app-v.md index 5cf5ae27cc..111265456f 100644 --- a/mdop/appv-v5/planning-for-migrating-from-a-previous-version-of-app-v.md +++ b/mdop/appv-v5/planning-for-migrating-from-a-previous-version-of-app-v.md @@ -21,7 +21,7 @@ Use the following information to plan how to migrate to App-V 5.0 from previous Before you start any upgrades, review the following requirements: -- If you are upgrading from a version earlier than App-V 4.6 SP2, upgrade to version App-V 4.6 SP3 first before upgrading to App-V 5.0 or later. In this scenario, upgrade the App-V clients first, and then upgrade the server components. +- If you are upgrading from a version earlier than App-V 4.6 SP2, upgrade to version App-V 4.6 SP3 first before upgrading to App-V 5.0 or later. In this scenario, upgrade the App-V clients first, and then upgrade the server components. **Note:** App-V 4.6 has exited Mainstream support. - App-V 5.0 supports only packages that are created using App-V 5.0, or packages that have been converted to the App-V 5.0 (**.appv**) format. @@ -74,7 +74,7 @@ To run coexisting clients, you must: - Install the App-V 4.6 client before you install the App-V 5.0 client. -- Enable the **Enable Migration Mode** Group Policy setting, which is in the **App-V** > **Client Coexistence** node. To get the deploy the .admx template, see [How to Download and Deploy MDOP Group Policy (.admx) Templates](http://technet.microsoft.com/library/dn659707.aspx). +- Enable the **Enable Migration Mode** Group Policy setting, which is in the **App-V** > **Client Coexistence** node. To get the deploy the .admx template, see [How to Download and Deploy MDOP Group Policy (.admx) Templates](https://technet.microsoft.com/library/dn659707.aspx). ### Client downloads and documentation @@ -94,7 +94,7 @@ The following table provides link to the TechNet documentation about the release

        App-V 4.6 SP3

        -

        [About Microsoft Application Virtualization 4.6 SP3](http://technet.microsoft.com/library/dn511019.aspx)

        +

        [About Microsoft Application Virtualization 4.6 SP3](https://technet.microsoft.com/library/dn511019.aspx)

        App-V 5.0 SP3

        @@ -109,7 +109,7 @@ For more information about how to configure App-V 5.0 client coexistence, see: - [How to Deploy the App-V 4.6 and the App-V 5.0 Client on the Same Computer](how-to-deploy-the-app-v-46-and-the-app-v--50-client-on-the-same-computer.md) -- [App-V 5.0 Coexistence and Migration](http://technet.microsoft.com/windows/jj835811.aspx) +- [App-V 5.0 Coexistence and Migration](https://technet.microsoft.com/windows/jj835811.aspx) ## Converting “previous-version” packages using the package converter diff --git a/mdop/appv-v5/planning-for-migrating-from-a-previous-version-of-app-v51.md b/mdop/appv-v5/planning-for-migrating-from-a-previous-version-of-app-v51.md index 935ab2548a..ccdd275962 100644 --- a/mdop/appv-v5/planning-for-migrating-from-a-previous-version-of-app-v51.md +++ b/mdop/appv-v5/planning-for-migrating-from-a-previous-version-of-app-v51.md @@ -21,7 +21,7 @@ Use the following information to plan how to migrate to Microsoft Application Vi Before you start any upgrades, review the following requirements: -- If you are upgrading from a version earlier than App-V 4.6 SP2, upgrade to version App-V 4.6 SP3 first before upgrading to App-V 5.1 or later. In this scenario, upgrade the App-V clients first, and then upgrade the server components. +- If you are upgrading from a version earlier than App-V 4.6 SP2, upgrade to version App-V 4.6 SP3 first before upgrading to App-V 5.1 or later. In this scenario, upgrade the App-V clients first, and then upgrade the server components. **Note:** App-V 4.6 has exited Mainstream support. - App-V 5.1 supports only packages that are created using App-V 5.0 or App-V 5.1, or packages that have been converted to the **.appv** format. @@ -74,7 +74,7 @@ To run coexisting clients, you must: - Install the App-V 4.6 client before you install the App-V 5.1 client. -- Enable the **Enable Migration Mode** Group Policy setting, which is in the **App-V** > **Client Coexistence** node. To deploy the .admx template, see [How to Download and Deploy MDOP Group Policy (.admx) Templates](http://technet.microsoft.com/library/dn659707.aspx). +- Enable the **Enable Migration Mode** Group Policy setting, which is in the **App-V** > **Client Coexistence** node. To deploy the .admx template, see [How to Download and Deploy MDOP Group Policy (.admx) Templates](https://technet.microsoft.com/library/dn659707.aspx). **Note**   App-V 5.1 packages can run side by side with App-V 4.6 packages if you have coexisting installations of App-V 5.1 and 4.6. However, App-V 5.1 packages cannot interact with App-V 4.6 packages in the same virtual environment. @@ -99,7 +99,7 @@ The following table provides links to the App-V 4.6 client downloads and to the

        App-V 4.6 SP3

        -

        [About Microsoft Application Virtualization 4.6 SP3](http://technet.microsoft.com/library/dn511019.aspx)

        +

        [About Microsoft Application Virtualization 4.6 SP3](https://technet.microsoft.com/library/dn511019.aspx)

        App-V 4.6 SP3

        @@ -114,7 +114,7 @@ For more information about how to configure App-V 5.1 client coexistence, see: - [How to Deploy the App-V 4.6 and the App-V 5.1 Client on the Same Computer](how-to-deploy-the-app-v-46-and-the-app-v--51-client-on-the-same-computer.md) -- [App-V 5.0 Coexistence and Migration](http://technet.microsoft.com/windows/jj835811.aspx) +- [App-V 5.0 Coexistence and Migration](https://technet.microsoft.com/windows/jj835811.aspx) ## Converting “previous-version” packages using the package converter diff --git a/mdop/appv-v5/planning-for-using-app-v-with-office.md b/mdop/appv-v5/planning-for-using-app-v-with-office.md index bc10c246f9..83ae379e97 100644 --- a/mdop/appv-v5/planning-for-using-app-v-with-office.md +++ b/mdop/appv-v5/planning-for-using-app-v-with-office.md @@ -129,11 +129,11 @@ Before implementing Office coexistence, review the following Office documentatio

        Office 2013

        -

        [Information about how to use Office 2013 suites and programs (MSI deployment) on a computer that is running another version of Office](http://support.microsoft.com/kb/2784668)

        +

        [Information about how to use Office 2013 suites and programs (MSI deployment) on a computer that is running another version of Office](https://support.microsoft.com/kb/2784668)

        Office 2010

        -

        [Information about how to use Office 2010 suites and programs on a computer that is running another version of Office](http://support.microsoft.com/kb/2121447)

        +

        [Information about how to use Office 2010 suites and programs on a computer that is running another version of Office](https://support.microsoft.com/kb/2121447)

        @@ -184,7 +184,7 @@ The Windows Installer-based and Click-to-Run Office installation methods integra   -Microsoft recommends that you deploy Office coexistence with only one integrated Office instance. For example, if you’re using App-V to deploy Office 2010 and Office 2013, you should sequence Office 2010 in non-integrated mode. For more information about sequencing Office in non-integration (isolated) mode, see [How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](http://support.microsoft.com/kb/2830069). +Microsoft recommends that you deploy Office coexistence with only one integrated Office instance. For example, if you’re using App-V to deploy Office 2010 and Office 2013, you should sequence Office 2010 in non-integrated mode. For more information about sequencing Office in non-integration (isolated) mode, see [How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/kb/2830069). ### Known limitations of Office coexistence scenarios diff --git a/mdop/appv-v5/planning-for-using-app-v-with-office51.md b/mdop/appv-v5/planning-for-using-app-v-with-office51.md index 0413034d8b..2058a48f3a 100644 --- a/mdop/appv-v5/planning-for-using-app-v-with-office51.md +++ b/mdop/appv-v5/planning-for-using-app-v-with-office51.md @@ -36,7 +36,7 @@ Microsoft Visio and Microsoft Project do not provide support for the Thai Langua ## Supported versions of Microsoft Office -See [Microsoft Office Product IDs that App-V supports](https://support.microsoft.com/en-us/help/2842297/product-ids-that-are-supported-by-the-office-deployment-tool-for-click) for a list of supported Office products. +See [Microsoft Office Product IDs that App-V supports](https://support.microsoft.com/help/2842297/product-ids-that-are-supported-by-the-office-deployment-tool-for-click) for a list of supported Office products. >**Note**  You must use the Office Deployment Tool to create App-V packages for Office 365 ProPlus. Creating packages for the volume-licensed versions of Office Professional Plus or Office Standard is not supported. You cannot use the App-V Sequencer.   @@ -66,11 +66,11 @@ Before implementing Office coexistence, review the following Office documentatio

        Office 2013

        -

        [Information about how to use Office 2013 suites and programs (MSI deployment) on a computer that is running another version of Office](http://support.microsoft.com/kb/2784668)

        +

        [Information about how to use Office 2013 suites and programs (MSI deployment) on a computer that is running another version of Office](https://support.microsoft.com/kb/2784668)

        Office 2010

        -

        [Information about how to use Office 2010 suites and programs on a computer that is running another version of Office](http://support.microsoft.com/kb/2121447)

        +

        [Information about how to use Office 2010 suites and programs on a computer that is running another version of Office](https://support.microsoft.com/kb/2121447)

        @@ -121,7 +121,7 @@ The Windows Installer-based and Click-to-Run Office installation methods integra   -Microsoft recommends that you deploy Office coexistence with only one integrated Office instance. For example, if you’re using App-V to deploy Office 2010 and Office 2013, you should sequence Office 2010 in non-integrated mode. For more information about sequencing Office in non-integration (isolated) mode, see [How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](http://support.microsoft.com/kb/2830069). +Microsoft recommends that you deploy Office coexistence with only one integrated Office instance. For example, if you’re using App-V to deploy Office 2010 and Office 2013, you should sequence Office 2010 in non-integrated mode. For more information about sequencing Office in non-integration (isolated) mode, see [How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/kb/2830069). ### Known limitations of Office coexistence scenarios diff --git a/mdop/appv-v5/planning-to-use-folder-redirection-with-app-v.md b/mdop/appv-v5/planning-to-use-folder-redirection-with-app-v.md index cfabb0ba9f..a1f34fddf2 100644 --- a/mdop/appv-v5/planning-to-use-folder-redirection-with-app-v.md +++ b/mdop/appv-v5/planning-to-use-folder-redirection-with-app-v.md @@ -49,7 +49,7 @@ This topic contains the following sections:

    • Ensure that the following folders are available to each user who logs into the computer that is running the App-V 5.0 SP2 or later client:

        -

      • %AppData% is configured to the desired network location (with or without [Offline Files](http://technet.microsoft.com/library/cc780552.aspx) support).

        • +

      • %AppData% is configured to the desired network location (with or without [Offline Files](https://technet.microsoft.com/library/cc780552.aspx) support).

      • %LocalAppData% is configured to the desired local folder.

    @@ -169,7 +169,7 @@ The following table describes how folder redirection works when %AppData% is red

    More resources

    -

    [Folder redirection overview](http://technet.microsoft.com/library/cc778976.aspx)

    +

    [Folder redirection overview](https://technet.microsoft.com/library/cc778976.aspx)

    diff --git a/mdop/appv-v5/planning-to-use-folder-redirection-with-app-v51.md b/mdop/appv-v5/planning-to-use-folder-redirection-with-app-v51.md index be01b37844..83456b984c 100644 --- a/mdop/appv-v5/planning-to-use-folder-redirection-with-app-v51.md +++ b/mdop/appv-v5/planning-to-use-folder-redirection-with-app-v51.md @@ -49,7 +49,7 @@ This topic contains the following sections:

  • Ensure that the following folders are available to each user who logs into the computer that is running the App-V 5.0 SP2 or later client:

      -

    • %AppData% is configured to the desired network location (with or without [Offline Files](http://technet.microsoft.com/library/cc780552.aspx) support).

      • +

    • %AppData% is configured to the desired network location (with or without [Offline Files](https://technet.microsoft.com/library/cc780552.aspx) support).

    • %LocalAppData% is configured to the desired local folder.

    • @@ -169,7 +169,7 @@ The following table describes how folder redirection works when %AppData% is red

    More resources

    -

    [Folder redirection overview](http://technet.microsoft.com/library/cc778976.aspx)

    +

    [Folder redirection overview](https://technet.microsoft.com/library/cc778976.aspx)

    diff --git a/mdop/appv-v5/release-notes-for-app-v-50-sp3.md b/mdop/appv-v5/release-notes-for-app-v-50-sp3.md index 8f37aafe6b..2fcfd69810 100644 --- a/mdop/appv-v5/release-notes-for-app-v-50-sp3.md +++ b/mdop/appv-v5/release-notes-for-app-v-50-sp3.md @@ -32,9 +32,9 @@ The issue occurs because the Server files are not being deleted when you uninsta ## Querying AD DS can cause some applications to work incorrectly -When you receive updated packages by querying Active Directory Domain Services for updated group memberships, it can cause some applications to work incorrectly if the applications depend on the user’s access token. In addition, frequent group membership queries can cause the domain controller to overload. For more information about user access tokens, see [Access Tokens](http://msdn.microsoft.com/library/windows/desktop/aa374909.aspx). +When you receive updated packages by querying Active Directory Domain Services for updated group memberships, it can cause some applications to work incorrectly if the applications depend on the user’s access token. In addition, frequent group membership queries can cause the domain controller to overload. For more information about user access tokens, see [Access Tokens](https://msdn.microsoft.com/library/windows/desktop/aa374909.aspx). -**Workaround**: Wait until the user logs off and then logs back on before you query for updated group memberships. Do not use the registry key, described in [Hotfix Package 2 for Microsoft Application Virtualization 5.0 Service Pack 1](http://support.microsoft.com/kb/2897087), to query for updated group memberships. +**Workaround**: Wait until the user logs off and then logs back on before you query for updated group memberships. Do not use the registry key, described in [Hotfix Package 2 for Microsoft Application Virtualization 5.0 Service Pack 1](https://support.microsoft.com/kb/2897087), to query for updated group memberships. ## Got a suggestion for App-V? diff --git a/mdop/dart-v10/getting-started-with-dart-10.md b/mdop/dart-v10/getting-started-with-dart-10.md index f301a986ed..daca6358aa 100644 --- a/mdop/dart-v10/getting-started-with-dart-10.md +++ b/mdop/dart-v10/getting-started-with-dart-10.md @@ -14,13 +14,12 @@ ms.date: 08/30/2016 # Getting Started with DaRT 10 -Microsoft Diagnostics and Recovery Toolset (DaRT) 10 requires thorough planning before you deploy it or use its features. If you are new to this product, we recommend that you read the documentation carefully. Before you deploy the product to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at [https://go.microsoft.com/fwlink/p/?LinkId=80347](https://go.microsoft.com/fwlink/?LinkId=80347). - -**Note**   -A downloadable version of this administrator’s guide is not available. However, you can learn about a special mode of the TechNet Library that allows you to select articles, group them in a collection, and print them or export them to a file at (https://go.microsoft.com/fwlink/?LinkId=272493). - -Additional downloadable information about this product can also be found at . +Microsoft Diagnostics and Recovery Toolset (DaRT) 10 requires thorough planning before you deploy it or use its features. If you are new to this product, we recommend that you read the documentation carefully. Before you deploy the product to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. +>[!NOTE]   +>A downloadable version of this administrator’s guide is not available. However, you can click **Download PDF** at the bottom of the Table of Contents pane to get a PDF version of this guide. +> +>Additional information about this product can also be found on the [Diagnostics and Recovery Toolset documentation download page.](https://www.microsoft.com/download/details.aspx?id=27754)   ## Getting started with DaRT 10 diff --git a/mdop/dart-v65.md b/mdop/dart-v65.md index c35e9548f2..21aca15b8d 100644 --- a/mdop/dart-v65.md +++ b/mdop/dart-v65.md @@ -11,4 +11,4 @@ ms.date: 04/19/2017 # Diagnostics and Recovery Toolset 6.5 -Selecting the link for [Diagnostics and Recovery Toolset 6.5 documentation](https://technet.microsoft.com/en-us/library/jj713388.aspx) will take you to another website. Use your browser's **Back** button to return to this page. \ No newline at end of file +Selecting the link for [Diagnostics and Recovery Toolset 6.5 documentation](https://technet.microsoft.com/library/jj713388.aspx) will take you to another website. Use your browser's **Back** button to return to this page. \ No newline at end of file diff --git a/mdop/dart-v8/about-dart-81.md b/mdop/dart-v8/about-dart-81.md index 6c1d8eeaca..ba9aa61695 100644 --- a/mdop/dart-v8/about-dart-81.md +++ b/mdop/dart-v8/about-dart-81.md @@ -58,7 +58,7 @@ Microsoft Diagnostics and Recovery Toolset (DaRT) 8.1 provides the following enh   - To download Windows ADK 8.1, see [Windows Assessment and Deployment Kit (Windows ADK) for Windows 8.1](http://www.microsoft.com/download/details.aspx?id=39982) in the Microsoft Download Center. + To download Windows ADK 8.1, see [Windows Assessment and Deployment Kit (Windows ADK) for Windows 8.1](https://www.microsoft.com/download/details.aspx?id=39982) in the Microsoft Download Center. - **Microsoft .NET Framework 4.5.1** @@ -68,7 +68,7 @@ Microsoft Diagnostics and Recovery Toolset (DaRT) 8.1 provides the following enh To use the Crash Analyzer tool in DaRT 8.1, you need the required debugging tools, which are available in the Software Development Kit for Windows 8.1. - To download, see [Windows Software Development Kit (SDK) for Windows 8.1](http://msdn.microsoft.com/library/windows/desktop/bg162891.aspx) in the Microsoft Download Center. + To download, see [Windows Software Development Kit (SDK) for Windows 8.1](https://msdn.microsoft.com/library/windows/desktop/bg162891.aspx) in the Microsoft Download Center. ## Language availability diff --git a/mdop/docfx.json b/mdop/docfx.json index a6ff6398ef..530722278f 100644 --- a/mdop/docfx.json +++ b/mdop/docfx.json @@ -9,7 +9,7 @@ ], "resource": [ { - "files": ["**/images/**", "**/*.json"], + "files": ["**/images/**"], "exclude": ["**/obj/**"] } ], diff --git a/mdop/index.md b/mdop/index.md index 2eabdc2716..4764ce169b 100644 --- a/mdop/index.md +++ b/mdop/index.md @@ -7,7 +7,7 @@ ms.pagetype: mdop ms.mktglfcycl: manage ms.sitesec: library ms.prod: w10 -ms.date: 04/19/2017 +ms.date: 07/24/2018 --- # MDOP Information Experience @@ -36,14 +36,14 @@ The following table provides links to the product documentation for the MDOP pro

    AGPM 4.0 - Windows Vista SP1, Windows 7, Windows Server 2008, Windows Server 2008 R2

    AGPM 3.0- Windows Vista SP1, Windows Server 2008

    AGPM 2.5 - Windows Vista, Windows Server 2003

    -

    [Overview of Microsoft Advanced Group Policy Management](https://go.microsoft.com/fwlink/p/?LinkId=232980)(https://go.microsoft.com/fwlink/p/?LinkId=232980)

    -

    [AGPM 4.0 SP3](https://technet.microsoft.com/library/mt346468.aspx) (https://technet.microsoft.com/library/mt346468.aspx)

    -

    [AGPM 4.0 SP2](https://go.microsoft.com/fwlink/p/?LinkId=325035) (https://go.microsoft.com/fwlink/p/?LinkId=325035)

    +

    [Overview of Microsoft Advanced Group Policy Management](agpm/index.md)

    +

    [AGPM 4.0 SP3](agpm/whats-new-in-agpm-40-sp3.md)

    +

    [AGPM 4.0 SP2](agpm/whats-new-in-agpm-40-sp2.md)

    [AGPM 4.0 SP1](https://go.microsoft.com/fwlink/p/?LinkId=286715) (https://go.microsoft.com/fwlink/p/?LinkId=286715)

    -

    [AGPM 4.0](https://go.microsoft.com/fwlink/p/?LinkId=232964) (https://go.microsoft.com/fwlink/p/?LinkId=232964)

    -

    [AGPM 3.0](https://go.microsoft.com/fwlink/p/?LinkId=232967) (https://go.microsoft.com/fwlink/p/?LinkId=232967)

    -

    [AGPM 2.5](https://go.microsoft.com/fwlink/p/?LinkId=232969) (https://go.microsoft.com/fwlink/p/?LinkId=232969)

    -

    [AGPM Whitepapers on the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=232275) (https://go.microsoft.com/fwlink/p/?LinkId=232275)

    +

    [AGPM 4.0](agpm/whats-new-in-agpm-40-sp1.md)

    +

    [AGPM 3.0](agpm/whats-new-in-agpm-30.md)

    +

    [AGPM 2.5](agpm/agpm-25-navengl.md)

    +

    [AGPM Whitepapers on the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=232275)

    Microsoft Application Virtualization (App-V) lets you make applications available to end user computers without installing the applications directly on those computers.

    @@ -57,14 +57,13 @@ The following table provides links to the product documentation for the MDOP pro

    [About Microsoft Application Virtualization 4.6 SP1](appv-v4/about-microsoft-application-virtualization-46-sp1.md)

    [About Microsoft Application Virtualization 4.6](appv-v4/about-microsoft-application-virtualization-46.md)

    [About Microsoft Application Virtualization 4.5](appv-v4/about-microsoft-application-virtualization-45.md)

    -

    [SoftGrid](https://go.microsoft.com/fwlink/p/?LinkId=232981) (https://go.microsoft.com/fwlink/p/?LinkId=232981)

    -

    [App-V Whitepapers on the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=231902) (https://go.microsoft.com/fwlink/p/?LinkId=231902)

    +

    [App-V Whitepapers on the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=231902)

    [App-V 5.0 eBooks](https://go.microsoft.com/fwlink/p/?LinkId=309570) (https://go.microsoft.com/fwlink/p/?LinkId=309570)

    Microsoft BitLocker Administration and Monitoring (MBAM) provides an administrative interface to enterprise-wide BitLocker drive encryption.

    [Microsoft BitLocker Administration and Monitoring 2.5](mbam-v25/index.md)

    -

    [MBAM 2.5 Video Demonstration: Deploying MBAM 2.5](https://go.microsoft.com/fwlink/?LinkId=518206) (https://go.microsoft.com/fwlink/?LinkId=518206)

    +

    [MBAM 2.5 Video Demonstration: Deploying MBAM 2.5](https://go.microsoft.com/fwlink/?LinkId=518206)

    [About MBAM 2.5 SP1](mbam-v25/about-mbam-25-sp1.md)

    [About MBAM 2.0 SP1](mbam-v2/about-mbam-20-sp1.md)

    [Microsoft BitLocker Administration and Monitoring 2 Administrator's Guide](mbam-v2/index.md)

    @@ -105,7 +104,7 @@ The following table provides links to the product documentation for the MDOP pro

    [Microsoft Enterprise Desktop Virtualization 2.0](medv-v2/index.md)

    [About MED-V 1.0 SP1](medv-v1/about-med-v-10-sp1.md)

    [Microsoft Enterprise Desktop Virtualization 1.0](medv-v1/index.md)

    -

    [MED-V Whitepapers on the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=231903) (https://go.microsoft.com/fwlink/p/?LinkId=231903)

    +

    Microsoft User Experience Virtualization (UE-V) captures settings to apply to computers accessed by the user including desktop computers, laptop computers, and VDI sessions.

    @@ -141,10 +140,6 @@ In addition to the product documentation available online, supplemental product - -

    MDOP Videos

    -

    For a list of available MDOP videos, go to [Microsoft Desktop Optimization Pack Technologies Videos](https://go.microsoft.com/fwlink/p/?LinkId=234275) (https://go.microsoft.com/fwlink/p/?LinkId=234275).

    -

    MDOP Virtual Labs

    For a list of available MDOP virtual labs, go to [Microsoft Desktop Optimization Pack (MDOP) Virtual Labs](https://go.microsoft.com/fwlink/p/?LinkId=234276) (https://go.microsoft.com/fwlink/p/?LinkId=234276).

    @@ -168,14 +163,11 @@ In addition to the product documentation available online, supplemental product MDOP is a suite of products that can help streamline desktop deployment, management, and support across the enterprise. MDOP is available as an additional subscription for Software Assurance customers. -**Evaluate MDOP** -MDOP is also available for test and evaluation to [MSDN](http://msdn.microsoft.com/subscriptions/downloads/default.aspx?PV=42:178) and [TechNet](http://technet.microsoft.com/subscriptions/downloads/default.aspx?PV=42:178) subscribers in accordance with MDSN and TechNet agreements. - -**Download MDOP** +**Download MDOP** MDOP subscribers can download the software at the [Microsoft Volume Licensing website (MVLS)](https://go.microsoft.com/fwlink/p/?LinkId=166331). -**Purchase MDOP** -Visit the enterprise [Purchase Windows Enterprise Licensing](http://www.microsoft.com/windows/enterprise/how-to-buy.aspx) website to find out how to purchase MDOP for your business. +**Purchase MDOP** +Visit the enterprise [Purchase Windows Enterprise Licensing](https://www.microsoft.com/licensing/how-to-buy/how-to-buy) website to find out how to purchase MDOP for your business.   diff --git a/mdop/mbam-v2/how-to-install-the-mbam-20-group-policy-template-mbam-2.md b/mdop/mbam-v2/how-to-install-the-mbam-20-group-policy-template-mbam-2.md index 8b32b75d9e..23cbf71a1e 100644 --- a/mdop/mbam-v2/how-to-install-the-mbam-20-group-policy-template-mbam-2.md +++ b/mdop/mbam-v2/how-to-install-the-mbam-20-group-policy-template-mbam-2.md @@ -38,7 +38,7 @@ Make sure that you use the 32-bit setup on 32-bit servers and the 64-bit setup o   -5. For specific steps about how and where to install the templates, see [How to Download and Deploy MDOP Group Policy (.admx) Templates](http://technet.microsoft.com/library/dn659707.aspx). +5. For specific steps about how and where to install the templates, see [How to Download and Deploy MDOP Group Policy (.admx) Templates](https://technet.microsoft.com/library/dn659707.aspx). 6. After the Microsoft BitLocker Administration and Monitoring Setup wizard displays installation pages for the selected features, click **Finish** to close MBAM Setup. diff --git a/mdop/mbam-v2/how-to-validate-the-mbam-installation-with-configuration-manager.md b/mdop/mbam-v2/how-to-validate-the-mbam-installation-with-configuration-manager.md index 349e62903b..78e6044a28 100644 --- a/mdop/mbam-v2/how-to-validate-the-mbam-installation-with-configuration-manager.md +++ b/mdop/mbam-v2/how-to-validate-the-mbam-installation-with-configuration-manager.md @@ -51,7 +51,7 @@ After installing Microsoft BitLocker Administration and Monitoring (MBAM) with C To view the configuration baselines with System Center 2012 Configuration Manager: Click the **Assets and Compliance** workspace, **Compliance Settings**, **Configuration Baselines**. -5. Use the Configuration Manager console to confirm that that the following new configuration items are displayed: +5. Use the Configuration Manager console to confirm that the following new configuration items are displayed: - BitLocker Fixed Data Drives Protection diff --git a/mdop/mbam-v2/mbam-20-privacy-statement-mbam-2.md b/mdop/mbam-v2/mbam-20-privacy-statement-mbam-2.md index 735cf97bab..113fd20178 100644 --- a/mdop/mbam-v2/mbam-20-privacy-statement-mbam-2.md +++ b/mdop/mbam-v2/mbam-20-privacy-statement-mbam-2.md @@ -87,9 +87,9 @@ Microsoft Error Reporting is not turned on or off by MBAM. MBAM will utilize wha Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the PC. You can also use the Last Known Good Configuration startup option if you encounter problems after manual changes have been applied. -Important Information: Enterprise customers can use Group Policy to configure how Microsoft Error Reporting behaves on their PCs. Configuration options include the ability to turn off Microsoft Error Reporting. If you are an administrator and wish to configure Group Policy for Microsoft Error Reporting, technical details are available on [TechNet](http://technet.microsoft.com/library/cc709644.aspx). +Important Information: Enterprise customers can use Group Policy to configure how Microsoft Error Reporting behaves on their PCs. Configuration options include the ability to turn off Microsoft Error Reporting. If you are an administrator and wish to configure Group Policy for Microsoft Error Reporting, technical details are available on [TechNet](https://technet.microsoft.com/library/cc709644.aspx). -Additional information on how to modify enable and disable error reporting is available at this support article: [(http://support.microsoft.com/kb/188296)](http://support.microsoft.com/kb/188296). +Additional information on how to modify enable and disable error reporting is available at this support article: [(http://support.microsoft.com/kb/188296)](https://support.microsoft.com/kb/188296). ### Microsoft Update diff --git a/mdop/mbam-v2/release-notes-for-mbam-20-mbam-2.md b/mdop/mbam-v2/release-notes-for-mbam-20-mbam-2.md index 4854c11fbb..098ae2f798 100644 --- a/mdop/mbam-v2/release-notes-for-mbam-20-mbam-2.md +++ b/mdop/mbam-v2/release-notes-for-mbam-20-mbam-2.md @@ -59,9 +59,9 @@ END EXEC dbo.sp_add_job @job_name = N'CreateCache', @enabled = 1; - + EXEC dbo.sp_add_jobstep - @job_name = N'CreateCache', + @job_name = N'CreateCache', @step_name = N'Copy Data', @subsystem = N'TSQL', @command = N'EXEC [ComplianceCore].UpdateCache', @@ -69,52 +69,52 @@ EXEC dbo.sp_add_jobstep @retry_attempts = 5, @retry_interval = 5; - + EXEC dbo.sp_add_jobschedule - @job_name = N'CreateCache', + @job_name = N'CreateCache', @name = N'ReportCacheSchedule1am', @freq_type = 4, @freq_interval = 1, @active_start_time = 010000, @active_end_time = 020000; -EXEC dbo.sp_attach_schedule +EXEC dbo.sp_attach_schedule @job_name = N'CreateCache', @schedule_name = N'ReportCacheSchedule1am'; EXEC dbo.sp_add_jobschedule - @job_name = N'CreateCache', + @job_name = N'CreateCache', @name = N'ReportCacheSchedule7am', @freq_type = 4, @freq_interval = 1, @active_start_time = 070000, @active_end_time = 080000; -EXEC dbo.sp_attach_schedule +EXEC dbo.sp_attach_schedule @job_name = N'CreateCache', @schedule_name = N'ReportCacheSchedule7am'; EXEC dbo.sp_add_jobschedule - @job_name = N'CreateCache', + @job_name = N'CreateCache', @name = N'ReportCacheSchedule1pm', @freq_type = 4, @freq_interval = 1, @active_start_time = 130000, @active_end_time = 140000; -EXEC dbo.sp_attach_schedule +EXEC dbo.sp_attach_schedule @job_name = N'CreateCache', @schedule_name = N'ReportCacheSchedule1pm'; EXEC dbo.sp_add_jobschedule - @job_name = N'CreateCache', + @job_name = N'CreateCache', @name = N'ReportCacheSchedule7pm', @freq_type = 4, @freq_interval = 1, @active_start_time = 190000, @active_end_time = 200000; -EXEC dbo.sp_attach_schedule +EXEC dbo.sp_attach_schedule @job_name = N'CreateCache', @schedule_name = N'ReportCacheSchedule7pm'; @@ -196,82 +196,82 @@ This section contains hotfixes and KB articles for MBAM 2.0.

    2831166

    Installing Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 fails with "System Center CM Objects Already Installed"

    -

    [support.microsoft.com/kb/2831166/EN-US](http://support.microsoft.com/kb/2831166/EN-US)

    +

    [support.microsoft.com/kb/2831166/EN-US](https://support.microsoft.com/kb/2831166/EN-US)

    2870849

    Users cannot retrieve BitLocker Recovery key using MBAM 2.0 Self Service Portal

    -

    [support.microsoft.com/kb/2870849/EN-US](http://support.microsoft.com/kb/2870849/EN-US)

    +

    [support.microsoft.com/kb/2870849/EN-US](https://support.microsoft.com/kb/2870849/EN-US)

    2756402

    MBAM client would fail with Event ID 4 and error code 0x8004100E in the Event description

    -

    [support.microsoft.com/kb/2756402/EN-US](http://support.microsoft.com/kb/2756402/EN-US)

    +

    [support.microsoft.com/kb/2756402/EN-US](https://support.microsoft.com/kb/2756402/EN-US)

    2620287

    Error Message “Server Error in ‘/Reports’ Application” When You Click Reports Tab in MBAM

    -

    [support.microsoft.com/kb/2620287/EN-US](http://support.microsoft.com/kb/2620287/EN-US)

    +

    [support.microsoft.com/kb/2620287/EN-US](https://support.microsoft.com/kb/2620287/EN-US)

    2639518

    Error opening Enterprise or Computer Compliance Reports in MBAM

    -

    [support.microsoft.com/kb/2639518/EN-US](http://support.microsoft.com/kb/2639518/EN-US)

    +

    [support.microsoft.com/kb/2639518/EN-US](https://support.microsoft.com/kb/2639518/EN-US)

    2620269

    MBAM Enterprise Reporting Not Getting Updated

    -

    [support.microsoft.com/kb/2620269/EN-US](http://support.microsoft.com/kb/2620269/EN-US)

    +

    [support.microsoft.com/kb/2620269/EN-US](https://support.microsoft.com/kb/2620269/EN-US)

    2712461

    Installing MBAM on a Domain Controller is not supported

    -

    [support.microsoft.com/kb/2712461/EN-US](http://support.microsoft.com/kb/2712461/EN-US)

    +

    [support.microsoft.com/kb/2712461/EN-US](https://support.microsoft.com/kb/2712461/EN-US)

    2876732

    You receive error code 0x80071a90 during Standalone or Configuration Manager Integration setup of MBAM 2.0

    -

    [support.microsoft.com/kb/2876732/EN-US](http://support.microsoft.com/kb/2876732/EN-US)

    +

    [support.microsoft.com/kb/2876732/EN-US](https://support.microsoft.com/kb/2876732/EN-US)

    2754259

    MBAM and Secure Network Communication

    -

    [support.microsoft.com/kb/2754259/EN-US](http://support.microsoft.com/kb/2754259/EN-US)

    +

    [support.microsoft.com/kb/2754259/EN-US](https://support.microsoft.com/kb/2754259/EN-US)

    2870842

    MBAM 2.0 Setup fails during Configuration Manager Integration Scenario with SQL Server 2008

    -

    [support.microsoft.com/kb/2870842/EN-US](http://support.microsoft.com/kb/2870842/EN-US)

    +

    [support.microsoft.com/kb/2870842/EN-US](https://support.microsoft.com/kb/2870842/EN-US)

    2668533

    MBAM Setup fails if SQL SSRS is not configured properly

    -

    [support.microsoft.com/kb/2668533/EN-US](http://support.microsoft.com/kb/2668533/EN-US)

    +

    [support.microsoft.com/kb/2668533/EN-US](https://support.microsoft.com/kb/2668533/EN-US)

    2870847

    MBAM 2.0 Setup fails with "Error retrieving Configuration Manager Server role settings for 'Reporting Services Point' role"

    -

    [support.microsoft.com/kb/2870847/EN-US](http://support.microsoft.com/kb/2870847/EN-US)

    +

    [support.microsoft.com/kb/2870847/EN-US](https://support.microsoft.com/kb/2870847/EN-US)

    2870839

    MBAM 2.0 Enterprise Reports are not refreshed in MBAM 2.0 Standalone topology due to SQL job CreateCache failure

    -

    [support.microsoft.com/kb/2870839/EN-US](http://support.microsoft.com/kb/2870839/EN-US)

    +

    [support.microsoft.com/kb/2870839/EN-US](https://support.microsoft.com/kb/2870839/EN-US)

    2620269

    MBAM Enterprise Reporting Not Getting Updated

    -

    [support.microsoft.com/kb/2620269/EN-US](http://support.microsoft.com/kb/2620269/EN-US)

    +

    [support.microsoft.com/kb/2620269/EN-US](https://support.microsoft.com/kb/2620269/EN-US)

    2935997

    MBAM Supported Computers compliance reporting incorrectly includes unsupported products

    -

    [support.microsoft.com/kb/2935997/EN-US](http://support.microsoft.com/kb/2935997/EN-US)

    +

    [support.microsoft.com/kb/2935997/EN-US](https://support.microsoft.com/kb/2935997/EN-US)

    2612822

    Computer Record is Rejected in MBAM

    -

    [support.microsoft.com/kb/2612822/EN-US](http://support.microsoft.com/kb/2612822/EN-US)

    +

    [support.microsoft.com/kb/2612822/EN-US](https://support.microsoft.com/kb/2612822/EN-US)

    diff --git a/mdop/mbam-v2/release-notes-for-mbam-20-sp1.md b/mdop/mbam-v2/release-notes-for-mbam-20-sp1.md index 9308bed407..2dd39e48fb 100644 --- a/mdop/mbam-v2/release-notes-for-mbam-20-sp1.md +++ b/mdop/mbam-v2/release-notes-for-mbam-20-sp1.md @@ -144,82 +144,82 @@ This section contains hotfixes and KB articles for MBAM 2.0 SP1.

    2831166

    Installing Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 fails with "System Center CM Objects Already Installed"

    -

    [support.microsoft.com/kb/2831166/EN-US](http://support.microsoft.com/kb/2831166/EN-US)

    +

    [support.microsoft.com/kb/2831166/EN-US](https://support.microsoft.com/kb/2831166/EN-US)

    2870849

    Users cannot retrieve BitLocker Recovery key using MBAM 2.0 Self Service Portal

    -

    [support.microsoft.com/kb/2870849/EN-US](http://support.microsoft.com/kb/2870849/EN-US)

    +

    [support.microsoft.com/kb/2870849/EN-US](https://support.microsoft.com/kb/2870849/EN-US)

    2756402

    MBAM client would fail with Event ID 4 and error code 0x8004100E in the Event description

    -

    [support.microsoft.com/kb/2756402/EN-US](http://support.microsoft.com/kb/2756402/EN-US)

    +

    [support.microsoft.com/kb/2756402/EN-US](https://support.microsoft.com/kb/2756402/EN-US)

    2620287

    Error Message “Server Error in ‘/Reports’ Application” When You Click Reports Tab in MBAM

    -

    [support.microsoft.com/kb/2620287/EN-US](http://support.microsoft.com/kb/2620287/EN-US)

    +

    [support.microsoft.com/kb/2620287/EN-US](https://support.microsoft.com/kb/2620287/EN-US)

    2639518

    Error opening Enterprise or Computer Compliance Reports in MBAM

    -

    [support.microsoft.com/kb/2639518/EN-US](http://support.microsoft.com/kb/2639518/EN-US)

    +

    [support.microsoft.com/kb/2639518/EN-US](https://support.microsoft.com/kb/2639518/EN-US)

    2620269

    MBAM Enterprise Reporting Not Getting Updated

    -

    [support.microsoft.com/kb/2620269/EN-US](http://support.microsoft.com/kb/2620269/EN-US)

    +

    [support.microsoft.com/kb/2620269/EN-US](https://support.microsoft.com/kb/2620269/EN-US)

    2712461

    Installing MBAM on a Domain Controller is not supported

    -

    [support.microsoft.com/kb/2712461/EN-US](http://support.microsoft.com/kb/2712461/EN-US)

    +

    [support.microsoft.com/kb/2712461/EN-US](https://support.microsoft.com/kb/2712461/EN-US)

    2876732

    You receive error code 0x80071a90 during Standalone or Configuration Manager Integration setup of MBAM 2.0

    -

    [support.microsoft.com/kb/2876732/EN-US](http://support.microsoft.com/kb/2876732/EN-US)

    +

    [support.microsoft.com/kb/2876732/EN-US](https://support.microsoft.com/kb/2876732/EN-US)

    2754259

    MBAM and Secure Network Communication

    -

    [support.microsoft.com/kb/2754259/EN-US](http://support.microsoft.com/kb/2754259/EN-US)

    +

    [support.microsoft.com/kb/2754259/EN-US](https://support.microsoft.com/kb/2754259/EN-US)

    2870842

    MBAM 2.0 Setup fails during Configuration Manager Integration Scenario with SQL Server 2008

    -

    [support.microsoft.com/kb/2870842/EN-US](http://support.microsoft.com/kb/2870842/EN-US)

    +

    [support.microsoft.com/kb/2870842/EN-US](https://support.microsoft.com/kb/2870842/EN-US)

    2668533

    MBAM Setup fails if SQL SSRS is not configured properly

    -

    [support.microsoft.com/kb/2668533/EN-US](http://support.microsoft.com/kb/2668533/EN-US)

    +

    [support.microsoft.com/kb/2668533/EN-US](https://support.microsoft.com/kb/2668533/EN-US)

    2870847

    MBAM 2.0 Setup fails with "Error retrieving Configuration Manager Server role settings for 'Reporting Services Point' role"

    -

    [support.microsoft.com/kb/2870847/EN-US](http://support.microsoft.com/kb/2870847/EN-US)

    +

    [support.microsoft.com/kb/2870847/EN-US](https://support.microsoft.com/kb/2870847/EN-US)

    2870839

    MBAM 2.0 Enterprise Reports are not refreshed in MBAM 2.0 Standalone topology due to SQL job CreateCache failure

    -

    [support.microsoft.com/kb/2870839/EN-US](http://support.microsoft.com/kb/2870839/EN-US)

    +

    [support.microsoft.com/kb/2870839/EN-US](https://support.microsoft.com/kb/2870839/EN-US)

    2620269

    MBAM Enterprise Reporting Not Getting Updated

    -

    [support.microsoft.com/kb/2620269/EN-US](http://support.microsoft.com/kb/2620269/EN-US)

    +

    [support.microsoft.com/kb/2620269/EN-US](https://support.microsoft.com/kb/2620269/EN-US)

    2935997

    MBAM Supported Computers compliance reporting incorrectly includes unsupported products

    -

    [support.microsoft.com/kb/2935997/EN-US](http://support.microsoft.com/kb/2935997/EN-US)

    +

    [support.microsoft.com/kb/2935997/EN-US](https://support.microsoft.com/kb/2935997/EN-US)

    2612822

    Computer Record is Rejected in MBAM

    -

    [support.microsoft.com/kb/2612822/EN-US](http://support.microsoft.com/kb/2612822/EN-US)

    +

    [support.microsoft.com/kb/2612822/EN-US](https://support.microsoft.com/kb/2612822/EN-US)

    diff --git a/mdop/mbam-v2/understanding-mbam-reports-mbam-2.md b/mdop/mbam-v2/understanding-mbam-reports-mbam-2.md index c9e289d2f4..7dffbbbb92 100644 --- a/mdop/mbam-v2/understanding-mbam-reports-mbam-2.md +++ b/mdop/mbam-v2/understanding-mbam-reports-mbam-2.md @@ -159,7 +159,7 @@ Removable Data Volume encryption status will not be shown in the report.

    Policy-Fixed Data Drive

    -

    Indicates if encryption is required for the dixed data drive.

    +

    Indicates if encryption is required for the fixed data drive.

    Policy Removable Data Drive

    diff --git a/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md b/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md index 0fdf152e67..7ca9dcb801 100644 --- a/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md +++ b/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md @@ -8,14 +8,16 @@ ms.pagetype: mdop, security ms.mktglfcycl: manage ms.sitesec: library ms.prod: w10 -ms.date: 5/30/2018 +ms.date: 8/30/2018 +ms.author: pashort +author: shortpatti --- # Applying hotfixes on MBAM 2.5 SP1 This topic describes the process for applying the hotfixes for Microsoft BitLocker Administration and Monitoring (MBAM) Server 2.5 SP1 ### Before you begin, download the latest hotfix of Microsoft BitLocker Administration and Monitoring (MBAM) Server 2.5 SP1 -[Desktop Optimization Pack](https://www.microsoft.com/en-us/download/details.aspx?id=56126) +[Desktop Optimization Pack](https://www.microsoft.com/en-us/download/details.aspx?id=57157) #### Steps to update the MBAM Server for existing MBAM environment 1. Remove MBAM server feature (do this by opening the MBAM Server Configuration Tool, then selecting Remove Features). diff --git a/mdop/mbam-v25/evaluating-mbam-25-in-a-test-environment.md b/mdop/mbam-v25/evaluating-mbam-25-in-a-test-environment.md index cd19e01e59..875d8cccb0 100644 --- a/mdop/mbam-v25/evaluating-mbam-25-in-a-test-environment.md +++ b/mdop/mbam-v25/evaluating-mbam-25-in-a-test-environment.md @@ -104,7 +104,7 @@ To evaluate MBAM by using the Stand-alone topology, use the information in the f ``` ``` syntax - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM] + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM] "NoStartupDelay"=dword:00000001 ``` @@ -177,7 +177,7 @@ To evaluate MBAM by using the Configuration Manager Integration topology, use th

    Install the MBAM Server software on each server where you want to configure an MBAM Server feature.

    Note   -

    You can install the databases to a remote SQL Server computer by using Windows PowerShell or an exported data-tier application (DAC) package. For more information about DAC packages, see [Data-tier Applications](http://technet.microsoft.com/library/ee210546.aspx).

    +

    You can install the databases to a remote SQL Server computer by using Windows PowerShell or an exported data-tier application (DAC) package. For more information about DAC packages, see [Data-tier Applications](https://technet.microsoft.com/library/ee210546.aspx).

      @@ -220,7 +220,7 @@ To evaluate MBAM by using the Configuration Manager Integration topology, use th ``` ``` syntax - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM] + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM] "NoStartupDelay"=dword:00000001 ``` @@ -232,10 +232,12 @@ To evaluate MBAM by using the Configuration Manager Integration topology, use th 4. Restart the **BitLocker Management Client Service**. 5. In Control Panel, open **Configuration Manager**, and then click the **Actions** tab. + + 6. Select **Hardware Inventory Cycle**, and then click **Run Now**. This step runs the hardware inventory by using the new classes that you imported to your .mof files, and then sends the data to the Configuration Manager server. + + 7. Select **Machine Policy Retrieval & Evaluation Cycle**, and then click **Run Now** to apply the Group Policy Objects that are relevant to that client computer. - 6. Select **Machine Policy Retrieval & Evaluation Cycle**, and then click **Run Now** to apply the Group Policy Objects that are relevant to that client computer. - 7. Select **Hardware Inventory Cycle**, and then click **Run Now**. This step runs the hardware inventory by using the new classes that you imported to your .mof files, and then sends the data to the Configuration Manager server. 4. In the Configuration Manager console, do the following: @@ -315,7 +317,7 @@ To evaluate MBAM by using the Configuration Manager Integration topology, follow

    Install the MBAM Server software on each server where you want to configure an MBAM Server feature.

    Note   -

    You can install the databases to a remote SQL Server computer by using Windows PowerShell or an exported data-tier application (DAC) package. For more information about DAC packages, see [Data-tier Applications](http://technet.microsoft.com/library/ee210546.aspx).

    +

    You can install the databases to a remote SQL Server computer by using Windows PowerShell or an exported data-tier application (DAC) package. For more information about DAC packages, see [Data-tier Applications](https://technet.microsoft.com/library/ee210546.aspx).

      @@ -358,7 +360,7 @@ To evaluate MBAM by using the Configuration Manager Integration topology, follow ``` ``` syntax - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM] + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM] "NoStartupDelay"=dword:00000001 ``` @@ -401,7 +403,7 @@ To evaluate MBAM by using the Configuration Manager Integration topology, follow   ## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). +- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). diff --git a/mdop/mbam-v25/getting-started-with-mbam-25.md b/mdop/mbam-v25/getting-started-with-mbam-25.md index 3513df82f6..a7ba39d226 100644 --- a/mdop/mbam-v25/getting-started-with-mbam-25.md +++ b/mdop/mbam-v25/getting-started-with-mbam-25.md @@ -20,8 +20,6 @@ See the following resources for additional MBAM documentation: - [Microsoft BitLocker Administration and Monitoring Deployment Guide](https://go.microsoft.com/fwlink/?LinkId=396653) -- [Microsoft Training Overview](https://go.microsoft.com/fwlink/p/?LinkId=80347) - Before you deploy MBAM to a production environment, we recommend that you validate your deployment plan in a test environment. ## Getting started with MBAM 2.5 diff --git a/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md b/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md index 41afc5d8a5..3e9aff0890 100644 --- a/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md +++ b/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md @@ -7,12 +7,12 @@ ms.pagetype: mdop, security ms.mktglfcycl: manage ms.sitesec: library ms.prod: w10 -ms.date: 07/18/2017 +ms.date: 08/23/2018 +ms.author: pashort --- -# High-Level Architecture of MBAM 2.5 with Configuration Manager Integration Topology - +# High-level architecture of MBAM 2.5 with Configuration Manager Integration topology This topic describes the recommended architecture for deploying Microsoft BitLocker Administration and Monitoring (MBAM) with the Configuration Manager Integration topology. This topology integrates MBAM with System Center Configuration Manager. To deploy MBAM with the Stand-alone topology, see [High-Level Architecture of MBAM 2.5 with Stand-alone Topology](high-level-architecture-of-mbam-25-with-stand-alone-topology.md). @@ -54,7 +54,7 @@ The recommended number of servers and supported number of clients in a productio   -## Differences between Configuration Manager Integration and Stand-alone topologies +## Differences between Configuration Manager Integration and stand-alone topologies The main differences between the topologies are: @@ -70,15 +70,15 @@ The following diagram and table describe the recommended high-level architecture ![mbam2\-5](images/mbam2-5-cmserver.png) -### Database Server +### Database server -#### Recovery Database +#### Recovery database This feature is configured on a computer running Windows Server and supported SQL Server instance. The **Recovery Database** stores recovery data that is collected from MBAM Client computers. -#### Audit Database +#### Audit database This feature is configured on a computer running Windows Server and supported SQL Server instance. @@ -90,7 +90,7 @@ This feature is configured on a computer running Windows Server and supported SQ The **Reports** provide recovery audit data for the client computers in your enterprise. You can view reports from the Configuration Manager console or directly from SQL Server Reporting Services. -### Configuration Manager Primary Site Server +### Configuration Manager primary site server System Center Configuration Manager Integration feature @@ -102,19 +102,19 @@ System Center Configuration Manager Integration feature - The **Configuration Manager console** must be installed on the same computer on which you install the MBAM Server software. -### Administration and Monitoring Server +### Administration and monitoring server -#### Administration and Monitoring Website +#### Administration and monitoring website This feature is configured on a computer running Windows Server. -The **Administration and Monitoring Website** is used to: +The **Administration and monitoring website** is used to: - Help end users regain access to their computers when they are locked out. (This area of the Website is commonly called the Help Desk.) - View the Recovery Audit Report, which shows recovery activity for client computers. Other reports are viewed from the Configuration Manager console. -#### Self-Service Portal +#### Self-service portal This feature is configured on a computer running Windows Server. @@ -126,21 +126,19 @@ This feature is installed on a computer running Windows Server. The **monitoring web services** are used by the MBAM Client and the websites to communicate to the database. -**Important**   -The Monitoring Web Service is no longer available in Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 SP1 since the MBAM Client and the websites communicate directly with the Recovery Database. +**Important**
    The Monitoring Web Service is no longer available in Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 SP1 since the MBAM websites communicate directly with the Recovery Database.   -### Management Workstation +### Management workstation -#### MBAM Group Policy Templates +#### MBAM group policy templates - The **MBAM Group Policy Templates** are Group Policy settings that define implementation settings for MBAM, which enable you to manage BitLocker drive encryption. - Before you run MBAM, you must download the Group Policy Templates from [How to Get MDOP Group Policy (.admx) Templates](https://go.microsoft.com/fwlink/p/?LinkId=393941) and copy them to a server or workstation that is running a supported Windows Server or Windows operating system. - **Note**   - The workstation does not have to be a dedicated computer. + **NOTE**
    The workstation does not have to be a dedicated computer.   diff --git a/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-stand-alone-topology.md b/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-stand-alone-topology.md index c494392cfe..1287ee6b02 100644 --- a/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-stand-alone-topology.md +++ b/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-stand-alone-topology.md @@ -109,7 +109,7 @@ This feature is configured on a computer running Windows Server. The **monitoring web services** are used by the MBAM Client and the websites to communicate to the database. **Important**   -The Monitoring Web Service is no longer available in Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 SP1 since the MBAM Client and the websites communicate directly with the Recovery Database. +The Monitoring Web Service is no longer available in Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 SP1 since the MBAM websites communicate directly with the Recovery Database.   diff --git a/mdop/mbam-v25/how-to-configure-the-mbam-25-databases.md b/mdop/mbam-v25/how-to-configure-the-mbam-25-databases.md index af16424434..151b5e2b55 100644 --- a/mdop/mbam-v25/how-to-configure-the-mbam-25-databases.md +++ b/mdop/mbam-v25/how-to-configure-the-mbam-25-databases.md @@ -55,7 +55,7 @@ The instructions are based on the recommended architecture in [High-Level Archit

    Install the MBAM Server software on each server where you plan to configure an MBAM Server feature.

    Note   -

    You can install the databases to a remote SQL Server computer by using Windows PowerShell or an exported data-tier application (DAC) package. For more information about DAC packages, see [Data-tier Applications](http://technet.microsoft.com/library/ee210546.aspx).

    +

    You can install the databases to a remote SQL Server computer by using Windows PowerShell or an exported data-tier application (DAC) package. For more information about DAC packages, see [Data-tier Applications](https://technet.microsoft.com/library/ee210546.aspx).

      @@ -230,7 +230,7 @@ The instructions are based on the recommended architecture in [High-Level Archit   ## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). +- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).  diff --git a/mdop/mbam-v25/how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md b/mdop/mbam-v25/how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md index 79cc189aaa..698d549d6c 100644 --- a/mdop/mbam-v25/how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md +++ b/mdop/mbam-v25/how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md @@ -44,10 +44,10 @@ This topic explains how to enable BitLocker on an end user's computer by using M - Optionally encrypt FDDs - - Escrow TPM OwnerAuth - For Windows 7, MBAM must own the TPM for escrow to occur. - For Windows 8.1, Windows 10 RTM and Windows 10 version 1511, escrow of TPM OwnerAuth is supported. - For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addiiton, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](http://technet.microsoft.com/en-us/itpro/windows/keep-secure/change-the-tpm-owner-password) for further details. + - Escrow TPM OwnerAuth + For Windows 7, MBAM must own the TPM for escrow to occur. + For Windows 8.1, Windows 10 RTM and Windows 10 version 1511, escrow of TPM OwnerAuth is supported. + For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addiiton, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](https://technet.microsoft.com/itpro/windows/keep-secure/change-the-tpm-owner-password) for further details. - Escrow recovery keys and recovery key packages @@ -63,10 +63,10 @@ This topic explains how to enable BitLocker on an end user's computer by using M **WMI deployment methods for MBAM:** The following WMI methods have been added in MBAM 2.5 SP1 to support enabling BitLocker by using the `Invoke-MbamClientDeployment.ps1` PowerShell script. - **MBAM\_Machine WMI Class** + **MBAM\_Machine WMI Class** **PrepareTpmAndEscrowOwnerAuth:** Reads the TPM OwnerAuth and sends it to the MBAM recovery database by using the MBAM recovery service. If the TPM is not owned and auto-provisioning is not on, it generates a TPM OwnerAuth and takes ownership. If it fails, an error code is returned for troubleshooting. - **Note** For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addiiton, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](http://technet.microsoft.com/en-us/itpro/windows/keep-secure/change-the-tpm-owner-password) for further details. + **Note** For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addiiton, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](https://technet.microsoft.com/itpro/windows/keep-secure/change-the-tpm-owner-password) for further details. | Parameter | Description | | -------- | ----------- | @@ -91,13 +91,13 @@ Here are a list of common error messages: | **WS_E_INVALID_ENDPOINT_URL** 2151481376 (0x803D0020) | The endpoint address URL is not valid. The URL must start with “http” or “https”. | **ReportStatus:** Reads the compliance status of the volume and sends it to the MBAM compliance status database by using the MBAM status reporting service. The status includes cipher strength, protector type, protector state and encryption state. If it fails, an error code is returned for troubleshooting. - + | Parameter | Description | | --------- | ----------- | | ReportingServiceEndPoint | A string specifying the MBAM status reporting service endpoint. | - + Here are a list of common error messages: - + | Common return values | Error message | | -------------------- | ------------- | | **S_OK**
    0 (0x0) | The method was successful | @@ -108,20 +108,20 @@ Here are a list of common error messages: | **WS_E_ENDPOINT_FAULT_RECEIVED**
    2151481363 (0x803D0013) | A message containing a fault was received from the remote endpoint. Make sure you are connecting to the correct service endpoint. | | **WS_E_INVALID_ENDPOINT_URL**
    2151481376 (0x803D0020) | The endpoint address URL is not valid. The URL must start with “http” or “https”. | - **MBAM\_Volume WMI Class** + **MBAM\_Volume WMI Class** **EscrowRecoveryKey:** Reads the recovery numerical password and key package of the volume and sends them to the MBAM recovery database by using the MBAM recovery service. If it fails, an error code is returned for troubleshooting. - + | Parameter | Description | | --------- | ----------- | | RecoveryServiceEndPoint | A string specifying the MBAM recovery service endpoint. | - + Here are a list of common error messages: - + | Common return values | Error message | | -------------------- | ------------- | | **S_OK**
    0 (0x0) | The method was successful | | **FVE_E_LOCKED_VOLUME**
    2150694912 (0x80310000) | The volume is locked. | - | **FVE_E_PROTECTOR_NOT_FOUND**
    2150694963 (0x80310033) | A Numerical Password protector was not found for the volume. | + | **FVE_E_PROTECTOR_NOT_FOUND**
    2150694963 (0x80310033) | A Numerical Password protector was not found for the volume. | | **WS_E_ENDPOINT_ACCESS_DENIED**
    2151481349 (0x803D0005) | Access was denied by the remote endpoint. | | **WS_E_ENDPOINT_NOT_FOUND**
    2151481357 (0x803D000D) | The remote endpoint does not exist or could not be located. | | **WS_E_ENDPOINT_FAILURE**
    2151481357 (0x803D000F) | The remote endpoint could not process the request. | @@ -139,7 +139,7 @@ Here are a list of common error messages: **Caution**   If you are using BitLocker pre-provisioning (WinPE) and want to maintain the TPM owner authorization value, you must add the `SaveWinPETpmOwnerAuth.wsf` script in WinPE immediately before the installation reboots into the full operating system. **If you do not use this script, you will lose the TPM owner authorization value on reboot.** - + 2. Copy `Invoke-MbamClientDeployment.ps1` to **<DeploymentShare>\\Scripts**. If you are using pre-provisioning, copy the `SaveWinPETpmOwnerAuth.wsf` file into **<DeploymentShare>\\Scripts**. 3. Add the MBAM 2.5 SP1 client application to the Applications node in the deployment share. @@ -178,8 +178,8 @@ Here are a list of common error messages: 3. Name the step **Persist TPM OwnerAuth** - 4. Set the command line to `cscript.exe "%SCRIPTROOT%/SaveWinPETpmOwnerAuth.wsf"` - **Note:** For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addiiton, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](http://technet.microsoft.com/en-us/itpro/windows/keep-secure/change-the-tpm-owner-password) for further details. + 4. Set the command line to `cscript.exe "%SCRIPTROOT%/SaveWinPETpmOwnerAuth.wsf"` + **Note:** For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addiiton, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](https://technet.microsoft.com/itpro/windows/keep-secure/change-the-tpm-owner-password) for further details. 3. In the **State Restore** folder, delete the **Enable BitLocker** task. @@ -279,7 +279,7 @@ Here are a list of common error messages: **Note**   You can set Group Policy settings or registry values related to MBAM here. These settings will override previously set values. - + Registry entry Configuration settings @@ -329,5 +329,5 @@ Here are a list of common error messages: [Planning for MBAM 2.5 Client Deployment](planning-for-mbam-25-client-deployment.md) ## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). +- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). \ No newline at end of file diff --git a/mdop/mbam-v25/how-to-move-the-mbam-25-databases.md b/mdop/mbam-v25/how-to-move-the-mbam-25-databases.md index 2a97dc6cbb..37c9efa664 100644 --- a/mdop/mbam-v25/how-to-move-the-mbam-25-databases.md +++ b/mdop/mbam-v25/how-to-move-the-mbam-25-databases.md @@ -38,7 +38,7 @@ Restore the databases FIRST, then run the MBAM Configuration Wizard, choose the 5. Self-Service Portal >[!Note] ->To run the example Windows PowerShell scripts provided in this topic, you must update the Windows PowerShell execution policy to enable scripts to be run. See [Running Windows PowerShell Scripts](http://technet.microsoft.com/library/ee176949.aspx) for instructions. +>To run the example Windows PowerShell scripts provided in this topic, you must update the Windows PowerShell execution policy to enable scripts to be run. See [Running Windows PowerShell Scripts](https://technet.microsoft.com/library/ee176949.aspx) for instructions. ## Move the Recovery Database @@ -69,7 +69,7 @@ Stop-Website "Microsoft BitLocker Administration and Monitoring" ``` ->[!NOTE] +>[!NOTE] >To run this command, you must add the Internet Information Services (IIS) module for Windows PowerShell to the current instance of Windows PowerShell. ### Back up the Recovery Database on Server A @@ -80,47 +80,47 @@ Stop-Website "Microsoft BitLocker Administration and Monitoring" ``` USE master; - + GO - + ALTER DATABASE "MBAM Recovery and Hardware" - + SET RECOVERY FULL; - + GO - + -- Create MBAM Recovery Database Data and MBAM Recovery logical backup devices. - + USE master - + GO - + EXEC sp_addumpdevice 'disk', 'MBAM Recovery and Hardware Database Data Device', - + 'Z:\MBAM Recovery Database Data.bak'; - + GO - + -- Back up the full MBAM Recovery Database. - + BACKUP DATABASE [MBAM Recovery and Hardware] TO [MBAM Recovery and Hardware Database Data Device]; - + GO - + BACKUP CERTIFICATE [MBAM Recovery Encryption Certificate] - + TO FILE = 'Z:\SQLServerInstanceCertificateFile' - + WITH PRIVATE KEY - + ( - + FILE = ' Z:\SQLServerInstanceCertificateFilePrivateKey', - + ENCRYPTION BY PASSWORD = '$PASSWORD$' - + ); - + GO ``` @@ -145,13 +145,13 @@ Use Windows Explorer to move the **MBAM Compliance Status Database Data.bak** fi To automate this procedure, you can use Windows PowerShell to run a command that is similar to the following: ```powershell -Copy-Item “Z:\MBAM Recovery Database Data.bak” +Copy-Item "Z:\MBAM Recovery Database Data.bak" \\$SERVERNAME$\$DESTINATIONSHARE$ -Copy-Item “Z:\SQLServerInstanceCertificateFile” +Copy-Item "Z:\SQLServerInstanceCertificateFile" \\$SERVERNAME$\$DESTINATIONSHARE$ -Copy-Item “Z:\SQLServerInstanceCertificateFilePrivateKey” +Copy-Item "Z:\SQLServerInstanceCertificateFilePrivateKey" \\$SERVERNAME$\$DESTINATIONSHARE$ ``` @@ -235,7 +235,7 @@ Use the information in the following table to replace the values in the code exa 2. On the server that is running the Administration and Monitoring Website, use the Internet Information Services (IIS) Manager console to update the connection string information for the MBAM websites. -3. Edit the following registry key: +3. Edit the following registry key: **HKLM\\Software\\Microsoft\\MBAM Server\\Web\\RecoveryDBConnectionString** @@ -253,16 +253,16 @@ Use the information in the following table to replace the values in the code exa Set-WebConfigurationProperty 'connectionStrings/add[@name="KeyRecoveryConnectionString"]' -PSPath "IIS:\sites\Microsoft Bitlocker Administration and - Monitoring\MBAMAdministrationService" -Name "connectionString" -Value “Data + Monitoring\MBAMAdministrationService" -Name "connectionString" -Value "Data Source=$SERVERNAME$\$SQLINSTANCENAME$;Initial Catalog=MBAM Recovery and - Hardware;Integrated Security=SSPI;” + Hardware;Integrated Security=SSPI;" Set-WebConfigurationProperty 'connectionStrings/add[\@name="Microsoft.Mbam.RecoveryAndHardwareDataStore.ConnectionString"]' -PSPath "IIS:\sites\Microsoft Bitlocker Administration and Monitoring\MBAMRecoveryAndHardwareService" -Name "connectionString" -Value "Data Source=$SERVERNAME$\$SQLINSTANCENAME$;Initial Catalog=MBAM Recovery - and Hardware;Integrated Security=SSPI;” + and Hardware;Integrated Security=SSPI;" ``` >[!Note] @@ -279,9 +279,9 @@ Use the information in the following table to replace the values in the code exa ### Install MBAM Server software and run the MBAM Server Configuration wizard on Server B -1. Install the MBAM 2.5 Server software on Server B. For details, see [Installing the MBAM 2.5 Server Software](https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/mbam-v25/installing-the-mbam-25-server-software). +1. Install the MBAM 2.5 Server software on Server B. For details, see [Installing the MBAM 2.5 Server Software](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/installing-the-mbam-25-server-software). -2. On Server B, start the MBAM Server Configuration wizard, click **Add New Features**, and then select only the **Recovery Database** feature. For details on how to configure the databases, see [How to Configure the MBAM 2.5 Databases](https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/mbam-v25/how-to-configure-the-mbam-25-databases). +2. On Server B, start the MBAM Server Configuration wizard, click **Add New Features**, and then select only the **Recovery Database** feature. For details on how to configure the databases, see [How to Configure the MBAM 2.5 Databases](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/how-to-configure-the-mbam-25-databases). >[!TIP] >Alternatively, you can use the **Enable-MbamDatabase** Windows PowerShell cmdlet to configure the Recovery Database. @@ -293,11 +293,11 @@ On the server that is running the Administration and Monitoring Website, use the To automate this procedure, you can use Windows PowerShell to run a command that is similar to the following: -```powershell +```powershell Start-Website "Microsoft BitLocker Administration and Monitoring" ``` ->[!NOTE] +>[!NOTE] >To run this command, you must add the IIS module for Windows PowerShell to the current instance of Windows PowerShell. ## Move the Compliance and Audit Database @@ -330,7 +330,7 @@ Stop-Website "Microsoft BitLocker Administration and Monitoring" ``` ->[!NOTE] +>[!NOTE] >To run this command, you must add the Internet Information Services (IIS) module for Windows PowerShell to the current instance of Windows PowerShell. ### Back up the Compliance and Audit Database on Server A @@ -398,7 +398,7 @@ Stop-Website "Microsoft BitLocker Administration and Monitoring" |----------------------|---------------------------------------------------------------| | $SERVERNAME$ | Name of the server to which the files will be copied. | | $DESTINATIONSHARE$ | Name of the share and path to which the files will be copied. | - + ### Restore the Compliance and Audit Database on Server B @@ -447,7 +447,7 @@ Stop-Website "Microsoft BitLocker Administration and Monitoring" 2. On the server that is running the Administration and Monitoring Website, use the Internet Information Services (IIS) Manager console to update the connection string information for the Website. -3. Edit the following registry key: +3. Edit the following registry key: **HKLM\\Software\\Microsoft\\MBAM Server\\Web\\ComplianceDBConnectionString** @@ -463,7 +463,7 @@ Stop-Website "Microsoft BitLocker Administration and Monitoring" Catalog=$DATABASE$;Data Source=$SERVERNAME$\$SQLINSTANCENAME$" /f ``` - >[!NOTE] + >[!NOTE] >This connection string is shared by all local MBAM web applications. Therefore, it needs to be updated only once per server. @@ -476,9 +476,9 @@ Stop-Website "Microsoft BitLocker Administration and Monitoring" ### Install MBAM Server software and run the MBAM Server Configuration wizard on Server B -1. Install the MBAM 2.5 Server software on Server B. For details, see [Installing the MBAM 2.5 Server Software](https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/mbam-v25/installing-the-mbam-25-server-software). +1. Install the MBAM 2.5 Server software on Server B. For details, see [Installing the MBAM 2.5 Server Software](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/installing-the-mbam-25-server-software). -2. On Server B, start the MBAM Server Configuration wizard, click **Add New Features**, and then select only the **Compliance and Audit Database** feature. For details on how to configure the databases, see [How to Configure the MBAM 2.5 Databases](https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/mbam-v25/how-to-configure-the-mbam-25-databases). +2. On Server B, start the MBAM Server Configuration wizard, click **Add New Features**, and then select only the **Compliance and Audit Database** feature. For details on how to configure the databases, see [How to Configure the MBAM 2.5 Databases](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/how-to-configure-the-mbam-25-databases). >[!TIP] >Alternatively, you can use the **Enable-MbamDatabase** Windows PowerShell cmdlet to configure the Compliance and Audit Database. @@ -495,5 +495,5 @@ Start-Website "Microsoft BitLocker Administration and Monitoring" ``` ->[!NOTE] +>[!NOTE] >To run this command, you must add the IIS module for Windows PowerShell to the current instance of Windows PowerShell. diff --git a/mdop/mbam-v25/how-to-move-the-mbam-25-reports.md b/mdop/mbam-v25/how-to-move-the-mbam-25-reports.md index bc5fa5a455..52af44d82d 100644 --- a/mdop/mbam-v25/how-to-move-the-mbam-25-reports.md +++ b/mdop/mbam-v25/how-to-move-the-mbam-25-reports.md @@ -27,7 +27,7 @@ The high-level steps for moving the Reports feature are: 4. Resume the instance of the MBAM Administration and Monitoring Website. **Note**   -To run the example Windows PowerShell scripts in this topic, you must update the Windows PowerShell execution policy to enable scripts to be run. See [Running Windows PowerShell Scripts](http://technet.microsoft.com/library/ee176949.aspx) for instructions. +To run the example Windows PowerShell scripts in this topic, you must update the Windows PowerShell execution policy to enable scripts to be run. See [Running Windows PowerShell Scripts](https://technet.microsoft.com/library/ee176949.aspx) for instructions.   @@ -72,7 +72,7 @@ To run the example Windows PowerShell scripts in this topic, you must update the 7. To automate this procedure, you can use Windows PowerShell to run a command on the Administration and Monitoring Server that is similar to the following code example. ``` syntax - PS C:\> Set-WebConfigurationProperty '/appSettings/add[@key="Microsoft.Mbam.Reports.Url"]' -PSPath "IIS:\\sites\Microsoft Bitlocker Administration and Monitoring\HelpDesk" -Name "Value" -Value “http://$SERVERNAME$/ReportServer[_$SRSINSTANCENAME$]/Pages/ReportViewer.aspx?/Microsoft+BitLocker+Administration+and+Monitoring/” + PS C:\> Set-WebConfigurationProperty '/appSettings/add[@key="Microsoft.Mbam.Reports.Url"]' -PSPath "IIS:\\sites\Microsoft Bitlocker Administration and Monitoring\HelpDesk" -Name "Value" -Value "http://$SERVERNAME$/ReportServer[_$SRSINSTANCENAME$]/Pages/ReportViewer.aspx?/Microsoft+BitLocker+Administration+and+Monitoring/" ``` Using the descriptions in the following table, replace the values in the code example with values that match your environment. @@ -130,7 +130,7 @@ To run the example Windows PowerShell scripts in this topic, you must update the   ## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). +- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).   diff --git a/mdop/mbam-v25/index.md b/mdop/mbam-v25/index.md index 84fc7c8df0..9e5c96e03d 100644 --- a/mdop/mbam-v25/index.md +++ b/mdop/mbam-v25/index.md @@ -18,25 +18,25 @@ Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 provides a simplifi To get the MBAM software, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049). -[Getting Started with MBAM 2.5](getting-started-with-mbam-25.md) +[Getting Started with MBAM 2.5](getting-started-with-mbam-25.md) [About MBAM 2.5](about-mbam-25.md)**|**[Release Notes for MBAM 2.5](release-notes-for-mbam-25.md)**|**[About MBAM 2.5 SP1](about-mbam-25-sp1.md)**|**[Release Notes for MBAM 2.5 SP1](release-notes-for-mbam-25-sp1.md)**|**[Evaluating MBAM 2.5 in a Test Environment](evaluating-mbam-25-in-a-test-environment.md)**|**[High-Level Architecture for MBAM 2.5](high-level-architecture-for-mbam-25.md)**|**[Accessibility for MBAM 2.5](accessibility-for-mbam-25.md) -[Planning for MBAM 2.5](planning-for-mbam-25.md) +[Planning for MBAM 2.5](planning-for-mbam-25.md) [Preparing your Environment for MBAM 2.5](preparing-your-environment-for-mbam-25.md)**|**[MBAM 2.5 Deployment Prerequisites](mbam-25-deployment-prerequisites.md)**|**[Planning for MBAM 2.5 Group Policy Requirements](planning-for-mbam-25-group-policy-requirements.md)**|**[Planning for MBAM 2.5 Groups and Accounts](planning-for-mbam-25-groups-and-accounts.md)**|**[Planning How to Secure the MBAM Websites](planning-how-to-secure-the-mbam-websites.md)**|**[Planning to Deploy MBAM 2.5](planning-to-deploy-mbam-25.md)**|**[MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md)**|**[Planning for MBAM 2.5 High Availability](planning-for-mbam-25-high-availability.md)**|**[MBAM 2.5 Security Considerations](mbam-25-security-considerations.md)**|**[MBAM 2.5 Planning Checklist](mbam-25-planning-checklist.md) -[Deploying MBAM 2.5](deploying-mbam-25.md) +[Deploying MBAM 2.5](deploying-mbam-25.md) [Deploying the MBAM 2.5 Server Infrastructure](deploying-the-mbam-25-server-infrastructure.md)**|**[Deploying MBAM 2.5 Group Policy Objects](deploying-mbam-25-group-policy-objects.md)**|**[Deploying the MBAM 2.5 Client](deploying-the-mbam-25-client.md)**|**[MBAM 2.5 Deployment Checklist](mbam-25-deployment-checklist.md)**|**[Upgrading to MBAM 2.5 or MBAM 2.5 SP1 from Previous Versions](upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md)**|**[Removing MBAM Server Features or Software](removing-mbam-server-features-or-software.md) -[Operations for MBAM 2.5](operations-for-mbam-25.md) +[Operations for MBAM 2.5](operations-for-mbam-25.md) [Administering MBAM 2.5 Features](administering-mbam-25-features.md)**|**[Monitoring and Reporting BitLocker Compliance with MBAM 2.5](monitoring-and-reporting-bitlocker-compliance-with-mbam-25.md)**|**[Performing BitLocker Management with MBAM 2.5](performing-bitlocker-management-with-mbam-25.md)**|**[Maintaining MBAM 2.5](maintaining-mbam-25.md)**|**[Using Windows PowerShell to Administer MBAM 2.5](using-windows-powershell-to-administer-mbam-25.md) -[Troubleshooting MBAM 2.5](troubleshooting-mbam-25.md) +[Troubleshooting MBAM 2.5](troubleshooting-mbam-25.md) -[Technical Reference for MBAM 2.5](technical-reference-for-mbam-25.md) +[Technical Reference for MBAM 2.5](technical-reference-for-mbam-25.md) [Client Event Logs](client-event-logs.md)**|**[Server Event Logs](server-event-logs.md) @@ -54,16 +54,16 @@ To get the MBAM software, see [How Do I Get MDOP](https://go.microsoft.com/fwlin Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com) or learn about updates by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447). -- [MBAM Deployment Guide](http://www.microsoft.com/download/details.aspx?id=38398) +- [MBAM Deployment Guide](https://www.microsoft.com/download/details.aspx?id=38398) Get help in choosing a deployment method for MBAM, including step-by-step instructions for each method. - [Apply Hotfixes on MBAM 2.5 SP1 Server](apply-hotfix-for-mbam-25-sp1.md) Guide of how to apply MBAM 2.5 SP1 Server hotfixes - + ## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). +- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).   diff --git a/mdop/mbam-v25/mbam-25-security-considerations.md b/mdop/mbam-v25/mbam-25-security-considerations.md index 3f10ae0da3..37c627b035 100644 --- a/mdop/mbam-v25/mbam-25-security-considerations.md +++ b/mdop/mbam-v25/mbam-25-security-considerations.md @@ -32,7 +32,7 @@ This topic contains the following information about how to secure Microsoft BitL ## Configure MBAM to escrow the TPM and store OwnerAuth passwords -**Note** For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addition, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](http://technet.microsoft.com/en-us/itpro/windows/keep-secure/change-the-tpm-owner-password) for further details. +**Note** For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addition, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](https://docs.microsoft.com/windows/security/information-protection/tpm/change-the-tpm-owner-password) for further details. Depending on its configuration, the Trusted Platform Module (TPM) will lock itself in certain situations ─ such as when too many incorrect passwords are entered ─ and can remain locked for a period of time. During TPM lockout, BitLocker cannot access the encryption keys to perform unlock or decryption operations, requiring the user to enter their BitLocker recovery key to access the operating system drive. To reset TPM lockout, you must provide the TPM OwnerAuth password. @@ -40,7 +40,7 @@ MBAM can store the TPM OwnerAuth password in the MBAM database if it owns the TP ### Escrowing TPM OwnerAuth in Windows 8 and higher -**Note** For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addiiton, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](http://technet.microsoft.com/en-us/itpro/windows/keep-secure/change-the-tpm-owner-password) for further details. +**Note** For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addiiton, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](https://docs.microsoft.com/windows/security/information-protection/tpm/change-the-tpm-owner-password) for further details. In Windows 8 or higher, MBAM no longer must own the TPM to store the OwnerAuth password, as long as the OwnerAuth is available on the local machine. @@ -229,7 +229,7 @@ TPM lockout auto reset is only supported on computers running TPM version 1.2. T ## Secure connections to SQL Server -In MBAM, SQL Server communicates with SQL Server Reporting Services and with the web services for the Administration and Monitoring Website and Self-Service Portal. We recommend that you secure the communication with SQL Server. For more information, see [Encrypting Connections to SQL Server](http://technet.microsoft.com/library/ms189067.aspx). +In MBAM, SQL Server communicates with SQL Server Reporting Services and with the web services for the Administration and Monitoring Website and Self-Service Portal. We recommend that you secure the communication with SQL Server. For more information, see [Encrypting Connections to SQL Server](https://technet.microsoft.com/library/ms189067.aspx). For more information about securing the MBAM websites, see [Planning How to Secure the MBAM Websites](planning-how-to-secure-the-mbam-websites.md). @@ -282,7 +282,7 @@ When TDE is enabled on a database, all backups are encrypted. Thus, special care Back up the certificate with the database. Each certificate backup should have two files. Both of these files should be archived. Ideally for security, they should be backed up separately from the database backup file. You can alternatively consider using the extensible key management (EKM) feature (see Extensible Key Management) for storage and maintenance of keys that are used for TDE. -For an example of how to enable TDE for MBAM database instances, see [Understanding Transparent Data Encryption (TDE)](http://technet.microsoft.com/library/bb934049.aspx). +For an example of how to enable TDE for MBAM database instances, see [Understanding Transparent Data Encryption (TDE)](https://technet.microsoft.com/library/bb934049.aspx). ## Understand general security considerations @@ -293,7 +293,7 @@ For an example of how to enable TDE for MBAM database instances, see [Understand **Apply the most recent security updates to all computers**. Stay informed about new updates for Windows operating systems, SQL Server, and MBAM by subscribing to the Security Notification service at the [Security TechCenter](https://go.microsoft.com/fwlink/?LinkId=28819). -**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all MBAM administrator accounts. Never use blank passwords. For more information about password concepts, see [Password Policy](http://technet.microsoft.com/library/hh994572.aspx). +**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all MBAM administrator accounts. Never use blank passwords. For more information about password concepts, see [Password Policy](https://technet.microsoft.com/library/hh994572.aspx). @@ -304,7 +304,7 @@ For an example of how to enable TDE for MBAM database instances, see [Understand   ## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). +- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).   diff --git a/mdop/mbam-v25/mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md b/mdop/mbam-v25/mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md index 5d73f5edf1..0dc592b269 100644 --- a/mdop/mbam-v25/mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md +++ b/mdop/mbam-v25/mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md @@ -292,7 +292,7 @@ The following table lists the installation prerequisites for the MBAM Administra

    Service Principal Name (SPN)

    The web applications require an SPN for the virtual host name under the domain account that you use for the web application pools.

    -

    If your administrative rights permit you to create SPNs in Active Directory Domain Services, MBAM creates the SPN for you. See [Setspn](http://technet.microsoft.com/library/cc731241.aspx) for information about the rights required to create SPNs.

    +

    If your administrative rights permit you to create SPNs in Active Directory Domain Services, MBAM creates the SPN for you. See [Setspn](https://technet.microsoft.com/library/cc731241.aspx) for information about the rights required to create SPNs.

    If you do not have administrative rights to create SPNs, you must ask the Active Directory administrators in your organization to create the SPN for you by using the following command.

    Setspn -s http/mbamvirtual contoso\mbamapppooluser
 Setspn -s http/mbamvirtual.contoso.com contoso\mbamapppooluser
    @@ -341,7 +341,7 @@ Setspn -s http/mbamvirtual.contoso.com contoso\mbamapppooluser

    Service Principal Name (SPN)

    The web applications require an SPN for the virtual host name under the domain account that you use for the web application pools.

    -

    If your administrative rights permit you to create SPNs in Active Directory Domain Services, MBAM creates the SPN for you. See [Setspn](http://technet.microsoft.com/library/cc731241.aspx) for information about the rights required to create SPNs.

    +

    If your administrative rights permit you to create SPNs in Active Directory Domain Services, MBAM creates the SPN for you. See [Setspn](https://technet.microsoft.com/library/cc731241.aspx) for information about the rights required to create SPNs.

    If you do not have administrative rights to create SPNs, you must ask the Active Directory administrators in your organization administrators in your organization to create the SPN for you by using the following command.

    Setspn -s http/mbamvirtual contoso\mbamapppooluser
 Setspn -s http/mbamvirtual.contoso.com contoso\mbamapppooluser
    @@ -422,7 +422,7 @@ Setspn -s http/mbamvirtual.contoso.com contoso\mbamapppooluser   ## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). +- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). diff --git a/mdop/mbam-v25/mbam-25-supported-configurations.md b/mdop/mbam-v25/mbam-25-supported-configurations.md index 195791d851..070552040e 100644 --- a/mdop/mbam-v25/mbam-25-supported-configurations.md +++ b/mdop/mbam-v25/mbam-25-supported-configurations.md @@ -1,13 +1,13 @@ --- title: MBAM 2.5 Supported Configurations description: MBAM 2.5 Supported Configurations -author: jamiejdt +author: shortpatti ms.assetid: ce689aff-9a55-4ae7-a968-23c7bda9b4d6 ms.pagetype: mdop, security ms.mktglfcycl: manage ms.sitesec: library ms.prod: w10 -ms.date: 03/30/2017 +ms.date: 10/24/2018 --- @@ -284,7 +284,7 @@ MBAM supports the following versions of Configuration Manager. -

    Microsoft System Center Configuration Manager (Current Branch), version 1610

    +

    Microsoft System Center Configuration Manager (Current Branch), versions up to 1806

    64-bit

    @@ -365,7 +365,7 @@ https://www.microsoft.com/en-us/download/details.aspx?id=54967< **Note** -In order to support SQL 2016 you must install the March 2017 Servicing Release for MDOP https://www.microsoft.com/en-us/download/details.aspx?id=54967 . In general stay current by always using the most recent servicing update as it also includes all bugfixes and new features. +In order to support SQL 2016 you must install the March 2017 Servicing Release for MDOP https://www.microsoft.com/en-us/download/details.aspx?id=54967 and to support SQL 2017 you must install the July 2018 Servicing Release for MDOP https://www.microsoft.com/en-us/download/details.aspx?id=57157. In general stay current by always using the most recent servicing update as it also includes all bugfixes and new features.   ### SQL Server processor, RAM, and disk space requirements – Stand-alone topology @@ -576,11 +576,21 @@ The following table lists the operating systems that are supported for MBAM Grou ## MBAM In Azure IaaS -The MBAM server can be deployed in Azure Infrastructure as a Service (IaaS) on any of the supported OS versions listed above, connecting to an Active Directory hosted on premises or an Active Directory also hosted in Azure IaaS. Documentation for setting up and configuring Active Directory on Azure IaaS is [here](https://msdn.microsoft.com/en-us/library/azure/jj156090.aspx). +The MBAM server can be deployed in Azure Infrastructure as a Service (IaaS) on any of the supported OS versions listed above, connecting to an Active Directory hosted on premises or an Active Directory also hosted in Azure IaaS. Documentation for setting up and configuring Active Directory on Azure IaaS is [here](https://msdn.microsoft.com/library/azure/jj156090.aspx). The MBAM client is not supported on virtual machines and is also not supported on Azure IaaS. +## Service releases + +- [April 2016 hotfix](https://support.microsoft.com/help/3144445/april-2016-hotfix-rollup-for-microsoft-desktop-optimization-pack) +- [September 2016](https://support.microsoft.com/ms-my/help/3168628/september-2016-servicing-release-for-microsoft-desktop-optimization-pa) +- [December 2016](https://support.microsoft.com/help/3198158/december-2016-servicing-release-for-microsoft-desktop-optimization-pac) +- [March 2017](https://support.microsoft.com/en-ie/help/4014009/march-2017-servicing-release-for-microsoft-desktop-optimization-pack) +- [June 2017](https://support.microsoft.com/af-za/help/4018510/june-2017-servicing-release-for-microsoft-desktop-optimization-pack) +- [September 2017](https://support.microsoft.com/en-ie/help/4041137/september-2017-servicing-release-for-microsoft-desktop-optimization) +- [March 2018](https://support.microsoft.com/help/4074878/march-2018-servicing-release-for-microsoft-desktop-optimization-pack) +- [July 2018](https://support.microsoft.com/help/4340040/july-2018-servicing-release-for-microsoft-desktop-optimization-pack) ## Related topics diff --git a/mdop/mbam-v25/planning-for-mbam-25-groups-and-accounts.md b/mdop/mbam-v25/planning-for-mbam-25-groups-and-accounts.md index 541ece0a38..e03e834e82 100644 --- a/mdop/mbam-v25/planning-for-mbam-25-groups-and-accounts.md +++ b/mdop/mbam-v25/planning-for-mbam-25-groups-and-accounts.md @@ -88,7 +88,7 @@ Create the following accounts for the Reports feature.

    Reports read-only domain access group

    Group

    Reporting role domain group

    -

    Name of the domain group whose members have read-only access to the reports in the Administration and Monitoring Website.

    +

    Specifies the domain user group that has read-only access to the reports in the Administration and Monitoring Website. The group you specify must be the same group you specified for the Reports Read Only Access Group parameter when the web apps are enabled.

    Compliance and Audit Database domain user account

    diff --git a/mdop/mbam-v25/planning-for-mbam-25-high-availability.md b/mdop/mbam-v25/planning-for-mbam-25-high-availability.md index fcf168b878..801ea71276 100644 --- a/mdop/mbam-v25/planning-for-mbam-25-high-availability.md +++ b/mdop/mbam-v25/planning-for-mbam-25-high-availability.md @@ -75,7 +75,7 @@ Complete the following tasks: 3. If you are configuring the websites in a web farm with a load balancer, you must configure the websites to use the same machine key. - For more information, see the following sections in [machineKey Element (ASP.NET Settings Schema)](http://msdn.microsoft.com/library/vstudio/w8h3skw9.aspx): + For more information, see the following sections in [machineKey Element (ASP.NET Settings Schema)](https://msdn.microsoft.com/library/vstudio/w8h3skw9.aspx): - Machine Key Explained @@ -134,7 +134,7 @@ The VSS writer is registered on every server where you enable an MBAM web applic   ## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). +- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). diff --git a/mdop/mbam-v25/planning-how-to-secure-the-mbam-websites.md b/mdop/mbam-v25/planning-how-to-secure-the-mbam-websites.md index b59cdf6226..500b84672e 100644 --- a/mdop/mbam-v25/planning-how-to-secure-the-mbam-websites.md +++ b/mdop/mbam-v25/planning-how-to-secure-the-mbam-websites.md @@ -52,7 +52,7 @@ We recommend that you use a certificate to secure the communication between the: - Browser and the Administration and Monitoring Website and the Self-Service Portal websites -For information about requesting and installing a certificate, see [Configuring Internet Server Certificates](http://technet.microsoft.com/library/cc731977.aspx). +For information about requesting and installing a certificate, see [Configuring Internet Server Certificates](https://technet.microsoft.com/library/cc731977.aspx). **Note**   You can configure the websites and web services on different servers only if you are using Windows PowerShell. If you use the MBAM Server Configuration wizard to configure the websites, you must configure the websites and the web services on the same server. @@ -326,7 +326,7 @@ If you already registered SPNs on the machine account rather than in an applicat   ## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). +- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). diff --git a/mdop/mbam-v25/prerequisites-for-mbam-25-clients.md b/mdop/mbam-v25/prerequisites-for-mbam-25-clients.md index f151a12f21..24e0ea2b36 100644 --- a/mdop/mbam-v25/prerequisites-for-mbam-25-clients.md +++ b/mdop/mbam-v25/prerequisites-for-mbam-25-clients.md @@ -49,7 +49,7 @@ Before you install the MBAM Client software on end users' computers, ensure that

    For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addiiton, Windows will not retain the TPM owner password when provisioning the TPM.

    In MBAM 2.5 SP1, you must turn on auto-provisioning.

    -

    See [TPM owner password](http://technet.microsoft.com/en-us/itpro/windows/keep-secure/change-the-tpm-owner-password) for further details. +

    See [TPM owner password](https://technet.microsoft.com/itpro/windows/keep-secure/change-the-tpm-owner-password) for further details.

    @@ -94,7 +94,7 @@ If BitLocker was used without MBAM, MBAM can be installed and utilize the existi   ## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). +- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).   diff --git a/mdop/mbam-v25/release-notes-for-mbam-25.md b/mdop/mbam-v25/release-notes-for-mbam-25.md index 91c710e6ee..5ed4366556 100644 --- a/mdop/mbam-v25/release-notes-for-mbam-25.md +++ b/mdop/mbam-v25/release-notes-for-mbam-25.md @@ -128,7 +128,7 @@ This table lists the hotfixes and KB articles for MBAM 2.5.

    2975636

    Hotfix Package 1 for Microsoft BitLocker Administration and Monitoring 2.5

    -

    [support.microsoft.com/kb/2975636/EN-US](http://support.microsoft.com/kb/2975636/EN-US)

    +

    [support.microsoft.com/kb/2975636/EN-US](https://support.microsoft.com/kb/2975636/EN-US)

    3015477

    @@ -138,27 +138,27 @@ This table lists the hotfixes and KB articles for MBAM 2.5.

    3011022

    MBAM 2.5 installation or Configuration Manager reporting fails if the name of SSRS instance contains an underscore

    -

    [support.microsoft.com/kb/3011022/EN-US](http://support.microsoft.com/kb/3011022/EN-US)

    +

    [support.microsoft.com/kb/3011022/EN-US](https://support.microsoft.com/kb/3011022/EN-US)

    2756402

    MBAM client would fail with Event ID 4 and error code 0x8004100E in the Event description

    -

    [support.microsoft.com/kb/2756402/EN-US](http://support.microsoft.com/kb/2756402/EN-US)

    +

    [support.microsoft.com/kb/2756402/EN-US](https://support.microsoft.com/kb/2756402/EN-US)

    2639518

    Error opening Enterprise or Computer Compliance Reports in MBAM

    -

    [support.microsoft.com/kb/2639518/EN-US](http://support.microsoft.com/kb/2639518/EN-US)

    +

    [support.microsoft.com/kb/2639518/EN-US](https://support.microsoft.com/kb/2639518/EN-US)

    2870842

    MBAM 2.0 Setup fails during Configuration Manager Integration Scenario with SQL Server 2008

    -

    [support.microsoft.com/kb/2870842/EN-US](http://support.microsoft.com/kb/2870842/EN-US)

    +

    [support.microsoft.com/kb/2870842/EN-US](https://support.microsoft.com/kb/2870842/EN-US)

    2975472

    SQL deadlocks when many MBAM clients connect to the MBAM recovery database

    -

    [support.microsoft.com/kb/2975472/EN-US](http://support.microsoft.com/kb/2975472/EN-US)

    +

    [support.microsoft.com/kb/2975472/EN-US](https://support.microsoft.com/kb/2975472/EN-US)

    @@ -174,7 +174,7 @@ This table lists the hotfixes and KB articles for MBAM 2.5.   ## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). +- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).  diff --git a/mdop/mbam-v25/server-event-logs.md b/mdop/mbam-v25/server-event-logs.md index 637ae371f3..c2d73ac15e 100644 --- a/mdop/mbam-v25/server-event-logs.md +++ b/mdop/mbam-v25/server-event-logs.md @@ -510,7 +510,7 @@ The following table contains messages and troubleshooting information for event

    QueryRecoveryKeyIdsForUser: An error occurred while getting recovery key Ids from the database. Message:{message} -or-

    QueryVolumeUsers: An error occurred while getting user information from the database.

    This message is logged whenever there is an exception while communicating with the MBAM recovery database. Read through the information contained in the trace to get specific details about the exception.

    -

    For detailed troubleshooting steps, see the TechNet article [How to Troubleshoot Connecting to the SQL Server Database Engine](http://social.technet.microsoft.com/wiki/contents/articles/2102.how-to-troubleshoot-connecting-to-the-sql-server-database-engine.aspx).

    +

    For detailed troubleshooting steps, see the TechNet article [How to Troubleshoot Connecting to the SQL Server Database Engine](https://social.technet.microsoft.com/wiki/contents/articles/2102.how-to-troubleshoot-connecting-to-the-sql-server-database-engine.aspx).

    101

    @@ -522,7 +522,7 @@ The following table contains messages and troubleshooting information for event

    QueryRecoveryKeyIdsForUser: An error occurred while logging an audit event to the compliance database. Message:{message} -or-

    QueryDriveRecoveryData: An error occurred while logging an audit event to the compliance database. Message:{message}

    This message is logged whenever there is an exception while communicating the MBAM compliance database. Read through the information contained in the trace to get specific details about the exception.

    -

    For detailed troubleshooting steps, see the TechNet article [How to Troubleshoot Connecting to the SQL Server Database Engine](http://social.technet.microsoft.com/wiki/contents/articles/2102.how-to-troubleshoot-connecting-to-the-sql-server-database-engine.aspx).

    +

    For detailed troubleshooting steps, see the TechNet article [How to Troubleshoot Connecting to the SQL Server Database Engine](https://social.technet.microsoft.com/wiki/contents/articles/2102.how-to-troubleshoot-connecting-to-the-sql-server-database-engine.aspx).

    102

    @@ -530,7 +530,7 @@ The following table contains messages and troubleshooting information for event

    AgentServiceRecoveryDbError

    This message indicates an exception when MBAM Agent service tries to communicate with the recovery database. Read through the message contained in the event to get specific information about the exception.

    -

    See the TechNet article [How to Troubleshoot Connecting to the SQL Server Database Engine](http://social.technet.microsoft.com/wiki/contents/articles/2102.how-to-troubleshoot-connecting-to-the-sql-server-database-engine.aspx) to verify whether the MBAM app pool account has required permissions in place to connect or execute on MBAM recovery database.

    +

    See the TechNet article [How to Troubleshoot Connecting to the SQL Server Database Engine](https://social.technet.microsoft.com/wiki/contents/articles/2102.how-to-troubleshoot-connecting-to-the-sql-server-database-engine.aspx) to verify whether the MBAM app pool account has required permissions in place to connect or execute on MBAM recovery database.

    103

    @@ -555,7 +555,7 @@ The following table contains messages and troubleshooting information for event

    StatusServiceComplianceDbError

    This error indicates that MBAM websites/web services were unable to connect to the MBAMCompliance database.

    -

    See the TechNet article [How to Troubleshoot Connecting to the SQL Server Database Engine](http://social.technet.microsoft.com/wiki/contents/articles/2102.how-to-troubleshoot-connecting-to-the-sql-server-database-engine.aspx) to verify that the IIS app pool account could connect to the MBAM compliance database.

    +

    See the TechNet article [How to Troubleshoot Connecting to the SQL Server Database Engine](https://social.technet.microsoft.com/wiki/contents/articles/2102.how-to-troubleshoot-connecting-to-the-sql-server-database-engine.aspx) to verify that the IIS app pool account could connect to the MBAM compliance database.

    106

    @@ -598,7 +598,7 @@ The following table contains messages and troubleshooting information for event

    QueryRecoveryKeyIdsForUser: an error occurred while getting recovery key Ids for a user. Message:{message} -or-

    An error occurred while getting TPM password hash from the Recovery database. EventDetails:{ExceptionMessage}

    This message indicates that recovery database connection string information at "HKLM\Software\Microsoft\MBAM Server\Web\RecoveryDBConnectionString" is invalid. Verify the given registry key value. –or-

    -

    If any of the remaining messages are logged, refer to the troubleshooting steps listed at the TechNet article [How to Troubleshoot Connecting to the SQL Server Database Engine](http://social.technet.microsoft.com/wiki/contents/articles/2102.how-to-troubleshoot-connecting-to-the-sql-server-database-engine.aspx) to verify whether a connection could be made to the MBAM Recovery database from IIS server using app pool credentials.

    +

    If any of the remaining messages are logged, refer to the troubleshooting steps listed at the TechNet article [How to Troubleshoot Connecting to the SQL Server Database Engine](https://social.technet.microsoft.com/wiki/contents/articles/2102.how-to-troubleshoot-connecting-to-the-sql-server-database-engine.aspx) to verify whether a connection could be made to the MBAM Recovery database from IIS server using app pool credentials.

    110

    @@ -609,7 +609,7 @@ The following table contains messages and troubleshooting information for event

    QueryRecoveryKeyIdsForUser: an error occurred while logging an audit event to the Compliance database. Message:{message} -or-

    QueryRecoveryKeyIdsForUser: an error occurred while logging an audit event to the compliance database. Message:{message}

    This message indicates that compliance db connection string information at "HKLM\Software\Microsoft\MBAM Server\Web\ComplianceDBConnectionString" is invalid. Verify the value corresponding to above registry key. –or-

    -

    If any of the remaining messages are logged, refer to the troubleshooting steps listed at the TechNet article [How to Troubleshoot Connecting to the SQL Server Database Engine](http://social.technet.microsoft.com/wiki/contents/articles/2102.how-to-troubleshoot-connecting-to-the-sql-server-database-engine.aspx) to verify whether a connection could be made to the MBAM Compliance database from IIS server using app pool credentials.

    +

    If any of the remaining messages are logged, refer to the troubleshooting steps listed at the TechNet article [How to Troubleshoot Connecting to the SQL Server Database Engine](https://social.technet.microsoft.com/wiki/contents/articles/2102.how-to-troubleshoot-connecting-to-the-sql-server-database-engine.aspx) to verify whether a connection could be made to the MBAM Compliance database from IIS server using app pool credentials.

    111

    @@ -622,7 +622,7 @@ The following table contains messages and troubleshooting information for event

  • MBAM websites/webservices execution account(app pool account) could not run the GetVersion stored procedure on MBAMCompliance OR MBAMRecovery database

    • The message contained in the event will provide more details about the exception.

    -

    Refer to the troubleshooting steps listed at the TechNet article [How to Troubleshoot Connecting to the SQL Server Database Engine](http://social.technet.microsoft.com/wiki/contents/articles/2102.how-to-troubleshoot-connecting-to-the-sql-server-database-engine.aspx) to verify that the MBAM execution account (app pool account) could connect to MBAM compliance/recovery database and it has permissions in place to execute GetVersion stored procedure.

    +

    Refer to the troubleshooting steps listed at the TechNet article [How to Troubleshoot Connecting to the SQL Server Database Engine](https://social.technet.microsoft.com/wiki/contents/articles/2102.how-to-troubleshoot-connecting-to-the-sql-server-database-engine.aspx) to verify that the MBAM execution account (app pool account) could connect to MBAM compliance/recovery database and it has permissions in place to execute GetVersion stored procedure.

    112

    @@ -670,7 +670,7 @@ The following table contains messages and troubleshooting information for event   ## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). +- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).   diff --git a/mdop/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md b/mdop/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md index 3d7c288953..9332d62940 100644 --- a/mdop/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md +++ b/mdop/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md @@ -105,7 +105,7 @@ Use the steps in the following sections to upgrade MBAM for the Stand-alone topo 4. Install and configure the MBAM 2.5 or 2.5 SP1 databases, reports, and web applications, in that order. The databases are upgraded in place. -5. Update the Group Policy Objects (GPOs) using the MBAM 2.5 Templates to leverage the new features in MBAM, such as enforced encryption. If you do not update the GPOs and the MBAM client to MBAM 2.5, earlier versions of MBAM clients will continue to report against your current GPOs with reduced functionality. See [How to Get MDOP Group Policy (.admx) Templates](http://www.microsoft.com/download/details.aspx?id=41183) to download the latest ADMX templates. +5. Update the Group Policy Objects (GPOs) using the MBAM 2.5 Templates to leverage the new features in MBAM, such as enforced encryption. If you do not update the GPOs and the MBAM client to MBAM 2.5, earlier versions of MBAM clients will continue to report against your current GPOs with reduced functionality. See [How to Get MDOP Group Policy (.admx) Templates](https://www.microsoft.com/download/details.aspx?id=41183) to download the latest ADMX templates. After you upgrade the MBAM Server infrastructure, the existing client computers continue to successfully report to the MBAM 2.5 or 2.5 SP1 Server, and recovery data continues to be stored. @@ -130,7 +130,7 @@ Use the steps in the following sections to upgrade MBAM for the Stand-alone topo 6. Install and configure the MBAM 2.5 or 2.5 SP1 databases, reports, web applications, and Configuration Manager integration, in that order. The databases and Configuration Manager objects are upgraded in place. -7. Optionally, update the Group Policy Objects (GPOs), and edit the settings if you want to implement new features in MBAM, such as enforced encryption. If you do not update the GPOs, MBAM will continue to report against your current GPOs. See [How to Get MDOP Group Policy (.admx) Templates](https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/solutions/how-to-download-and-deploy-mdop-group-policy--admx--templates) to download the latest ADMX templates. +7. Optionally, update the Group Policy Objects (GPOs), and edit the settings if you want to implement new features in MBAM, such as enforced encryption. If you do not update the GPOs, MBAM will continue to report against your current GPOs. See [How to Get MDOP Group Policy (.admx) Templates](https://docs.microsoft.com/microsoft-desktop-optimization-pack/solutions/how-to-download-and-deploy-mdop-group-policy--admx--templates) to download the latest ADMX templates. After you upgrade the MBAM Server infrastructure, the existing client computers continue to successfully report to the MBAM 2.5 or 2.5 SP1 Server, and recovery data continues to be stored. @@ -161,7 +161,7 @@ MBAM supports upgrades to the MBAM 2.5 Client from any earlier version of the M   ## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). +- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).  diff --git a/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md b/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md index f650f130b3..8cf42399fe 100644 --- a/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md +++ b/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md @@ -13,32 +13,37 @@ ms.date: 2/16/2018 # Upgrading to MBAM 2.5 SP1 from MBAM 2.5 This topic describes the process for upgrading the Microsoft BitLocker Administration and Monitoring (MBAM) Server 2.5 and the MBAM Client from 2.5 to MBAM 2.5 SP1. -### Before you begin, download the September 2017 servicing release -[Desktop Optimization Pack](https://www.microsoft.com/en-us/download/details.aspx?id=56126) +### Before you begin +#### Download the July 2018 servicing release +[Desktop Optimization Pack](https://www.microsoft.com/download/details.aspx?id=57157) +#### Verify the installation documentaion +Verify you have a current documentation of your MBAM environment, including all server names, database names, service accounts and their passwords. + +### Upgrade steps #### Steps to upgrade the MBAM Database (SQL Server) -1. Using the MBAM Configurator; remove the Reports roll from the SQL server, or wherever the SSRS database is housed (Could be on the same server or different one, depending on your environment) +1. Using the MBAM Configurator; remove the Reports role from the SQL server, or wherever the SSRS database is hosted. Depending on your environment, this can be the same server or a separate one. Note: You will not see an option to remove the Databases; this is expected.   2. Install 2.5 SP1 (Located with MDOP - Microsoft Desktop Optimization Pack 2015 from the Volume Licensing Service Center site: 3. Do not configure it at this time  -4. Install the September Rollup: https://www.microsoft.com/en-us/download/details.aspx?id=56126 -5. Using the MBAM Configurator; re-add the Reports rollup +4. Install the July 2018 Rollup: https://www.microsoft.com/download/details.aspx?id=57157 +5. Using the MBAM Configurator; re-add the Reports role 6. This will configure the SSRS connection using the latest MBAM code from the rollup  -7. Using the MBAM Configurator; re-add the SQL Database roll on the SQL Server. -- At the end, you will be warned that the DBs already exist and weren’t created, but this is  expected. +7. Using the MBAM Configurator; re-add the SQL Database role on the SQL Server. +- At the end, you will be warned that the DBs already exist and weren’t created, but this is expected. - This process updates the existing databases to the current version being installed       #### Steps to upgrade the MBAM Server (Running MBAM and IIS) 1. Using the MBAM Configurator; remove the Admin and Self Service Portals from the IIS server 2. Install MBAM 2.5 SP1 3. Do not configure it at this time   -4. Install the September 2017 Rollup on the IIS server(https://www.microsoft.com/en-us/download/details.aspx?id=56126) +4. Install the July 2018 Rollup on the IIS server(https://www.microsoft.com/download/details.aspx?id=57157) 5. Using the MBAM Configurator; re-add the Admin and Self Service Portals to the IIS server  -6. This will configure the sites using the latest MBAM code from the June Rollup +6. This will configure the sites using the latest MBAM code from the July 2018 Rollup - Open an elevated command prompt, Type: **IISRESET** and Hit Enter. #### Steps to upgrade the MBAM Clients/Endpoints 1. Uninstall the 2.5 Agent from client endpoints 2. Install the 2.5 SP1 Agent on the client endpoints -3. Push out the September Rollup Client update to clients running the 2.5 SP1 Agent  -4. There is no need to uninstall existing client prior to installing the September Rollup.   +3. Push out the July 2018 Rollup Client update to clients running the 2.5 SP1 Agent  +4. There is no need to uninstall the existing client prior to installing the July 2018 Rollup.   diff --git a/mdop/medv-v1/how-to-install-and-configure-the-med-v-server-component.md b/mdop/medv-v1/how-to-install-and-configure-the-med-v-server-component.md index 0e61567b46..8a48eb313c 100644 --- a/mdop/medv-v1/how-to-install-and-configure-the-med-v-server-component.md +++ b/mdop/medv-v1/how-to-install-and-configure-the-med-v-server-component.md @@ -92,7 +92,7 @@ The following server settings can be configured: - [How to: Configure a Port with an SSL Certificate](https://go.microsoft.com/fwlink/?LinkID=183315) - - [How to: Configure a Port with an SSL Certificate](http://msdn.microsoft.com/library/ms733791.aspx) + - [How to: Configure a Port with an SSL Certificate](https://msdn.microsoft.com/library/ms733791.aspx) 3. Click **OK**. diff --git a/mdop/softgrid-application-virtualization.md b/mdop/softgrid-application-virtualization.md index 987605510e..4251743d68 100644 --- a/mdop/softgrid-application-virtualization.md +++ b/mdop/softgrid-application-virtualization.md @@ -11,4 +11,4 @@ ms.date: 04/19/2017 # SoftGrid Application Virtualization -Selecting the link for [SoftGrid Application Virtualization documentation](https://technet.microsoft.com/en-us/library/bb906040.aspx) will take you to another website. Use your browser's **Back** button to return to this page. \ No newline at end of file +Selecting the link for [SoftGrid Application Virtualization documentation](https://technet.microsoft.com/library/bb906040.aspx) will take you to another website. Use your browser's **Back** button to return to this page. \ No newline at end of file diff --git a/mdop/solutions/how-to-download-and-deploy-mdop-group-policy--admx--templates.md b/mdop/solutions/how-to-download-and-deploy-mdop-group-policy--admx--templates.md index b183080d0a..bb717d6751 100644 --- a/mdop/solutions/how-to-download-and-deploy-mdop-group-policy--admx--templates.md +++ b/mdop/solutions/how-to-download-and-deploy-mdop-group-policy--admx--templates.md @@ -22,7 +22,7 @@ You can manage the feature settings of certain Microsoft Desktop Optimization Pa 1. Download the latest [MDOP Group Policy templates](https://www.microsoft.com/en-us/download/details.aspx?id=55531) -2. Run the downloaded file to extract the template folders. +2. Expand the downloaded .cab file by running `expand \MDOP_ADMX_Templates.cab -F:* ` **Warning**   Do not extract the templates directly to the Group Policy deployment directory. Multiple technologies and versions are bundled in this file. diff --git a/mdop/uev-v2/application-template-schema-reference-for-ue-v-2x-both-uevv2.md b/mdop/uev-v2/application-template-schema-reference-for-ue-v-2x-both-uevv2.md index b845f8d421..5178ad8c46 100644 --- a/mdop/uev-v2/application-template-schema-reference-for-ue-v-2x-both-uevv2.md +++ b/mdop/uev-v2/application-template-schema-reference-for-ue-v-2x-both-uevv2.md @@ -73,34 +73,34 @@ UE-V uses the http://schemas.microsoft.com/UserExperienceVirtualization/2012/Set These are the data types for the UE-V application template schema. -**GUID** +**GUID** GUID describes a standard globally unique identifier regular expression in the form "\\{\[a-fA-F0-9\]{8}-\[a-fA-F0-9\]{4}-\[a-fA-F0-9\]{4}-\[a-fA-F0-9\]{4}-\[a-fA-F0-9\]{12}\\}". This is used in the Filesetting\\Root\\KnownFolder element to verify the formatting of well-known folders. -**FilenameString** +**FilenameString** FilenameString refers to the file name of a process to be monitored. Its values are restricted by the regex \[^\\\\\\?\\\*\\|<>/:\]+, (that is, they may not contain backslash characters, asterisk or question mark wild-card characters, the pipe character, the greater than or less than sign, forward slash, or colon characters). -**IDString** +**IDString** IDString refers to the ID value of Application elements, SettingsLocationTemplate, and Common elements (used to describe application suites that share common settings). It is restricted by the same regex as FilenameString (\[^\\\\\\?\\\*\\|<>/:\]+). -**TemplateVersion** +**TemplateVersion** TemplateVersion is an integer value used to describe the revision of the settings location template. Its value may range from 0 to 2147483647. -**Empty** +**Empty** Empty refers to a null value. This is used in Process\\ShellProcess to indicate that there is no process to monitor. This value should not be used in any application templates. -**Author** +**Author** The Author data type is a complex type that identifies the author of a template. It contains two child elements: **Name** and **Email**. Within the Author data type, the Name element is mandatory while the Email element is optional. This type is described in more detail under the SettingsLocationTemplate element. -**Range** +**Range** Range defines an integer class consisting of two child elements: **Minimum** and **Maximum**. This data type is implemented in the ProcessVersion data type. If specified, both Minimum and Maximum values must be included. -**ProcessVersion** +**ProcessVersion** ProcessVersion defines a type with four child elements: **Major**, **Minor**, **Build**, and **Patch**. This data type is used by the Process element to populate its ProductVersion and FileVersion values. The data for this type is a Range value. The Major child element is mandatory and the others are optional. -**Architecture** +**Architecture** Architecture enumerates two possible values: **Win32** and **Win64**. These values are used to specify process architecture. -**Process** +**Process** The Process data type is a container used to describe processes to be monitored by UE-V. It contains six child elements: **Filename**, **Architecture**, **ProductName**, **FileDescription**, **ProductVersion**, and **FileVersion**. This table details each element’s respective data type: @@ -150,26 +150,26 @@ The Process data type is a container used to describe processes to be monitored   -**Processes** +**Processes** The Processes data type represents a container for a collection of one or more Process elements. Two child elements are supported in the Processes sequence type: **Process** and **ShellProcess**. Process is an element of type Process and ShellProcess is of data type Empty. At least one item must be identified in the sequence. -**Path** +**Path** Path is consumed by RegistrySetting and FileSetting to refer to registry and file paths. This element supports two optional attributes: **Recursive** and **DeleteIfNotFound**. Both values are set to default=”False”. Recursive indicates that the path and all subfolders are included for file settings or that all child registry keys are included for registry settings. In both cases, all items at the current level are included in the data captured. For a FileSettings object, all files within the specified folder are included in the data captured by UE-V but folders are not included. For registry paths, all values in the current path are captured but child registry keys are not captured. In both cases, care should be taken to avoid capturing large data sets or large numbers of items. The DeleteIfNotFound attribute removes the setting from the user’s settings storage path data. This may be desirable in cases where removing these settings from the package will save a large amount of disk space on the settings storage path file server. -**FileMask** +**FileMask** FileMask specifies only certain file types for the folder that is defined by Path. For example, Path might be `C:\users\username\files` and FileMask could be `*.txt` to include only text files. -**RegistrySetting** +**RegistrySetting** RegistrySetting represents a container for registry keys and values and the associated desired behavior on the part of the UE-V Agent. Four child elements are defined within this type: **Path**, **Name**, **Exclude**, and a sequence of the values **Path** and **Name**. -**FileSetting** +**FileSetting** FileSetting contains parameters associated with files and files paths. Four child elements are defined: **Root**, **Path**, **FileMask**, and **Exclude**. Root is mandatory and the others are optional. -**Settings** +**Settings** Settings is a container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings described earlier. In addition, it can also contain the following child elements with behaviors described:
    @@ -266,7 +266,7 @@ This value is queried to determine if a new version of a template should be appl **Type: String** -Author identifies the creator of the settings location template. Two optional child elements are supported: **Name** and **Email**. Both attributes are optional, but, if the Email child element is specified, it must be accompanied by the Name element. Author refers to the full name of the contact for the settings location template, and email should refer to an email address for the author. We recommend that you include this information in templates published publicly, for example, on the [UE-V Template Gallery](http://gallery.technet.microsoft.com/site/search?f%5B0%5D.Type=RootCategory&f%5B0%5D.Value=UE-V). +Author identifies the creator of the settings location template. Two optional child elements are supported: **Name** and **Email**. Both attributes are optional, but, if the Email child element is specified, it must be accompanied by the Name element. Author refers to the full name of the contact for the settings location template, and email should refer to an email address for the author. We recommend that you include this information in templates published publicly, for example, on the [UE-V Template Gallery](https://gallery.technet.microsoft.com/site/search?f%5B0%5D.Type=RootCategory&f%5B0%5D.Value=UE-V). ### Processes and Process Element @@ -373,7 +373,7 @@ For example, in a suited application, it might be useful to provide reminders ab ``` syntax - + MyApplication.exe My Application Main Engine @@ -671,7 +671,7 @@ Here is the SettingsLocationTemplate.xsd file showing its elements, child elemen - + @@ -708,7 +708,7 @@ Here is the SettingsLocationTemplate.xsd file showing its elements, child elemen - + @@ -1011,34 +1011,34 @@ UE-V uses the http://schemas.microsoft.com/UserExperienceVirtualization/2012/Set These are the data types for the UE-V application template schema. -**GUID** +**GUID** GUID describes a standard globally unique identifier regular expression in the form "\\{\[a-fA-F0-9\]{8}-\[a-fA-F0-9\]{4}-\[a-fA-F0-9\]{4}-\[a-fA-F0-9\]{4}-\[a-fA-F0-9\]{12}\\}". This is used in the Filesetting\\Root\\KnownFolder element to verify the formatting of well-known folders. -**FilenameString** +**FilenameString** FilenameString refers to the file name of a process to be monitored. Its values are restricted by the regex \[^\\\\\\?\\\*\\|<>/:\]+, (that is, they may not contain backslash characters, asterisk or question mark wild-card characters, the pipe character, the greater than or less than sign, forward slash, or colon characters). -**IDString** +**IDString** IDString refers to the ID value of Application elements, SettingsLocationTemplate, and Common elements (used to describe application suites that share common settings). It is restricted by the same regex as FilenameString (\[^\\\\\\?\\\*\\|<>/:\]+). -**TemplateVersion** +**TemplateVersion** TemplateVersion is an integer value used to describe the revision of the settings location template. Its value may range from 0 to 2147483647. -**Empty** +**Empty** Empty refers to a null value. This is used in Process\\ShellProcess to indicate that there is no process to monitor. This value should not be used in any application templates. -**Author** +**Author** The Author data type is a complex type that identifies the author of a template. It contains two child elements: **Name** and **Email**. Within the Author data type, the Name element is mandatory while the Email element is optional. This type is described in more detail under the SettingsLocationTemplate element. -**Range** +**Range** Range defines an integer class consisting of two child elements: **Minimum** and **Maximum**. This data type is implemented in the ProcessVersion data type. If specified, both Minimum and Maximum values must be included. -**ProcessVersion** +**ProcessVersion** ProcessVersion defines a type with four child elements: **Major**, **Minor**, **Build**, and **Patch**. This data type is used by the Process element to populate its ProductVersion and FileVersion values. The data for this type is a Range value. The Major child element is mandatory and the others are optional. -**Architecture** +**Architecture** Architecture enumerates two possible values: **Win32** and **Win64**. These values are used to specify process architecture. -**Process** +**Process** The Process data type is a container used to describe processes to be monitored by UE-V. It contains six child elements: **Filename**, **Architecture**, **ProductName**, **FileDescription**, **ProductVersion**, and **FileVersion**. This table details each element’s respective data type:
    @@ -1090,26 +1090,26 @@ The Process data type is a container used to describe processes to be monitored   -**Processes** +**Processes** The Processes data type represents a container for a collection of one or more Process elements. Two child elements are supported in the Processes sequence type: **Process** and **ShellProcess**. Process is an element of type Process and ShellProcess is of data type Empty. At least one item must be identified in the sequence. -**Path** +**Path** Path is consumed by RegistrySetting and FileSetting to refer to registry and file paths. This element supports two optional attributes: **Recursive** and **DeleteIfNotFound**. Both values are set to default=”False”. Recursive indicates that the path and all subfolders are included for file settings or that all child registry keys are included for registry settings. In both cases, all items at the current level are included in the data captured. For a FileSettings object, all files within the specified folder are included in the data captured by UE-V but folders are not included. For registry paths, all values in the current path are captured but child registry keys are not captured. In both cases, care should be taken to avoid capturing large data sets or large numbers of items. The DeleteIfNotFound attribute removes the setting from the user’s settings storage path data. This may be desirable in cases where removing these settings from the package will save a large amount of disk space on the settings storage path file server. -**FileMask** +**FileMask** FileMask specifies only certain file types for the folder that is defined by Path. For example, Path might be `C:\users\username\files` and FileMask could be `*.txt` to include only text files. -**RegistrySetting** +**RegistrySetting** RegistrySetting represents a container for registry keys and values and the associated desired behavior on the part of the UE-V Agent. Four child elements are defined within this type: **Path**, **Name**, **Exclude**, and a sequence of the values **Path** and **Name**. -**FileSetting** +**FileSetting** FileSetting contains parameters associated with files and files paths. Four child elements are defined: **Root**, **Path**, **FileMask**, and **Exclude**. Root is mandatory and the others are optional. -**Settings** +**Settings** Settings is a container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings described earlier. In addition, it can also contain the following child elements with behaviors described:
    @@ -1203,7 +1203,7 @@ This value is queried to determine if a new version of a template should be appl **Type: String** -Author identifies the creator of the settings location template. Two optional child elements are supported: **Name** and **Email**. Both attributes are optional, but, if the Email child element is specified, it must be accompanied by the Name element. Author refers to the full name of the contact for the settings location template, and email should refer to an email address for the author. We recommend that you include this information in templates published publicly, for example, on the [UE-V Template Gallery](http://gallery.technet.microsoft.com/site/search?f%5B0%5D.Type=RootCategory&f%5B0%5D.Value=UE-V). +Author identifies the creator of the settings location template. Two optional child elements are supported: **Name** and **Email**. Both attributes are optional, but, if the Email child element is specified, it must be accompanied by the Name element. Author refers to the full name of the contact for the settings location template, and email should refer to an email address for the author. We recommend that you include this information in templates published publicly, for example, on the [UE-V Template Gallery](https://gallery.technet.microsoft.com/site/search?f%5B0%5D.Type=RootCategory&f%5B0%5D.Value=UE-V). ### Processes and Process Element @@ -1310,7 +1310,7 @@ For example, in a suited application, it might be useful to provide reminders ab ``` syntax - + MyApplication.exe My Application Main Engine diff --git a/mdop/uev-v2/configuring-ue-v-2x-with-group-policy-objects-both-uevv2.md b/mdop/uev-v2/configuring-ue-v-2x-with-group-policy-objects-both-uevv2.md index 391e491fa5..43c909ff82 100644 --- a/mdop/uev-v2/configuring-ue-v-2x-with-group-policy-objects-both-uevv2.md +++ b/mdop/uev-v2/configuring-ue-v-2x-with-group-policy-objects-both-uevv2.md @@ -14,7 +14,7 @@ ms.date: 06/16/2016 # Configuring UE-V 2.x with Group Policy Objects -Some Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, and 2.1 SP1 Group Policy settings can be defined for computers, and other Group Policy settings can be defined for users. For information about how to install UE-V Group Policy ADMX files, see [Installing the UE-V 2 Group Policy ADMX Templates](http://technet.microsoft.com/library/dn458891.aspx#admx). +Some Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, and 2.1 SP1 Group Policy settings can be defined for computers, and other Group Policy settings can be defined for users. For information about how to install UE-V Group Policy ADMX files, see [Installing the UE-V 2 Group Policy ADMX Templates](https://technet.microsoft.com/library/dn458891.aspx#admx). The following policy settings can be configured for UE-V. @@ -169,7 +169,7 @@ In addition, Group Policy settings are available for many desktop applications a   -For more information about synchronizing Windows apps, see [Windows App List](http://technet.microsoft.com/library/dn458925.aspx#win8applist). +For more information about synchronizing Windows apps, see [Windows App List](https://technet.microsoft.com/library/dn458925.aspx#win8applist). **To configure computer-targeted Group Policy settings** diff --git a/mdop/uev-v2/configuring-ue-v-2x-with-system-center-configuration-manager-2012-both-uevv2.md b/mdop/uev-v2/configuring-ue-v-2x-with-system-center-configuration-manager-2012-both-uevv2.md index dfe7219fbe..112b193c14 100644 --- a/mdop/uev-v2/configuring-ue-v-2x-with-system-center-configuration-manager-2012-both-uevv2.md +++ b/mdop/uev-v2/configuring-ue-v-2x-with-system-center-configuration-manager-2012-both-uevv2.md @@ -158,7 +158,7 @@ It might be necessary to change the PowerShell execution policy to allow these s 3. Run this command on a machine running the ConfigMgr Admin Console: ``` syntax - C:\Program Files (x86)\Microsoft User Experience Virtualization\ConfigPack\UevAgentPolicyGenerator.exe –Site ABC –CabFilePath “C:\MyCabFiles\UevPolicyItem.cab” –ConfigurationFile “c:\AgentConfiguration.xml” + C:\Program Files (x86)\Microsoft User Experience Virtualization\ConfigPack\UevAgentPolicyGenerator.exe –Site ABC –CabFilePath "C:\MyCabFiles\UevPolicyItem.cab" –ConfigurationFile "c:\AgentConfiguration.xml" ``` 4. Import the CAB file using ConfigMgr console or PowerShell Import-CMConfigurationItem @@ -201,7 +201,7 @@ The result is a baseline CAB file that is ready for import into Configuration Ma 3. Add the command and parameters to the .bat file that will generate the baseline. The following example creates a baseline that distributes Notepad and Calculator: ``` syntax - C:\Program Files (x86)\Microsoft User Experience Virtualization\ConfigPack\UevTemplateBaselineGenerator.exe –Site “ABC” –TemplateFolder “C:\ProductionUevTemplates” –Register “MicrosoftNotepad.xml, MicrosoftCalculator.xml” –CabFilePath “C:\MyCabFiles\UevTemplateBaseline.cab” + C:\Program Files (x86)\Microsoft User Experience Virtualization\ConfigPack\UevTemplateBaselineGenerator.exe –Site "ABC" –TemplateFolder "C:\ProductionUevTemplates" –Register "MicrosoftNotepad.xml, MicrosoftCalculator.xml" –CabFilePath "C:\MyCabFiles\UevTemplateBaseline.cab" ``` 4. Run the .bat file to create UevTemplateBaseline.cab ready for import into Configuration Manager. diff --git a/mdop/uev-v2/deploy-required-features-for-ue-v-2x-new-uevv2.md b/mdop/uev-v2/deploy-required-features-for-ue-v-2x-new-uevv2.md index 31551db716..80cd44d2e9 100644 --- a/mdop/uev-v2/deploy-required-features-for-ue-v-2x-new-uevv2.md +++ b/mdop/uev-v2/deploy-required-features-for-ue-v-2x-new-uevv2.md @@ -42,7 +42,7 @@ UE-V requires a location in which to store user settings in settings package fil If you don’t create a settings storage location, the UE-V Agent will use Active Directory (AD) by default. **Note**   -As a matter of [performance and capacity planning](http://technet.microsoft.com/library/dn458932.aspx#capacity) and to reduce problems with network latency, create settings storage locations on the same local networks where the users’ computers reside. We recommend 20 MB of disk space per user for the settings storage location. +As a matter of [performance and capacity planning](https://technet.microsoft.com/library/dn458932.aspx#capacity) and to reduce problems with network latency, create settings storage locations on the same local networks where the users’ computers reside. We recommend 20 MB of disk space per user for the settings storage location.   @@ -54,11 +54,11 @@ The settings storage location is defined by setting the SettingsStoragePath conf - When you [Deploy the UE-V Agent](#agent) through a command-line parameter or in a batch script -- Through [Group Policy](http://technet.microsoft.com/library/dn458893.aspx) settings +- Through [Group Policy](https://technet.microsoft.com/library/dn458893.aspx) settings -- With the [System Center Configuration Pack](http://technet.microsoft.com/library/dn458917.aspx) for UE-V +- With the [System Center Configuration Pack](https://technet.microsoft.com/library/dn458917.aspx) for UE-V -- After installation of the UE-V Agent, by using [Windows PowerShell or Windows Management Instrumentation (WMI)](http://technet.microsoft.com/library/dn458937.aspx) +- After installation of the UE-V Agent, by using [Windows PowerShell or Windows Management Instrumentation (WMI)](https://technet.microsoft.com/library/dn458937.aspx) The path must be in a universal naming convention (UNC) path of the server and share. For example, **\\\\Server\\Settingsshare\\**. This configuration option supports the use of variables to enable specific synchronization scenarios. For example, you can use the `%username%\%computername%` variables to preserve the end user settings experience in these scenarios: @@ -158,7 +158,7 @@ You want to figure out which configuration method you'll use to manage UE-V afte You can configure UE-V before, during, or after UE-V Agent installation, depending on the configuration method that you use. -- [Group Policy](http://technet.microsoft.com/library/dn458893.aspx)**:** You can use your existing Group Policy infrastructure to configure UE-V before or after UE-V Agent deployment. The UE-V Group Policy ADMX template enables the central management of common UE-V Agent configuration options, and it includes settings to configure UE-V synchronization. +- [Group Policy](https://technet.microsoft.com/library/dn458893.aspx)**:** You can use your existing Group Policy infrastructure to configure UE-V before or after UE-V Agent deployment. The UE-V Group Policy ADMX template enables the central management of common UE-V Agent configuration options, and it includes settings to configure UE-V synchronization. **Installing the UE-V Group Policy ADMX Templates:** Group Policy ADMX templates for UE-V configure the synchronization settings for the UE-V Agent and enable the central management of common UE-V Agent configuration settings by using an existing Group Policy infrastructure. @@ -168,9 +168,9 @@ You can configure UE-V before, during, or after UE-V Agent installation, dependi Windows Server 2012 and Windows Server 2012 R2 -- [Configuration Manager](http://technet.microsoft.com/library/dn458917.aspx)**:** The UE-V Configuration Pack lets you use the Compliance Settings feature of System Center Configuration Manager 2012 SP1 or later to apply consistent configurations across sites where UE-V and Configuration Manager are installed. +- [Configuration Manager](https://technet.microsoft.com/library/dn458917.aspx)**:** The UE-V Configuration Pack lets you use the Compliance Settings feature of System Center Configuration Manager 2012 SP1 or later to apply consistent configurations across sites where UE-V and Configuration Manager are installed. -- [Windows PowerShell and WMI](http://technet.microsoft.com/library/dn458937.aspx)**:** You can use scripted commands for Windows PowerShell and Windows Management Instrumentation (WMI) to modify configurations after you install the UE-V Agent. +- [Windows PowerShell and WMI](https://technet.microsoft.com/library/dn458937.aspx)**:** You can use scripted commands for Windows PowerShell and Windows Management Instrumentation (WMI) to modify configurations after you install the UE-V Agent. **Note**   Registry modification can result in data loss, or the computer becomes unresponsive. We recommend that you use other configuration methods. diff --git a/mdop/uev-v2/deploy-ue-v-2x-for-custom-applications-new-uevv2.md b/mdop/uev-v2/deploy-ue-v-2x-for-custom-applications-new-uevv2.md index 65b8567965..6d433b417b 100644 --- a/mdop/uev-v2/deploy-ue-v-2x-for-custom-applications-new-uevv2.md +++ b/mdop/uev-v2/deploy-ue-v-2x-for-custom-applications-new-uevv2.md @@ -88,7 +88,7 @@ However, only changes to the HKEY\_CURRENT\_USER hive will be sync-ed. The UE-V Agent installs a default group of settings location templates for common Microsoft applications and Windows settings. If you customize these templates, or create settings location templates to synchronize settings for custom applications, the UE-V Agent can be configured to use a settings template catalog to store the templates. In this case, you will need to include the default templates along with the custom templates in the settings template catalog. -When you [Deploy a UE-V Agent](http://technet.microsoft.com/library/dn458891.aspx#agent), you can use the command-line parameter `RegisterMSTemplates` to disable the registration of the default Microsoft templates. +When you [Deploy a UE-V Agent](https://technet.microsoft.com/library/dn458891.aspx#agent), you can use the command-line parameter `RegisterMSTemplates` to disable the registration of the default Microsoft templates. When you use Group Policy to configure the settings template catalog path, you can choose to replace the default Microsoft templates. If you configure the policy settings to replace the default Microsoft templates, all of the default Microsoft templates that are installed by the UE-V Agent are deleted and only the templates that are located in the settings template catalog are used. The UE-V Agent configuration setting parameter `RegisterMSTemplates` must be set to *true* in order to override the default Microsoft template. @@ -284,7 +284,7 @@ Use the UE-V Generator to create settings location templates for line-of-busines After you have created the settings location template for an application, you should test the template. Deploy the template in a lab environment before you put it into production in the enterprise. -[Application Template Schema Reference for UE-V](http://technet.microsoft.com/library/dn763947.aspx) details the XML structure of the UE-V settings location template and provides guidance for editing these files. +[Application Template Schema Reference for UE-V](https://technet.microsoft.com/library/dn763947.aspx) details the XML structure of the UE-V settings location template and provides guidance for editing these files. ## Deploy the Custom Settings Location Templates diff --git a/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md b/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md index 28a058a570..70d85ed710 100644 --- a/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md +++ b/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md @@ -122,7 +122,7 @@ Also… ## Step 2: Deploy the Settings Storage Location for UE-V 2 -You’ll need to deploy a settings storage location, a standard network share where user settings are stored in a settings package file. When you create the settings storage share, you should limit access to users that require it. [Deploy a Settings Storage Location](http://technet.microsoft.com/library/dn458891.aspx#ssl) provides more detailed information. +You’ll need to deploy a settings storage location, a standard network share where user settings are stored in a settings package file. When you create the settings storage share, you should limit access to users that require it. [Deploy a Settings Storage Location](https://technet.microsoft.com/library/dn458891.aspx#ssl) provides more detailed information. **Create a network share** @@ -209,7 +209,7 @@ Run the AgentSetup.exe file from the command line to install the UE-V Agent. It AgentSetup.exe SettingsStoragePath=\\server\settingsshare\%username% ``` -You must specify the SettingsStoragePath command line parameter as the network share from Step 2. [Deploy a UE-V Agent](http://technet.microsoft.com/library/dn458891.aspx#agent) provides more detailed information. +You must specify the SettingsStoragePath command line parameter as the network share from Step 2. [Deploy a UE-V Agent](https://technet.microsoft.com/library/dn458891.aspx#agent) provides more detailed information. ## Step 4: Test Your UE-V 2 Evaluation Deployment diff --git a/mdop/uev-v2/index.md b/mdop/uev-v2/index.md index 95edeaf0d2..8932147ff3 100644 --- a/mdop/uev-v2/index.md +++ b/mdop/uev-v2/index.md @@ -76,7 +76,7 @@ This diagram shows how deployed UE-V components work together to synchronize set +

    You can add or remove applications in the Windows app list by following the procedures shown [here](https://technet.microsoft.com/library/dn458925.aspx).

    Windows app list

    Settings for Windows apps are captured and applied dynamically. The app developer specifies the settings that are synchronized for each app. UE-V determines which Windows apps are enabled for settings synchronization using a managed list of apps. By default, this list includes most Windows apps.

    -

    You can add or remove applications in the Windows app list by following the procedures shown [here](http://technet.microsoft.com/library/dn458925.aspx).
    @@ -100,7 +100,7 @@ Use these UE-V components to create and manage custom templates for your third-p

    Settings template catalog

    The settings template catalog is a folder path on UE-V computers or a Server Message Block (SMB) network share that stores the custom settings location templates. The UE-V Agent checks this location once a day, retrieves new or updated templates, and updates its synchronization behavior.

    -

    If you use only the UE-V default settings location templates, then a settings template catalog is unnecessary. For more information about settings deployment catalogs, see [Configure a UE-V settings template catalog](http://technet.microsoft.com/library/dn458942.aspx#deploycatalogue).

    +

    If you use only the UE-V default settings location templates, then a settings template catalog is unnecessary. For more information about settings deployment catalogs, see [Configure a UE-V settings template catalog](https://technet.microsoft.com/library/dn458942.aspx#deploycatalogue).

    @@ -112,7 +112,7 @@ Use these UE-V components to create and manage custom templates for your third-p ## Settings Synchronized by Default -UE-V synchronizes settings for these applications by default. For a complete list and more detailed information, see [Settings that are automatically synchronized in a UE-V deployment](http://technet.microsoft.com/library/dn458932.aspx#autosyncsettings). +UE-V synchronizes settings for these applications by default. For a complete list and more detailed information, see [Settings that are automatically synchronized in a UE-V deployment](https://technet.microsoft.com/library/dn458932.aspx#autosyncsettings). Microsoft Office 2013 applications (UE-V 2.1 SP1 and 2.1) @@ -131,7 +131,7 @@ Many Windows desktop applications, such as Notepad Many Windows settings, such as desktop background or wallpaper **Note**   -You can also [customize UE-V to synchronize settings](http://technet.microsoft.com/library/dn458942.aspx) for applications other than those synchronized by default. +You can also [customize UE-V to synchronize settings](https://technet.microsoft.com/library/dn458942.aspx) for applications other than those synchronized by default.   @@ -301,10 +301,10 @@ For more information, and for late-breaking news that did not make it into the d ### More information -[MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286) +[MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286) Learn about the latest MDOP information and resources. -[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) +[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com) or learn about updates by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447). ## Got a suggestion for UE-V? diff --git a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--20-release-notesuevv2.md b/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--20-release-notesuevv2.md index 15e567ef80..681806fa2d 100644 --- a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--20-release-notesuevv2.md +++ b/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--20-release-notesuevv2.md @@ -132,72 +132,72 @@ This section contains hotfixes and KB articles for UE-V 2.0.

    2927019

    Hotfix Package 1 for Microsoft User Experience Virtualization 2.0

    -

    [support.microsoft.com/kb/2927019](http://support.microsoft.com/kb/2927019)

    +

    [support.microsoft.com/kb/2927019](https://support.microsoft.com/kb/2927019)

    2903501

    UE-V: User Experience Virtualization (UE-V) compatibility with user profiles

    -

    [support.microsoft.com/kb/2903501/EN-US](http://support.microsoft.com/kb/2903501/EN-US)

    +

    [support.microsoft.com/kb/2903501/EN-US](https://support.microsoft.com/kb/2903501/EN-US)

    2770042

    UE-V Registry Settings

    -

    [support.microsoft.com/kb/2770042/EN-US](http://support.microsoft.com/kb/2770042/EN-US)

    +

    [support.microsoft.com/kb/2770042/EN-US](https://support.microsoft.com/kb/2770042/EN-US)

    2847017

    UE-V settings replicated by Internet Explorer

    -

    [support.microsoft.com/kb/2847017/EN-US](http://support.microsoft.com/kb/2847017/EN-US)

    +

    [support.microsoft.com/kb/2847017/EN-US](https://support.microsoft.com/kb/2847017/EN-US)

    2930271

    Understanding the limitations of roaming Outlook signatures in Microsoft UE-V

    -

    [support.microsoft.com/kb/2930271/EN-US](http://support.microsoft.com/kb/2930271/EN-US)

    +

    [support.microsoft.com/kb/2930271/EN-US](https://support.microsoft.com/kb/2930271/EN-US)

    2769631

    How to repair a corrupted UE-V install

    -

    [support.microsoft.com/kb/2769631/EN-US](http://support.microsoft.com/kb/2769631/EN-US)

    +

    [support.microsoft.com/kb/2769631/EN-US](https://support.microsoft.com/kb/2769631/EN-US)

    2850989

    Migrating MAPI profiles with Microsoft UE-V is not supported

    -

    [support.microsoft.com/kb/2850989/EN-US](http://support.microsoft.com/kb/2850989/EN-US)

    +

    [support.microsoft.com/kb/2850989/EN-US](https://support.microsoft.com/kb/2850989/EN-US)

    2769586

    UE-V roams empty folders and registry keys

    -

    [support.microsoft.com/kb/2769586/EN-US](http://support.microsoft.com/kb/2769586/EN-US)

    +

    [support.microsoft.com/kb/2769586/EN-US](https://support.microsoft.com/kb/2769586/EN-US)

    2782997

    How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V)

    -

    [support.microsoft.com/kb/2782997/EN-US](http://support.microsoft.com/kb/2782997/EN-US)

    +

    [support.microsoft.com/kb/2782997/EN-US](https://support.microsoft.com/kb/2782997/EN-US)

    2769570

    UE-V does not update the theme on RDS or VDI sessions

    -

    [support.microsoft.com/kb/2769570/EN-US](http://support.microsoft.com/kb/2769570/EN-US)

    +

    [support.microsoft.com/kb/2769570/EN-US](https://support.microsoft.com/kb/2769570/EN-US)

    2901856

    Application settings do not sync after you force a restart on a UE-V-enabled computer

    -

    [support.microsoft.com/kb/2901856/EN-US](http://support.microsoft.com/kb/2901856/EN-US)

    +

    [support.microsoft.com/kb/2901856/EN-US](https://support.microsoft.com/kb/2901856/EN-US)

    2850582

    How To Use Microsoft User Experience Virtualization With App-V Applications

    -

    [support.microsoft.com/kb/2850582/EN-US](http://support.microsoft.com/kb/2850582/EN-US)

    +

    [support.microsoft.com/kb/2850582/EN-US](https://support.microsoft.com/kb/2850582/EN-US)

    3041879

    Current file versions for Microsoft User Experience Virtualization

    -

    [support.microsoft.com/kb/3041879/EN-US](http://support.microsoft.com/kb/3041879/EN-US)

    +

    [support.microsoft.com/kb/3041879/EN-US](https://support.microsoft.com/kb/3041879/EN-US)

    2843592

    Information on User Experience Virtualization and High Availability

    -

    [support.microsoft.com/kb/2843592/EN-US](http://support.microsoft.com/kb/2843592/EN-US)

    +

    [support.microsoft.com/kb/2843592/EN-US](https://support.microsoft.com/kb/2843592/EN-US)

    diff --git a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-release-notesuevv21.md b/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-release-notesuevv21.md index 03144d5269..fda04bf393 100644 --- a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-release-notesuevv21.md +++ b/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-release-notesuevv21.md @@ -153,62 +153,62 @@ This section contains hotfixes and KB articles for UE-V 2.1.

    3018608

    UE-V 2.1 - TemplateConsole.exe crashes when UE-V WMI classes are missing

    -

    [support.microsoft.com/kb/3018608/EN-US](http://support.microsoft.com/kb/3018608/EN-US)

    +

    [support.microsoft.com/kb/3018608/EN-US](https://support.microsoft.com/kb/3018608/EN-US)

    2903501

    UE-V: User Experience Virtualization (UE-V) compatibility with user profiles

    -

    [support.microsoft.com/kb/2903501/EN-US](http://support.microsoft.com/kb/2903501/EN-US)

    +

    [support.microsoft.com/kb/2903501/EN-US](https://support.microsoft.com/kb/2903501/EN-US)

    2770042

    UE-V Registry Settings

    -

    [support.microsoft.com/kb/2770042/EN-US](http://support.microsoft.com/kb/2770042/EN-US)

    +

    [support.microsoft.com/kb/2770042/EN-US](https://support.microsoft.com/kb/2770042/EN-US)

    2847017

    UE-V settings replicated by Internet Explorer

    -

    [support.microsoft.com/kb/2847017/EN-US](http://support.microsoft.com/kb/2847017/EN-US)

    +

    [support.microsoft.com/kb/2847017/EN-US](https://support.microsoft.com/kb/2847017/EN-US)

    2769631

    How to repair a corrupted UE-V install

    -

    [support.microsoft.com/kb/2769631/EN-US](http://support.microsoft.com/kb/2769631/EN-US)

    +

    [support.microsoft.com/kb/2769631/EN-US](https://support.microsoft.com/kb/2769631/EN-US)

    2850989

    Migrating MAPI profiles with Microsoft UE-V is not supported

    -

    [support.microsoft.com/kb/2850989/EN-US](http://support.microsoft.com/kb/2850989/EN-US)

    +

    [support.microsoft.com/kb/2850989/EN-US](https://support.microsoft.com/kb/2850989/EN-US)

    2769586

    UE-V roams empty folders and registry keys

    -

    [support.microsoft.com/kb/2769586/EN-US](http://support.microsoft.com/kb/2769586/EN-US)

    +

    [support.microsoft.com/kb/2769586/EN-US](https://support.microsoft.com/kb/2769586/EN-US)

    2782997

    How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V)

    -

    [support.microsoft.com/kb/2782997/EN-US](http://support.microsoft.com/kb/2782997/EN-US)

    +

    [support.microsoft.com/kb/2782997/EN-US](https://support.microsoft.com/kb/2782997/EN-US)

    2769570

    UE-V does not update the theme on RDS or VDI sessions

    -

    [support.microsoft.com/kb/2769570/EN-US](http://support.microsoft.com/kb/2769570/EN-US)

    +

    [support.microsoft.com/kb/2769570/EN-US](https://support.microsoft.com/kb/2769570/EN-US)

    2850582

    How To Use Microsoft User Experience Virtualization With App-V Applications

    -

    [support.microsoft.com/kb/2850582/EN-US](http://support.microsoft.com/kb/2850582/EN-US)

    +

    [support.microsoft.com/kb/2850582/EN-US](https://support.microsoft.com/kb/2850582/EN-US)

    3041879

    Current file versions for Microsoft User Experience Virtualization

    -

    [support.microsoft.com/kb/3041879/EN-US](http://support.microsoft.com/kb/3041879/EN-US)

    +

    [support.microsoft.com/kb/3041879/EN-US](https://support.microsoft.com/kb/3041879/EN-US)

    2843592

    Information on User Experience Virtualization and High Availability

    -

    [support.microsoft.com/kb/2843592/EN-US](http://support.microsoft.com/kb/2843592/EN-US)

    +

    [support.microsoft.com/kb/2843592/EN-US](https://support.microsoft.com/kb/2843592/EN-US)

    diff --git a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-sp1-release-notes.md b/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-sp1-release-notes.md index 1de783ee2e..f14cbf3910 100644 --- a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-sp1-release-notes.md +++ b/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-sp1-release-notes.md @@ -134,13 +134,13 @@ WORKAROUND: When migrating from UE-V 1 to UE-V 2 and it is likely you’ll have ### UE-V logoff delay Occassionally on logoff, UE-V takes a long time to sync settings. Typically, this is due to a high latency network or incorrect use of Distrubuted File System (DFS). -For DFS support, see [Microsoft’s Support Statement Around Replicated User Profile Data](https://support.microsoft.com/en-us/kb/2533009) for further details. +For DFS support, see [Microsoft’s Support Statement Around Replicated User Profile Data](https://support.microsoft.com/kb/2533009) for further details. -WORKAROUND: Starting with HF03, a new registry key has been introduced -The following registry key provides a mechanism by which the maximum logoff delay can be specified +WORKAROUND: Starting with HF03, a new registry key has been introduced +The following registry key provides a mechanism by which the maximum logoff delay can be specified \\Software\\Microsoft\\UEV\\Agent\\Configuration\\LogOffWaitInterval -See [UE-V registry settings](https://support.microsoft.com/en-us/kb/2770042) for further details +See [UE-V registry settings](https://support.microsoft.com/kb/2770042) for further details ## Hotfixes and Knowledge Base articles for UE-V 2.1 SP1 @@ -164,62 +164,62 @@ This section contains hotfixes and KB articles for UE-V 2.1 SP1.

    3018608

    UE-V 2.1 - TemplateConsole.exe crashes when UE-V WMI classes are missing

    -

    [support.microsoft.com/kb/3018608/EN-US](http://support.microsoft.com/kb/3018608/EN-US)

    +

    [support.microsoft.com/kb/3018608/EN-US](https://support.microsoft.com/kb/3018608/EN-US)

    2903501

    UE-V: User Experience Virtualization (UE-V) compatibility with user profiles

    -

    [support.microsoft.com/kb/2903501/EN-US](http://support.microsoft.com/kb/2903501/EN-US)

    +

    [support.microsoft.com/kb/2903501/EN-US](https://support.microsoft.com/kb/2903501/EN-US)

    2770042

    UE-V Registry Settings

    -

    [support.microsoft.com/kb/2770042/EN-US](http://support.microsoft.com/kb/2770042/EN-US)

    +

    [support.microsoft.com/kb/2770042/EN-US](https://support.microsoft.com/kb/2770042/EN-US)

    2847017

    UE-V settings replicated by Internet Explorer

    -

    [support.microsoft.com/kb/2847017/EN-US](http://support.microsoft.com/kb/2847017/EN-US)

    +

    [support.microsoft.com/kb/2847017/EN-US](https://support.microsoft.com/kb/2847017/EN-US)

    2769631

    How to repair a corrupted UE-V install

    -

    [support.microsoft.com/kb/2769631/EN-US](http://support.microsoft.com/kb/2769631/EN-US)

    +

    [support.microsoft.com/kb/2769631/EN-US](https://support.microsoft.com/kb/2769631/EN-US)

    2850989

    Migrating MAPI profiles with Microsoft UE-V is not supported

    -

    [support.microsoft.com/kb/2850989/EN-US](http://support.microsoft.com/kb/2850989/EN-US)

    +

    [support.microsoft.com/kb/2850989/EN-US](https://support.microsoft.com/kb/2850989/EN-US)

    2769586

    UE-V roams empty folders and registry keys

    -

    [support.microsoft.com/kb/2769586/EN-US](http://support.microsoft.com/kb/2769586/EN-US)

    +

    [support.microsoft.com/kb/2769586/EN-US](https://support.microsoft.com/kb/2769586/EN-US)

    2782997

    How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V)

    -

    [support.microsoft.com/kb/2782997/EN-US](http://support.microsoft.com/kb/2782997/EN-US)

    +

    [support.microsoft.com/kb/2782997/EN-US](https://support.microsoft.com/kb/2782997/EN-US)

    2769570

    UE-V does not update the theme on RDS or VDI sessions

    -

    [support.microsoft.com/kb/2769570/EN-US](http://support.microsoft.com/kb/2769570/EN-US)

    +

    [support.microsoft.com/kb/2769570/EN-US](https://support.microsoft.com/kb/2769570/EN-US)

    2850582

    How To Use Microsoft User Experience Virtualization With App-V Applications

    -

    [support.microsoft.com/kb/2850582/EN-US](http://support.microsoft.com/kb/2850582/EN-US)

    +

    [support.microsoft.com/kb/2850582/EN-US](https://support.microsoft.com/kb/2850582/EN-US)

    3041879

    Current file versions for Microsoft User Experience Virtualization

    -

    [support.microsoft.com/kb/3041879/EN-US](http://support.microsoft.com/kb/3041879/EN-US)

    +

    [support.microsoft.com/kb/3041879/EN-US](https://support.microsoft.com/kb/3041879/EN-US)

    2843592

    Information on User Experience Virtualization and High Availability

    -

    [support.microsoft.com/kb/2843592/EN-US](http://support.microsoft.com/kb/2843592/EN-US)

    +

    [support.microsoft.com/kb/2843592/EN-US](https://support.microsoft.com/kb/2843592/EN-US)

    diff --git a/mdop/uev-v2/prepare-a-ue-v-2x-deployment-new-uevv2.md b/mdop/uev-v2/prepare-a-ue-v-2x-deployment-new-uevv2.md index 8aac3b863b..8c8ee9c750 100644 --- a/mdop/uev-v2/prepare-a-ue-v-2x-deployment-new-uevv2.md +++ b/mdop/uev-v2/prepare-a-ue-v-2x-deployment-new-uevv2.md @@ -26,21 +26,21 @@ First, let’s look at the tasks you’ll do to deploy UE-V: Every UE-V deployment requires these activities: - - [Define a settings storage location](http://technet.microsoft.com/library/dn458891.aspx#ssl) + - [Define a settings storage location](https://technet.microsoft.com/library/dn458891.aspx#ssl) - - [Decide how to deploy the UE-V Agent and manage UE-V configurations](http://technet.microsoft.com/library/dn458891.aspx#config) + - [Decide how to deploy the UE-V Agent and manage UE-V configurations](https://technet.microsoft.com/library/dn458891.aspx#config) - - [Install the UE-V Agent](http://technet.microsoft.com/library/dn458891.aspx#agent) on every user computer that needs settings synchronized + - [Install the UE-V Agent](https://technet.microsoft.com/library/dn458891.aspx#agent) on every user computer that needs settings synchronized - Optionally, you can [Deploy UE-V 2.x for Custom Applications](deploy-ue-v-2x-for-custom-applications-new-uevv2.md) Planning will help you figure out whether you want UE-V to support the synchronization of settings for custom applications (third-party or line-of-business), which requires these UE-V features: - - [Install the UEV Generator](http://technet.microsoft.com/library/dn458942.aspx#uevgen) so you can create, edit, and validate the custom settings location templates required to synchronize custom application settings + - [Install the UEV Generator](https://technet.microsoft.com/library/dn458942.aspx#uevgen) so you can create, edit, and validate the custom settings location templates required to synchronize custom application settings - - [Create custom settings location templates](http://technet.microsoft.com/library/dn458942.aspx#createcustomtemplates) by using the UE-V Generator + - [Create custom settings location templates](https://technet.microsoft.com/library/dn458942.aspx#createcustomtemplates) by using the UE-V Generator - - [Deploy a UE-V settings template catalog](http://technet.microsoft.com/library/dn458942.aspx#deploycatalogue) that you use to store your custom settings location templates + - [Deploy a UE-V settings template catalog](https://technet.microsoft.com/library/dn458942.aspx#deploycatalogue) that you use to store your custom settings location templates This workflow diagram provides a high-level understanding of a UE-V deployment and the decisions that determine how you deploy UE-V in your enterprise. @@ -77,7 +77,7 @@ Windows desktop settings that are synchronized by default A statement of support for Windows app setting synchronization -See [User Experience Virtualization (UE-V) settings templates for Microsoft Office](http://www.microsoft.com/download/details.aspx?id=46367) to download a complete list of the specific Microsoft Office 2013, Microsoft Office 2010, and Microsoft Office 2007 settings that are synchronized by UE-V. +See [User Experience Virtualization (UE-V) settings templates for Microsoft Office](https://www.microsoft.com/download/details.aspx?id=46367) to download a complete list of the specific Microsoft Office 2013, Microsoft Office 2010, and Microsoft Office 2007 settings that are synchronized by UE-V. ### Desktop applications synchronized by default in UE-V 2.1 and UE-V 2.1 SP1 @@ -102,7 +102,7 @@ When you install the UE-V 2.1 or 2.1 SP1 Agent, it registers a default group of

    Microsoft Office 2010 applications

    -

    ([Download a list of all settings synced](http://www.microsoft.com/download/details.aspx?id=46367))

    +

    ([Download a list of all settings synced](https://www.microsoft.com/download/details.aspx?id=46367))

    Microsoft Word 2010

    Microsoft Excel 2010

    Microsoft Outlook 2010

    @@ -119,7 +119,7 @@ When you install the UE-V 2.1 or 2.1 SP1 Agent, it registers a default group of

    Microsoft Office 2013 applications

    -

    ([Download a list of all settings synced](http://www.microsoft.com/download/details.aspx?id=46367))

    +

    ([Download a list of all settings synced](https://www.microsoft.com/download/details.aspx?id=46367))

    Microsoft Word 2013

    Microsoft Excel 2013

    Microsoft Outlook 2013

    @@ -191,7 +191,7 @@ When you install the UE-V 2.0 Agent, it registers a default group of settings lo

    Microsoft Office 2007 applications

    -

    ([Download a list of all settings synced](http://www.microsoft.com/download/details.aspx?id=46367))

    +

    ([Download a list of all settings synced](https://www.microsoft.com/download/details.aspx?id=46367))

    Microsoft Access 2007

    Microsoft Communicator 2007

    Microsoft Excel 2007

    @@ -207,7 +207,7 @@ When you install the UE-V 2.0 Agent, it registers a default group of settings lo

    Microsoft Office 2010 applications

    -

    ([Download a list of all settings synced](http://www.microsoft.com/download/details.aspx?id=46367))

    +

    ([Download a list of all settings synced](https://www.microsoft.com/download/details.aspx?id=46367))

    Microsoft Word 2010

    Microsoft Excel 2010

    Microsoft Outlook 2010

    @@ -504,9 +504,9 @@ Credentials are encrypted during synchronization.   -[Company Settings Center](http://technet.microsoft.com/library/dn458903.aspx)**:** Check the Roaming Credential Settings check box under Windows Settings to enable credential synchronization. Uncheck the box to disable it. This check box only appears in Company Settings Center if your account is not configured to synchronize settings using a Microsoft Account. +[Company Settings Center](https://technet.microsoft.com/library/dn458903.aspx)**:** Check the Roaming Credential Settings check box under Windows Settings to enable credential synchronization. Uncheck the box to disable it. This check box only appears in Company Settings Center if your account is not configured to synchronize settings using a Microsoft Account. -[PowerShell](http://technet.microsoft.com/library/dn458937.aspx)**:** This PowerShell cmdlet enables credential synchronization: +[PowerShell](https://technet.microsoft.com/library/dn458937.aspx)**:** This PowerShell cmdlet enables credential synchronization: ``` syntax Enable-UevTemplate RoamingCredentialSettings @@ -518,7 +518,7 @@ This PowerShell cmdlet disables credential synchronization: Disable-UevTemplate RoamingCredentialSettings ``` -[Group Policy](http://technet.microsoft.com/library/dn458893.aspx)**:** You must [deploy the latest MDOP ADMX template](https://go.microsoft.com/fwlink/p/?LinkId=393944) to enable credential synchronization through group policy. Credentials synchronization is managed with the Windows settings. To manage this feature with Group Policy, enable the Synchronize Windows settings policy. +[Group Policy](https://technet.microsoft.com/library/dn458893.aspx)**:** You must [deploy the latest MDOP ADMX template](https://go.microsoft.com/fwlink/p/?LinkId=393944) to enable credential synchronization through group policy. Credentials synchronization is managed with the Windows settings. To manage this feature with Group Policy, enable the Synchronize Windows settings policy. 1. Open Group Policy Editor and navigate to **User Configuration – Administrative Templates – Windows Components – Microsoft User Experience Virtualization**. @@ -552,7 +552,7 @@ UE-V manages Windows app settings synchronization in three ways: - **Unlisted Default Sync Behavior:** Determine the synchronization behavior of Windows apps that are not in the Windows app list. -For more information, see the [Windows App List](http://technet.microsoft.com/library/dn458925.aspx#win8applist). +For more information, see the [Windows App List](https://technet.microsoft.com/library/dn458925.aspx#win8applist). ### Custom UE-V settings location templates @@ -590,7 +590,7 @@ UE-V uses a Server Message Block (SMB) share for the storage of settings package To reduce problems with network latency, create settings storage locations on the same local networks where the users’ computers reside. We recommend 20 MB of disk space per user for the settings storage location. -By default, UE-V synchronization times out after 2 seconds to prevent excessive lag due to a large settings package. You can configure the SyncMethod=SyncProvider setting by using [Group Policy Objects](http://technet.microsoft.com/library/dn458893.aspx). +By default, UE-V synchronization times out after 2 seconds to prevent excessive lag due to a large settings package. You can configure the SyncMethod=SyncProvider setting by using [Group Policy Objects](https://technet.microsoft.com/library/dn458893.aspx). ### High Availability for UE-V @@ -598,15 +598,15 @@ The UE-V settings storage location and settings template catalog support storing - Format the storage volume with an NTFS file system. -- The share can use Distributed File System (DFS) but there are restrictions. -Specifically, Distributed File System Replication (DFS-R) single target configuration with or without a Distributed File System Namespace (DFS-N) is supported. +- The share can use Distributed File System (DFS) but there are restrictions. +Specifically, Distributed File System Replication (DFS-R) single target configuration with or without a Distributed File System Namespace (DFS-N) is supported. Likewise, only single target configuration is supported with DFS-N. For detailed information, see [Microsoft’s Support Statement Around Replicated User Profile Data](https://go.microsoft.com/fwlink/p/?LinkId=313991) and also [Information about Microsoft support policy for a DFS-R and DFS-N deployment scenario](https://support.microsoft.com/kb/2533009). In addition, because SYSVOL uses DFS-R for replication, SYSVOL cannot be used for UE-V data file replication. -- Configure the share permissions and NTFS access control lists (ACLs) as specified in [Deploying the Settings Storage Location for UE-V 2.x](http://technet.microsoft.com/library/dn458891.aspx#ssl). +- Configure the share permissions and NTFS access control lists (ACLs) as specified in [Deploying the Settings Storage Location for UE-V 2.x](https://technet.microsoft.com/library/dn458891.aspx#ssl). - Use file server clustering along with the UE-V Agent to provide access to copies of user state data in the event of communications failures. @@ -742,7 +742,7 @@ The UE-V Agent synchronizes user settings for computers that are not always conn Enable this configuration through one of these methods: -- During UE-V installation, at the command prompt or in a batch file, set the AgentSetup.exe parameter *SyncMethod = None*. [Deploying the UE-V 2.x Agent](http://technet.microsoft.com/library/dn458891.aspx#agent) provides more information. +- During UE-V installation, at the command prompt or in a batch file, set the AgentSetup.exe parameter *SyncMethod = None*. [Deploying the UE-V 2.x Agent](https://technet.microsoft.com/library/dn458891.aspx#agent) provides more information. - After the UE-V installation, use the Settings Management feature in System Center 2012 Configuration Manager or the MDOP ADMX templates to push the *SyncMethod = None* configuration. @@ -765,7 +765,7 @@ If you set *SyncMethod = None*, any settings changes are saved directly to the s **Support for shared VDI sessions:** UE-V 2.1 and 2.1 SP1 provide support for VDI sessions that are shared among end users. You can register and configure a special VDI template, which ensures that UE-V keeps all of its functionality intact for non-persistent VDI sessions. **Note**   -If you do not enable VDI mode for non-persistent VDI sessions, certain features do not work, such as [back-up/restore and last known good (LKG)](http://technet.microsoft.com/library/dn878331.aspx). +If you do not enable VDI mode for non-persistent VDI sessions, certain features do not work, such as [back-up/restore and last known good (LKG)](https://technet.microsoft.com/library/dn878331.aspx).   diff --git a/mdop/uev-v2/security-considerations-for-ue-v-2x-both-uevv2.md b/mdop/uev-v2/security-considerations-for-ue-v-2x-both-uevv2.md index 09f7739c77..d82e263f02 100644 --- a/mdop/uev-v2/security-considerations-for-ue-v-2x-both-uevv2.md +++ b/mdop/uev-v2/security-considerations-for-ue-v-2x-both-uevv2.md @@ -43,7 +43,7 @@ Because settings packages might contain personal information, you should take ca | User account | Recommended permissions | Folder | | - | - | - | - | Creator/Owner | No permissions | No permissions | + | Creator/Owner | Full control | Subfolders and files only| | Domain Admins | Full control | This folder, subfolders, and files | | Security group of UE-V users | List folder/read data, create folders/append data | This folder only | | Everyone | Remove all permissions | No permissions | diff --git a/mdop/uev-v2/sync-methods-for-ue-v-2x-both-uevv2.md b/mdop/uev-v2/sync-methods-for-ue-v-2x-both-uevv2.md index 3680c97240..752d0190eb 100644 --- a/mdop/uev-v2/sync-methods-for-ue-v-2x-both-uevv2.md +++ b/mdop/uev-v2/sync-methods-for-ue-v-2x-both-uevv2.md @@ -79,13 +79,13 @@ This table explains the changes to SyncMethod from UE-V v1.0 to v2.0 to v2.1, as You can configure the sync method in these ways: -- When you [Deploy the UE-V Agent](http://technet.microsoft.com/library/dn458891.aspx#agent) through a command-line parameter or in a batch script +- When you [Deploy the UE-V Agent](https://technet.microsoft.com/library/dn458891.aspx#agent) through a command-line parameter or in a batch script -- Through [Group Policy](http://technet.microsoft.com/library/dn458893.aspx) settings +- Through [Group Policy](https://technet.microsoft.com/library/dn458893.aspx) settings -- With the [System Center Configuration Pack](http://technet.microsoft.com/library/dn458917.aspx) for UE-V +- With the [System Center Configuration Pack](https://technet.microsoft.com/library/dn458917.aspx) for UE-V -- After installation of the UE-V Agent, by using [Windows PowerShell or Windows Management Instrumentation (WMI)](http://technet.microsoft.com/library/dn458937.aspx) +- After installation of the UE-V Agent, by using [Windows PowerShell or Windows Management Instrumentation (WMI)](https://technet.microsoft.com/library/dn458937.aspx) ## Got a suggestion for UE-V? diff --git a/mdop/uev-v2/sync-trigger-events-for-ue-v-2x-both-uevv2.md b/mdop/uev-v2/sync-trigger-events-for-ue-v-2x-both-uevv2.md index bcff8113a3..349fdff40a 100644 --- a/mdop/uev-v2/sync-trigger-events-for-ue-v-2x-both-uevv2.md +++ b/mdop/uev-v2/sync-trigger-events-for-ue-v-2x-both-uevv2.md @@ -37,7 +37,7 @@ The following table explains the trigger events for classic applications and Win

    Windows Logon

    • Application and Windows settings are imported to the local cache from the settings storage location.

      • -

    • [Asynchronous Windows settings](http://technet.microsoft.com/library/dn458932.aspx#autosyncsettings2) are applied.

      • +

    • [Asynchronous Windows settings](https://technet.microsoft.com/library/dn458932.aspx#autosyncsettings2) are applied.

    • Synchronous Windows settings will be applied during the next Windows logon.

    • Application settings will be applied when the application starts.

    @@ -91,7 +91,7 @@ The following table explains the trigger events for classic applications and Win

  • Asynchronous Windows settings are applied directly.

  • Application settings are applied when the application starts.

  • Both asynchronous and synchronous Windows settings are applied during the next Windows logon.

    • -

  • Windows app (AppX) settings are applied during the next refresh. See [Monitor Application Settings](http://technet.microsoft.com/library/dn458944.aspx) for more information.

    • +

  • Windows app (AppX) settings are applied during the next refresh. See [Monitor Application Settings](https://technet.microsoft.com/library/dn458944.aspx) for more information.

    • NA

    @@ -117,7 +117,7 @@ Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microso [Changing the Frequency of UE-V 2.x Scheduled Tasks](changing-the-frequency-of-ue-v-2x-scheduled-tasks-both-uevv2.md) -[Choose the Configuration Method for UE-V 2.x](http://technet.microsoft.com/library/dn458891.aspx#config) +[Choose the Configuration Method for UE-V 2.x](https://technet.microsoft.com/library/dn458891.aspx#config)   diff --git a/mdop/uev-v2/synchronizing-office-2013-with-ue-v-20-both-uevv2.md b/mdop/uev-v2/synchronizing-office-2013-with-ue-v-20-both-uevv2.md index 50221baf3c..f81fd70279 100644 --- a/mdop/uev-v2/synchronizing-office-2013-with-ue-v-20-both-uevv2.md +++ b/mdop/uev-v2/synchronizing-office-2013-with-ue-v-20-both-uevv2.md @@ -111,7 +111,7 @@ You can deploy UE-V settings location template with the following methods: For more information using UE-V and Windows PowerShell, see [Managing UE-V 2.x Settings Location Templates Using Windows PowerShell and WMI](managing-ue-v-2x-settings-location-templates-using-windows-powershell-and-wmi-both-uevv2.md). -- **Registering template via Template Catalog Path**. If you use the Settings Template Catalog Path to manage templates on users’ computers, copy the Office 2013 template into the folder defined in the UE-V Agent. The next time the Template Auto Update (ApplySettingsCatalog.exe) scheduled task runs, the settings location template will be registered on the device. For more information, see [Deploying the Settings Template Catalog for UE-V 2](http://technet.microsoft.com/library/dn458942.aspx#deploycatalogue). +- **Registering template via Template Catalog Path**. If you use the Settings Template Catalog Path to manage templates on users’ computers, copy the Office 2013 template into the folder defined in the UE-V Agent. The next time the Template Auto Update (ApplySettingsCatalog.exe) scheduled task runs, the settings location template will be registered on the device. For more information, see [Deploying the Settings Template Catalog for UE-V 2](https://technet.microsoft.com/library/dn458942.aspx#deploycatalogue). - **Registering template via Configuration Manager**. If you use Configuration Manager to manage your UE-V settings storage templates, then recreate the Template Baseline CAB, import it into Configuration Manager, and then deploy the baseline to your clients. For more information, see the guidance provided in the documentation for the [System Center 2012 Configuration Pack for Microsoft User Experience Virtualization 2](https://go.microsoft.com/fwlink/?LinkId=317263). diff --git a/mdop/uev-v2/whats-new-in-ue-v-21-new-uevv2.md b/mdop/uev-v2/whats-new-in-ue-v-21-new-uevv2.md index ae5cac69a9..881a2d0c8b 100644 --- a/mdop/uev-v2/whats-new-in-ue-v-21-new-uevv2.md +++ b/mdop/uev-v2/whats-new-in-ue-v-21-new-uevv2.md @@ -34,7 +34,7 @@ To enable settings synchronization using UE-V 2.1, do one of the following: - Do not enable the Office 365 synchronization experience during Office 2013 installation -UE-V 2.1 ships [Office 2013 and Office 2010 templates](http://technet.microsoft.com/library/dn458932.aspx#autosyncsettings). This release removes the Office 2007 templates. Users can still use Office 2007 templates from UE-V 2.0 or earlier and can still get the templates from the UE-V template gallery located [here](https://go.microsoft.com/fwlink/p/?LinkID=246589). +UE-V 2.1 ships [Office 2013 and Office 2010 templates](https://technet.microsoft.com/library/dn458932.aspx#autosyncsettings). This release removes the Office 2007 templates. Users can still use Office 2007 templates from UE-V 2.0 or earlier and can still get the templates from the UE-V template gallery located [here](https://go.microsoft.com/fwlink/p/?LinkID=246589). ## Fix for Distributed File System Namespace Users @@ -50,7 +50,7 @@ Set-UevConfiguration -DisableSyncProviderPing ## Synchronization for Credentials -UE-V 2.1 gives customers the ability to synchronize credentials and certificates stored in the Windows Credential Manager. This component is disabled by default. Enabling this component lets users keep their domain credentials and certificates in sync. Users can sign in one time on a device, and these credentials will roam for that user across all of their UE-V enabled devices. [Manage Credentials with UE-V 2.1](http://technet.microsoft.com/library/dn458932.aspx#creds) provides more information. +UE-V 2.1 gives customers the ability to synchronize credentials and certificates stored in the Windows Credential Manager. This component is disabled by default. Enabling this component lets users keep their domain credentials and certificates in sync. Users can sign in one time on a device, and these credentials will roam for that user across all of their UE-V enabled devices. [Manage Credentials with UE-V 2.1](https://technet.microsoft.com/library/dn458932.aspx#creds) provides more information. **Note**   In Windows 8 and later, Credential Manager contains web credentials. These credentials are not synchronized between users’ devices. @@ -65,12 +65,12 @@ UE-V detects if “Sync settings with OneDrive”, also known as Microsoft Accou ## Support for the SyncMethod External -A new [SyncMethod configuration](http://technet.microsoft.com/library/dn554321.aspx) called **External** specifies that if UE-V settings are written to a local folder on the user computer, then any external sync engine (such as OneDrive for Business, Work Folders, Sharepoint, or Dropbox) can be used to apply these settings to the different computers that users access. +A new [SyncMethod configuration](https://technet.microsoft.com/library/dn554321.aspx) called **External** specifies that if UE-V settings are written to a local folder on the user computer, then any external sync engine (such as OneDrive for Business, Work Folders, Sharepoint, or Dropbox) can be used to apply these settings to the different computers that users access. ## Enhanced Support for VDI Mode -UE-V 2.1 includes [support for VDI sessions](http://technet.microsoft.com/library/dn458932.aspx#vdi) that are shared among end users. As an administrator, you can register and configure a special VDI template, which ensures that UE-V keeps all of its functionality intact for non-persistent VDI sessions. +UE-V 2.1 includes [support for VDI sessions](https://technet.microsoft.com/library/dn458932.aspx#vdi) that are shared among end users. As an administrator, you can register and configure a special VDI template, which ensures that UE-V keeps all of its functionality intact for non-persistent VDI sessions. **Note**   If you do not enable VDI mode for non-persistent VDI sessions, certain features do not work, such as back-up/restore and LKG. diff --git a/mdop/uev-v2/whats-new-in-ue-v-21-sp1uevv21-sp1.md b/mdop/uev-v2/whats-new-in-ue-v-21-sp1uevv21-sp1.md index 6cb5d4878e..6677e1864c 100644 --- a/mdop/uev-v2/whats-new-in-ue-v-21-sp1uevv21-sp1.md +++ b/mdop/uev-v2/whats-new-in-ue-v-21-sp1uevv21-sp1.md @@ -73,7 +73,7 @@ To enable settings synchronization using UE-V 2.1, do one of the following: - Do not enable the Office 365 synchronization experience during Office 2013 installation -UE-V 2.1 ships [Office 2013 and Office 2010 templates](http://technet.microsoft.com/library/dn458932.aspx#autosyncsettings). This release removes the Office 2007 templates. Users can still use Office 2007 templates from UE-V 2.0 or earlier and can still get the templates from the UE-V template gallery located [here](https://go.microsoft.com/fwlink/p/?LinkID=246589). +UE-V 2.1 ships [Office 2013 and Office 2010 templates](https://technet.microsoft.com/library/dn458932.aspx#autosyncsettings). This release removes the Office 2007 templates. Users can still use Office 2007 templates from UE-V 2.0 or earlier and can still get the templates from the UE-V template gallery located [here](https://go.microsoft.com/fwlink/p/?LinkID=246589). ## Got a suggestion for UE-V? diff --git a/mdop/uev-v2/working-with-custom-ue-v-2x-templates-and-the-ue-v-2x-generator-new-uevv2.md b/mdop/uev-v2/working-with-custom-ue-v-2x-templates-and-the-ue-v-2x-generator-new-uevv2.md index b08324cf77..1bfb3b6b04 100644 --- a/mdop/uev-v2/working-with-custom-ue-v-2x-templates-and-the-ue-v-2x-generator-new-uevv2.md +++ b/mdop/uev-v2/working-with-custom-ue-v-2x-templates-and-the-ue-v-2x-generator-new-uevv2.md @@ -108,7 +108,7 @@ If you edit a UE-V 1.0 template by using the UE-V 2 Generator, the template is a 2. Open the settings location template file with an XML editor. -3. Edit the settings location template file. All changes must conform to the UE-V schema file that is defined in [SettingsLocationTempate.xsd](http://technet.microsoft.com/library/dn763947.aspx). By default, a copy of the .xsd file is located in \\ProgramData\\Microsoft\\UEV\\Templates. +3. Edit the settings location template file. All changes must conform to the UE-V schema file that is defined in [SettingsLocationTempate.xsd](https://technet.microsoft.com/library/dn763947.aspx). By default, a copy of the .xsd file is located in \\ProgramData\\Microsoft\\UEV\\Templates. 4. Increment the **Version** number for the settings location template. diff --git a/smb/breadcrumb/toc.yml b/smb/breadcrumb/toc.yml index 08883fd504..3fc3bfeaee 100644 --- a/smb/breadcrumb/toc.yml +++ b/smb/breadcrumb/toc.yml @@ -4,7 +4,7 @@ items: - name: Windows tocHref: /windows - topicHref: https://docs.microsoft.com/en-us/windows/#pivot=it-pro + topicHref: https://docs.microsoft.com/windows/#pivot=it-pro items: - name: SMB tocHref: /windows/smb diff --git a/smb/cloud-mode-business-setup.md b/smb/cloud-mode-business-setup.md index 4aeb7727cb..db464151f8 100644 --- a/smb/cloud-mode-business-setup.md +++ b/smb/cloud-mode-business-setup.md @@ -147,7 +147,7 @@ When adding users, you can also assign admin privileges to certain users in your ![Verify users and assigned product licenses](images/o365_active_users.png) ### 1.3 Add Microsoft Intune -Microsoft Intune provides mobile device management, app management, and PC management capabilities from the cloud. Using Intune, organizations can provide their employees with access to apps, data, and corporate resources from anywhere on almost any device while helping to keep corporate information secure. To learn more, see What is Intune? +Microsoft Intune provides mobile device management, app management, and PC management capabilities from the cloud. Using Intune, organizations can provide their employees with access to apps, data, and corporate resources from anywhere on almost any device while helping to keep corporate information secure. To learn more, see What is Intune? **To add Microsoft Intune to your tenant** @@ -202,9 +202,9 @@ Microsoft Azure is an open and flexible cloud platform that enables you to quick This will take you to the Microsoft Azure portal. ### 1.5 Add groups in Azure AD -This section is the walkthrough is optional. However, we recommend that you create groups in Azure AD to manage access to corporate resources, such as apps, policies and settings, and so on. For more information, see Managing access to resources with Azure Active Directory groups. +This section is the walkthrough is optional. However, we recommend that you create groups in Azure AD to manage access to corporate resources, such as apps, policies and settings, and so on. For more information, see Managing access to resources with Azure Active Directory groups. -To add Azure AD group(s), we will use the classic Azure portal (https://manage.windowsazure.com). See Managing groups in Azure Active Directory for more information about managing groups. +To add Azure AD group(s), we will use the classic Azure portal (https://manage.windowsazure.com). See Managing groups in Azure Active Directory for more information about managing groups. **To add groups in Azure AD** @@ -297,7 +297,7 @@ In this part of the walkthrough, we'll be working on the Microsoft Intune management portal, select **Admin**. -2. In the **Administration** workspace, click **Mobile Device Management**. If this is the first tiem you're using the portal, click **manage mobile devices** in the **Mobile Device Management** window. The page will refresh and you'll have new options under **Mobile Device Management**. +2. In the **Administration** workspace, click **Mobile Device Management**. If this is the first item you're using the portal, click **manage mobile devices** in the **Mobile Device Management** window. The page will refresh and you'll have new options under **Mobile Device Management**. **Figure 24** - Mobile device management @@ -376,7 +376,7 @@ If you need to sync your most recently purchased apps and have it appear in your - In the Intune management portal, select **Apps > Apps** and then choose **Volume-Purchased Apps** to see the list of available apps. Verify that the apps you purchased were imported correctly. **To add more apps** -- If you have other apps that you want to deploy or manage, you must add it to Microsoft Intune. To deploy Win32 apps and Web links, see Add apps for enrolled devices to Intune for more info on how to do this. +- If you have other apps that you want to deploy or manage, you must add it to Microsoft Intune. To deploy Win32 apps and Web links, see Add apps for enrolled devices to Intune for more info on how to do this. ## 2. Set up devices @@ -433,7 +433,7 @@ In the Intune management 2. Log in to the Intune management portal. 3. Select **Groups** and then go to **Devices**. 4. In the **All Devices** page, look at the list of devices and select the entry that matches the name of your PC. - - Check that the device name appears in the list. Select the device and it will also show the user that's currently logged in in the **General Information** section. + - Check that the device name appears in the list. Select the device and it will also show the current logged-in user in the **General Information** section. - Check the **Management Channel** column and confirm that it says **Managed by Microsoft Intune**. - Check the **AAD Registered** column and confirm that it says **Yes**. @@ -442,7 +442,7 @@ In the Intune management ![Check that the device appears in Intune](images/intune_groups_devices_list.png) ## 3. Manage device settings and features -You can use Microsoft Intune admin settings and policies to manage features on your organization's mobile devices and computers. For more info, see [Manage settings and features on your devices with Microsoft Intune policies](https://docs.microsoft.com/en-us/intune/deploy-use/manage-settings-and-features-on-your-devices-with-microsoft-intune-policies). +You can use Microsoft Intune admin settings and policies to manage features on your organization's mobile devices and computers. For more info, see [Manage settings and features on your devices with Microsoft Intune policies](https://docs.microsoft.com/intune/deploy-use/manage-settings-and-features-on-your-devices-with-microsoft-intune-policies). In this section, we'll show you how to reconfigure app deployment settings and add a new policy that will disable the camera for the Intune-managed devices and turn off Windows Hello and PINs during setup. @@ -569,14 +569,14 @@ See [Add users to Office 365](https://support.office.com/en-us/article/Add-users To learn more about the services and tools mentioned in this walkthrough, and learn what other tasks you can do, follow these links: - Set up Office 365 for business - Common admin tasks in Office 365 including email and OneDrive in Manage Office 365 -- More info about managing devices, apps, data, troubleshooting, and more in Intune documentation +- More info about managing devices, apps, data, troubleshooting, and more in Intune documentation - Learn more about Windows 10 in Windows 10 guide for IT pros -- Info about distributing apps to your employees, managing apps, managing settings, and more in Microsoft Store for Business +- Info about distributing apps to your employees, managing apps, managing settings, and more in Microsoft Store for Business ### For information workers Whether it's in the classroom, getting the most out of your devices, or learning some of the cool things you can do, we've got teachers covered. Follow these links for more info: - Office help and training -- Windows 10 help +- Windows 10 help ## Related topics diff --git a/store-for-business/TOC.md b/store-for-business/TOC.md index 9709bdc21e..d383fa3117 100644 --- a/store-for-business/TOC.md +++ b/store-for-business/TOC.md @@ -24,6 +24,7 @@ ### [Manage Windows device deployment with Windows Autopilot Deployment](add-profile-to-devices.md) ### [Microsoft Store for Business and Education PowerShell module - preview](microsoft-store-for-business-education-powershell-module.md) ### [Manage software purchased with Microsoft Products and Services agreement in Microsoft Store for Business](manage-mpsa-software-microsoft-store-for-business.md) +### [Working with solution providers in Microsoft Store for Business](work-with-partner-microsoft-store-business.md) ## [Device Guard signing portal](device-guard-signing-portal.md) ### [Add unsigned app to code integrity policy](add-unsigned-app-to-code-integrity-policy.md) ### [Sign code integrity policy with Device Guard signing](sign-code-integrity-policy-with-device-guard-signing.md) diff --git a/store-for-business/acquire-apps-microsoft-store-for-business.md b/store-for-business/acquire-apps-microsoft-store-for-business.md index 4815821e0a..cf51aab7e8 100644 --- a/store-for-business/acquire-apps-microsoft-store-for-business.md +++ b/store-for-business/acquire-apps-microsoft-store-for-business.md @@ -7,7 +7,7 @@ ms.sitesec: library ms.pagetype: store author: TrudyHa ms.author: TrudyHa -ms.date: 11/01/2017 +ms.date: 10/23/2018 ms.topic: conceptual ms.localizationpriority: medium --- @@ -43,22 +43,31 @@ There are a couple of things we need to know when you pay for apps. You can add **To manage Allow users to shop setting** 1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com) -2. Click **Manage**, and then click **Settings**. -3. On **Shop**, turn on or turn off **Allow users to shop**. +2. Select **Manage**, and then select **Settings**. +3. On **Shop**, , under **Shopping behavior**, turn on or turn off **Allow users to shop**. ![manage settings to control Basic Purchaser role assignment](images/sfb-allow-shop-setting.png) +## Allow app requests + +People in your org can request license for apps that they need, or that others need. When **Allow app requests** is turned on, app requests are sent to org admins. Admins for your tenant will receive an email with the request, and can decide about making the purchase. + +**To manage Allow app requests** +1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com) +2. Select **Manage**, and then select **Settings**. +3. On **Shop**, under **Shopping behavior** turn on or turn off **Allow app requests**. + ## Acquire apps **To acquire an app** 1. Sign in to http://businessstore.microsoft.com -2. Click **Shop**, or use Search to find an app. -3. Click the app you want to purchase. +2. Select **Shop for my group**, or use Search to find an app. +3. Select the app you want to purchase. 4. On the product description page, choose your license type - either online or offline. -5. Free apps will be added to **Products & services**. For apps with a price, you can set the quantity you want to buy. Type the quantity and click **Next**. -6. If you don’t have a payment method saved in **Billing - Payment methods**, we will prompt you for one. -7. Add your credit card or debit card info, and click **Next**. Your card info is saved as a payment option on **Billing - Payment methods**. +5. Free apps will be added to **Products & services**. For apps with a price, you can set the quantity you want to buy. Type the quantity and select **Next**. +6. If you don’t have a payment method saved in **Billing & payments**, we will prompt you for one. +7. Add your credit card or debit card info, and select **Next**. Your card info is saved as a payment option on **Billing & payments - Payment methods**. -You’ll also need to have your business address saved on **Billing - Account profile**. The address is used to generate tax rates. For more information on taxes for apps, see [organization tax information](https://docs.microsoft.com/microsoft-store/update-microsoft-store-for-business-account-settings#organization-tax-information). +You’ll also need to have your business address saved on **My organization - Profile**. The address is used to generate tax rates. For more information on taxes for apps, see [organization tax information](https://docs.microsoft.com/microsoft-store/update-microsoft-store-for-business-account-settings#organization-tax-information). Microsoft Store adds the app to your inventory. From **Products & services**, you can: - Distribute the app: add to private store, or assign licenses @@ -67,12 +76,4 @@ Microsoft Store adds the app to your inventory. From **Products & services**, yo For info on distributing apps, see [Distribute apps to your employees from the Microsoft Store for Business](distribute-apps-to-your-employees-microsoft-store-for-business.md). -For info on offline-licensed apps, see [Distribute offline apps](distribute-offline-apps.md). - -## Request apps -People in your org can request additional licenses for apps that are in your organization's private store. When **Allow app requests** is turned on, people in your org can respond to a notification about app license availability. Admins for your tenant will receive an email with the request, and can decide about making the purchase. - -**To manage Allow app requests** -1. Sign in to http://businessstore.microsoft.com -2. Click **Manage**, click **Settings**, and then click **Distribute**. -3. Under **Private store** turn on, or turn off **Allow app requests**. \ No newline at end of file +For info on offline-licensed apps, see [Distribute offline apps](distribute-offline-apps.md). \ No newline at end of file diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md index 8c447d9f6a..dbd5c9acfb 100644 --- a/store-for-business/add-profile-to-devices.md +++ b/store-for-business/add-profile-to-devices.md @@ -1,6 +1,6 @@ --- title: Manage Windows device deployment with Windows Autopilot Deployment -description: Add an Autopilot profile to devices. Autopilot profiles control what is included in Windows set up experience for your employees. +description: Add an Autopilot profile to devices. Autopilot profiles control what is included in Windows set up experience for your employees. ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library @@ -24,44 +24,44 @@ Watch this video to learn more about Windows Autopilot in Micrsoft Store for Bus > [!video https://www.microsoft.com/en-us/videoplayer/embed/3b30f2c2-a3e2-4778-aa92-f65dbc3ecf54?autoplay=false] ## What is Windows Autopilot? -In Microsoft Store for Business, you can manage devices for your organization and apply an *Autopilot deployment profile* to your devices. When people in your organization run the out-of-box experience on the device, the profile configures Windows based on the Autopilot deployment profile you applied to the device. +In Microsoft Store for Business, you can manage devices for your organization and apply an *Autopilot deployment profile* to your devices. When people in your organization run the out-of-box experience on the device, the profile configures Windows based on the Autopilot deployment profile you applied to the device. -You can create and apply Autopilot deployment profiles to these devices. The overall process looks like this. +You can create and apply Autopilot deployment profiles to these devices. The overall process looks like this. ![Block diagram with main steps for using Autopilot in Microsoft Store for Business: upload device list; group devices (this step is optional); add profile; and apply profile.](images/autopilot-process.png) Figure 1 - Windows Autopilot Deployment Program process -Autopilot deployment profiles have two main parts: default settings that can't be changed, and optional settings that you can include. +Autopilot deployment profiles have two main parts: default settings that can't be changed, and optional settings that you can include. ### Autopilot deployment profiles - default settings These settings are configured with all Autopilot deployment profiles: - Skip Cortana, OneDrive, and OEM registration setup pages - Automatically setup for work or school -- Sign in experience with company or school brand +- Sign in experience with company or school brand ### Autopilot deployment profiles - optional settings These settings are off by default. You can turn them on for your Autopilot deployment profiles: - Skip privacy settings ### Support for Autopilot profile settings -Autopilot profile settings are supported beginning with the version of Windows they were introduced in. This table summarizes the settings and what they are supported on. +Autopilot profile settings are supported beginning with the version of Windows they were introduced in. This table summarizes the settings and what they are supported on. | Setting | Supported on | | ------- | ------------- | | Deployment default features| Windows 10, version 1703 or later | | Skip privacy settings | Windows 10, version 1703 or later | -| Disable local admin account creation on the device | Windows 10, version 1703 or later | +| Disable local admin account creation on the device | Windows 10, version 1703 or later | | Skip End User License Agreement (EULA) | Windows 10, version 1709 or later.
    [Learn about Windows Autopilot EULA dismissal](https://docs.microsoft.com/windows/deployment/Windows-Autopilot-EULA-note) | ## Windows Autopilot deployment profiles in Microsoft Store for Business and Education You can manage new devices in Microsoft Store for Business or Microsoft Store for Education. Devices need to meet these requirements: - Windows 10, version 1703 or later -- New devices that have not been through Windows out-of-box experience. +- New devices that have not been through Windows out-of-box experience. ## Add devices and apply Autopilot deployment profile -To manage devices through Microsoft Store for Business and Education, you'll need a .csv file that contains specific information about the devices. You should be able to get this from your Microsoft account contact, or the store where you purchased the devices. Upload the .csv file to Microsoft Store to add the devices. +To manage devices through Microsoft Store for Business and Education, you'll need a .csv file that contains specific information about the devices. You should be able to get this from your Microsoft account contact, or the store where you purchased the devices. Upload the .csv file to Microsoft Store to add the devices. ### Device information file format Columns in the device information file need to use this naming and be in this order: @@ -73,61 +73,61 @@ Here's a sample device information file: ![Notepad file showing example entries for Column A (Device Serial Number), Column B (Windows Product ID), and Column C (Hardware Hash).](images/msfb-autopilot-csv.png) -When you add devices, you need to add them to an *Autopilot deployment group*. Use these groups to apply Autopilot deployment profiles to a group of devices. The first time you add devices to a group, you'll need to create an Autopilot deployment group. +When you add devices, you need to add them to an *Autopilot deployment group*. Use these groups to apply Autopilot deployment profiles to a group of devices. The first time you add devices to a group, you'll need to create an Autopilot deployment group. > [!NOTE] -> You can only add devices to a group when you add devices to **Microsoft Store for Business and Education**. If you decide to reorganize devices into different groups, you'll need to delete them from **Devices** in **Microsoft Store**, and add them again. +> You can only add devices to a group when you add devices to **Microsoft Store for Business and Education**. If you decide to reorganize devices into different groups, you'll need to delete them from **Devices** in **Microsoft Store**, and add them again. **Add and group devices** -1. Sign in to [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). +1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). 2. Click **Manage**, and then click **Devices**. -3. Click **Add devices**, navigate to the *.csv file and select it. +3. Click **Add devices**, navigate to the *.csv file and select it. 4. Type a name for a new Autopilot deployment group, or choose one from the list, and then click **Add**.
    -If you don't add devices to a group, you can select the individual devices to apply a profile to.
    +If you don't add devices to a group, you can select the individual devices to apply a profile to.
    ![Screenshot of Add devices to a group dialog. You can create a new group, or select a current group.](images/add-devices.png)
    - -5. Click the devices or Autopilot deployment group that you want to manage. You need to select devices before you can apply an Autopilot deployment profile. You can switch between seeing groups or devices by clicking **View groups** or **View devices**. + +5. Click the devices or Autopilot deployment group that you want to manage. You need to select devices before you can apply an Autopilot deployment profile. You can switch between seeing groups or devices by clicking **View groups** or **View devices**. **Apply Autopilot deployment profile** -1. When you have devices selected, click **Autopilot deployment**. +1. When you have devices selected, click **Autopilot deployment**. 2. Choose the Autopilot deployment profile to apply to the selected devices. - + > [!NOTE] > The first time you use Autopilot deployment profiles, you'll need to create one. See [Create Autopilot profile](#create-autopilot-profile). - + 3. Microsoft Store for Business applies the profile to your selected devices, and shows the profile name on **Devices**. ## Manage Autopilot deployment profiles -You can manage the Autopilot deployment profiles created in Microsoft Store. You can create a new profile, edit, or delete a profile. +You can manage the Autopilot deployment profiles created in Microsoft Store. You can create a new profile, edit, or delete a profile. ### Create Autopilot profile -1. Sign in to [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). +1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). 2. Click **Manage**, and then click **Devices**. -3. Click **Autopilot deployment**, and then click **Create new profile**. +3. Click **Autopilot deployment**, and then click **Create new profile**. 4. Name the profile, choose the settings to include, and then click **Create**.
    -The new profile is added to the **Autopilot deployment** list. +The new profile is added to the **Autopilot deployment** list. ### Edit or delete Autopilot profile -1. Sign in to [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). +1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). 2. Click **Manage**, and then click **Devices**. 3. Click **Autopilot deployment**, click **Edit your profiles**, and then choose the profile to edit. TBD: art -4. Change settings for the profile, and then click **Save**.
    +4. Change settings for the profile, and then click **Save**.
    -or-
    -Click **Delete profile** to delete the profile. +Click **Delete profile** to delete the profile. ## Apply a different Autopilot deployment profile to devices -After you've applied an Autopilot deployment profile to a device, if you decide to apply a different profile, you can remove the profile and apply a new profile. +After you've applied an Autopilot deployment profile to a device, if you decide to apply a different profile, you can remove the profile and apply a new profile. > [!NOTE] -> The new profile will only be applied if the device has not been started, and gone through the out-of-box experience. Settings from a different profile can't be applied when another profile has been applied. Windows would need to be reinstalled on the device for the second profile to be applied to the device. +> The new profile will only be applied if the device has not been started, and gone through the out-of-box experience. Settings from a different profile can't be applied when another profile has been applied. Windows would need to be reinstalled on the device for the second profile to be applied to the device. ## Autopilot device information file error messages -Here's info on some of the errors you might see while working with Autopilot deployment profiles in **Microsoft Store for Business and Education**. +Here's info on some of the errors you might see while working with Autopilot deployment profiles in **Microsoft Store for Business and Education**. -| Message Id | Message explanation | +| Message Id | Message explanation | | ---------- | ------------------- | | wadp001 | Check your file, or ask your device partner for a complete .csv file. This file is missing Serial Number and Product Id info. | | wadp002 | Check your file, or ask your device partner for updated hardware hash info in the .csv file. Hardware hash info is invalid in the current .csv file. | diff --git a/store-for-business/add-unsigned-app-to-code-integrity-policy.md b/store-for-business/add-unsigned-app-to-code-integrity-policy.md index 247ff479fa..4ffb3b7e72 100644 --- a/store-for-business/add-unsigned-app-to-code-integrity-policy.md +++ b/store-for-business/add-unsigned-app-to-code-integrity-policy.md @@ -86,7 +86,7 @@ Catalog signing is a vital step to adding your unsigned apps to your code integr **To sign a catalog file with Device Guard signing portal** -1. Sign in to the [Microsoft Store for Business](http://businessstore.microsoft.com) or [Store for Education](https://educationstore.microsoft.com). +1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com) or [Store for Education](https://educationstore.microsoft.com). 2. Click **Settings**, click **Store settings**, and then click **Device Guard**. 3. Click **Upload** to upload your unsigned catalog files. These are the catalog files you created earlier in [Create catalog files for your unsigned app](#create-catalog-files). 4. After the files are uploaded, click **Sign** to sign the catalog files. @@ -94,7 +94,7 @@ Catalog signing is a vital step to adding your unsigned apps to your code integr - signed catalog file - default policy - root certificate for your organization - + When you use the Device Guard signing portal to sign a catalog file, the signing certificate is added to the default policy. When you download the signed catalog file, you should also download the default policy and merge this code integrity policy with your existing code integrity policies to protect machines running the catalog file. You need to do this step to trust and run your catalog files. For more information, see the Merging code integrity policies in the [Device Guard deployment guide](https://docs.microsoft.com/windows/device-security/device-guard/device-guard-deployment-guide). 6. Open the root certificate that you downloaded, and follow the steps in **Certificate Import wizard** to install the certificate in your machine's certificate store. diff --git a/store-for-business/app-inventory-management-microsoft-store-for-business.md b/store-for-business/app-inventory-management-microsoft-store-for-business.md index b15ad00612..e3c4b43dac 100644 --- a/store-for-business/app-inventory-management-microsoft-store-for-business.md +++ b/store-for-business/app-inventory-management-microsoft-store-for-business.md @@ -9,7 +9,7 @@ ms.pagetype: store author: TrudyHa ms.author: TrudyHa ms.topic: conceptual -ms.date: 06/07/2018 +ms.date: 10/23/2018 --- # App inventory management for Microsoft Store for Business and Education @@ -19,7 +19,7 @@ ms.date: 06/07/2018 - Windows 10 - Windows 10 Mobile -You can manage all apps that you've acquired on your **Apps & software** page. This page shows all of the content you've acquired, including apps that from Microsoft Store, and line-of-business (LOB) apps that you've accepted into your inventory. After LOB apps are submitted to your organization, you'll see a notification on your **Apps & software** page. On the **New LOB apps** tab, you can accept, or reject the LOB apps. For more information on LOB apps, see [Working with line-of-business apps](working-with-line-of-business-apps.md). The inventory page includes apps acquired by all people in your organization with the Store for Business Admin role. +You can manage all apps that you've acquired on your **Apps & software** page. This page shows all of the content you've acquired, including apps that from Microsoft Store, and line-of-business (LOB) apps that you've accepted into your inventory. After LOB apps are submitted to your organization, you'll see a notification on your **Apps & software** page. On the **New LOB apps** tab, you can accept, or reject the LOB apps. For more information on LOB apps, see [Working with line-of-business apps](working-with-line-of-business-apps.md). The inventory page includes apps acquired by all people in your organization with the Store for Business Admin role. All of these apps are treated the same once they are in your inventory and you can perform app lifecycle tasks for them: distribute apps, add apps to private store, review license details, and reclaim app licenses. @@ -40,7 +40,7 @@ The last modified date tracks changes about the app as an item in your inventory - Reclaim license - Refund order (applies to purchased apps, not free apps) -The last modified date does not correspond to when an app was last updated in Microsoft Store. It tracks activity for that app, as an item in your inventory. +The last modified date does not correspond to when an app was last updated in Microsoft Store. It tracks activity for that app, as an item in your inventory. ## Find apps in your inventory @@ -51,8 +51,8 @@ There are a couple of ways to find specific apps, or groups of apps in your inve - **License type** - Online or offline licenses. For more info, see [Apps in Microsoft Store for Business](apps-in-microsoft-store-for-business.md#licensing-model). - **Supported devices** - Lists the devices that apps in your inventory were originally written to support. This list is cumulative for all apps in your inventory. - **Source** - **Store**, for apps acquired from Store for Business, or LOB, for line-of-business apps. -- **Product type** - Product categories, such as app, or game. -- **Private store** - Whether or not the app is in the private store, or status if the app is being added or removed from private store. +- **Product type** - Product categories, such as app, or game. +- **Private store** - Whether or not the app is in the private store, or status if the app is being added or removed from private store. ## Manage apps in your inventory Each app in the Store for Business has an online, or an offline license. For more information on Store for Business licensing model, see [Apps in the Microsoft Store for Business](apps-in-microsoft-store-for-business.md#licensing-model). There are different actions you can take depending on the app license type. They're summarized in this table. @@ -68,16 +68,26 @@ Each app in the Store for Business has an online, or an offline license. For mor The actions in the table are how you distribute apps, and manage app licenses. We'll cover those in the next sections. Working with offline-licensed apps has different steps. For more information on distributing offline-licensed apps, see [Distribute offline apps](distribute-offline-apps.md). -## Distribute apps +## Assign apps +For online-licensed apps, you can assign apps directly to people in your organization. -For online-licensed apps, there are a couple of ways to distribute apps from your inventory: -- Assign apps to people in your organization. -- Add apps to your private store, and let people in your organization install the app. +**To assign an app to an employee** -If you use a management tool that supports Microsoft Store, you can distribute apps with your management tool. Once it is configured to work with Store for Business, your managment tool will have access to all apps in your inventory. For more information, see [Distribute apps with a management tool](distribute-apps-with-management-tool.md). +1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://businessstore.microsoft.com). +2. Click **Manage**, and then choose **Inventory**. +3. Find an app, click the ellipses, and then choose **Assign to people**. +4. Type the email address for the employee that you're assigning the app to, and click **Confirm**. +Employees will receive an email with a link that will install the app on their device. Click the link to start the Microsoft Store app, and then click **Install**. Also, in the Microsoft Store app, they can find the app under **My Library**. + +There are other options for distributing apps: +- **Use a management tool** - If you use a management tool that supports Microsoft Store, you can distribute apps with your management tool. Once it is configured to work with Store for Business, your managment tool will have access to all apps in your inventory. For more information, see [Distribute apps with a management tool](distribute-apps-with-management-tool.md). +- **Distribute from private store** - You can also add apps to your private store, and let people get them on their own. For more information, see [Distribute apps from private store](#distribute-apps-from-private-store) + +## Distribute apps from private store Once an app is in your private store, people in your org can install the app on their devices. For more information, see [Distribute apps using your private store](distribute-apps-from-your-private-store.md). +### Add apps to your private store **To make an app in Apps & software available in your private store** 1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://businessstore.microsoft.com). @@ -88,6 +98,7 @@ Once an app is in your private store, people in your org can install the app on The value under **Private store** for the app will change to pending. It will take approximately thirty-six hours before the app is available in the private store. Employees can claim apps that admins added to the private store by doing the following. +### Get and remove private store apps **To claim an app from the private store** 1. Sign in to your computer with your Azure Active Directory (AD) credentials, and start the Microsoft Store app. @@ -99,22 +110,28 @@ Another way to distribute apps is by assigning them to people in your organizati If you decide that you don't want an app available for employees to install on their own, you can remove it from your private store. **To remove an app from the private store** - -1. Sign in to the [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://businessstore.microsoft.com). + +1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://businessstore.microsoft.com). 2. Click **Manage**, and then choose **Products & services**. 3. Find an app, click the ellipses, choose **Remove from private store**, and then click **Remove**. -4. Choose the private store collection, and then under **In collection**, switch to **Off**. +4. Choose the private store collection, and then under **In collection**, switch to **Off**. -The app will still be in your inventory, but your employees will not have access to the app from your private store. +The app will still be in your inventory, but your employees will not have access to the app from your private store. -**To assign an app to an employee** +### Private store availability +On the details page for each app, you can directly assign an app to a user, or for apps in your private store, you can set **Private store availability**. -1. Sign in to the [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://businessstore.microsoft.com). -2. Click **Manage**, and then choose **Inventory**. -3. Find an app, click the ellipses, and then choose **Assign to people**. -4. Type the email address for the employee that you're assigning the app to, and click **Confirm**. +**Private store availability** allows you to choose which groups of people can see an app in the private store: +- No one - The app isn't in your private store +- Everyone - The app is available to anyone in your organization +- Specific groups - The app is available to all users in assigned security groups -Employees will receive an email with a link that will install the app on their device. Click the link to start the Microsoft Store app, and then click **Install**. Also, in the Microsoft Store app, they can find the app under **My Library**. +**To assign security groups to an app** +1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://businessstore.microsoft.com). +2. Click **Manage**, and then choose **Products & services**. +3. Find an app, choose the ellipses, and then choose **View license details**. +4. Click **Private store availability**, select **Specific groups**, and then click **Assign groups**. +5. Enter a name or email address for the security group you want to use, and then click **Add groups**. ## Manage app licenses @@ -123,9 +140,9 @@ For each app in your inventory, you can view and manage license details. This gi **To view license details** 1. Sign in to [Microsoft Store for Business](https://go.microsoft.com/fwlink/p/?LinkId=691845) or [Microsoft Store for Education](https://businessstore.microsoft.com). -2. Click **Manage**, and then choose **Apps & software**. -3. Click an app you want to manage. -4. On the app page, you'll see the names of people in your organization who have installed the app and are using one of the licenses. From here, you can: +2. Click **Manage**, and then choose **Products & services**. +3. Click an app you want to manage. +4. On the app details page, you'll see the names of people in your organization who have installed the app and are using one of the licenses. From here, you can: - Assign the app to other people in your organization. - Reclaim app licenses. @@ -147,16 +164,16 @@ Microsoft Store updates the list of assigned licenses. Microsoft Store updates the list of assigned licenses. ## Purchase additional licenses -You can purchase additional licenses for apps in your Inventory. +You can purchase additional licenses for apps in your Inventory. **To purchase additional app licenses** 1. Sign in to [Microsoft Store for Business](https://go.microsoft.com/fwlink/p/?LinkId=691845) or [Microsoft Store for Education](https://businessstore.microsoft.com) 2. Click **Manage**, and then choose **Apps & software**. -3. From **Apps & software**, click an app. -4. On the app page, click **Buy more** for additional licenses, or click **Assign users** to manage your current licenses. +3. From **Apps & software**, click an app. +4. On the app page, click **Buy more** for additional licenses, or click **Assign users** to manage your current licenses. -You'll have a summary of current license availability. +You'll have a summary of current license availability. ## Download offline-licensed app Offline licensing is a new feature in Windows 10 and allows apps to be deployed to devices that are not connected to the Internet. This means organizations can deploy apps when users or devices do not have connectivity to the Store. @@ -171,9 +188,9 @@ For more information about online and offline licenses, see [Apps in the Microso For more information about downloading offline-licensed apps, see [Download offline apps](distribute-offline-apps.md). -## Manage products programmatically +## Manage products programmatically -Microsoft Store for Business and Education provides a set of Admin management APIs. If you orgranization develops scripts or tools, these APIs allow Admins to programmatically manage items in **Apps & software**. For more information, see [REST API reference for Microsoft Store for Business](https://docs.microsoft.com/windows/client-management/mdm/rest-api-reference-windows-store-for-business). +Microsoft Store for Business and Education provides a set of Admin management APIs. If you orgranization develops scripts or tools, these APIs allow Admins to programmatically manage items in **Apps & software**. For more information, see [REST API reference for Microsoft Store for Business](https://docs.microsoft.com/windows/client-management/mdm/rest-api-reference-windows-store-for-business). You can download a preview PoweShell script that uses REST APIs. The script is available from PowerShell Gallery. You can use to the script to: - View items in inventory (**Apps & software**) @@ -181,4 +198,4 @@ You can download a preview PoweShell script that uses REST APIs. The script is a - Perform bulk options using .csv files - this automates license management for customers with large numbers of licenses > [!NOTE] -> The Microsoft Store for Business and Education Admin role is required to manage products and to use the MSStore module. This requires advanced knowledge of PowerShell. \ No newline at end of file +> The Microsoft Store for Business and Education Admin role is required to manage products and to use the MSStore module. This requires advanced knowledge of PowerShell. \ No newline at end of file diff --git a/store-for-business/apps-in-microsoft-store-for-business.md b/store-for-business/apps-in-microsoft-store-for-business.md index 3e9934ad89..1abad24d9a 100644 --- a/store-for-business/apps-in-microsoft-store-for-business.md +++ b/store-for-business/apps-in-microsoft-store-for-business.md @@ -67,7 +67,7 @@ Distribution options for online-licensed apps include the ability to: - Distribute through a management tool. ### Offline licensing -Offline licensing is a new licensing option for Windows 10. With offline licenses, organizations can cache apps and their licenses to deploy within their network. ISVs or devs can opt-in their apps for offline licensing when they submit them to the developer center. Only apps that are opted in to offline licensing will show that they are available for offline licensing in Microsoft Store. This model means organizations can deploy apps when users or devices do not have connectivity to Microsoft Store. Admins control whether or not offline apps are available in Microsoft Store with an offline app visibility setting. For more information, see [offline license visibility](https://docs.microsoft.com/en-us/microsoft-store/update-microsoft-store-for-business-account-settings#offline-licensing). +Offline licensing is a new licensing option for Windows 10. With offline licenses, organizations can cache apps and their licenses to deploy within their network. ISVs or devs can opt-in their apps for offline licensing when they submit them to the developer center. Only apps that are opted in to offline licensing will show that they are available for offline licensing in Microsoft Store. This model means organizations can deploy apps when users or devices do not have connectivity to Microsoft Store. Admins control whether or not offline apps are available in Microsoft Store with an offline app visibility setting. For more information, see [offline license visibility](https://docs.microsoft.com/microsoft-store/update-microsoft-store-for-business-account-settings#offline-licensing). You have the following distribution options for offline-licensed apps: diff --git a/store-for-business/configure-mdm-provider-microsoft-store-for-business.md b/store-for-business/configure-mdm-provider-microsoft-store-for-business.md index de12fe9dbc..502bdc4c27 100644 --- a/store-for-business/configure-mdm-provider-microsoft-store-for-business.md +++ b/store-for-business/configure-mdm-provider-microsoft-store-for-business.md @@ -30,17 +30,17 @@ Your management tool needs to be installed and configured with Azure AD, in the 4. Click **Mobility (MDM and MAM)**.   3. Click **+Add Applications**, find the application, and add it to your directory. -After your management tool is added to your Azure AD directory, you can configure it to work with Microsoft Store. You can configure multiple management tools - just repeat the following procedure. +After your management tool is added to your Azure AD directory, you can configure it to work with Microsoft Store. You can configure multiple management tools - just repeat the following procedure. **To configure a management tool in Microsoft Store for Business** -1. Sign in to the [Store for Business](http://businessstore.microsoft.com) or [Store for Education](https://educationstore.microsoft.com) -2. Click **Manage**, click **Settings**. +1. Sign in to the [Store for Business](https://businessstore.microsoft.com) or [Store for Education](https://educationstore.microsoft.com) +2. Click **Manage**, click **Settings**. 3. Under **Distribute**, click **Management tools**. 3. From the list of MDM tools, select the one you want to synchronize with Microsoft Store, and then click **Activate.** Your MDM tool is ready to use with Microsoft Store. To learn how to configure synchronization and deploy apps, see these topics: - [Manage apps you purchased from Microsoft Store for Business with Microsoft Intune](https://docs.microsoft.com/intune-classic/deploy-use/manage-apps-you-purchased-from-the-windows-store-for-business-with-microsoft-intune) -- [Manage apps from Microsoft Store for Business with System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business) +- [Manage apps from Microsoft Store for Business with System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business) For third-party MDM providers or management servers, check your product documentation. \ No newline at end of file diff --git a/store-for-business/distribute-apps-from-your-private-store.md b/store-for-business/distribute-apps-from-your-private-store.md index 1806050398..e83245f0e8 100644 --- a/store-for-business/distribute-apps-from-your-private-store.md +++ b/store-for-business/distribute-apps-from-your-private-store.md @@ -10,12 +10,11 @@ author: TrudyHa ms.author: TrudyHa ms.topic: conceptual ms.localizationpriority: medium -ms.date: 3/19/2018 +ms.date: 10/31/2018 --- # Distribute apps using your private store - **Applies to** - Windows 10 @@ -33,12 +32,12 @@ You can make an app available in your private store when you acquire the app, or -Microsoft Store adds the app to **Apps & software**. Click **Manage**, **Apps & software** for app distribution options. +Microsoft Store adds the app to **Products and services**. Click **Manage**, **Apps & software** for app distribution options. **To make an app in Apps & software available in your private store** 1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). -2. Click **Manage**, and then choose **Apps & software**. +2. Click **Manage**, and then choose **Products and services**. @@ -52,6 +51,9 @@ The value under **Private store** for the app will change to pending. It will ta >[!Note] > If you are working with a new Line-of-Business (LOB) app, you have to wait for the app to be avilable in **Products & services** before adding it to your private store. For more information, see [Working with line of business apps](working-with-line-of-business-apps.md). +## Private store availability +You can use security groups to scope which users can install an app from your private store. For more information, see [Private store availability](app-inventory-management-microsoft-store-for-business.md#private-store-availability). + Employees can claim apps that admins added to the private store by doing the following. **To claim an app from the private store** @@ -60,16 +62,8 @@ Employees can claim apps that admins added to the private store by doing the fol 2. Click the **private store** tab. 3. Click the app you want to install, and then click **Install**. + ## Related topics - [Manage access to private store](manage-access-to-private-store.md) - [Manage private store settings](manage-private-store-settings.md) -- [Configure access to Microsoft Store](/windows/configuration/stop-employees-from-using-microsoft-store) - -  - -  - - - - - +- [Configure access to Microsoft Store](/windows/configuration/stop-employees-from-using-microsoft-store) \ No newline at end of file diff --git a/store-for-business/distribute-apps-with-management-tool.md b/store-for-business/distribute-apps-with-management-tool.md index ed8eff5bb0..cab9bdc670 100644 --- a/store-for-business/distribute-apps-with-management-tool.md +++ b/store-for-business/distribute-apps-with-management-tool.md @@ -42,7 +42,7 @@ MDM tool requirements: ## Distribute offline-licensed apps -If your vendor doesn’t support the ability to synchronize applications from the management tool services, or can't connect to the management tool services, your vendor may support the ability to deploy offline licensed applications by downloading the application and license from the store and then deploying the app through your MDM. For more information on online and offline licensing with Store for Business, see [Apps in the Microsoft Store for Business](https://docs.microsoft.com/en-us/microsoft-store/apps-in-microsoft-store-for-business#licensing-model). +If your vendor doesn’t support the ability to synchronize applications from the management tool services, or can't connect to the management tool services, your vendor may support the ability to deploy offline licensed applications by downloading the application and license from the store and then deploying the app through your MDM. For more information on online and offline licensing with Store for Business, see [Apps in the Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/apps-in-microsoft-store-for-business#licensing-model). This diagram shows how you can use a management tool to distribute offline-licensed app to employees in your organization. Once synchronized from Store for Business, management tools can use the Windows Management framework to distribute applications to devices. diff --git a/store-for-business/distribute-offline-apps.md b/store-for-business/distribute-offline-apps.md index 2f445c4301..eefb7fd379 100644 --- a/store-for-business/distribute-offline-apps.md +++ b/store-for-business/distribute-offline-apps.md @@ -45,13 +45,13 @@ You can't distribute offline-licensed apps directly from Microsoft Store. Once y - [Manage apps from Microsoft Store for Business with System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business) - [Manage apps from Microsoft Store for Business with Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/manage-apps-you-purchased-from-the-windows-store-for-business-with-microsoft-intune)
    -For third-party MDM providers or management servers, check your product documentation. +For third-party MDM providers or management servers, check your product documentation. ## Download an offline-licensed app There are several items to download or create for offline-licensed apps. The app package and app license are required; app metadata and app frameworks are optional. This section includes more info on each item, and tells you how to download an offline-licensed app. -- **App metadata** - App metadata is optional. The metadata includes app details, links to icons, product id, localized product ids, and other items. Devs who plan to use an app as part of another app or tool, might want the app metadata. +- **App metadata** - App metadata is optional. The metadata includes app details, links to icons, product id, localized product ids, and other items. Devs who plan to use an app as part of another app or tool, might want the app metadata. - **App package** - App packages are required for distributing offline apps. There are app packages for different combinations of app platform and device architecture. You'll need to know what device architectures you have in your organization to know if there are app packages to support your devices. @@ -62,19 +62,19 @@ There are several items to download or create for offline-licensed apps. The app **To download an offline-licensed app** -1. Sign in to the [Microsoft Store for Business](http://businessstore.microsoft.com/) or [Microsoft Store for Education](https://educationstore.microsoft.com). +1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com/) or [Microsoft Store for Education](https://educationstore.microsoft.com). 2. Click **Manage**, and then choose **Apps & software**. 3. Refine results by **License type** to show apps with offline licenses. 4. Find the app you want to download, click the ellipses under **Actions**, and then choose **Download for offline use**. - - **To download app metadata**: Choose the language for the app metadata, and then click **Download**. Save the downloaded app metadata. This is optional. - - **To download app package**: Click to expand the package details information, choose the Platform and Architecture combination that you need for your organization, and then click **Download**. Save the downloaded app package. This is required. - - **To download an app license**: Choose either **Encoded**, or **Unencoded**, and then click **Generate license**. Save the downloaded license. This is required. - - **To download an app framework**: Find the framework you need to support your app package, and click **Download**. This is optional. - + - **To download app metadata**: Choose the language for the app metadata, and then click **Download**. Save the downloaded app metadata. This is optional. + - **To download app package**: Click to expand the package details information, choose the Platform and Architecture combination that you need for your organization, and then click **Download**. Save the downloaded app package. This is required. + - **To download an app license**: Choose either **Encoded**, or **Unencoded**, and then click **Generate license**. Save the downloaded license. This is required. + - **To download an app framework**: Find the framework you need to support your app package, and click **Download**. This is optional. + > [!NOTE] > You need the framework to support your app package, but if you already have a copy, you don't need to download it again. Frameworks are backward compatible. - +   diff --git a/store-for-business/images/msfb-find-partner.png b/store-for-business/images/msfb-find-partner.png new file mode 100644 index 0000000000..23759cfb5f Binary files /dev/null and b/store-for-business/images/msfb-find-partner.png differ diff --git a/store-for-business/images/msfb-provider-list.png b/store-for-business/images/msfb-provider-list.png new file mode 100644 index 0000000000..2fbafca80f Binary files /dev/null and b/store-for-business/images/msfb-provider-list.png differ diff --git a/store-for-business/images/msft-accept-partner.png b/store-for-business/images/msft-accept-partner.png new file mode 100644 index 0000000000..6b04d822a4 Binary files /dev/null and b/store-for-business/images/msft-accept-partner.png differ diff --git a/store-for-business/images/security-groups-icon.png b/store-for-business/images/security-groups-icon.png new file mode 100644 index 0000000000..328a60837d Binary files /dev/null and b/store-for-business/images/security-groups-icon.png differ diff --git a/store-for-business/manage-mpsa-software-microsoft-store-for-business.md b/store-for-business/manage-mpsa-software-microsoft-store-for-business.md index 37ab81c66d..4967eb20a1 100644 --- a/store-for-business/manage-mpsa-software-microsoft-store-for-business.md +++ b/store-for-business/manage-mpsa-software-microsoft-store-for-business.md @@ -19,23 +19,23 @@ ms.date: 3/20/2018 - Windows 10 - Windows 10 Mobile -Software purchased with the Microsoft Products and Services Agreement (MPSA) can now be managed in Microsoft Store for Business. This allows customers to manage online software purchases in one location. +Software purchased with the Microsoft Products and Services Agreement (MPSA) can now be managed in Microsoft Store for Business. This allows customers to manage online software purchases in one location. -There are a couple of things you might need to set up to manage MPSA software purchases in Store for Business. +There are a couple of things you might need to set up to manage MPSA software purchases in Store for Business. -**To manage MPSA software in Microsoft Store for Business** -1. Sign in to the [Microsoft Store for Business](http://businessstore.microsoft.com). +**To manage MPSA software in Microsoft Store for Business** +1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com). 2. Click **Manage**, and then click **My Organization**. -3. Click **Connected tenants** to see purchasing accounts and the tenants that they are connected to. +3. Click **Connected tenants** to see purchasing accounts and the tenants that they are connected to. ## Add tenant -The tenant or tenants that are added to your purchasing account control how you can distribute software to people in your organization. If there isn't a tenant listed for your purchasing account, you'll need to add one before you can use or manage the software you've purchased. When we give you a list to choose from, tenants are grouped by domain. +The tenant or tenants that are added to your purchasing account control how you can distribute software to people in your organization. If there isn't a tenant listed for your purchasing account, you'll need to add one before you can use or manage the software you've purchased. When we give you a list to choose from, tenants are grouped by domain. -**To add a tenant to a purchasing account** -1. Sign in to the [Microsoft Store for Business](http://businessstore.microsoft.com). +**To add a tenant to a purchasing account** +1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com). 2. Click **Manage**, and then click **My Organization**. 3. Click **Connected tenants**, and then click the ellipses for a purchasing account without a tenant listed. -4. Click **Choose a tenant**, and then click **Submit**. +4. Click **Choose a tenant**, and then click **Submit**. If you don't see your tenant in the list, you can add the name of your tenant @@ -43,19 +43,19 @@ If you don't see your tenant in the list, you can add the name of your tenant 1. On **Add a tenant**, click **Don't see your tenant?**. 2. Enter a domain name, and then click **Next**, and then click **Done**. -You'll need to get permissions for the admin that manages the domain you want to add. We'll take you to Business Center Portal where you can manage permissions and roles. The admin will need to be the **Account Manager**. +You'll need to get permissions for the admin that manages the domain you want to add. We'll take you to Business Center Portal where you can manage permissions and roles. The admin will need to be the **Account Manager**. ## Add global admin In some cases, we might not have info on who the global admin is for the tenant that you select. It might be that the tenant is unmanaged, and you'll need to identify a global admin. Or, you might only need to share account info for the global admin. If you need to nominate someone to be the global admin, they need sufficient permissions: - someone who can distribute sofware -- in Business Center Portal (BCP), it should be someone with **Agreement Admin** role +- in Business Center Portal (BCP), it should be someone with **Agreement Admin** role **To add a global admin to a tenant** -We'll ask for a global admin if we need that info when you add a tenant to a purchasing account. You'd see the request for a global admin before returning to **Store for Business**. +We'll ask for a global admin if we need that info when you add a tenant to a purchasing account. You'd see the request for a global admin before returning to **Store for Business**. - On **Add a Global Admin**, click **Make me the Global Admin**, and then click **Submit**. -or- -- On **Add a Global Admin**, type a name in **Invite someone else**, and then click **Submit**. \ No newline at end of file +- On **Add a Global Admin**, type a name in **Invite someone else**, and then click **Submit**. \ No newline at end of file diff --git a/store-for-business/manage-orders-microsoft-store-for-business.md b/store-for-business/manage-orders-microsoft-store-for-business.md index 12d927fce2..66650f1c89 100644 --- a/store-for-business/manage-orders-microsoft-store-for-business.md +++ b/store-for-business/manage-orders-microsoft-store-for-business.md @@ -1,6 +1,6 @@ --- title: Manage app orders in Microsoft Store for Business or Microsoft Store for Education (Windows 10) -description: You can view your order history with Micrsoft Store for Business or Micrsoft Store for Education. +description: You can view your order history with Micrsoft Store for Business or Micrsoft Store for Education. ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library @@ -14,14 +14,14 @@ ms.date: 11/10/2017 # Manage app orders in Microsoft Store for Business and Education -After you've acquired apps, you can review order information and invoices on **Order history**. On this page, you can view invoices, and request refunds. +After you've acquired apps, you can review order information and invoices on **Order history**. On this page, you can view invoices, and request refunds. **Order history** lists orders in chronological order and shows: - Date ordered - Product name - Product publisher - Total cost -- Order status. +- Order status. Click to expand an order, and the following info is available: - Who purchased the app @@ -32,32 +32,32 @@ Click to expand an order, and the following info is available: ## Invoices -Invoices for orders are available approximately 24 hours after your purchase. The link opens a .pdf that you can save for your records. +Invoices for orders are available approximately 24 hours after your purchase. The link opens a .pdf that you can save for your records. ## Refund an order -Refunds work a little differently for free apps, and apps that have a price. In both cases, you must reclaim licenses before requesting a refund. +Refunds work a little differently for free apps, and apps that have a price. In both cases, you must reclaim licenses before requesting a refund. **Refunds for free apps** - - For free apps, there isn't really a refund to request -- you're removing the app from your inventory. You must first reclaim any assigned licenses, and then you can remove the app from your organization's inventory. - + + For free apps, there isn't really a refund to request -- you're removing the app from your inventory. You must first reclaim any assigned licenses, and then you can remove the app from your organization's inventory. + **Refunds for apps that have a price** - + There are a few requirements for apps that have a price: - **Timing** - Refunds are available for the first 30 days after you place your order. For example, if your order is placed on June 1, you can self-refund through June 30. - **Available licenses** - You need to have enough available licenses to cover the number of licenses in the order you are refunding. For example, if you purchased 10 copies of an app and you want to request a refund, you must have at least 10 licenses of the app available in your inventory -- those 10 licenses can't be assigned to people in your organization. - - **Whole order refunds only** - You must refund the complete amount of apps in an order. You can't refund a part of an order. For example, if you purchased 10 copies of an app, but later found you only needed 5 copies, you'll need to request a refund for the 10 apps, and then make a separate order for 5 apps. If you have had multiple orders of the same app, you can refund one order but still keep the rest of the inventory. + - **Whole order refunds only** - You must refund the complete amount of apps in an order. You can't refund a part of an order. For example, if you purchased 10 copies of an app, but later found you only needed 5 copies, you'll need to request a refund for the 10 apps, and then make a separate order for 5 apps. If you have had multiple orders of the same app, you can refund one order but still keep the rest of the inventory. **To refund an order** -Reclaim licenses, and then request a refund. If you haven't assigned licenses, start on step 5. -1. Sign in to the [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). +Reclaim licenses, and then request a refund. If you haven't assigned licenses, start on step 5. +1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). 2. Click **Manage**, and then choose **Apps & software**. 3. Find the app you want to refund, click the ellipses under **Actions**, and then choose **View license details**. -4. Select the people who you want to reclaim license from, click the ellipses under **Actions**, and then choose **Reclaim licenses**. +4. Select the people who you want to reclaim license from, click the ellipses under **Actions**, and then choose **Reclaim licenses**. 5. Click **Order history**, click the order you want to refund, and click **Refund order**. -For free apps, the app will be removed from your inventory in **Apps & software**. +For free apps, the app will be removed from your inventory in **Apps & software**. -For apps with a price, your payment option will be refunded with the cost of the app, and the app will be removed from your inventory. +For apps with a price, your payment option will be refunded with the cost of the app, and the app will be removed from your inventory. diff --git a/store-for-business/manage-private-store-settings.md b/store-for-business/manage-private-store-settings.md index 1462bb3ee3..ee4baa3b88 100644 --- a/store-for-business/manage-private-store-settings.md +++ b/store-for-business/manage-private-store-settings.md @@ -31,7 +31,7 @@ You can change the name of your private store in Microsoft Store. ## Change private store name **To change the name of your private store** -1. Sign in to the [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). +1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). 2. Click **Settings**, click **Distribute**. 3. In the **Private store** section, click **Change**. 4. Type a new display name for your private store, and click **Save**. @@ -39,14 +39,14 @@ You can change the name of your private store in Microsoft Store. ![Image showing Private store dialog used to change private store display name.](images/wsfb-renameprivatestore.png) ## Private store collections -You can create collections of apps within your private store. Collections allow you to group or categorize apps - you might want a group of apps for different job functions in your company, or classes in your school. +You can create collections of apps within your private store. Collections allow you to group or categorize apps - you might want a group of apps for different job functions in your company, or classes in your school. **To add a Collection to your private store** You can add a collection to your private store from the private store, or from the details page for an app. -**From private store** -1. Sign in to [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). +**From private store** +1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). 2. Click your private store.
    ![Image showing private store name on MSfB store UI.](images/msfb-click-private-store.png) @@ -55,16 +55,16 @@ You can add a collection to your private store from the private store, or from t ![Image showing Add a Collection.](images/msfb-add-collection.png) 4. Type a name for your collection, and then click **Next**. -5. Add at least one product to your collection, and then click **Done**. You can search for apps and refine results based on the source of the app, or the supported devices. +5. Add at least one product to your collection, and then click **Done**. You can search for apps and refine results based on the source of the app, or the supported devices. -> [!NOTE] -> New collections require at least one app, or they will not be created. +> [!NOTE] +> New collections require at least one app, or they will not be created. -**From app details page** -1. Sign in to [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). -2. Click **Manage**, and then click **Products & services**. -3. Under **Apps & software**, choose an app you want to include in a new collection. -4. Under **Private Store Collections**, click **Add a collection**. +**From app details page** +1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). +2. Click **Manage**, and then click **Products & services**. +3. Under **Apps & software**, choose an app you want to include in a new collection. +4. Under **Private Store Collections**, click **Add a collection**. ![Image showing app details page with Add a Collection.](images/msfb-ps-collection-idp.png) @@ -74,34 +74,34 @@ You can add a collection to your private store from the private store, or from t Currently, changes to collections will generally show within minutes in the Microsoft Store app on Windows 10. In some cases, it may take up an hour. ## Edit Collections -If you've already added a Collection to your private store, you can easily add and remove products, or rename the collection. +If you've already added a Collection to your private store, you can easily add and remove products, or rename the collection. -**To add or remove products from a collection** -1. Sign in to [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). +**To add or remove products from a collection** +1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). 2. Click your private store.
    ![Image showing private store name on MSfB store UI.](images/msfb-click-private-store.png) -3. Click the ellipses next to the collection name, and click **Edit collection**. -4. Add or remove products from the collection, and then click **Done**. +3. Click the ellipses next to the collection name, and click **Edit collection**. +4. Add or remove products from the collection, and then click **Done**. -You can also add an app to a collection from the app details page. -1. Sign in to [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). -2. Click **Manage**, and then click **Products & services**. -3. Under **Apps & software**, choose an app you want to include in a new collection. +You can also add an app to a collection from the app details page. +1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). +2. Click **Manage**, and then click **Products & services**. +3. Under **Apps & software**, choose an app you want to include in a new collection. 4. Under **Private Store Collections**, turn on the collection you want to add the app to. - ![Image showing app details page with Add a Collection.](images/msfb-ps-collection-idp.png) + ![Image showing app details page with Add a Collection.](images/msfb-ps-collection-idp.png) ## Private store performance -We've recently made performance improvements for changes in the private store. This table includes common actions, and the current estimate for amount of time required for the change. +We've recently made performance improvements for changes in the private store. This table includes common actions, and the current estimate for amount of time required for the change. | Action | Estimated time | | ------------------------------------------------------ | -------------- | | Add a product to the private store
    - Apps recently added to your inventory, including line-of-business (LOB) apps and new purchases, will take up to 36 hours to add to the private store. That time begins when the product is purchased, or added to your inventory.
    - It will take an additional 36 hours for the product to be searchable in private store, even if you see the app available from the private store tab. | - 15 minutes: available on private store tab
    - 36 hours: searchable in private store
    - 36 hours: searchable in private store tab | -| Remove a product from private store | - 15 minutes: private store tab
    - 36 hours: searchable in private store | +| Remove a product from private store | - 15 minutes: private store tab
    - 36 hours: searchable in private store | | Accept a new LOB app into your inventory (under **Products & services)**) | - 15 minutes: available on private store tab
    - 36 hours: searchable in private store | | Create a new collection | 15 minutes| | Edit or remove a collection | 15 minutes | | Create private store tab | 4-6 hours | -| Rename private store tab | 4-6 hours | +| Rename private store tab | 4-6 hours | diff --git a/store-for-business/microsoft-store-for-business-education-powershell-module.md b/store-for-business/microsoft-store-for-business-education-powershell-module.md index 889c27f140..4b53678c9c 100644 --- a/store-for-business/microsoft-store-for-business-education-powershell-module.md +++ b/store-for-business/microsoft-store-for-business-education-powershell-module.md @@ -1,6 +1,6 @@ --- title: Microsoft Store for Business and Education PowerShell module - preview -description: Preview version of PowerShell module +description: Preview version of PowerShell module ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library @@ -42,16 +42,16 @@ All of the **Microsoft Store for Business and Education** PowerShell cmdlets fol ## Install Microsoft Store for Business and Education PowerShell module > [!NOTE] -> Installing **Microsoft Store for Business and Education** PowerShell model using **PowerShellGet** requires [Windows Management Framework 5.0](http://www.microsoft.com/download/details.aspx?id=48729). The framework is included with Windows 10 by default). +> Installing **Microsoft Store for Business and Education** PowerShell model using **PowerShellGet** requires [Windows Management Framework 5.0](https://www.microsoft.com/download/details.aspx?id=48729). The framework is included with Windows 10 by default). To install **Microsoft Store for Business and Education PowerShell** with PowerShellGet, run this command: ```powershell # Install the Microsoft Store for Business and Education PowerShell module from PowerShell Gallery -Install-Module -Name MSStore +Install-Module -Name MSStore -``` +``` ## Import Microsoft Store for Business and Education PowerShell module into the PowerShell session Once you install the module on your Windows 10 device, you will need to then import it into each PowerShell session you start. @@ -63,7 +63,7 @@ Import-Module -Name MSStore ``` -Next, authorize the module to call **Microsoft Store for Business and Education** on your behalf. This step is required once, per user of the PowerShell module. +Next, authorize the module to call **Microsoft Store for Business and Education** on your behalf. This step is required once, per user of the PowerShell module. To authorize the PowerShell module, run this command. You'll need to sign-in with your work or school account, and authorize the module to access your tenant. @@ -76,7 +76,7 @@ Grant-MSStoreClientAppAccess You will be promted to sign in with your work or school account and then to authorize the PowerShell Module to access your **Microsoft Store for Business and Education** account. Once the module has been imported into the current PowerShell session and authorized to call into your **Microsoft Store for Business and Education** account, Azure PowerShell cmdlets are loaded and ready to be used. ## View items in Products and Services -Service management should encounter no breaking changes as a result of the separation of Azure Service Management and **Microsoft Store for Business and Education PowerShell** preview. +Service management should encounter no breaking changes as a result of the separation of Azure Service Management and **Microsoft Store for Business and Education PowerShell** preview. ```powershell # View items in inventory (Apps & software) @@ -105,17 +105,17 @@ Get-MSStoreSeatAssignments -ProductId 9NBLGGH4R2R6 -SkuId 0016 > [!Important] > Microsoft Store for Business and Education identifies Minecraft: Education Edition license types using a combination of Product ID and SKU ID. To manage license assignments for your Minecraft: Education Edition, you need to specify Product and SKU IDs for the licenses you want to manage in the cmdlet. The following table lists the Product and SKU IDs. - + | License Type | Product ID | SKU ID | | ------------ | -----------| -------| | Purchased through Microsoft Store for Business and Education with a credit card | CFQ7TTC0K5DR | 0001 | | Purchased through Microsoft Store for Business and Education with an invoice | CFQ7TTC0K5DR | 0004 | | Purchased through Microsoft Volume Licensing Agreement | CFQ7TTC0K5DR | 0002 | -| Acquired through Windows 10 device promotion | CFQ7TTC0K5DR | 0005 | +| Acquired through Windows 10 device promotion | CFQ7TTC0K5DR | 0005 | ## Assign or reclaim products -Once you have enumerated items in **Products and Service**, you can assign or reclaim licenses to and from people in your org. +Once you have enumerated items in **Products and Service**, you can assign or reclaim licenses to and from people in your org. These commands assign a product to a user and then reclaim it. @@ -131,7 +131,7 @@ Remove-MSStoreSeatAssignment -ProductId 9NBLGGH4R2R6 -SkuId 0016 -Username 'user ``` ## Assign or reclaim a product with a .csv file -You can also use the PowerShell module to perform bulk operations on items in **Product and Services**. You'll need a .CSV file with at least one column for “Principal Names” (for example, user@host.com). You can create such a CSV using the AzureAD PowerShell Module. +You can also use the PowerShell module to perform bulk operations on items in **Product and Services**. You'll need a .CSV file with at least one column for “Principal Names” (for example, user@host.com). You can create such a CSV using the AzureAD PowerShell Module. **To assign or reclaim seats in bulk:** @@ -147,7 +147,7 @@ Remove-MSStoreSeatAssignments -ProductId 9NBLGGH4R2R6 -SkuId 0016 -PathToCsv C: ``` ## Uninstall Microsoft Store for Business and Education PowerShell module -You can remove **Microsoft Store for Business and Education PowerShell** from your computer by running the following PowerShell Command. +You can remove **Microsoft Store for Business and Education PowerShell** from your computer by running the following PowerShell Command. ```powershell # Uninstall the MSStore Module diff --git a/store-for-business/prerequisites-microsoft-store-for-business.md b/store-for-business/prerequisites-microsoft-store-for-business.md index 890829a7d5..618205cdd5 100644 --- a/store-for-business/prerequisites-microsoft-store-for-business.md +++ b/store-for-business/prerequisites-microsoft-store-for-business.md @@ -47,7 +47,7 @@ While not required, you can use a management tool to distribute and manage apps. ## Proxy configuration -If your organization restricts computers on your network from connecting to the Internet, there is a set of URLs that need to be available for devices to use Microsoft Store. Some of the Microsoft Store features use Store services. Devices using Microsoft Store – either to acquire, install, or update apps – will need access to these URLs. If you use a proxy sever to block traffic, your configuration needs to allow these URLs: +If your organization restricts computers on your network from connecting to the Internet, there is a set of URLs that need to be available for devices to use Microsoft Store. Some of the Microsoft Store features use Store services. Devices using Microsoft Store – either to acquire, install, or update apps – will need access to these URLs. If you use a proxy server to block traffic, your configuration needs to allow these URLs: - login.live.com - login.windows.net @@ -56,6 +56,7 @@ If your organization restricts computers on your network from connecting to the - windowsphone.com - \*.wns.windows.com - \*.microsoft.com +- \*.s-microsoft.com - www.msftncsi.com (prior to Windows 10, version 1607) - www.msftconnecttest.com/connecttest.txt (replaces www.msftncsi.com starting with Windows 10, version 1607) diff --git a/store-for-business/release-history-microsoft-store-business-education.md b/store-for-business/release-history-microsoft-store-business-education.md index d7484344ae..2bcdcd39b9 100644 --- a/store-for-business/release-history-microsoft-store-business-education.md +++ b/store-for-business/release-history-microsoft-store-business-education.md @@ -8,22 +8,38 @@ ms.pagetype: store author: TrudyHa ms.author: TrudyHa ms.topic: conceptual -ms.date: 5/31/2018 +ms.date: 10/31/2018 --- # Microsoft Store for Business and Education release history -Microsoft Store for Business and Education regularly releases new and improved feaures. Here's a summary of new or updated features in previous releases. +Microsoft Store for Business and Education regularly releases new and improved features. Here's a summary of new or updated features in previous releases. Looking for info on the latest release? Check out [What's new in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md) +## September 2018 +- **Performance improvements** - With updates and improvements in the private store, most changes, like adding an app, will take fifteen minutes or less. [Get more info](https://https://docs.microsoft.com/microsoft-store/manage-private-store-settings#private-store-performance) + +## August 2018 +- **App requests** - People in your organization can make requests for apps that they need. hey can also request them on behalf of other people. Admins review requests and can decide on purchases. [Get more info](https://docs.microsoft.com/microsoft-store/acquire-apps-microsoft-store-for-business#allow-app-requests) + +## July 2018 +- Bug fixes and performance improvements. + +## June 2018 +- **Change order within private store collection** - Continuing our focus on improvements for private store, now you can customize the order of products in each private store collection. +- **Performance improvements in private store** - We continue to work on performance improvements in the private store. Now, most products new to your inventory are available in your private store within 15 minutes of adding them. [Get more info](https://docs.microsoft.com/microsoft-store/manage-private-store-settings#private-store-performance) + +## May 2018 +- **Immersive Reader app available in Microsoft Store for Education** - This app is a free tool that uses proven techniques to improve reading and writing for people regardless of their age or ability. You can add the app to your private store, so students can easily install and use it. + ## April 2018 - **Assign apps to larger groups** - We're making it easier for admins to assign apps to groups of people. Admins can assign licenses to groups of any size, and include subgroups within those groups. We’ll figure out who’s in those groups, and assign licenses to people in the groups (skipping people who already have licenses). Along the way, we’ll let you know how many licenses are needed, and provide an estimate on the time required to assign licenses. - **Change collection order in private store** - Private store collections make it easy for groups of people to find the apps that they need. Now, you can customize the order of your private store collections. - **Office 365 subscription management** - We know that sometimes customers need to cancel a subscription. While we don't want to lose a customer, we want the process for managing subscriptions to be easy. Now, you can delete your Office 365 subscription without calling Support. From Microsoft Store for Business and Education, you can request to delete an Office 365 subscription. We'll wait three days before permanently deleting the subscription. In case of a mistake, customers are welcome to reactivate subscriptions during the three-day period. ## March 2018 -- **Performance improvements in private store** - We've made it significantly faster for you to udpate the private store. Many changes to the private store are available immediately after you make them. [Get more info](https://docs.microsoft.com/microsoft-store/manage-private-store-settings#private-store-performance) +- **Performance improvements in private store** - We've made it significantly faster for you to update the private store. Many changes to the private store are available immediately after you make them. [Get more info](https://docs.microsoft.com/microsoft-store/manage-private-store-settings#private-store-performance) - **Private store collection updates** - We’ve made it easier to find apps when creating private store collections – now you can search and filter results. [Get more info](https://docs.microsoft.com/microsoft-store/manage-private-store-settings#private-store-collections) - **Manage Skype Communication credits** - Office 365 customers that own Skype Communication Credits can now see and manage them in Microsoft Store for Business. You can view your account, add funds to your account, and manage auto-recharge settings. @@ -37,23 +53,20 @@ Looking for info on the latest release? Check out [What's new in Microsoft Store - **Microsoft Product and Services Agreement customers can invite people to take roles** - MPSA admins can invite people to take Microsoft Store for Business roles even if the person is not in their tenant. You provide an email address when you assign the role, and we'll add the account to your tenant and assign the role. ## December 2017 - -- Bug fixes and permformance improvements. +- Bug fixes and performance improvements. ## November 2017 - - **Export list of Minecraft: Education Edition users** - Admins and teachers can now export a list of users who have Minecraft: Education Edition licenses assigned to them. Click **Export users**, and Store for Education creates an Excel spreadsheet for you, and saves it as a .csv file. ## October 2017 - -- Bug fixes and permformance improvements. +- Bug fixes and performance improvements. ## September 2017 - **Manage Windows device deployment with Windows Autopilot Deployment** - In Microsoft Store for Business, you can manage devices for your organization and apply an Autopilot deployment profile to your devices. When people in your organization run the out-of-box experience on the device, the profile configures Windows, based on the Autopilot deployment profile you applied to the device. [Get more info](add-profile-to-devices.md) -- **Request an app** - People in your organization can reqest additional licenses for apps in your private store, and then Admins or Purchasers can make the purchases. [Get more info](https://docs.microsoft.com/microsoft-store/acquire-apps-microsoft-store-for-business#request-apps) +- **Request an app** - People in your organization can request additional licenses for apps in your private store, and then Admins or Purchasers can make the purchases. [Get more info](https://docs.microsoft.com/microsoft-store/acquire-apps-microsoft-store-for-business#request-apps) - **My organization** - **My organization** shows you all Agreements that apply to your organization. You can also update profile info for you org, such as mailing address and email associated with your account. -- **Manage prepaid Office 365 subscriptions** - Office 365 prepaid subscriptions can be redeemed using a prepaid token. Tokens are available through 3rd-party businesses, outside of Microsoft Store for Business or the Office 365 Admin portal. After redemming prepaid subscriptions, Admins can add more licenses or extend the subscription's expiration date. +- **Manage prepaid Office 365 subscriptions** - Office 365 prepaid subscriptions can be redeemed using a prepaid token. Tokens are available through 3rd-party businesses, outside of Microsoft Store for Business or the Office 365 Admin portal. After redeeming prepaid subscriptions, Admins can add more licenses or extend the subscription's expiration date. - **Manage Office 365 subscriptions acquired by partners** - Office 365 subscriptions purchased for your organization by a partner or reseller can be managed in Microsoft Store for Business. Admins can assign and manage licenses for these subscriptions. - **Edge extensions in Microsoft Store** - Edge Extensions are now available from Microsoft Store! You can acquire and distribute them from Microsoft Store for Business just like any other app. -- **Search results in Microsoft Store for Business** - Search results now have sub categories to help you refine search results. \ No newline at end of file +- **Search results in Microsoft Store for Business** - Search results now have sub categories to help you refine search results. diff --git a/store-for-business/roles-and-permissions-microsoft-store-for-business.md b/store-for-business/roles-and-permissions-microsoft-store-for-business.md index 6dad7ccd03..22e03ceda8 100644 --- a/store-for-business/roles-and-permissions-microsoft-store-for-business.md +++ b/store-for-business/roles-and-permissions-microsoft-store-for-business.md @@ -10,7 +10,7 @@ author: TrudyHa ms.author: TrudyHa ms.topic: conceptual ms.localizationpriority: medium -ms.date: 3/30/2018 +ms.date: 8/7/2018 --- # Roles and permissions in Microsoft Store for Business and Education @@ -31,10 +31,11 @@ This table lists the global user accounts and the permissions they have in Micro | | Global Administrator | Billing Administrator | | ------------------------------ | --------------------- | --------------------- | -| Sign up for Microsoft Store for Business and Education | X | | +| Sign up for Microsoft Store for Business and Education | X | | Modify company profile settings | X | | | Acquire apps | X | X | | Distribute apps | X | X | +| Purchase subscription-based software | X | X |   - **Global Administrator** - IT Pros with this account have full access to Microsoft Store. They can do everything allowed in the Microsoft Store Admin role, plus they can sign up for Microsoft Store. @@ -43,7 +44,7 @@ This table lists the global user accounts and the permissions they have in Micro ## Microsoft Store roles and permissions -Microsoft Store has a set of roles that help IT admins and employees manage access to apps and tasks for Microsoft Store. Employees with these roles will need to use their Azure AD account to access Microsoft Store. +Microsoft Store for Business has a set of roles that help IT admins and employees manage access to apps and tasks for Microsoft Store. Employees with these roles will need to use their Azure AD account to access Microsoft Store. This table lists the roles and their permissions. diff --git a/store-for-business/settings-reference-microsoft-store-for-business.md b/store-for-business/settings-reference-microsoft-store-for-business.md index 9e45080286..04db2ea942 100644 --- a/store-for-business/settings-reference-microsoft-store-for-business.md +++ b/store-for-business/settings-reference-microsoft-store-for-business.md @@ -30,7 +30,7 @@ The Microsoft Store for Business and Education has a group of settings that admi | Private store | Update the name for your private store. The new name will be displayed on a tab in the Store. For more information, see [Manage private store settings](manage-private-store-settings.md). | **Settings - Distribute** | | Offline licensing | Configure whether or not to make offline-licensed apps available in the Microsoft Store for Business and Education. For more information, see [Distribute offline apps](distribute-offline-apps.md). | **Settings - Shop** | | Allow users to shop | Configure whether or not people in your organization or school can see and use the shop function in Store for Business or Store for Education. For more information, see [Allow users to shop](acquire-apps-microsoft-store-for-business.md#allow-users-to-shop). | **Settings - Shop** | -| Make everyone a Basic Purchaser | Allow everyone in your organization to automatically become a Basic Purchaser. This allows them to purchase apps and manage them. For more information, see [Make everyone a Basic Purchaser](https://docs.microsoft.com/en-us/education/windows/education-scenarios-store-for-business#basic-purchaser-role).
    **Make everyone a Basic Purchaser** is only available in Microsoft Store for Education. | **Settings - Shop** | +| Make everyone a Basic Purchaser | Allow everyone in your organization to automatically become a Basic Purchaser. This allows them to purchase apps and manage them. For more information, see [Make everyone a Basic Purchaser](https://docs.microsoft.com/education/windows/education-scenarios-store-for-business#basic-purchaser-role).
    **Make everyone a Basic Purchaser** is only available in Microsoft Store for Education. | **Settings - Shop** | | App request | Configure whether or not people in your organization can request apps for admins to purchase. For more information, see [Distribute offline apps](acquire-apps-microsoft-store-for-business.md). | **Settings - Distribute** | | Management tools | Management tools that are synced with Azure AD are listed on this page. You can choose one to use for managing app updates and distribution. For more information, see [Configure MDM provider](configure-mdm-provider-microsoft-store-for-business.md). | **Settings - Distribute** | | Device Guard signing | Use the Device Guard signing portal to add unsigned apps to a code integrity policy, or to sign code integrity policies. For more information, see [Device Guard signing portal](device-guard-signing-portal.md). | **Settings - Devices** | diff --git a/store-for-business/sfb-change-history.md b/store-for-business/sfb-change-history.md index 7f99708123..f4429a667f 100644 --- a/store-for-business/sfb-change-history.md +++ b/store-for-business/sfb-change-history.md @@ -22,7 +22,7 @@ ms.localizationpriority: medium ## April 2018 | New or changed topic | Description | | --- | --- | -| [Configure access to Microsoft Store](https://docs.microsoft.com/en-us/windows/configuration/stop-employees-from-using-microsoft-store#a-href-idblock-store-group-policyablock-microsoft-store-using-group-policy) | Update on app updates when Microsoft Store is blocked. | +| [Configure access to Microsoft Store](https://docs.microsoft.com/windows/configuration/stop-employees-from-using-microsoft-store#a-href-idblock-store-group-policyablock-microsoft-store-using-group-policy) | Update on app updates when Microsoft Store is blocked. | | [What's New in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md) | Update | ## March 2018 @@ -66,21 +66,21 @@ ms.localizationpriority: medium | New or changed topic | Description | | --- | --- | | [Microsoft Store for Business and Education PowerShell module - preview](microsoft-store-for-business-education-powershell-module.md) | New | -| [Microsoft Store for Business and Education overview - supported markets](https://docs.microsoft.com/en-us/microsoft-store/windows-store-for-business-overview#supported-markets) | Updates for added market support. | +| [Microsoft Store for Business and Education overview - supported markets](https://docs.microsoft.com/microsoft-store/windows-store-for-business-overview#supported-markets) | Updates for added market support. | ## June 2017 | New or changed topic | Description | | -------------------- | ----------- | | [Notifications in Microsoft Store for Business and Education](notifications-microsoft-store-business.md) | New. Information about notification model in Microsoft Store for Business and Education. | | [Get Minecraft: Education Edition with Windows 10 device promotion](https://docs.microsoft.com/education/windows/get-minecraft-device-promotion) | New. Information about redeeming Minecraft: Education Edition licenses with qualifying purchases of Windows 10 devices. | -| [Microsoft Store for Business and Education overview - supported markets](https://docs.microsoft.com/en-us/microsoft-store/windows-store-for-business-overview#supported-markets) | Updates for added market support. | +| [Microsoft Store for Business and Education overview - supported markets](https://docs.microsoft.com/microsoft-store/windows-store-for-business-overview#supported-markets) | Updates for added market support. | ## July 2017   | New or changed topic | Description | | -------------------- | ----------- | | [Manage Windows device deployment with Windows Autopilot Deployment](add-profile-to-devices.md) | New. Information about Windows Autopilot Deployment Program and how it is used in Microsoft Store for Business and Education. | -| [Microsoft Store for Business and Education overview - supported markets](https://docs.microsoft.com/en-us/microsoft-store/windows-store-for-business-overview#supported-markets) | Updates for added market support. | +| [Microsoft Store for Business and Education overview - supported markets](https://docs.microsoft.com/microsoft-store/windows-store-for-business-overview#supported-markets) | Updates for added market support. |   diff --git a/store-for-business/sign-code-integrity-policy-with-device-guard-signing.md b/store-for-business/sign-code-integrity-policy-with-device-guard-signing.md index 29c8a0abe7..f9feb738d7 100644 --- a/store-for-business/sign-code-integrity-policy-with-device-guard-signing.md +++ b/store-for-business/sign-code-integrity-policy-with-device-guard-signing.md @@ -32,7 +32,7 @@ Before you get started, be sure to review these best practices: **To sign a code integrity policy** -1. Sign in to the [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). +1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). 2. Click **Manage**, click **Store settings**, and then click **Device Guard**. 3. Click **Upload** to upload your code integrity policy. 4. After the files are uploaded, click **Sign** to sign the code integrity policy. diff --git a/store-for-business/update-microsoft-store-for-business-account-settings.md b/store-for-business/update-microsoft-store-for-business-account-settings.md index 9b5502382f..3ac104dedf 100644 --- a/store-for-business/update-microsoft-store-for-business-account-settings.md +++ b/store-for-business/update-microsoft-store-for-business-account-settings.md @@ -22,22 +22,22 @@ ms.date: 10/17/2017 The **Payments & billing** page in Microsoft Store for Business allows you to manage organization information, billing information, and payment options. The organization information and payment options are required before you can acquire apps that have a price. ## Organization information - + We need your business address, email contact, and tax-exemption certificates that apply to your country or locale. - + ### Business address and email contact -Before purchasing apps that have a fee, you need to add or update your organization's business address, and contact email address. +Before purchasing apps that have a fee, you need to add or update your organization's business address, and contact email address. -We use the Business address to calculate sales tax. If your organization's address has already been entered for other commercial purchases through Microsoft Store, or through other online purchases such as Office 365 or Azure subscriptions, then we’ll use the same address in Microsoft Store for Business and Microsoft Store for Education. If we don’t have an address, we’ll ask you to enter it during your first purchase. +We use the Business address to calculate sales tax. If your organization's address has already been entered for other commercial purchases through Microsoft Store, or through other online purchases such as Office 365 or Azure subscriptions, then we’ll use the same address in Microsoft Store for Business and Microsoft Store for Education. If we don’t have an address, we’ll ask you to enter it during your first purchase. -We need an email address in case we need to contact you about your Microsoft Store for Business and for Education account. This email account should reach the admin for your organization’s Office 365 or Azure AD tenant that is used with Microsoft Store. +We need an email address in case we need to contact you about your Microsoft Store for Business and for Education account. This email account should reach the admin for your organization’s Office 365 or Azure AD tenant that is used with Microsoft Store. **To update Organization information** 1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com) 2. Click **Manage**, click **Billing**, **Account profile**, and then click **Edit**. -## Organization tax information +## Organization tax information Taxes for Microsoft Store for Business purchases are determined by your business address. Businesses in these countries can provide their VAT number or local equivalent: - Austria - Belgium @@ -72,7 +72,7 @@ Taxes for Microsoft Store for Business purchases are determined by your business - Switzerland - United Kingdom -These countries can provide their VAT number or local equivalent in **Payments & billing**. +These countries can provide their VAT number or local equivalent in **Payments & billing**. |Market| Tax identifier | |------|----------------| @@ -84,9 +84,9 @@ These countries can provide their VAT number or local equivalent in **Payments & | Monaco | VAT ID (optional) | | Taiwan | VAT ID (optional) | -### Tax-exempt status +### Tax-exempt status -If you qualify for tax-exempt status in your market, start a service request to establish tax exempt status for your organization. +If you qualify for tax-exempt status in your market, start a service request to establish tax exempt status for your organization. **To start a service request** 1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com). @@ -98,14 +98,14 @@ You’ll need this documentation: |------------------|----------------| | United States | Sales Tax Exemption Certificate | | Canada | Certificate of Exemption (or equivalent letter of authorization) | -| Ireland | 13B/56A Tax Exemption Certificate| +| Ireland | 13B/56A Tax Exemption Certificate| | International organizations that hold tax exaemption | Certification / letter confirmation from local tax authorities | ### Calculating tax -Sales taxes are calculated against the unit price, and then aggregated. - +Sales taxes are calculated against the unit price, and then aggregated. + For example:
    (unit price X tax rate) X quantity = total sales tax @@ -114,36 +114,36 @@ For example:
    ($1.29 X .095) X 100 = $12.25 ## Payment options -You can purchase apps from Microsoft Store for Business using your credit card. You can enter your credit card information on Account Information, or when you purchase an app. We currently accept these credit cards: -1. VISA -2. MasterCard -3. Discover -4. American Express +You can purchase apps from Microsoft Store for Business using your credit card. You can enter your credit card information on Account Information, or when you purchase an app. We currently accept these credit cards: +1. VISA +2. MasterCard +3. Discover +4. American Express 5. Japan Commercial Bureau (JCB) > [!NOTE] > Not all cards available in all countries. When you add a payment option, Microsoft Store for Business shows which cards are available in your region. -**To add a new payment option** +**To add a new payment option** -1. Sign in to the [Store for Business](http://businessstore.microsoft.com) or [Store for Education](https://educationstore.microsoft.com). -2. Click **Manage**, click **Billing**, and then click **Payments methods**. -3. Click **Add a payment options**, and then select the type of credit card that you want to add. -4. Add information to required fields, and then click **Next**. +1. Sign in to the [Store for Business](https://businessstore.microsoft.com) or [Store for Education](https://educationstore.microsoft.com). +2. Click **Manage**, click **Billing**, and then click **Payments methods**. +3. Click **Add a payment options**, and then select the type of credit card that you want to add. +4. Add information to required fields, and then click **Next**. -Once you click Next, the information you provided will be validated with a test authorization transaction and, if validated, the payment option will be added to your list of available payment options. Otherwise, you will be prompted for additional information or notified if there are any problems. +Once you click Next, the information you provided will be validated with a test authorization transaction and, if validated, the payment option will be added to your list of available payment options. Otherwise, you will be prompted for additional information or notified if there are any problems. > [!NOTE] -> When adding credit or debit cards, you may be prompted to enter a CVV. The CVV is only used for verification purposes and is not stored in our systems after validation. +> When adding credit or debit cards, you may be prompted to enter a CVV. The CVV is only used for verification purposes and is not stored in our systems after validation. -**To update a payment option** +**To update a payment option** + +1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). +2. Click **Manage**, click **Billing**, and then click **Payments methods**. +3. Select the payment option that you want to update, and then click **Update**. +4. Enter any updated information in the appropriate fields, and then click **Next**. +Once you click **Next**, the information you provided will be validated with a test authorization transaction and, if validated, the payment option will be added to your list of available payment options. Otherwise, you will be prompted for additional information or notified if there are any problems. -1. Sign in to the [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). -2. Click **Manage**, click **Billing**, and then click **Payments methods**. -3. Select the payment option that you want to update, and then click **Update**. -4. Enter any updated information in the appropriate fields, and then click **Next**. -Once you click **Next**, the information you provided will be validated with a test authorization transaction and, if validated, the payment option will be added to your list of available payment options. Otherwise, you will be prompted for additional information or notified if there are any problems. - > [!NOTE] > Certain actions, like updating or adding a payment option, require temporary “test authorization” transactions to validate the payment option. These may appear on your statement as $0.00 authorizations or as small pending transactions. These transactions are temporary and should not impact your account unless you make several changes in a short period of time, or have a low balance. @@ -151,15 +151,15 @@ Once you click **Next**, the information you provided will be validated with a Offline licensing is a new licensing option for Windows 10. With offline licenses, organizations can cache apps and their licenses to deploy within their network. ISVs or devs can opt-in their apps for offline licensing when they submit them to the developer center. Only apps that are opted in to offline licensing will show that they are available for offline licensing in Microsoft Store for Business. This model means organizations can deploy apps when users or devices do not have connectivity to the Store. For more information on Microsoft Store for Business licensing model, see [licensing model](https://docs.microsoft.com/microsoft-store/apps-in-microsoft-store-for-business#licensing-model). -Admins can decide whether or not offline licenses are shown for apps in Microsoft Store. +Admins can decide whether or not offline licenses are shown for apps in Microsoft Store. **To set offline license visibility** -1. Sign in to the [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). -2. Click **Manage**, and then click **Settings - Shop**. +1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). +2. Click **Manage**, and then click **Settings - Shop**. 3. Under **Shopping experience** turn on or turn off **Show offline apps**,to show availability for offline-licensed apps. You have the following distribution options for offline-licensed apps: - Include the app in a provisioning package, and then use it as part of imaging a device. -- Distribute the app through a management tool. +- Distribute the app through a management tool. For more information, see [Distribute apps to your employees from Microsoft Store for Business](distribute-apps-with-management-tool.md). \ No newline at end of file diff --git a/store-for-business/whats-new-microsoft-store-business-education.md b/store-for-business/whats-new-microsoft-store-business-education.md index e2988a84c9..45d4c68486 100644 --- a/store-for-business/whats-new-microsoft-store-business-education.md +++ b/store-for-business/whats-new-microsoft-store-business-education.md @@ -8,7 +8,7 @@ ms.pagetype: store author: TrudyHa ms.author: TrudyHa ms.topic: conceptual -ms.date: 5/31/2018 +ms.date: 10/31/2018 --- # What's new in Microsoft Store for Business and Education @@ -17,31 +17,39 @@ Microsoft Store for Business and Education regularly releases new and improved f ## Latest updates for Store for Business and Education -**May 2018** - +**October 2018** | | | -|--------------------------------------|---------------------------------| -| ![performance icon](images/edu-icon.png) |**Immersive Reader app in Microsoft Store for Education**

    Microsoft Immersive Reader is now available for education organizations using Microsoft Store for Education. This app is a free tool that uses proven techniques to improve reading and writing for people regardless of their age or ability. You can add the app to your private store, so students can easily install and use it. Check out and download [Immersive Reader](https://educationstore.microsoft.com/en-us/store/details/immersive-reader/9PJZQZ821DQ2).

    **Applies to**:
    Microsoft Store for Education | +|-----------------------|---------------------------------| +| ![Security groups](images/security-groups-icon.png) |**Use security groups with Private store apps**

    On the details page for apps in your private store, you can set **Private store availability**. This allows you to choose which security groups can see an app in the private store.

    [Get more info](https://docs.microsoft.com/microsoft-store/app-inventory-management-microsoft-store-for-business#private-store-availability)

    **Applies to**:
    Microsoft Store for Business
    Microsoft Store for Education | - - ## Previous releases and updates +[September 2018](release-history-microsoft-store-business-education.md#september-2018) +- Performance improvements + +[August 2018](release-history-microsoft-store-business-education.md#august-2018) +- App requests + +[July 2018](release-history-microsoft-store-business-education.md#july-2018) +- Bug fixes and performance improvements + +[June 2018](release-history-microsoft-store-business-education.md#june-2018) +- Change order within private store collection +- Performance improvements in private store + +[May 2018](release-history-microsoft-store-business-education.md#may-2018) +- Immersive Reading app available in Microsoft Store for Education + [April 2018](release-history-microsoft-store-business-education.md#april-2018) - Assign apps to larger groups - Change collection order in private store @@ -61,7 +69,7 @@ We’ve been working on bug fixes and performance improvements to provide you a - Microsoft Product and Services Agreement customers can invite people to take roles [December 2017](release-history-microsoft-store-business-education.md#december-2017) -- Bug fixes and permformance improvements +- Bug fixes and performance improvements [November 2017](release-history-microsoft-store-business-education.md#november-2017) - Export list of Minecraft: Education Edition users @@ -77,5 +85,4 @@ We’ve been working on bug fixes and performance improvements to provide you a - Manage prepaid Office 365 subscriptions - Manage Office 365 subscriptions acquired by partners - Edge extensions in Microsoft Store -- Search results in Microsoft Store for Business - +- Search results in Microsoft Store for Business \ No newline at end of file diff --git a/store-for-business/work-with-partner-microsoft-store-business.md b/store-for-business/work-with-partner-microsoft-store-business.md new file mode 100644 index 0000000000..0f30df6697 --- /dev/null +++ b/store-for-business/work-with-partner-microsoft-store-business.md @@ -0,0 +1,81 @@ +--- +title: Work with solution providers in Microsoft Store for Business and Education (Windows 10) +description: You can work with Microsoft-certified solution providers to purchase and manage products and services for your organization or school. +keywords: partner, solution provider +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.pagetype: store +author: TrudyHa +ms.author: TrudyHa +ms.topic: conceptual +ms.date: 10/12/2018 +--- + +# Working with solution providers in Microsoft Store for Business + +You can work with Microsoft-certified solution providers to purchase and manage products and services for your organization or school. There's a few steps involved in getting the things set up. + +The process goes like this: +- Admins find and contact a solution provider using **Find a solution provider** in Microsoft Store for Business. +- Solution providers send a request from Partner center to customers to become their solution provider. +- Customers accept the invitation in Microsoft Store for Business and start working with the solution provider. +- Customers can manage settings for the relationship with Partner in Microsoft Store for Business. + +## What can a solution provider do for my organization or school? + +There are several ways that a solution provider can work with you. Solution providers will choose one of these when they send their request to work as a partner with you. + +| Solution provider function | Description | +| ------ | ------------------- | +| Reseller | Solution providers sell Microsoft products to your organization or school. | +| Delegated administrator | Solution provider manages products and services for your organization or school. In Azure Active Directory (AD), the Partner will be a Global Administrator for tenant. This allows them to manage services like creating user accounts, assigning and managing licenses, and password resets. | +| Reseller & delegated administrator | Solution providers that sell and manage Microsoft products and services to your organization or school. | +| Partner | You can give your solution provider a user account in your tenant, and they work on your behalf with other Microsoft services. | +| Microsoft Products & Services Agreement (MPSA) partner | If you've worked with multiple solution providers through the MPSA program, you can allow partners to see purchases made by each other. | +| OEM PC partner | Solution providers can upload device IDs for PCs that you're [managing with Autopilot](https://docs.microsoft.com/microsoft-store/add-profile-to-devices). | +| Line-of-business (LOB) partner | Solution providers can develop, submit, and manage LOB apps specific for your organization or school. | + +## Find a solution provider + +You can find partner in Microsoft Store for Business and Education. + +1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com/) or [Microsoft Store for Education](https://educationstore.microsoft.com/). +2. Select **Find a solution provider**. + + ![Image shows Find a solution provider option in Microsoft Store for Business.](images/msfb-find-partner.png) + +3. Refine the list, or search for a solution provider. + + ![Image shows Find a solution provider option in Microsoft Store for Business.](images/msfb-provider-list.png) + +4. When you find a solution provider you're interested in working with, click **Contact**. +5. Complete and send the form. + +The solution provider will get in touch with you. You'll have a chance to learn more about them. If you decide to work with the solution provider, they will send you an email invitation from Partner Center. + +## Work with a solution provider + +Once you've found a solution provider and decided to work with them, they'll send you an invitation to work together from Partner Center. In Microsoft Store for Business or Education, you'll need to accept the invitation. After that, you can manage their permissions. + +**To accept a solution provider invitation** +1. **Follow email link** - You'll receive an email with a link to accept the solution provider invitation from your solution provider. The link will take you to Microsoft Store for Business or Education. +2. **Accept invitation** - On **Accept Partner Invitation**, select **Authorize** to accept the invitation, accept terms of the Microsoft Cloud Agreement, and start working with the solution provider. + +![Image shows accepting an invitation from a solution provider in Microsoft Store for Business.](images/msft-accept-partner.png) + +## Delegate admin privileges + +Depending on the request made by the solution provider, part of accepting the invitation will include agreeing to give delegated admin privileges to the solution provider. This will happen when the solution provider request includes acting as a delegated administrator. For more information, see [Delegated admin privileges in Azure AD](https://docs.microsoft.com/partner-center/customers_revoke_admin_privileges#delegated-admin-privileges-in-azure-ad). + +If you don't want to delegate admin privileges to the solution provider, you'll need to cancel the invitation instead of accepting it. + +If you delegate admin privileges to a solution provider, you can remove that later. + +**To remove delegate admin privileges** +1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com/) or [Microsoft Store for Education](https://educationstore.microsoft.com/). +2. Select **Partner** +3. Choose the Partner you want to manage. +4. Select **Remove Delegated Permissions**. + +The solution provider will still be able to work with you, for example, as a Reseller. diff --git a/windows/access-protection/docfx.json b/windows/access-protection/docfx.json index 4d805de5fe..f27666d0fd 100644 --- a/windows/access-protection/docfx.json +++ b/windows/access-protection/docfx.json @@ -36,7 +36,6 @@ "ms.technology": "windows", "ms.topic": "article", "ms.author": "justinha", - "ms.date": "04/05/2017", "_op_documentIdPathDepotMapping": { "./": { "depot_name": "MSDN.win-access-protection" diff --git a/windows/application-management/TOC.md b/windows/application-management/TOC.md index e726c4d38f..110f01c7b0 100644 --- a/windows/application-management/TOC.md +++ b/windows/application-management/TOC.md @@ -4,6 +4,7 @@ ## [Enable or block Windows Mixed Reality apps in the enterprise](manage-windows-mixed-reality.md) ## [Understand apps in Windows 10](apps-in-windows-10.md) ## [Add apps and features in Windows 10](add-apps-and-features.md) +## [Repackage win32 apps in the MSIX format](msix-app-packaging-tool.md) ## [Application Virtualization (App-V) for Windows](app-v/appv-for-windows.md) ### [Getting Started with App-V](app-v/appv-getting-started.md) #### [What's new in App-V for Windows 10, version 1703 and earlier](app-v/appv-about-appv.md) diff --git a/windows/application-management/app-v/appv-about-appv.md b/windows/application-management/app-v/appv-about-appv.md index f0f2f8eb1a..eac656ed68 100644 --- a/windows/application-management/app-v/appv-about-appv.md +++ b/windows/application-management/app-v/appv-about-appv.md @@ -40,7 +40,7 @@ Previous versions of App-V have required you to manually remove your unpublished With Windows 10, version 1607 and later releases, App-V is now included with [Windows 10 for Enterprise and Windows 10 for Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home) and is no longer part of the Microsoft Desktop Optimization Pack. -To learn more about earlier versions of App-V, see [MDOP Information Experience](https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/index). +To learn more about earlier versions of App-V, see [MDOP Information Experience](https://docs.microsoft.com/microsoft-desktop-optimization-pack/index). The changes in App-V for Windows 10, version 1607 impact existing implementations of App-V in the following ways: diff --git a/windows/application-management/app-v/appv-auto-batch-sequencing.md b/windows/application-management/app-v/appv-auto-batch-sequencing.md index 508ae9f351..9a0407dafc 100644 --- a/windows/application-management/app-v/appv-auto-batch-sequencing.md +++ b/windows/application-management/app-v/appv-auto-batch-sequencing.md @@ -81,60 +81,6 @@ Where `````` is the name of the virtual machine (VM) with the App-V The cmdlet creates a "clean" checkpoint on the VM. Next, the cmdlet copies the first app installer listed in the ConfigFile from the Host computer to the VM, and finally a new session of the VM opens (through VMConnect) and sequencing of the app begins from the command-line. After completing sequencing and package creation for the first app on the VM, the package is copied from the VM to the Host computer, specified in the *OutputPath* parameter. The cmdlet then goes to the second app on your list, reverting the VM back to a "clean" checkpoint and running through all of the steps again, until the second app package is copied to your output folder. This process continues until all apps included in your list are done. After the last app, the VM is reverted back to a "clean" checkpoint and turned off. -### Sequence multiple apps by using the App-V Sequencer interface - -Sequencing multipe apps at the same time requires that you create a **ConfigFIle** to collect all of the info related to each round of sequencing. This file is then used by the App-V Sequencer interface after creating a "clean" checkpoint on your VM. - -#### Create your ConfigFile for use by the App-V Sequencer interface - -1. Determine the apps that need to be included in your App-V sequencing package, and then open a text editor, such as Notepad. - -2. Add the following required XML info for each app: - - - ``````. The name of the app you're adding to the package. - - ``````. The file path to the folder with the app installer. - - ``````. The file name for the app executable. This will typically be an .exe or .msi file. - - ``````. The maximum amount of time, in minutes, that the cmdlet should wait for sequencing to complete. You can enter a different value for each app, based on the size and complexity of the app itself. - - ``````. Determines whether the sequencer uses the cmdlet or the App-V Sequencer interface. **True** tells the sequencer to usea cmdlet-based sequencing, while **False** tells the sequencer to use the App-V Sequencer interface. You can use both the cmdlet and the interface together in the same ConfigFile, for different apps. - - ``````. Indicates whether the app should be sequenced. **True** includes the app, while **False** ignores it. You can include as many apps as you want in the batch file, but optionally enable only a few of them. - - **Example:** - - ```XML - - - - Skype for Windows - D:\Install\New\SkypeforWindows - SkypeSetup.exe - 20 - False - True - - - Power BI - D:\Install\New\MicrosoftPowerBI - PBIDesktop.msi - 20 - False - True - - - - ``` - -#### How to start the App-V Sequencer interface and app installation process - -Open PowerShell as an admin on the Host computer and run the following commands to start the batch sequencing: - -```PowerShell -New-BatchAppVSequencerPackages –ConfigFile –VMName -OutputPath -``` - -Where `````` is the name of the virtual machine (VM) with the App-V Sequencer installed, where you'll run the batch sequencing, and `````` is the full path to where the sequenced packages should be copied. - -The cmdlet creates a "clean" checkpoint on the VM. Next, the cmdlet copies the first app installer listed in the ConfigFile from the Host computer to the VM, and finally a new session of the VM opens (through VMConnect) and sequencing of the app begins from the command-line. After completing sequencing and package creation for the first app on the VM, the package is copied from the VM to the Host computer, specified in the OutputPath parameter. The cmdlet then goes to the second app on your list, reverting the VM back to a "clean" checkpoint and running through all of the steps again, until the second app package is copied to your output folder. This process continues until all apps included in your list are done. After the last app, the VM is reverted back to a "clean" checkpoint and turned off. - ### Review the log files There are 3 types of log files that occur when you sequence multiple apps at the same time: @@ -147,7 +93,7 @@ There are 3 types of log files that occur when you sequence multiple apps at the - [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) - [How to install the App-V Sequencer](appv-install-the-sequencer.md) -- [Learn about Hyper-V on Windows Server 2016](https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/hyper-v-on-windows-server) +- [Learn about Hyper-V on Windows Server 2016](https://technet.microsoft.com/windows-server-docs/compute/hyper-v/hyper-v-on-windows-server) - [Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-provision-a-vm.md) - [Manually sequence a single app using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-sequence-a-new-application.md) - [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-updating.md) @@ -155,4 +101,4 @@ There are 3 types of log files that occur when you sequence multiple apps at the ## Have a suggestion for App-V? -Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). \ No newline at end of file +Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). diff --git a/windows/application-management/app-v/appv-auto-batch-updating.md b/windows/application-management/app-v/appv-auto-batch-updating.md index ff99b0273a..324dc031b3 100644 --- a/windows/application-management/app-v/appv-auto-batch-updating.md +++ b/windows/application-management/app-v/appv-auto-batch-updating.md @@ -147,7 +147,7 @@ There are three types of log files that occur when you sequence multiple apps at - [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) - [How to install the App-V Sequencer](appv-install-the-sequencer.md) -- [Learn about Hyper-V on Windows Server 2016](https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/hyper-v-on-windows-server) +- [Learn about Hyper-V on Windows Server 2016](https://technet.microsoft.com/windows-server-docs/compute/hyper-v/hyper-v-on-windows-server) - [Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-provision-a-vm.md) - [Manually sequence a single app using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-sequence-a-new-application.md) - [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-sequencing.md) diff --git a/windows/application-management/app-v/appv-auto-provision-a-vm.md b/windows/application-management/app-v/appv-auto-provision-a-vm.md index 73c3fb6cdf..b71dacce5a 100644 --- a/windows/application-management/app-v/appv-auto-provision-a-vm.md +++ b/windows/application-management/app-v/appv-auto-provision-a-vm.md @@ -51,7 +51,7 @@ For this process to work, you must have a base operating system available as a V After you have a VHD file, you must provision your VM for auto-sequencing. 1. On the Host device, install Windows 10, version 1703 and the **Microsoft Application Virtualization (App-V) Auto Sequencer** component from the matching version of the Windows Assessment and Deployment Kit (ADK). For more info on how to install the App-V Sequencer, see [Install the App-V Sequencer](appv-install-the-sequencer.md). -2. Make sure that Hyper-V is turned on. For more info about turning on and using Hyper-V, see [Hyper-V on Windows Server 2016](https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/hyper-v-on-windows-server). +2. Make sure that Hyper-V is turned on. For more info about turning on and using Hyper-V, see [Hyper-V on Windows Server 2016](https://technet.microsoft.com/windows-server-docs/compute/hyper-v/hyper-v-on-windows-server). 3. Open PowerShell as an admin and run the **New-AppVSequencerVM** cmdlet, using the following parameters: ```PowerShell @@ -123,7 +123,7 @@ After you sequence your packages, you can automatically clean up any unpublished - [Download the **Convert-WindowsImage** tool](https://www.powershellgallery.com/packages/Convert-WindowsImage/10.0) - [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) - [How to install the App-V Sequencer](appv-install-the-sequencer.md) -- [Learn about Hyper-V on Windows Server 2016](https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/hyper-v-on-windows-server) +- [Learn about Hyper-V on Windows Server 2016](https://technet.microsoft.com/windows-server-docs/compute/hyper-v/hyper-v-on-windows-server) ## Have a suggestion for App-V? diff --git a/windows/application-management/app-v/appv-available-mdm-settings.md b/windows/application-management/app-v/appv-available-mdm-settings.md index d890609518..acc5e6e812 100644 --- a/windows/application-management/app-v/appv-available-mdm-settings.md +++ b/windows/application-management/app-v/appv-available-mdm-settings.md @@ -10,7 +10,7 @@ ms.date: 06/15/2018 --- # Available Mobile Device Management (MDM) settings for App-V -With Windows 10, version 1703, you can configure, deploy, and manage your App-V apps with the following Mobile Device Management (MDM) settings. For the full list of available settings, see the [EnterpriseAppVManagement CSP](https://msdn.microsoft.com/en-us/windows/hardware/commercialize/customize/mdm/enterpriseappvmanagement-csp) page. +With Windows 10, version 1703, you can configure, deploy, and manage your App-V apps with the following Mobile Device Management (MDM) settings. For the full list of available settings, see the [EnterpriseAppVManagement CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterpriseappvmanagement-csp) page. |Policy name|Supported versions|URI full path|Data type|Values| |---|---|---|---|---| diff --git a/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md b/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md index 8c896d56e2..2fbf152ae4 100644 --- a/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md +++ b/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md @@ -46,13 +46,13 @@ For more about adding or upgrading packages, see [How to add or upgrade packages Add-AppvClientConnectionGroup ``` - For more information about how to use the **Add-AppvClientConnectionGroup** cmdlet, see [**Add-AppvClientConnectionGroup**](https://docs.microsoft.com/en-us/powershell/module/appvclient/add-appvclientconnectiongroup?view=win10-ps). + For more information about how to use the **Add-AppvClientConnectionGroup** cmdlet, see [**Add-AppvClientConnectionGroup**](https://docs.microsoft.com/powershell/module/appvclient/add-appvclientconnectiongroup?view=win10-ps). 4. When you upgrade a package, use the following cmdlets to remove the old package, add the upgraded package, and publish the upgraded package: - - [**Remove-AppvClientPackage**](https://docs.microsoft.com/en-us/powershell/module/appvclient/remove-appvclientpackage?view=win10-ps) - - [**Add-AppvClientPackage**](https://docs.microsoft.com/en-us/powershell/module/appvclient/add-appvclientpackage?view=win10-ps) - - [**Publish-AppvClientPackage**](https://docs.microsoft.com/en-us/powershell/module/appvclient/publish-appvclientpackage?view=win10-ps) + - [**Remove-AppvClientPackage**](https://docs.microsoft.com/powershell/module/appvclient/remove-appvclientpackage?view=win10-ps) + - [**Add-AppvClientPackage**](https://docs.microsoft.com/powershell/module/appvclient/add-appvclientpackage?view=win10-ps) + - [**Publish-AppvClientPackage**](https://docs.microsoft.com/powershell/module/appvclient/publish-appvclientpackage?view=win10-ps) For more information, see [How to manage App-V packages running on a stand-alone computer by using Windows PowerShell](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md). diff --git a/windows/application-management/app-v/appv-create-and-use-a-project-template.md b/windows/application-management/app-v/appv-create-and-use-a-project-template.md index ee730d4a21..54c4e39515 100644 --- a/windows/application-management/app-v/appv-create-and-use-a-project-template.md +++ b/windows/application-management/app-v/appv-create-and-use-a-project-template.md @@ -49,7 +49,7 @@ After creating the template, you can apply it to all of your new virtual app pac - [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) - [How to install the App-V Sequencer](appv-install-the-sequencer.md) -- [Learn about Hyper-V on Windows Server 2016](https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/hyper-v-on-windows-server) +- [Learn about Hyper-V on Windows Server 2016](https://technet.microsoft.com/windows-server-docs/compute/hyper-v/hyper-v-on-windows-server) - [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-sequencing.md) - [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-updating.md) - [Manually sequence a new app using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-sequence-a-new-application.md) diff --git a/windows/application-management/app-v/appv-delete-a-connection-group.md b/windows/application-management/app-v/appv-delete-a-connection-group.md index b6e27aece2..ee3f71058e 100644 --- a/windows/application-management/app-v/appv-delete-a-connection-group.md +++ b/windows/application-management/app-v/appv-delete-a-connection-group.md @@ -1,34 +1,30 @@ --- -title: How to Delete a Connection Group (Windows 10) -description: How to Delete a Connection Group +title: How to delete a connection group (Windows 10) +description: How to delete a connection group. author: MaggiePucciEvans ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 -ms.date: 04/19/2017 +ms.date: 09/27/2018 --- +# How to delete a connection group - -# How to Delete a Connection Group - -**Applies to** -- Windows 10, version 1607 +>Applies to: Windows 10, version 1607 Use the following procedure to delete an existing App-V connection group. -**To delete a connection group** +## Delete a connection group -1. Open the App-V Management Console and select **CONNECTION GROUPS**. +1. Open the App-V Management Console and select **CONNECTION GROUPS**. -2. Right-click the connection group to be removed, and select **delete**. +2. Right-click the connection group to be removed and select **delete**. ## Have a suggestion for App-V? -Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
    For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). +Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). ## Related topics -[Operations for App-V](appv-operations.md) - -[Managing Connection Groups](appv-managing-connection-groups.md) +- [Operations for App-V](appv-operations.md) +- [Managing connection groups](appv-managing-connection-groups.md) diff --git a/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md b/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md index 0a3464836a..81a067b1eb 100644 --- a/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md +++ b/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md @@ -1,32 +1,29 @@ --- -title: How to Delete a Package in the Management Console (Windows 10) -description: How to Delete a Package in the Management Console +title: How to delete a package in the Management Console (Windows 10) +description: How to delete a package in the Management Console. author: MaggiePucciEvans ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 -ms.date: 04/19/2017 +ms.date: 09/27/2018 --- +# How to delete a package in the Management Console - -# How to Delete a Package in the Management Console - -**Applies to** -- Windows 10, version 1607 +>Applies to: Windows 10, version 1607 Use the following procedure to delete an App-V package. -**To delete a package in the Management Console** +## Delete a package in the Management Console -1. To view the package you want to delete, open the App-V Management Console and select **Packages**. Select the package to be removed. +1. To view the package you want to delete, open the App-V Management Console and select **Packages**. Select the package to be removed. -2. Click or right-click the package. Select **Delete** to remove the package. +2. Select or right-click the package, then select **Delete** to remove the package. ## Have a suggestion for App-V? -Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
    For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). +Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). ## Related topics -[Operations for App-V](appv-operations.md) +- [Operations for App-V](appv-operations.md) diff --git a/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md index 439a1617b9..29eafeeefa 100644 --- a/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md +++ b/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md @@ -1,45 +1,45 @@ --- -title: How to deploy App-V Packages Using Electronic Software Distribution (Windows 10) -description: How to deploy App-V Packages Using Electronic Software Distribution +title: How to deploy App-V packages using electronic software distribution (Windows 10) +description: How to deploy App-V packages using electronic software distribution. author: MaggiePucciEvans ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 -ms.date: 04/19/2017 +ms.date: 09/27/2018 --- - # How to deploy App-V packages using electronic software distribution -**Applies to** -- Windows 10, version 1607 +>Applies to: Windows 10, version 1607 You can use an electronic software distribution (ESD) system to deploy App-V virtual applications to App-V clients. -For component requirements and options for using an ESD to deploy App-V packages, see [Planning to Deploy App-V with an Electronic Software Distribution System](appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md). +For component requirements and options for using an ESD to deploy App-V packages, see [Planning to deploy App-V with an electronic software distribution system](appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md). Use one of the following methods to publish packages to App-V client computers with an ESD: +- Use the functionality in a third-party ESD. +- Install the application on the target client computer with the associated Windows Installer (.msi) file that's created when you initially sequence the application. The .msi file contains the associated App-V package file information used to configure a package and copies the required package files to the client. +- Use Windows PowerShell cmdlets to deploy virtualized applications. For more information about using Windows PowerShell and App-V, see [Administering App-V by using Windows PowerShell](appv-administering-appv-with-powershell.md). + | Method | Description | -| - | - | -| Functionality provided by a third-party ESD | Use the functionality in a third-party ESD.| +|---|---| +| Functionality provided by a third-party ESD | Use the functionality in a third-party ESD.| | Stand-alone Windows Installer | Install the application on the target client computer by using the associated Windows Installer (.msi) file that is created when you initially sequence an application. The Windows Installer file contains the associated App-V package file information used to configure a package and copies the required package files to the client. | -| Windows PowerShell | Use Windows PowerShell cmdlets to deploy virtualized applications. For more information about using Windows PowerShell and App-V, see [Administering App-V by using Windows PowerShell](appv-administering-appv-with-powershell.md).| +| Windows PowerShell | Use Windows PowerShell cmdlets to deploy virtualized applications. For more information about using Windows PowerShell and App-V, see [Administering App-V by using Windows PowerShell](appv-administering-appv-with-powershell.md).| -  +## Deploy App-V packages with an ESD -**To deploy App-V packages by using an ESD** +1. Install the App-V Sequencer on a computer in your environment. For more information about installing the sequencer, see [How to install the Sequencer](appv-install-the-sequencer.md). -1. Install the App-V Sequencer on a computer in your environment. For more information about installing the sequencer, see [How to Install the Sequencer](appv-install-the-sequencer.md). +2. Use the App-V Sequencer to create a virtual application. To learn more about creating virtual applications, see [Creating and managing App-V virtualized applications](appv-creating-and-managing-virtualized-applications.md). -2. Use the App-V Sequencer to create virtual application. For information about creating a virtual application, see [Creating and Managing App-V Virtualized Applications](appv-creating-and-managing-virtualized-applications.md). - -3. After you create the virtual application, deploy the package by using your ESD solution. +3. After you create the virtual application, deploy the package by using your ESD solution. ## Have a suggestion for App-V? -Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
    For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). +Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). ## Related topics -- [Operations for App-V](appv-operations.md) +- [Operations for App-V](appv-operations.md) \ No newline at end of file diff --git a/windows/application-management/app-v/appv-deploy-the-appv-server.md b/windows/application-management/app-v/appv-deploy-the-appv-server.md index 4ffe1ba432..a8035796ac 100644 --- a/windows/application-management/app-v/appv-deploy-the-appv-server.md +++ b/windows/application-management/app-v/appv-deploy-the-appv-server.md @@ -27,7 +27,7 @@ ms.date: 04/18/2018 1. Download the App-V server components. All five App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package, which can be downloaded from either of the following locations: - * The [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/en-us/subscriptions/downloads/default.aspx#FileId=65215). You must have a MSDN subscription to download the MDOP ISO package from this site. + * The [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/subscriptions/downloads/default.aspx#FileId=65215). You must have a MSDN subscription to download the MDOP ISO package from this site. * The [Volume Licensing Service Center](https://www.microsoft.com/en-us/licensing/default.aspx) if you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home). 2. Copy the App-V server installation files to the computer on which you want to install it. 3. Start the App-V server installation by right-clicking and running **appv\_server\_setup.exe** as an administrator, and then click **Install**. diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md index 5d6bd60233..ce2b61a864 100644 --- a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md +++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md @@ -29,7 +29,7 @@ The following table shows the App-V versions, methods of Office package creation ## Creating Office 2010 App-V using the sequencer -Sequencing Office 2010 is one of the main methods for creating an Office 2010 package on App-V. Microsoft has provided a detailed recipe through a Knowledge Base article. For detailed instructions about how to create an Office 2010 package on App-V, see [How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/en-us/kb/2830069). +Sequencing Office 2010 is one of the main methods for creating an Office 2010 package on App-V. Microsoft has provided a detailed recipe through a Knowledge Base article. For detailed instructions about how to create an Office 2010 package on App-V, see [How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/kb/2830069). ## Creating Office 2010 App-V packages using package accelerators @@ -78,13 +78,13 @@ The following table provides a full list of supported integration points for Off ### Office 2013 App-V Packages Additional Resources -* [Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://support.microsoft.com/en-us/kb/2772509) +* [Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://support.microsoft.com/kb/2772509) ### Office 2010 App-V Packages * [Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://www.microsoft.com/en-us/download/details.aspx?id=38399) -* [Known issues when you create or use an App-V 5.0 Office 2010 package](https://support.microsoft.com/en-us/kb/2828619) -* [How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/en-us/kb/2830069) +* [Known issues when you create or use an App-V 5.0 Office 2010 package](https://support.microsoft.com/kb/2828619) +* [How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/kb/2830069) ### Connection Groups diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md index 7b63794730..35d2485f4b 100644 --- a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md +++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md @@ -35,7 +35,7 @@ Before you deploy Office with App-V, review the following requirements. |---|---| |Packaging|All Office applications you wish to deploy to users must be in a single package.
    In App-V and later, you must use the Office Deployment Tool to create packages. The Sequencer doesn't support package creation.
    If you're deploying Microsoft Visio 2013 and Microsoft Project 2013 along with Office, you must include them in the same package with Office. For more information, see [Deploying Visio 2013 and Project 2013 with Office](#bkmk-deploy-visio-project).| |Publishing|You can only publish one Office package per client computer.
    You must publish the Office package globally, not to the user.| -|Deploying Office 365 ProPlus, Visio Pro for Office 365, or Project Pro for Office 365 to a shared computer using Remote Desktop Services.|You must enable [shared computer activation](https://docs.microsoft.com/en-us/DeployOffice/overview-of-shared-computer-activation-for-office-365-proplus).
    You don’t need to use shared computer activation if you’re deploying a volume licensed product, such as Office Professional Plus 2013, Visio Professional 2013, or Project Professional 2013.| +|Deploying Office 365 ProPlus, Visio Pro for Office 365, or Project Pro for Office 365 to a shared computer using Remote Desktop Services.|You must enable [shared computer activation](https://docs.microsoft.com/DeployOffice/overview-of-shared-computer-activation-for-office-365-proplus).
    You don’t need to use shared computer activation if you’re deploying a volume licensed product, such as Office Professional Plus 2013, Visio Professional 2013, or Project Professional 2013.| ### Excluding Office applications from a package @@ -43,7 +43,7 @@ The following table describes the recommended methods for excluding specific Off |Task|Details| |---|---| -|Use the **ExcludeApp** setting when you create the package by using the Office Deployment Tool.|Enables you to exclude specific Office applications from the package when the Office Deployment Tool creates the package. For example, you can use this setting to create a package that contains only Microsoft Word.
    For more information, see [ExcludeApp element](https://docs.microsoft.com/en-us/DeployOffice/configuration-options-for-the-office-2016-deployment-tool?ui=en-US&rs=en-US&ad=US#excludeapp-element).| +|Use the **ExcludeApp** setting when you create the package by using the Office Deployment Tool.|Enables you to exclude specific Office applications from the package when the Office Deployment Tool creates the package. For example, you can use this setting to create a package that contains only Microsoft Word.
    For more information, see [ExcludeApp element](https://docs.microsoft.com/DeployOffice/configuration-options-for-the-office-2016-deployment-tool?ui=en-US&rs=en-US&ad=US#excludeapp-element).| |Modify the **DeploymentConfig.xml** file|Modify the **DeploymentConfig.xml** file after creating the package. This file contains the default package settings for all users on a computer running the App-V Client.
    For more information, see [Disabling Office 2013 applications](#bkmk-disable-office-apps).| ## Creating an Office 2013 package for App-V with the Office Deployment Tool @@ -302,7 +302,7 @@ Use the steps in this section to enable Office plug-ins with your Office package You may want to disable specific applications in your Office App-V package. For instance, you can disable Access, but leave all other Office application main available. When you disable an application, the end user will no longer see the shortcut for that application. You do not have to re-sequence the application. When you change the Deployment Configuration File after the Office 2013 App-V package has been published, you will save the changes, add the Office 2013 App-V package, then republish it with the new Deployment Configuration File to apply the new settings to Office 2013 App-V Package applications. >[!NOTE] ->To exclude specific Office applications (for example, Access and InfoPath) when you create the App-V package with the Office Deployment Tool, use the **ExcludeApp** setting. For more information, see [Reference for Click-to-Run configuration.xml file](https://docs.microsoft.com/en-us/DeployOffice/configuration-options-for-the-office-2016-deployment-tool#excludeapp-element). +>To exclude specific Office applications (for example, Access and InfoPath) when you create the App-V package with the Office Deployment Tool, use the **ExcludeApp** setting. For more information, see [Reference for Click-to-Run configuration.xml file](https://docs.microsoft.com/DeployOffice/configuration-options-for-the-office-2016-deployment-tool#excludeapp-element). #### To disable an Office 2013 application @@ -408,20 +408,20 @@ This section describes the requirements and options for deploying Visio 2013 and |Goal|Method| |---|---| |Create two different packages and deploy each one to a different group of users|Create and deploy the following packages:
    A package that contains only Office—deploy to computers whose users need only Office.
    A package that contains Office, Visio, and Project—deploy to computers whose users need all three applications.| -|Create just one package for the whole organization, or for users who share computers|Follow these steps:
    1. Create a package that contains Office, Visio, and Project.
    2. Deploy the package to all users.
    3. Use [AppLocker](https://docs.microsoft.com/en-us/windows/security/threat-protection/applocker/applocker-overview) to prevent specific users from using Visio and Project.| +|Create just one package for the whole organization, or for users who share computers|Follow these steps:
    1. Create a package that contains Office, Visio, and Project.
    2. Deploy the package to all users.
    3. Use [AppLocker](https://docs.microsoft.com/windows/security/threat-protection/applocker/applocker-overview) to prevent specific users from using Visio and Project.| ## Additional resources ### Additional resources for Office 2013 App-V Packages * [Office 2013 Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=36778) -* [Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://support.microsoft.com/en-us/kb/2772509) +* [Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://support.microsoft.com/kb/2772509) ### Additional resources for Office 2010 App-V Packages * [Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://www.microsoft.com/download/details.aspx?id=38399) -* [Known issues when you create or use an App-V 5.0 Office 2010 package](https://support.microsoft.com/en-us/kb/2828619) -* [How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/en-us/kb/2830069) +* [Known issues when you create or use an App-V 5.0 Office 2010 package](https://support.microsoft.com/kb/2828619) +* [How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/kb/2830069) ### Additional resources for Connection Groups diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md index e43a70509e..63932df3b0 100644 --- a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md +++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md @@ -1,6 +1,6 @@ --- -title: Deploying Microsoft Office 2016 by Using App-V (Windows 10) -description: Deploying Microsoft Office 2016 by Using App-V +title: Deploying Microsoft Office 2016 by using App-V (Windows 10) +description: Deploying Microsoft Office 2016 by using App-V author: MaggiePucciEvans ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy @@ -8,7 +8,7 @@ ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 --- -# Deploying Microsoft Office 2016 by Using App-V +# Deploying Microsoft Office 2016 by using App-V >Applies to: Windows 10, version 1607 @@ -35,7 +35,7 @@ Before you deploy Office with App-V, review the following requirements. |-----------|-------------------| | Packaging. | All Office applications that you deploy to users must be in a single package.
    In App-V 5.0 and later, you must use the Office Deployment Tool to create packages. The Sequencer doesn't support package creation.
    If you're deploying Microsoft Visio 2016 and Microsoft Project 2016 at the same time as Office, you must put them all in the same package. For more information, see [Deploying Visio 2016 and Project 2016 with Office](#deploying-visio-2016-and-project-2016-with-office). | | Publishing. | You can only publish one Office package per client computer.
    You must publish the Office package globally, not to the user. | -| Deploying Office 365 ProPlus, Visio Pro for Office 365, or Project Pro for Office 365 to a shared computer with Remote Desktop Services. | You must enable [shared computer activation](https://docs.microsoft.com/en-us/DeployOffice/overview-of-shared-computer-activation-for-office-365-proplus). | +| Deploying Office 365 ProPlus, Visio Pro for Office 365, or Project Pro for Office 365 to a shared computer with Remote Desktop Services. | You must enable [shared computer activation](https://docs.microsoft.com/DeployOffice/overview-of-shared-computer-activation-for-office-365-proplus). | ### Excluding Office applications from a package @@ -43,7 +43,7 @@ The following table describes the recommended methods for excluding specific Off |Task|Details| |-------------|---------------| -| Use the **ExcludeApp** setting when you create the package by using the Office Deployment Tool. | With this setting, you can exclude specific Office applications from the package that the Office Deployment Tool creates. For example, you can use this setting to create a package that contains only Microsoft Word.
    For more information, see [ExcludeApp element](https://docs.microsoft.com/en-us/DeployOffice/configuration-options-for-the-office-2016-deployment-tool?ui=en-US&rs=en-US&ad=US#excludeapp-element). | +| Use the **ExcludeApp** setting when you create the package by using the Office Deployment Tool. | With this setting, you can exclude specific Office applications from the package that the Office Deployment Tool creates. For example, you can use this setting to create a package that contains only Microsoft Word.
    For more information, see [ExcludeApp element](https://docs.microsoft.com/DeployOffice/configuration-options-for-the-office-2016-deployment-tool?ui=en-US&rs=en-US&ad=US#excludeapp-element). | | Modify the DeploymentConfig.xml file | Modify the DeploymentConfig.xml file after the package has been created. This file contains the default package settings for all users on a computer that is running the App-V Client.
    For more information, see [Disabling Office 2016 applications](#disabling-office-2016-applications). | ## Creating an Office 2016 package for App-V with the Office Deployment Tool @@ -120,7 +120,7 @@ The XML file included in the Office Deployment Tool specifies the product detail | Language element | Specifies which language the applications support. | `Language ID="en-us"` | | Version (attribute of **Add** element) | Optional. Specifies which build the package will use.
    Defaults to latest advertised build (as defined in v32.CAB at the Office source). | `16.1.2.3` | | SourcePath (attribute of **Add** element) | Specifies the location the applications will be saved to. | `Sourcepath = "\\Server\Office2016"` | - | Channel (part of **Add** element) | Optional. Defines which channel will be used to update Office after installation.
    The default is **Deferred** for Office 365 ProPlus and **Current** for Visio Pro for Office 365 and Project Online Desktop Client.
    For more information about update channels, see [Overview of update channels for Office 365 ProPlus](https://docs.microsoft.com/en-us/DeployOffice/overview-of-update-channels-for-office-365-proplus). | `Channel="Current"`
    `Channel="Deferred"`
    `Channel="FirstReleaseDeferred"`
    `Channel="FirstReleaseCurrent"` | + | Channel (part of **Add** element) | Optional. Defines which channel will be used to update Office after installation.
    The default is **Deferred** for Office 365 ProPlus and **Current** for Visio Pro for Office 365 and Project Online Desktop Client.
    For more information about update channels, see [Overview of update channels for Office 365 ProPlus](https://docs.microsoft.com/DeployOffice/overview-of-update-channels-for-office-365-proplus). | `Channel="Current"`
    `Channel="Deferred"`
    `Channel="FirstReleaseDeferred"`
    `Channel="FirstReleaseCurrent"` | After editing the **configuration.xml** file to specify the desired product, languages, and the location where the Office 2016 applications will be saved to, you can save the configuration file under a name of your choice, such as "Customconfig.xml." 2. **Download the applications into the specified location:** Use an elevated command prompt and a 64-bit operating system to download the Office 2016 applications that will later be converted into an App-V package. The following is an example command: @@ -369,7 +369,7 @@ The following table describes the requirements and options for deploying Visio 2 | Task | Details | |---------------------|---------------| | How do I package and publish Visio 2016 and Project 2016 with Office? | You must include Visio 2016 and Project 2016 in the same package with Office.
    If you are not deploying Office, you can create a package that contains Visio and/or Project, as long as you follow the packaging, publishing, and deployment requirements described in this topic. | -| How can I deploy Visio 2016 and Project 2016 to specific users? | Use one of the following methods:
    **To create two different packages and deploy each one to a different group of users**:
    Create and deploy the following packages:
    - A package that contains only Office—deploy to computers whose users need only Office.
    - A package that contains Office, Visio, and Project—deploy to computers whose users need all three applications.

    **To create only one package for the whole organization, or to create a package intended for users who share computers**:
    1. Create a package that contains Office, Visio, and Project.
    2. Deploy the package to all users.
    3. Use [AppLocker](https://docs.microsoft.com/en-us/windows/security/threat-protection/applocker/applocker-overview) to prevent specific users from using Visio and Project. | +| How can I deploy Visio 2016 and Project 2016 to specific users? | Use one of the following methods:
    **To create two different packages and deploy each one to a different group of users**:
    Create and deploy the following packages:
    - A package that contains only Office—deploy to computers whose users need only Office.
    - A package that contains Office, Visio, and Project—deploy to computers whose users need all three applications.

    **To create only one package for the whole organization, or to create a package intended for users who share computers**:
    1. Create a package that contains Office, Visio, and Project.
    2. Deploy the package to all users.
    3. Use [AppLocker](https://docs.microsoft.com/windows/security/threat-protection/applocker/applocker-overview) to prevent specific users from using Visio and Project. | ## Related topics diff --git a/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md index 79da7a2972..05f4985ae8 100644 --- a/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md +++ b/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md @@ -1,55 +1,34 @@ --- -title: Deploying App-V Packages by Using Electronic Software Distribution (ESD) -description: Deploying App-V Packages by Using Electronic Software Distribution (ESD) +title: Deploying App-V packages by using electronic software distribution (ESD) +description: Deploying App-V packages by using electronic software distribution (ESD) author: MaggiePucciEvans ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 -ms.date: 04/19/2017 +ms.date: 09/27/2018 --- +# Deploying App-V packages by using electronic software distribution (ESD) +>Applies to: Windows 10, version 1607 -# Deploying App-V Packages by Using Electronic Software Distribution (ESD) +You can deploy App-V packages using an electronic software distribution (ESD) solution. For information about planning to deploy App-V packages with an ESD, see [Planning to deploy App-V with an electronic software distribution system](appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md). -**Applies to** -- Windows 10, version 1607 - -You can deploy App-V packages using an Electronic Software Distribution (ESD) solution. For information about planning to deploy App-V packages with an ESD, see [Planning to Deploy App-V with an Electronic Software Distribution System](appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md). - -To deploy App-V packages with Microsoft System Center 2012 Configuration Manager, see [Introduction to Application Management in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682125.aspx#BKMK_Appv) +To learn how to deploy App-V packages with Microsoft System Center 2012 Configuration Manager, see [Introduction to application management in Configuration Manager](https://technet.microsoft.com/library/gg682125.aspx#BKMK_Appv) ## How to deploy virtualized packages using an ESD +To learn more about how to deploy virtualized packages using an ESD, see [How to deploy App-V packages using electronic software distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md). -Describes the methods you can use to deploy App-V packages by using an ESD. +## How to enable only administrators to publish packages by using an ESD -[How to deploy App-V Packages Using Electronic Software Distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md) +To learn how to configure the App-V client to enable only administrators to publish and unpublish packages when you’re using an ESD, see [How to enable only administrators to publish packages by using an ESD](appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md). -## How to Enable Only Administrators to Publish Packages by Using an ESD +## Related topics - -Explains how to configure the App-V client to enable only administrators to publish and unpublish packages when you’re using an ESD. - -[How to Enable Only Administrators to Publish Packages by Using an ESD](appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md) +- [App-V and Citrix integration](https://www.microsoft.com/en-us/download/details.aspx?id=40885) +- [Operations for App-V](appv-operations.md) ## Have a suggestion for App-V? - -Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
    For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). - -## Other resources for using an ESD and App-V - - -Use the following link for more information about [App-V and Citrix Integration](https://www.microsoft.com/en-us/download/details.aspx?id=40885). - -[Operations for App-V](appv-operations.md) - -  - -  - - - - - +Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). \ No newline at end of file diff --git a/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md b/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md index 58d77d2a5a..638235a066 100644 --- a/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md +++ b/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md @@ -1,6 +1,6 @@ --- -title: Deploying the App-V Sequencer and Configuring the Client (Windows 10) -description: Deploying the App-V Sequencer and Configuring the Client +title: Deploying the App-V Sequencer and configuring the client (Windows 10) +description: Deploying the App-V Sequencer and configuring the client author: MaggiePucciEvans ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy diff --git a/windows/application-management/app-v/appv-deploying-the-appv-server.md b/windows/application-management/app-v/appv-deploying-the-appv-server.md index 2b88ff503b..010925239a 100644 --- a/windows/application-management/app-v/appv-deploying-the-appv-server.md +++ b/windows/application-management/app-v/appv-deploying-the-appv-server.md @@ -40,13 +40,13 @@ App-V offers the following five server components, each of which serves a specif All five App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package, which can be downloaded from either of the following locations: -* The [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/en-us/subscriptions/downloads/default.aspx#FileId=65215). You must have a MSDN subscription to download the MDOP ISO package from this site. +* The [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/subscriptions/downloads/default.aspx#FileId=65215). You must have a MSDN subscription to download the MDOP ISO package from this site. * The [Volume Licensing Service Center](https://www.microsoft.com/en-us/licensing/default.aspx) if you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home). In large organizations, you might want to install more than one instance of the server components to get the following benefits. * Fault tolerance for situations when one of the servers is unavailable. -* High availability to balance server requests. A network load balancer can also help you acheive this. +* High availability to balance server requests. A network load balancer can also help you achieve this. * Scalability to support high loads. For example, you can install additional servers behind a network load balancer. ## App-V standalone deployment @@ -107,4 +107,4 @@ For more information, see [About App-V reporting](appv-reporting.md) and [How to ## Have a suggestion for App-V? -Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). \ No newline at end of file +Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). diff --git a/windows/application-management/app-v/appv-dynamic-configuration.md b/windows/application-management/app-v/appv-dynamic-configuration.md index 5cc4247912..e0b0f8d0f6 100644 --- a/windows/application-management/app-v/appv-dynamic-configuration.md +++ b/windows/application-management/app-v/appv-dynamic-configuration.md @@ -6,110 +6,84 @@ ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 -ms.date: 04/19/2017 +ms.date: 09/27/2018 --- +# About App-V dynamic configuration +>Applies to: Windows 10, version 1607 -# About App-V Dynamic Configuration +You can use dynamic configuration to customize an App-V package for a user. This article will tell you how to create or edit an existing dynamic configuration file. -**Applies to** -- Windows 10, version 1607 - -You can use the dynamic configuration to customize an App-V package for a user. Use the following information to create or edit an existing dynamic configuration file. - -When you edit the dynamic configuration file it customizes how an App-V package will run for a user or group. This helps to provide a more convenient method for package customization by removing the need to re-sequence packages using the desired settings, and provides a way to keep package content and custom settings independent. - -## Advanced: Dynamic Configuration +When you edit the Dynamic Configuration file, it customizes how an App-V package will run for a user or group. This makes package customization more convenient by removing the need to resequence packages using the desired settings and provides a way to keep package content and custom settings independent. +## Advanced: dynamic configuration Virtual application packages contain a manifest that provides all the core information for the package. This information includes the defaults for the package settings and determines settings in the most basic form (with no additional customization). If you want to adjust these defaults for a particular user or group, you can create and edit the following files: -- User Configuration file +- User Configuration file +- Deployment Configuration file -- Deployment configuration file +These .xml files specify package settings let you customize packages without directly affecting the packages. When a package is created, the sequencer automatically generates default deployment and user configuration .xml files using the package manifest data. These automatically generated configuration files reflect the package's default settings that were configured during sequencing. If you apply these configuration files to a package in the form generated by the sequencer, the packages will have the same default settings that came from their manifest. This provides you with a package-specific template to get started if any of the defaults must be changed. -The previous .xml files specify package settings and allow for packages to be customized without directly affecting the packages. When a package is created, the sequencer automatically generates default deployment and user configuration .xml files using the package manifest data. Therefore, these automatically generated configuration files simply reflect the default settings that the package innately as from how things were configured during sequencing. If you apply these configuration files to a package in the form generated by the sequencer, the packages will have the same default settings that came from their manifest. This provides you with a package-specific template to get started if any of the defaults must be changed. +>[!NOTE] +>The following information can only be used to modify sequencer generated configuration files to customize packages to meet specific user or group requirements. -**Note**   -The following information can only be used to modify sequencer generated configuration files to customize packages to meet specific user or group requirements. +## Dynamic Configuration file contents -  +All of the additions, deletions, and updates in the configuration files need to be made in relation to the default values specified by the package's manifest information. The following list represents the relationship between these files in how they'll be read, from most to least precedence: -### Dynamic Configuration file contents +- User Configuration .xml file +- Deployment Configuration .xml file +- Package Manifest -All of the additions, deletions, and updates in the configuration files need to be made in relation to the default values specified by the package's manifest information. Review the following table: +The first item represents what will be read last. Therefore, its content takes precedence. All packages inherently contain and provide default settings from the Package Manifest, but it also has the least precedence. If you apply a Deployment Configuration .xml file with customized settings, it will override the Package Manifest's defaults. If you apply a User Configuration .xml file with customized settings prior to that, it will override both the deployment configuration and the Package Manifest's defaults. - --- - - - - - - - - - - - -

    User Configuration .xml file

    Deployment Configuration .xml file

    Package Manifest

    +There are two types of configuration files: -  +- **User Configuration file (UserConfig)**: Allows you to specify or modify custom settings for a package. These settings will be applied for a specific user when the package is deployed to a computer running the App-V client. +- **Deployment Configuration file (DeploymentConfig)**: Allows you to specify or modify the default settings for a package. These settings will be applied for all users when a package is deployed to a computer running the App-V client. -The previous table represents how the files will be read. The first entry represents what will be read last, therefore, its content takes precedence. Therefore, all packages inherently contain and provide default settings from the package manifest. If a deployment configuration .xml file with customized settings is applied, it will override the package manifest defaults. If a user configuration .xml file with customized settings is applied prior to that, it will override both the deployment configuration and the package manifest defaults. +You can use the UserConfig file to customize the settings for a package for a specific set of users on a computer or make changes that will be applied to local user locations such as HKCU. You can use the DeploymentConfig file to modify the default settings of a package for all users on a machine or make changes that will be applied to global locations such as HKEY\_LOCAL\_MACHINE and the All Users folder. -The following list displays more information about the two file types: +The UserConfig file provides configuration settings that you can apply to a single user without affecting any other users on a client: -- **User Configuration File (UserConfig)** – Allows you to specify or modify custom settings for a package. These settings will be applied for a specific user when the package is deployed to a computer running the App-V client. +- Extensions that will be integrated into the native system per user: shortcuts, File-Type associations, URL Protocols, AppPaths, Software Clients, and COM. +- Virtual Subsystems: Application Objects, Environment variables, Registry modifications, Services, and Fonts. +- Scripts (user context only). -- **Deployment Configuration File (DeploymentConfig)** – Allows you to specify or modify the default settings for a package. These settings will be applied for all users when a package is deployed to a computer running the App-V client. +The DeploymentConfig file provides configuration settings in two sections, one relative to the machine context and one relative to the user context providing the same capabilities listed in the preceding UserConfig list: -To customize the settings for a package for a specific set of users on a computer or to make changes that will be applied to local user locations such as HKCU, the UserConfig file should be used. To modify the default settings of a package for all users on a machine or to make changes that will be applied to global locations such as HKEY\_LOCAL\_MACHINE and the all users folder, the DeploymentConfig file should be used. +- All UserConfig settings from the preceding section in this topic +- Extensions that can only be applied globally for all users +- Virtual Subsystems that can be configured for global machine locations, such as the registry +- Product Source URL +- Scripts (Machine context only) +- Controls to terminate child processes -The UserConfig file provides configuration settings that can be applied to a single user without affecting any other users on a client: - -- Extensions that will be integrated into the native system per user:- shortcuts, File-Type associations, URL Protocols, AppPaths, Software Clients and COM - -- Virtual Subsystems:- Application Objects, Environment variables, Registry modifications, Services and Fonts - -- Scripts (User context only) - -The DeploymentConfig file provides configuration settings in two sections, one relative to the machine context and one relative to the user context providing the same capabilities listed in the UserConfig list above: - -- All UserConfig settings above - -- Extensions that can only be applied globally for all users - -- Virtual Subsystems that can be configured for global machine locations e.g. registry - -- Product Source URL - -- Scripts (Machine context only) - -- Controls to Terminate Child Processes - -### File structure +## File structure The structure of the App-V Dynamic Configuration file is explained in the following section. -### Dynamic User Configuration file +## Dynamic User Configuration file -**Header** - the header of a dynamic user configuration file is as follows: +### Header -``` +The following is an example of a Dynamic User Configuration file's header: + +```xml ``` -The **PackageId** is the same value as exists in the Manifest file. +The **PackageId** is the same value that exists in the Manifest file. -**Body** - the body of the Dynamic User Configuration file can include all the app extension points that are defined in the Manifest file, as well as information to configure virtual applications. There are four subsections allowed in the body: +### Dynamic User Configuration file body -**Applications** - All app-extensions that are contained in the Manifest file within a package are assigned with an Application ID, which is also defined in the manifest file. This allows you to enable or disable all the extensions for a given application within a package. The **Application ID** must exist in the Manifest file or it will be ignored. +The Dynamic User Configuration file's body can include all app extension points defined in the Manifest file, as well as information to configure virtual applications. There are four subsections allowed in the body: -``` +**Applications**: All app-extensions contained in the Manifest file within a package are assigned with an Application ID, which is also defined in the manifest file. This allows you to enable or disable all the extensions for a given application within a package. The **Application ID** must exist in the Manifest file or it will be ignored. + +```xml @@ -120,9 +94,9 @@ The **PackageId** is the same value as exists in the Manifest file. ``` -**Subsystems** - AppExtensions and other subsystems are arranged as subnodes under the : +**Subsystems**: AppExtensions and other subsystems are arranged as subnodes under ``, as shown in the following example. -``` +```xml .. @@ -131,19 +105,21 @@ The **PackageId** is the same value as exists in the Manifest file. ``` -Each subsystem can be enabled/disabled using the “**Enabled**” attribute. Below are the various subsystems and usage samples. +Each subsystem can be enabled/disabled using the **Enabled** attribute. The following sections describe the various subsystems and usage samples. -**Extensions:** +### Dynamic User Configuration file extensions -Some subsystems (Extension Subsystems) control Extensions. Those subsystems are:- shortcuts, File-Type associations, URL Protocols, AppPaths, Software Clients and COM +Extension Subsystems control extensions. These subsystems are Shortcuts, File-Type associations, URL Protocols, AppPaths, Software Clients, and COM. -Extension Subsystems can be enabled and disabled independently of the content.  Thus if Shortcuts are enabled, The client will use the shortcuts contained within the manifest by default. Each Extension Subsystem can contain an node. If this child element is present, the client will ignore the content in the Manifest file for that subsystem and only use the content in the configuration file. +Extension Subsystems can be enabled and disabled independently of the content.  Therefore, if Shortcuts are enabled, the client will use the shortcuts contained within the manifest by default. Each Extension Subsystem can contain an `` node. If this child element is present, the client will ignore the content in the Manifest file for that subsystem and only use the content in the configuration file. -Example using the shortcuts subsystem: +### Examples of the shortcuts subsystem -**Example 1**
    If the user defined this in either the dynamic or deployment config file: +#### Example 1 -``` +Content will be ignored if the user defined the following in either the dynamic or deployment config file: + +```xml                                                                         ``` -Content in the manifest will be ignored.    +#### Example 2 -**Example 2**
    If the user defined only the following: +Content in the manifest will be integrated during publishing if the user defined only the following: + +```xml                             `` - -Then the content in the Manifest will be integrated during publishing. - -**Example 3**
    If the user defines the following - ``` + +#### Example 3 + +All shortcuts in the manifest will be ignored and no shortcuts will be integrated if the user defines the following: + +```xml                                                                                                     ``` -Then all the shortcuts within the manifest will still be ignored. There will be no shortcuts integrated. +### Supported Extension Subsystems -The supported Extension Subsystems are: +**Shortcuts**: This controls shortcuts that will be integrated into the local system. The following example has two shortcuts: -**Shortcuts:** This controls shortcuts that will be integrated into the local system. Below is a sample with 2 shortcuts: - -``` +```xml   @@ -209,9 +186,9 @@ The supported Extension Subsystems are: ``` -**File-Type Associations:** Associates File-types with programs to open by default as well as setup the context menu. (MIME types can also be setup using this susbsystem). Sample File-type Association is below: +**File Type Associations**: Associates file types with programs to open by default as well as setup the context menu. (MIME types can also be set up with this susbsystem). The following is an example of a FileType association: -``` +```xml @@ -275,9 +252,9 @@ The supported Extension Subsystems are: ``` -**URL Protocols**: This controls the URL Protocols that are integrated into the local registry of the client machine e.g. “mailto:”. +**URL Protocols**: This controls the URL Protocols integrated into the local registry of the client machine. The following example illustrates the “mailto:” ptrotocol. -``` +```xml @@ -322,17 +299,17 @@ The supported Extension Subsystems are:   ``` -**Software Clients**: Allows the app to register as an Email client, news reader, media player and makes the app visible in the Set Program Access and Computer Defaults UI. In most cases you should only need to enable and disable it. There is also a control to enable and disable the email client specifically if you want the other clients still enabled except for that client. +**Software Clients**: Allows the app to register as an email client, news reader, or media player and makes the app visible in the Set Program Access and Computer Defaults UI. In most cases, you only need to enable and disable it. There's also a control that lets you enable or disable the email client only in case you want all the other clients to remain as they are. -``` +```xml   ``` -**AppPaths**: If an application for example contoso.exe is registered with an apppath name of “myapp”, it allows you type “myapp” under the run menu and it will open contoso.exe. +**AppPaths**: If an application, such as contoso.exe, is registered with an apppath name of “myapp”, this subsystem lets you open the app by entering “myapp” into the run menu. -``` +```xml @@ -349,21 +326,25 @@ The supported Extension Subsystems are: ``` -**COM**: Allows an Application register Local COM servers. Mode can be Integration, Isolated or Off. When Isol. - -` ` - -**Other Settings**: - -In addition to Extensions, other subsystems can be enabled/disabled and edited: - -**Virtual Kernel Objects**: - -` ` - -**Virtual Registry**: Used if you want to set a registry in the Virtual Registry within HKCU +**COM**: Allows an Application to register Local COM servers. Mode can be Integration, Isolated or Off. When Isol. +```xml + ``` + +### Other settings for Dynamic User Configuration file + +In addition to Extensions, the following other subsystems can be enabled/disabled and edited. + +#### Virtual Kernel Objects + +```xml + +```xml + +**Virtual Registry**: use this if you want to set a registry in the Virtual Registry within HKCU. + +```xml @@ -375,17 +356,21 @@ In addition to Extensions, other subsystems can be enabled/disabled and edited:   ``` -**Virtual File System** - -`       ` - -**Virtual Fonts** - -`       ` - -**Virtual Environment Variables** +#### Virtual File System +```xml +       ``` + +#### Virtual Fonts + +```xml +       +``` + +#### Virtual Environment Variables + +```xml         @@ -397,32 +382,39 @@ In addition to Extensions, other subsystems can be enabled/disabled and edited:          ``` -**Virtual services** - -`       ` - -**UserScripts** – Scripts can be used to setup or alter the virtual environment as well as execute scripts at time of deployment or removal, before an application executes, or they can be used to “clean up” the environment after the application terminates. Please reference a sample User configuration file that is output by the sequencer to see a sample script. The Scripts section below provides more information on the various triggers that can be used. - -### Dynamic Deployment Configuration file - -**Header** - The header of a Deployment Configuration file is as follows: +#### Virtual services +```xml +       ``` + +#### UserScripts + +Scripts can be used to set up or alter the virtual environment and execute scripts on deployment or removal, before an application executes, or they can clean up the environment after the application terminates. Please refer to a sample User Configuration file output by the sequencer to see a sample script. See the [Scripts](appv-dynamic-configuration.md#scripts) section for more information about the various triggers you can use to set up scripts. + +## Dynamic Deployment Configuration file + +### Dynamic Deployment Configuration file header + +The header of a Deployment Configuration file should look something like this: + +```xml ``` -The **PackageId** is the same value as exists in the manifest file. +The **PackageId** is the same value as the one that exists in the Manifest file. -**Body** - The body of the deployment configuration file includes two sections: +### Dynamic Deployment Configuration file body -- User Configuration section –allows the same content as the User Configuration file described in the previous section. When the package is published to a user, any appextensions configuration settings in this section will override corresponding settings in the Manifest within the package unless a user configuration file is also provided. If a UserConfig file is also provided, it will be used instead of the User settings in the deployment configuration file. If the package is published globally, then only the contents of the deployment configuration file will be used in combination with the manifest. +The body of the deployment configuration file includes two sections: -- Machine Configuration section–contains information that can be configured only for an entire machine, not for a specific user on the machine. For example, HKEY\_LOCAL\_MACHINE registry keys in the VFS. +- The User Configuration section allows the same content as the User Configuration file described in the previous section. When the package is published to a user, any appextensions configuration settings in this section will override corresponding settings in the Manifest within the package unless a user configuration file is also provided. If a UserConfig file is also provided, it will be used instead of the User settings in the deployment configuration file. If the package is published globally, then only the contents of the deployment configuration file will be used in combination with the manifest. +- The Machine Configuration section contains information that can only be configured for an entire machine, not for a specific user on the machine. For example, HKEY\_LOCAL\_MACHINE registry keys in the VFS. -``` +```xml -  .. +.. .. @@ -432,13 +424,15 @@ The **PackageId** is the same value as exists in the manifest file. ``` -**User Configuration** - use the previous **Dynamic User Configuration file** section for information on settings that are provided in the user configuration section of the Deployment Configuration file. +User Configuration: see [Dynamic User Configuration](appv-dynamic-configuration.md#dynamic-user-configuration) for more information about this section. -Machine Configuration - the Machine configuration section of the Deployment Configuration File is used to configure information that can be set only for an entire machine, not for a specific user on the computer. For example, HKEY\_LOCAL\_MACHINE registry keys in the Virtual Registry. There are four subsections allowed in under this element +Machine Configuration: The Machine Configuration section of the Deployment Configuration File configures information that can only be set for an entire machine, not a specific user on the computer, like the HKEY\_LOCAL\_MACHINE registry keys in the Virtual Registry. This element can have the following four subsections. -1. **Subsystems** - AppExtensions and other subsystems are arranged as subnodes under : +#### Subsystems -``` +AppExtensions and other subsystems are arranged as subnodes under ``: + +```xml     .. @@ -447,15 +441,17 @@ Machine Configuration - the Machine configuration section of the Deployment Conf ``` -The following section displays the various subsystems and usage samples. +The following section describes the various subsystems and usage samples. -**Extensions**: +#### Extensions -Some subsystems (Extension Subsystems) control Extensions which can only apply to all users. The subsystem is application capabilities. Because this can only apply to all users, the package must be published globally in order for this type of extension to be integrated into the local system. The same rules for controls and settings that apply to the Extensions in the User Configuration also apply to those in the MachineConfiguration section. +Some subsystems (Extension Subsystems) control extensions that can only apply to all users. The subsystem is application capabilities. Because this can only apply to all users, the package must be published globally in order for this type of extension to be integrated into the local system. The rules for User Configuration extension controls and settings also apply to the ones in Machine Configuration. -**Application Capabilities**: Used by default programs in windows operating system Interface. Allows an application to register itself as capable of opening certain file extensions, as a contender for the start menu internet browser slot, as capable of opening certain windows MIME types.  This extension also makes the virtual application visible in the Set Default Programs UI.: +#### Application Capabilities -``` +Used by default programs in the Windows OS interface, the Application Capabilities extension allows an application to register itself as capable of opening certain file extensions, as a contender for the Start menu's internet browser slot, and as capable of opening certain Windows MIME types. This extension also makes the virtual application visible in the Set Default Programs UI. + +```xml       @@ -491,13 +487,13 @@ Some subsystems (Extension Subsystems) control Extensions which can only apply t ``` -**Other Settings**: +#### Other settings for Dynamic Deployment Configuration file -In addition to Extensions, other subsystems can be edited: +You can edit other subsystems in addition to extensions: -**Machine Wide Virtual Registry**: Used when you want to set a registry key in the virtual registry within HKEY\_Local\_Machine +- Machine-wide Virtual Registry: use this when you want to set a registry key in the virtual registry within HKEY\_Local\_Machine. -``` +```xml   @@ -509,9 +505,9 @@ In addition to Extensions, other subsystems can be edited: ``` -**Machine Wide Virtual Kernel Objects** +- Machine-wide Virtual Kernel Objects -``` +```xml     @@ -519,23 +515,23 @@ In addition to Extensions, other subsystems can be edited: ``` -**ProductSourceURLOptOut**: Indicates whether the URL for the package can be modified globally through PackageSourceRoot (to support branch office scenarios). Default is false and the setting change takes effect on the next launch. +- ProductSourceURLOptOut: Indicates whether the URL for the package can be modified globally through PackageSourceRoot to support branch office scenarios. It's set to False by default. Changes to the value take effect on the next launch. -``` +```xml -   ..  +   ..      .. ``` -**MachineScripts** – Package can be configured to execute scripts at time of deployment, publishing or removal. Please reference a sample deployment configuration file that is generated by the sequencer to see a sample script. The Scripts section below provides more information on the various triggers that can be used +- MachineScripts: The package can be configured to execute scripts upon deployment, publishing, or removal. To see an example script, please see a sample deployment configuration file generated by the sequencer. The following section provides more information about the various triggers you can use to set up scripts. -**TerminateChildProcess**:- An application executable can be specified, whose child processes will be terminated when the application exe process is terminated. +- TerminateChildProcess: you can use this to specify that an application executable's child processes will be terminated when the application.exe process is terminated. -``` +```xml -   ..    +   ..              @@ -549,113 +545,33 @@ In addition to Extensions, other subsystems can be edited: The following table describes the various script events and the context under which they can be run. - -------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Script Execution TimeCan be specified in Deployment ConfigurationCan be specified in User ConfigurationCan run in the Virtual Environment of the packageCan be run in the context of a specific applicationRuns in system/user context: (Deployment Configuration, User Configuration)

    AddPackage

    X

    (SYSTEM, N/A)

    PublishPackage

    X

    X

    (SYSTEM, User)

    UnpublishPackage

    X

    X

    (SYSTEM, User)

    RemovePackage

    X

    (SYSTEM, N/A)

    StartProcess

    X

    X

    X

    X

    (User, User)

    ExitProcess

    X

    X

    X

    (User, User)

    StartVirtualEnvironment

    X

    X

    X

    (User, User)

    TerminateVirtualEnvironment

    X

    X

    (User, User)

    - -  +|Script execution time|Can be specified in Deployment Configuration|Can be specified in User Configuration|Can run in the package's virtual environment|Can be run in the context of a specific application|Runs in system/user context: (Deployment Configuration, User Configuration)| +|---|:---:|:---:|:---:|:---:|:---:| +|AddPackage|X||||(SYSTEM, N/A)| +|PublishPackage|X|X|||(SYSTEM, User)| +|UnpublishPackage|X|X|||(SYSTEM, User)| +|RemovePackage|X||||(SYSTEM, N/A)| +|StartProcess|X|X|X|X|(User, User)| +|ExitProcess|X|X||X|(User, User)| +|StartVirtualEnvironment|X|X|X||(User, User)| +|TerminateVirtualEnvironment|X|X|||(User, User)| ### Using multiple scripts on a single event trigger App-V supports the use of multiple scripts on a single event trigger for App-V packages, including packages that you convert from App-V 4.6 to App-V for Windows 10. To enable the use of multiple scripts, App-V uses a script launcher application, named ScriptRunner.exe, which is included in the App-V client. -**How to use multiple scripts on a single event trigger:** +#### How to use multiple scripts on a single event trigger -For each script that you want to run, pass that script as an argument to the ScriptRunner.exe application. The application then runs each script separately, along with the arguments that you specify for each script. Use only one script (ScriptRunner.exe) per trigger. +For each script that you want to run, pass that script as an argument to the ScriptRunner.exe application. The application will run each script separately, along with the arguments that you specify for each script. Use only one script (ScriptRunner.exe) per trigger. -**Note**   -We recommended that you run the multi-script line from a command prompt first to make sure that all arguments are built correctly before adding them to the deployment configuration file. +>[!NOTE] +>We recommended you first run the multi-script line from a command prompt to make sure all arguments are built correctly before adding them to the deployment configuration file. -  - -**Example script and parameter descriptions** +#### Example script and parameter descriptions Using the following example file and table, modify the deployment or user configuration file to add the scripts that you want to run. -``` syntax +```xml ScriptRunner.exe @@ -669,78 +585,29 @@ Using the following example file and table, modify the deployment or user config ``` - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
    Parameter in the example fileDescription

    Name of the event trigger for which you are running a script, such as adding a package or publishing a package.

    ScriptRunner.exe

    The script launcher application that is included in the App-V client.

    -
    -Note   -

    Although ScriptRunner.exe is included in the App-V client, the location of the App-V client must be in %path% or ScriptRunner will not run. ScriptRunner.exe is typically located in the C:\Program Files\Microsoft Application Virtualization\Client folder.

    -
    -
    -  -
    
--appvscript script1.exe arg1 arg2 –appvscriptrunnerparameters –wait –timeout=10
+|Parameter in the example file|Description|
+|---|---|
+|``|Name of the event trigger you're running a script for, such as when adding or publishing a package.|
+|`ScriptRunner.exe`|The script launcher application included in the App-V client.

    Although ScriptRunner.exe is included in the App-V client, the App-V client's location must be in %path% or ScriptRunner won't run. `ScriptRunner.exe` is typically located in the C:\Program Files\Microsoft Application Virtualization\Client folder.|
+|`-appvscript script1.exe arg1 arg2 –appvscriptrunnerparameters –wait –timeout=10`

    `-appvscript script2.vbs arg1 arg2`

    `-appvscript script3.bat arg1 arg2 –appvscriptrunnerparameters –wait –timeout=30 -rollbackonerror`|`-appvscript`—token that represents the actual script you want to run.
    `script1.exe`—name of the script you want to run.
    `arg1 arg2`—arguments for the script you want to run.
    `-appvscriptrunnerparameters`—token that represents the execution options for script1.exe.
    `-wait`—token that tells ScriptRunner to wait for execution of script1.exe to finish before proceeding to the next script.
    `-timeout=x`—token that informs ScriptRunner to stop running the current script after *x* number of seconds. All other specified scripts will still run.
    `-rollbackonerror`—token that tells ScriptRunner to stop running all scripts that haven't yet run and roll back an error to the App-V client.|
+|``|Waits for overall completion of ScriptRunner.exe.

    Set the timeout value for the overall runner to be greater than or equal to the sum of the timeout values on the individual scripts.

    If any individual script reported an error and rollbackonerror was set to True, then ScriptRunner should report the error to App-V client.|
 
--appvscript script2.vbs arg1 arg2
-
--appvscript script3.bat arg1 arg2 –appvscriptrunnerparameters –wait –timeout=30 -rollbackonerror
-

    -appvscript - Token that represents the actual script that you want to run.

    -

    script1.exe – Name of the script that you want to run.

    -

    arg1 arg2 – Arguments for the script that you want to run.

    -

    -appvscriptrunnerparameters – Token that represents the execution options for script1.exe

    -

    -wait – Token that informs ScriptRunner to wait for execution of script1.exe to complete before proceeding to the next script.

    -

    -timeout=x – Token that informs ScriptRunner to stop running the current script after x number of seconds. All other specified scripts will still run.

    -

    -rollbackonerror – Token that informs ScriptRunner to stop running all scripts that haven't yet run and to roll back an error to the App-V client.

    Waits for overall completion of ScriptRunner.exe.

    -

    Set the timeout value for the overall runner to be greater than or equal to the sum of the timeout values on the individual scripts.

    -

    If any individual script reported an error and rollbackonerror was set to true, then ScriptRunner would report the error to App-V client.

    - -  - -ScriptRunner will run any script whose file type is associated with an application installed on the computer. If the associated application is missing, or the script’s file type is not associated with any application on the computer, the script will not run. +ScriptRunner will run any script whose file type is associated with an application installed on the computer. If the associated application is missing, or the script’s file type isn't associated with any of the computer's applications, the script won't run. ### Create a Dynamic Configuration file using an App-V Manifest file -You can create the Dynamic Configuration file using one of three methods: either manually, using the App-V Management Console or sequencing a package, which will be generated with 2 sample files. +You can create the Dynamic Configuration file using one of three methods: manually, using the App-V Management Console, or by sequencing a package, which will generate a package with two sample files. -For more information about how to create the file using the App-V Management Console see, [How to Create a Custom Configuration File by Using the App-V Management Console](appv-create-a-custom-configuration-file-with-the-management-console.md). +For more information about how to create the file using the App-V Management Console, see [How to create a Custom Configuration file by using the App-V Management Console](appv-create-a-custom-configuration-file-with-the-management-console.md). -To create the file manually, the information above in previous sections can be combined into a single file. We recommend you use files generated by the sequencer. +To create the file manually, you can combine the components listed in the previous sections into a single file. However, we recommend you use files generated by the sequencer instead of manually created ones. ## Have a suggestion for App-V? -Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
    For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). +Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). ## Related topics -[How to Apply the Deployment Configuration File by Using Windows PowerShell](appv-apply-the-deployment-configuration-file-with-powershell.md) - -[How to Apply the User Configuration File by Using Windows PowerShell](appv-apply-the-user-configuration-file-with-powershell.md) - -[Operations for App-V](appv-operations.md) +- [How to Apply the Deployment Configuration File by Using Windows PowerShell](appv-apply-the-deployment-configuration-file-with-powershell.md) +- [How to Apply the User Configuration File by Using Windows PowerShell](appv-apply-the-user-configuration-file-with-powershell.md) +- [Operations for App-V](appv-operations.md) diff --git a/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md index 3ae3740c77..803d11d76e 100644 --- a/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md +++ b/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md @@ -8,25 +8,22 @@ ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 --- +# How to enable only administrators to publish packages by using an ESD - -# How to Enable Only Administrators to Publish Packages by Using an ESD - -**Applies to** -- Windows 10, version 1607 +>Applies to: Windows 10, version 1607 Starting in App-V 5.0 SP3, you can configure the App-V client so that only administrators (not end users) can publish or unpublish packages. In earlier versions of App-V, you could not prevent end users from performing these tasks. -**To enable only administrators to publish or unpublish packages** +Here's how to enable only administrators to publish or unpublish packages: -1. Navigate to the following Group Policy Object node: +1. Navigate to the following Group Policy Object node: - **Computer Configuration > Administrative Templates > System > App-V > Publishing**. + **Computer Configuration** > **Administrative Templates** > **System** > **App-V** > **Publishing**. -2. Enable the **Require publish as administrator** Group Policy setting. +2. Enable the **Require publish as administrator** Group Policy setting. - To instead use Windows PowerShell to set this item, see [How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md#bkmk-admins-pub-pkgs). + To instead use Windows PowerShell to set this item, see [Understanding pending packages: UserPending and GlobalPending](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md#about-pending-packages-userpending-and-globalpending). ## Have a suggestion for App-V? -Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
    For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). +Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). diff --git a/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md b/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md index c21abca90a..b6df634063 100644 --- a/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md +++ b/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md @@ -8,8 +8,6 @@ ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 --- - - # How to Enable Reporting on the App-V Client by Using Windows PowerShell **Applies to** diff --git a/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md b/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md index ff0ad45667..0696778b9f 100644 --- a/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md +++ b/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md @@ -35,7 +35,7 @@ Check out these articles for more information about how to configure the App-V c * [Deploying the App-V Sequencer and configuring the client](appv-deploying-the-appv-sequencer-and-client.md) * [How to modify client configuration by using Windows PowerShell](appv-modify-client-configuration-with-powershell.md) * [Using the client management console](appv-using-the-client-management-console.md) -* [How to configure the client to receive package and connection group updates From the Publishing server](appv-configure-the-client-to-receive-updates-from-the-publishing-server.md) +* [How to configure the client to receive package and connection group updates from the Publishing server](appv-configure-the-client-to-receive-updates-from-the-publishing-server.md) ## Have a suggestion for App-V? diff --git a/windows/application-management/app-v/appv-for-windows.md b/windows/application-management/app-v/appv-for-windows.md index 857938e467..3642e254c5 100644 --- a/windows/application-management/app-v/appv-for-windows.md +++ b/windows/application-management/app-v/appv-for-windows.md @@ -6,64 +6,61 @@ ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 -ms.date: 04/19/2017 +ms.date: 09/27/2018 --- - - # Application Virtualization (App-V) for Windows 10 overview -**Applies to** -- Windows 10, version 1607 +>Applies to: Windows 10, version 1607 -The topics in this section provide information and step-by-step procedures to help you administer App-V and its components. This information will be valuable for system administrators who manage large installations with many servers and clients and for support personnel who interact directly with the computers or the end users. +The topics in this section provide information and instructions to help you administer App-V and its components. This information is for system administrators who manage large installations with many servers and clients, and for support personnel who interact directly with the computers or users. -[Getting Started with App-V](appv-getting-started.md) +[Getting started with App-V](appv-getting-started.md) - [What's new in App-V](appv-about-appv.md) - [Evaluating App-V](appv-evaluating-appv.md) -- [High Level Architecture for App-V](appv-high-level-architecture.md) +- [High-level architecture for App-V](appv-high-level-architecture.md) [Planning for App-V](appv-planning-for-appv.md) -- [Preparing Your Environment for App-V](appv-preparing-your-environment.md) -- [App-V Prerequisites](appv-prerequisites.md) -- [Planning to Deploy App-V](appv-planning-to-deploy-appv.md) -- [App-V Supported Configurations](appv-supported-configurations.md) -- [App-V Planning Checklist](appv-planning-checklist.md) +- [Preparing your environment for App-V](appv-preparing-your-environment.md) +- [App-V prerequisites](appv-prerequisites.md) +- [Planning to deploy App-V](appv-planning-to-deploy-appv.md) +- [App-V supported configurations](appv-supported-configurations.md) +- [App-V planning checklist](appv-planning-checklist.md) [Deploying App-V](appv-deploying-appv.md) -- [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md) +- [Deploying the App-V Sequencer and configuring the client](appv-deploying-the-appv-sequencer-and-client.md) - [Deploying the App-V Server](appv-deploying-the-appv-server.md) -- [App-V Deployment Checklist](appv-deployment-checklist.md) -- [Deploying Microsoft Office 2016 by Using App-V](appv-deploying-microsoft-office-2016-with-appv.md) -- [Deploying Microsoft Office 2013 by Using App-V](appv-deploying-microsoft-office-2013-with-appv.md) -- [Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md) +- [App-V deployment checklist](appv-deployment-checklist.md) +- [Deploying Microsoft Office 2016 by using App-V](appv-deploying-microsoft-office-2016-with-appv.md) +- [Deploying Microsoft Office 2013 by using App-V](appv-deploying-microsoft-office-2013-with-appv.md) +- [Deploying Microsoft Office 2010 by using App-V](appv-deploying-microsoft-office-2010-wth-appv.md) [Operations for App-V](appv-operations.md) -- [Creating and Managing App-V Virtualized Applications](appv-creating-and-managing-virtualized-applications.md) +- [Creating and managing App-V virtualized applications](appv-creating-and-managing-virtualized-applications.md) - [Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-provision-a-vm.md) - [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-sequencing.md) - [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-updating.md) -- [Administering App-V Virtual Applications by Using the Management Console](appv-administering-virtual-applications-with-the-management-console.md) -- [Managing Connection Groups](appv-managing-connection-groups.md) -- [Deploying App-V Packages by Using Electronic Software Distribution (ESD)](appv-deploying-packages-with-electronic-software-distribution-solutions.md) +- [Administering App-V Virtual Applications by using the Management Console](appv-administering-virtual-applications-with-the-management-console.md) +- [Managing connection groups](appv-managing-connection-groups.md) +- [Deploying App-V packages by using Electronic Software Distribution (ESD)](appv-deploying-packages-with-electronic-software-distribution-solutions.md) - [Using the App-V Client Management Console](appv-using-the-client-management-console.md) -- [Automatically cleanup unpublished packages on the App-V client](appv-auto-clean-unpublished-packages.md) -- [Migrating to App-V from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md) +- [Automatically clean up unpublished packages on the App-V client](appv-auto-clean-unpublished-packages.md) +- [Migrating to App-V from a previous version](appv-migrating-to-appv-from-a-previous-version.md) - [Maintaining App-V](appv-maintaining-appv.md) -- [Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md) +- [Administering App-V by using Windows PowerShell](appv-administering-appv-with-powershell.md) [Troubleshooting App-V](appv-troubleshooting.md) -[Technical Reference for App-V](appv-technical-reference.md) +[Technical reference for App-V](appv-technical-reference.md) -- [Performance Guidance for Application Virtualization](appv-performance-guidance.md) -- [Application Publishing and Client Interaction](appv-application-publishing-and-client-interaction.md) -- [Viewing App-V Server Publishing Metadata](appv-viewing-appv-server-publishing-metadata.md) -- [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](appv-running-locally-installed-applications-inside-a-virtual-environment.md) +- [Performance guidance for Application Virtualization](appv-performance-guidance.md) +- [Application publishing and client interaction](appv-application-publishing-and-client-interaction.md) +- [Viewing App-V Server publishing metadata](appv-viewing-appv-server-publishing-metadata.md) +- [Running a locally installed application inside a virtual environment with virtualized applications](appv-running-locally-installed-applications-inside-a-virtual-environment.md) ## Have a suggestion for App-V? -Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
    For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). +Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). \ No newline at end of file diff --git a/windows/application-management/app-v/appv-getting-started.md b/windows/application-management/app-v/appv-getting-started.md index 1003f2f5a6..98794a0cb4 100644 --- a/windows/application-management/app-v/appv-getting-started.md +++ b/windows/application-management/app-v/appv-getting-started.md @@ -21,7 +21,7 @@ If you’re already using App-V, performing an in-place upgrade to Windows 10 on >[!IMPORTANT] >You can upgrade your existing App-V installation to App-V for Windows from App-V versions 5.0 SP2 and higher only. If you are using an earlier version of App-V, you’ll need to upgrade your existing App-V installation to App-V 5.0 SP2 before upgrading to App-V for Windows. -To learn more about previous versions of App-V, see [MDOP information experience](https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/index). +To learn more about previous versions of App-V, see [MDOP information experience](https://docs.microsoft.com/microsoft-desktop-optimization-pack/index). ## Getting started with App-V for Windows 10 (new installations) @@ -31,7 +31,7 @@ To start using App-V to deliver virtual applications to users, you’ll need to | Component | What it does | Where to find it | |------------|--|------| -| App-V server components | App-V offers five server components that work together to allow you to host and publish virtual applications, generate usage reports, and manage your App-V environment. For more details, see [Deploying the App-V Server](appv-deploying-the-appv-server.md).

    If you're already using App-V 5.x, you don't need to redeploy the App-V server components, as they haven't changed since App-V 5.0's release. | The App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package that can be downloaded from the following locations:

    If you have a Microsoft Developer Network (MSDN) subscription, use the [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/en-us/subscriptions/downloads/default.aspx#FileId=65215) to download the MDOP ISO package.

    If you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home), download it from the [Volume Licensing Service Center](https://www.microsoft.com/en-us/licensing/default.aspx).

    See [Deploying the App-V Server](appv-deploying-the-appv-server.md) for more information about installing and using the server components.| +| App-V server components | App-V offers five server components that work together to allow you to host and publish virtual applications, generate usage reports, and manage your App-V environment. For more details, see [Deploying the App-V Server](appv-deploying-the-appv-server.md).

    If you're already using App-V 5.x, you don't need to redeploy the App-V server components, as they haven't changed since App-V 5.0's release. | The App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package that can be downloaded from the following locations:

    If you have a Microsoft Developer Network (MSDN) subscription, use the [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/subscriptions/downloads/default.aspx#FileId=65215) to download the MDOP ISO package.

    If you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home), download it from the [Volume Licensing Service Center](https://www.microsoft.com/en-us/licensing/default.aspx).

    See [Deploying the App-V Server](appv-deploying-the-appv-server.md) for more information about installing and using the server components.| | App-V client and App-V Remote Desktop Services (RDS) client | The App-V client is the component that runs virtualized applications on user devices, allowing users to interact with icons and file names to start virtualized applications. | The App-V client is automatically installed with Windows 10, version 1607.

    To learn how to enable the client, see [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md). | | App-V sequencer | Use the App-V sequencer to convert Win32 applications into virtual packages for deployment to user devices. Devices must run the App-V client to allow users to interact with virtual applications. | Installed with the [Windows Assessment and Deployment kit (ADK) for Windows 10, version 1607](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). | diff --git a/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md b/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md index 2da4a3b2f6..5a78399b06 100644 --- a/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md +++ b/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md @@ -16,7 +16,7 @@ To install the management server on a standalone computer and connect it to the 1. Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation, run **appv\_server\_setup.exe** as an administrator, then select **Install**. 2. On the **Getting Started** page, review and accept the license terms, then select **Next**. -3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft Udpate, select **Use Microsoft Update when I check for updates (recommended)**. To disable Microsoft Update, select **I don’t want to use Microsoft Update**, then select **Next**. +3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft Update, select **Use Microsoft Update when I check for updates (recommended)**. To disable Microsoft Update, select **I don’t want to use Microsoft Update**, then select **Next**. 4. On the **Feature Selection** page, select the **Management Server** checkbox, then select **Next**. 5. On the **Installation Location** page, accept the default location, then select **Next**. 6. On the **Configure Existing Management Database** page, select **Use a remote SQL Server**, then enter the computer running Microsoft SQL's machine name, such as ```SqlServerMachine```. diff --git a/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md b/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md index 2a510d8f89..3292b74b3e 100644 --- a/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md +++ b/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md @@ -6,172 +6,90 @@ ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 -ms.date: 04/19/2017 +ms.date: 09/27/2018 --- +# How to load the Windows PowerShell cmdlets for App-V and get cmdlet help +>Applies to: Windows 10, version 1607 -# How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help +## Requirements for using Windows PowerShell cmdlets -**Applies to** -- Windows 10, version 1607 +This section will tell you what you'll need to use the PowerShell cmdlets. -What this topic covers: +### How to let users access PowerShell cmdlets -- [Requirements for using Windows PowerShell cmdlets](#bkmk-reqs-using-posh) +You can grant your users access to PowerShell cmdlets through one of the following methods: -- [Loading the Windows PowerShell cmdlets](#bkmk-load-cmdlets) +* While you're deploying and configuring the App-V server, specify an Active Directory group or individual user with permissions to manage the App-V environment. For more information, see [How to deploy the App-V Server](appv-deploy-the-appv-server.md). +* After you've deployed the App-V server, you can use the App-V Management console to add an additional Active Directory group or user. For more information, see [How to add or remove an administrator by using the Management console](appv-add-or-remove-an-administrator-with-the-management-console.md). -- [Getting help for the Windows PowerShell cmdlets](#bkmk-get-cmdlet-help) +### Elevated command prompt -- [Displaying the help for a Windows PowerShell cmdlet](#bkmk-display-help-cmdlet) +You'll need an elevated command prompt to run the following cmdlets: -## Requirements for using Windows PowerShell cmdlets +* **Add-AppvClientPackage** +* **Remove-AppvClientPackage** +* **Set-AppvClientConfiguration** +* **Add-AppvClientConnectionGroup** +* **Remove-AppvClientConnectionGroup** +* **Add-AppvPublishingServer** +* **Remove-AppvPublishingServer** +* **Send-AppvClientReport** +* **Set-AppvClientMode** +* **Set-AppvClientPackage** +* **Set-AppvPublishingServer** +### Other cmdlets -Review the following requirements for using the Windows PowerShell cmdlets: +The following cmdlets are ones that end-users can run unless you configure them to require an elevated command prompt. - ---- - - - - - - - - - - - - - - - - - - - - -
    RequirementDetails

    Users can run App-V Server cmdlets only if you grant them access by using one of the following methods:

      -

    • When you are deploying and configuring the App-V Server:

      -

      Specify an Active Directory group or individual user that has permissions to manage the App-V environment. See [How to Deploy the App-V Server](appv-deploy-the-appv-server.md).

      • -

    • After you’ve deployed the App-V Server:

      -

      Use the App-V Management console to add an additional Active Directory group or user. See [How to Add or Remove an Administrator by Using the Management Console](appv-add-or-remove-an-administrator-with-the-management-console.md).

      • -

    Cmdlets that require an elevated command prompt

      -

    • Add-AppvClientPackage

      • -

    • Remove-AppvClientPackage

      • -

    • Set-AppvClientConfiguration

      • -

    • Add-AppvClientConnectionGroup

      • -

    • Remove-AppvClientConnectionGroup

      • -

    • Add-AppvPublishingServer

      • -

    • Remove-AppvPublishingServer

      • -

    • Send-AppvClientReport

      • -

    • Set-AppvClientMode

      • -

    • Set-AppvClientPackage

      • -

    • Set-AppvPublishingServer

      • -

    Cmdlets that end users can run, unless you configure them to require an elevated command prompt

      -

    • Publish-AppvClientPackage

      • -

    • Unpublish-AppvClientPackage

      • -
    -

    To configure these cmdlets to require an elevated command prompt, use one of the following methods:

    -
      -

    • Run the Set-AppvClientConfiguration cmdlet with the -RequirePublishAsAdmin parameter.

      -

      For more information, see:
      [How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell](appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md)
      [How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md#bkmk-admins-pub-pkgs).

      • -

    • Enable the “Require publish as administrator” Group Policy setting for App-V Clients.

      -

      For more information, see [How to Publish a Package by Using the Management Console](appv-publish-a-packages-with-the-management-console.md)

      • -
    -
    +* **Publish-AppvClientPackage** +* **Unpublish-AppvClientPackage** -  +To configure these cmdlets to require an elevated command prompt, use one of the following methods: -## Loading the Windows PowerShell cmdlets +* Run the **Set-AppvClientConfiguration** cmdlet with the *-RequirePublishAsAdmin* parameter. For more information, see the following resources: + * [How to manage connection groups on a stand-alone computer by using Windows PowerShell](appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md) + * [Understanding pending packages: UserPending and GlobalPending](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md#about-pending-packages-userpending-and-globalpending) +* Enable the **Require publish as administrator** Group Policy setting for App-V Clients. For more information, see [How to publish a package by using the Management Console](appv-publish-a-packages-with-the-management-console.md). +## Loading the Windows PowerShell cmdlets To load the Windows PowerShell cmdlet modules: -1. Open Windows PowerShell or Windows PowerShell Integrated Scripting Environment (ISE). +1. Open Windows PowerShell or Windows PowerShell Integrated Scripting Environment (ISE). +2. Enter one of the following cmdlets to load a list of usable cmdlets for the module you want: -2. Type one of the following commands to load the cmdlets for the module you want: +|App-v component|Cmdlet to enter| +|---|---| +|App-V Server|**Import-Module AppvServer**| +|App-V Sequencer|**Import-Module AppvSequencer**| +|App-V Client|**Import-Module AppvClient**| - ---- - - - - - - - - - - - - - - - - - - - - -
    App-V componentCommand to type

    App-V Server

    Import-Module AppvServer

    App-V Sequencer

    Import-Module AppvSequencer

    App-V Client

    Import-Module AppvClient

    - -  - -## Getting help for the Windows PowerShell cmdlets +## Getting help for the Windows PowerShell cmdlets Starting in App-V 5.0 SP3, cmdlet help is available in two formats: -- **As a downloadable module**: To download the latest help after downloading the cmdlet module, open Windows PowerShell or Windows PowerShell Integrated Scripting Environment (ISE), and type one of the following commands: +* As a downloadable module in PowerShell. To access the module, open Windows PowerShell or Windows PowerShell Integrated Scripting Environment (ISE) and enter one of the cmdlets from the following table. - ---- - - - - - - - - - - - - - - - - - - - - -
    App-V componentCommand to type

    App-V Server

    Update-Help -Module AppvServer

    App-V Sequencer

    Update-Help -Module AppvSequencer

    App-V Client

    Update-Help -Module AppvClient

    +|App-v component|Cmdlet to enter| +|---|---| +|App-V Server|**Update-Help -Module AppvServer**| +|App-V Sequencer|**Update-Help -Module AppvSequencer**| +|App-V Client|**Update-Help -Module AppvClient**| -
    - -- **On TechNet as web pages**: See the App-V node under [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](https://technet.microsoft.com/library/dn520245.aspx). - -## Displaying the help for a Windows PowerShell cmdlet +* Online in the [Microsoft Desktop Optimization Pack](https://docs.microsoft.com/powershell/mdop/get-started?view=win-mdop2-ps). +## Displaying the help for a Windows PowerShell cmdlet To display help for a specific Windows PowerShell cmdlet: -1. Open Windows PowerShell or Windows PowerShell Integrated Scripting Environment (ISE). - -2. Type **Get-Help** <*cmdlet*>, for example, **Get-Help Publish-AppvClientPackage**. - +1. Open Windows PowerShell or Windows PowerShell Integrated Scripting Environment (ISE). +2. Enter **Get-Help** followed by the cmdlet you need help with. For example: + ```PowerShell + Get-Help Publish-AppvClientPackage + ``` ## Have a suggestion for App-V? -Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
    For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). +Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). \ No newline at end of file diff --git a/windows/application-management/app-v/appv-maintaining-appv.md b/windows/application-management/app-v/appv-maintaining-appv.md index 3db885c191..f98668cea5 100644 --- a/windows/application-management/app-v/appv-maintaining-appv.md +++ b/windows/application-management/app-v/appv-maintaining-appv.md @@ -6,45 +6,30 @@ ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 -ms.date: 04/19/2017 +ms.date: 09/27/2018 --- - - # Maintaining App-V -**Applies to** -- Windows 10, version 1607 +>Applies to: Windows 10, version 1607 After you have deployed App-V for Windows 10, you can use the following information to maintain the App-V infrastructure. ## Moving the App-V server -The App-V server connects to the App-V database. Therefore you can install the management component on any computer on the network and then connect it to the App-V database. +The App-V server connects to the App-V database, which means you can install the management component and connect it to the App-V database on any computer on the network. For more information, see [How to move the App-V server to another computer](appv-move-the-appv-server-to-another-computer.md). -[How to Move the App-V Server to Another Computer](appv-move-the-appv-server-to-another-computer.md) +## Determine if an App-V application is running virtualized -## Determine if an App-V Application is Running Virtualized +Independent software vendors (ISV) who want to determine if an application is running virtualized with App-V should open a named object called **AppVVirtual-<PID>** in the default namespace (PID stands for process ID). To find the process ID of the process you're currently using, enter the Windows API **GetCurrentProcessId()**. +For example, let's say the process ID is 4052. If you can successfully open a named Event object called **AppVVirtual-4052** with the **OpenEvent()** API in the default read access namespace, then the application is virtual. If the **OpenEvent()** call fails, the application isn't virtual. -Independent software vendors (ISV) who want to determine if an application is running virtualized with App-V should open a named object called **AppVVirtual-<PID>** in the default namespace. For example, Windows API **GetCurrentProcessId()** can be used to obtain the current process's ID, for example 4052, and then if a named Event object called **AppVVirtual-4052** can be successfully opened using **OpenEvent()** in the default namespace for read access, then the application is virtual. If the **OpenEvent()** call fails, the application is not virtual. - -Additionally, ISV’s who want to explicitly virtualize or not virtualize calls on specific API’s with App-V 5.1 and later, can use the **VirtualizeCurrentThread()** and **CurrentThreadIsVirtualized()** functions implemented in the AppEntSubsystems32.dll module. These provide a way of hinting at a downstream component that the call should or should not be virtualized. +Additionally, ISVs who want to explicitly virtualize or not virtualize calls on specific APIs with App-V 5.1 and later can use the **VirtualizeCurrentThread()** and **CurrentThreadIsVirtualized()** functions implemented in the AppEntSubsystems32.dll module to hint to a downstream component whether the call should be virtualized or not. ## Have a suggestion for App-V? - -Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
    For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). +Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). ## Other resources for maintaining App-V - -[Operations for App-V](appv-operations.md) - -  - -  - - - - - +* [Operations for App-V](appv-operations.md) \ No newline at end of file diff --git a/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md b/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md index e3c9eca586..f4a20fb696 100644 --- a/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md +++ b/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md @@ -1,283 +1,171 @@ --- -title: How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell (Windows 10) -description: How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell +title: How to manage App-V packages running on a stand-alone computer by using Windows PowerShell (Windows 10) +description: How to manage App-V packages running on a stand-alone computer by using Windows PowerShell. author: MaggiePucciEvans ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 -ms.date: 04/19/2017 +ms.date: 09/24/2018 --- +# How to manage App-V packages running on a stand-alone computer by using Windows PowerShell +>Applies to: Windows 10, version 1607 -# How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell +The following sections explain how to perform various management tasks on a stand-alone client computer with Windows PowerShell cmdlets. -**Applies to** -- Windows 10, version 1607 +## Return a list of packages +Enter the **Get-AppvClientPackage** cmdlet to return a list of packages entitled to a specific user. Its parameters are *-Name*, *-Version*, *-PackageID*, and *-VersionID*. -The following sections explain how to perform various management tasks on a stand-alone client computer by using Windows PowerShell: +For example: -- [To return a list of packages](#bkmk-return-pkgs-standalone-posh) +```PowerShell +Get-AppvClientPackage –Name "ContosoApplication" -Version 2 +``` -- [To add a package](#bkmk-add-pkgs-standalone-posh) +## Add a package -- [To publish a package](#bkmk-pub-pkg-standalone-posh) +Use the **Add-AppvClientPackage** cmdlet to add a package to a computer. -- [To publish a package to a specific user](#bkmk-pub-pkg-a-user-standalone-posh) +>[!IMPORTANT] +>This example only adds a package. It does not publish the package to the user or the computer. -- [To add and publish a package](#bkmk-add-pub-pkg-standalone-posh) +For example: -- [To unpublish an existing package](#bkmk-unpub-pkg-standalone-posh) +```PowerShell +$Contoso = Add-AppvClientPackage \\\\path\\to\\appv\\package.appv +``` -- [To unpublish a package for a specific user](#bkmk-unpub-pkg-specfc-use) +## Publish a package -- [To remove an existing package](#bkmk-remove-pkg-standalone-posh) +Use the **Publish-AppvClientPackage** cmdlet to publish a package that has been added to either a specific user or globally to any user on the computer. -- [To enable only administrators to publish or unpublish packages](#bkmk-admins-pub-pkgs) +Enter the cmdlet with the application name to publish it to the user. -- [Understanding pending packages (UserPending and GlobalPending)](#bkmk-understd-pend-pkgs) +```PowerShell +Publish-AppvClientPackage "ContosoApplication" +``` -## To return a list of packages +To publish the application globally, just add the *-Global* parameter. +```Powershell +Publish-AppvClientPackage "ContosoApplication" -Global +``` -Use the following information to return a list of packages that are entitled to a specific user: +## Publish a package to a specific user -**Cmdlet**: Get-AppvClientPackage +>[!NOTE]   +>You must use App-V 5.0 SP2 Hotfix Package 5 or later to use this parameter. -**Parameters**: -Name -Version -PackageID -VersionID - -**Example**: Get-AppvClientPackage –Name “ContosoApplication” -Version 2 - -## To add a package - - -Use the following information to add a package to a computer. - -**Important**   -This example only adds a package. It does not publish the package to the user or the computer. - -  - -**Cmdlet**: Add-AppvClientPackage - -**Example**: $Contoso = Add-AppvClientPackage \\\\path\\to\\appv\\package.appv - -## To publish a package - - -Use the following information to publish a package that has been added to a specific user or globally to any user on the computer. - - ---- - - - - - - - - - - - - - - - - -
    Publishing methodCmdlet and example

    Publishing to the user

    Cmdlet: Publish-AppvClientPackage

    -

    Example: Publish-AppvClientPackage “ContosoApplication”

    Publishing globally

    Cmdlet: Publish-AppvClientPackage

    -

    Example: Publish-AppvClientPackage “ContosoApplication” -Global

    - -  - -## To publish a package to a specific user - - -**Note**   -You must use App-V 5.0 SP2 Hotfix Package 5 or later to use this parameter. - -  - -An administrator can publish a package to a specific user by specifying the optional **–UserSID** parameter with the **Publish-AppvClientPackage** cmdlet, where **-UserSID** represents the end user’s security identifier (SID). +An administrator can publish a package to a specific user by specifying the optional *–UserSID* parameter with the **Publish-AppvClientPackage** cmdlet, where *-UserSID* represents the end user’s security identifier (SID). To use this parameter: -- You can run this cmdlet from the user or administrator session. +- You can run this cmdlet from the user or administrator session. +- You must be logged in with administrative credentials to use the parameter. +- The end user must be signed in. +- You must provide the end user’s security identifier (SID). -- You must be logged in with administrative credentials to use the parameter. +For example: -- The end user must be logged in. +```PowerShell +Publish-AppvClientPackage "ContosoApplication" -UserSID S-1-2-34-56789012-3456789012-345678901-2345 +``` -- You must provide the end user’s security identifier (SID). +## Add and publish a package -**Cmdlet**: Publish-AppvClientPackage +Use the **Add-AppvClientPackage** cmdlet to add a package to a computer and publish it to the user. -**Example**: Publish-AppvClientPackage “ContosoApplication” -UserSID S-1-2-34-56789012-3456789012-345678901-2345 +For example: -## To add and publish a package +```PowerShell +Add-AppvClientPackage | Publish-AppvClientPackage +``` +## Unpublish an existing package -Use the following information to add a package to a computer and publish it to the user. +Use the **Unpublish-AppvClientPackage** cmdlet to unpublish a package which has been entitled to a user but not remove the package from the computer. -**Cmdlet**: Add-AppvClientPackage +For example: -**Example**: Add-AppvClientPackage \\\\path\\to\\appv\\package.appv | Publish-AppvClientPackage +```PowerShell +Unpublish-AppvClientPackage "ContosoApplication" +``` -## To unpublish an existing package +## Unpublish a package for a specific user +>[!NOTE] +>You must use App-V 5.0 SP2 Hotfix Package 5 or later to use this parameter. -Use the following information to unpublish a package which has been entitled to a user but not remove the package from the computer. - -**Cmdlet**: Unpublish-AppvClientPackage - -**Example**: Unpublish-AppvClientPackage “ContosoApplication” - -## To unpublish a package for a specific user - - -**Note**   -You must use App-V 5.0 SP2 Hotfix Package 5 or later to use this parameter. - -  - -An administrator can unpublish a package for a specific user by using the optional **–UserSID** parameter with the **Unpublish-AppvClientPackage** cmdlet, where **-UserSID** represents the end user’s security identifier (SID). +An administrator can unpublish a package for a specific user by using the optional *-UserSID* parameter with the **Unpublish-AppvClientPackage** cmdlet, where *-UserSID* represents the end user’s security identifier (SID). To use this parameter: -- You can run this cmdlet from the user or administrator session. +- You can run this cmdlet from the user or administrator session. +- You must sign in with administrative credentials to use the parameter. +- The end user must be signed in. +- You must provide the end user’s security identifier (SID). -- You must be logged in with administrative credentials to use the parameter. +For example: -- The end user must be logged in. +```PowerShell +Unpublish-AppvClientPackage "ContosoApplication" -UserSID S-1-2-34-56789012-3456789012-345678901-2345 +``` -- You must provide the end user’s security identifier (SID). +## Remove an existing package -**Cmdlet**: Unpublish-AppvClientPackage +Use the **Remove-AppvClientPackage** cmdlet to remove a package from the computer. -**Example**: Unpublish-AppvClientPackage “ContosoApplication” -UserSID S-1-2-34-56789012-3456789012-345678901-2345 +For example: -## To remove an existing package +```PowerShell +Remove-AppvClientPackage "ContosoApplication" +``` +>[!NOTE] +>App-V cmdlets have been assigned to variables for the previous examples for clarity only; assignment is not a requirement. Most cmdlets can be combined as displayed in [Add and publish a package](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md#add-and-publish-a-package). For a detailed tutorial, see [App-V 5.0 Client PowerShell Deep Dive](https://blogs.technet.microsoft.com/appv/2012/12/03/app-v-5-0-client-powershell-deep-dive/). -Use the following information to remove a package from the computer. +## Enable only administrators to publish or unpublish packages -**Cmdlet**: Remove-AppvClientPackage +Starting in App-V 5.0 SP3, you can use the **Set-AppvClientConfiguration** cmdlet and *-RequirePublishAsAdmin* parameter to enable only administrators (not end users) to publish or unpublish packages. -**Example**: Remove-AppvClientPackage “ContosoApplication” +You can set the *-RequirePublishAsAdmin* parameter to the following values: -**Note**   -App-V cmdlets have been assigned to variables for the previous examples for clarity only; assignment is not a requirement. Most cmdlets can be combined as displayed in [To add and publish a package](#bkmk-add-pub-pkg-standalone-posh). For a detailed tutorial, see [App-V 5.0 Client PowerShell Deep Dive](https://blogs.technet.microsoft.com/appv/2012/12/03/app-v-5-0-client-powershell-deep-dive/). +- 0: False +- 1: True -  +For example: -## To enable only administrators to publish or unpublish packages +```PowerShell +Set-AppvClientConfiguration –RequirePublishAsAdmin1 +``` -Starting in App-V 5.0 SP3, you can use the following cmdlet and parameter to enable only administrators (not end users) to publish or unpublish packages: +To use the App-V Management console to set this configuration, see [How to publish a package by using the Management Console](appv-publish-a-packages-with-the-management-console.md). - ---- - - - - - - - - - - -

    Cmdlet

    Set-AppvClientConfiguration

    Parameter

    -RequirePublishAsAdmin

    -

    Parameter values:

    -
      -

    • 0 - False

      • -

    • 1 - True

      • -
    -

    Example:: Set-AppvClientConfiguration –RequirePublishAsAdmin1

    +## About pending packages: UserPending and GlobalPending -  +Starting in App-V 5.0 SP2, if you run a Windows PowerShell cmdlet that affects a package currently in use, the task you're trying to perform is placed in a pending state. For example, if you try to publish a package when an application in that package is being used, and then run **Get-AppvClientPackage**, the pending status appears in the cmdlet output as follows: -To use the App-V Management console to set this configuration, see [How to Publish a Package by Using the Management Console](appv-publish-a-packages-with-the-management-console.md). - -## Understanding pending packages (UserPending and GlobalPending) - - -**Starting in App-V 5.0 SP2**: If you run a Windows PowerShell cmdlet that affects a package that is currently in use, the task that you are trying to perform is placed in a pending state. For example, if you try to publish a package when an application in that package is being used, and then run **Get-AppvClientPackage**, the pending status appears in the cmdlet output as follows: - - ---- - - - - - - - - - - - - - - - - -
    Cmdlet output itemDescription

    UserPending

    Indicates whether the listed package has a pending task that is being applied to the user:

    -
      -

    • True

      • -

    • False

      • -

    GlobalPending

    Indicates whether the listed package has a pending task that is being applied globally to the computer:

    -
      -

    • True

      • -

    • False

      • -
    - -  +|Cmdlet output item|Description| +|---|---| +|UserPending|Indicates whether the listed package has a pending task that is being applied to the user:
    - True
    - False| +|GlobalPending|Indicates whether the listed package has a pending task that is being applied globally to the computer:
    - True
    - False| The pending task will run later, according to the following rules: - ---- - - - - - - - - - - - - - - - - -
    Task typeApplicable rule

    User-based task, e.g., publishing a package to a user

    The pending task will be performed after the user logs off and then logs back on.

    Globally based task, e.g., enabling a connection group globally

    The pending task will be performed when the computer is shut down and then restarted.

    +|Task type|Applicable rule| +|---|---| +|User-based
    (for example, publishing a package to a user)|The pending task will be performed after the user logs off and then logs back on.| +|Globally based
    (for example, enabling a connection group globally)|The pending task will be performed when the computer is shut down and then restarted.| For more information about pending tasks, see [Upgrading an in-use App-V package](appv-application-publishing-and-client-interaction.md#upgrading-an-in-use-app-v-package). ## Have a suggestion for App-V? -Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
    For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). +Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). ## Related topics -[Operations for App-V](appv-operations.md) - -[Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md) - +- [Operations for App-V](appv-operations.md) +- [Administering App-V by using Windows PowerShell](appv-administering-appv-with-powershell.md) \ No newline at end of file diff --git a/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md b/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md index a82855cb2a..42df49b2c7 100644 --- a/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md +++ b/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md @@ -45,7 +45,7 @@ This topic explains the following procedures: 2. Enable the connection group by typing the following command: - Enable-AppvClientConnectionGroup –name “Financial Applications” + Enable-AppvClientConnectionGroup –name "Financial Applications" When any virtual applications that are in the member packages are run on the target computer, they will run inside the connection group’s virtual environment and will be available to all the virtual applications in the other packages in the connection group. @@ -81,11 +81,11 @@ This topic explains the following procedures:

    Enable-AppVClientConnectionGroup

    -

    Enable-AppVClientConnectionGroup “ConnectionGroupA” -UserSID S-1-2-34-56789012-3456789012-345678901-2345

    +

    Enable-AppVClientConnectionGroup "ConnectionGroupA" -UserSID S-1-2-34-56789012-3456789012-345678901-2345

    Disable-AppVClientConnectionGroup

    -

    Disable-AppVClientConnectionGroup “ConnectionGroupA” -UserSID S-1-2-34-56789012-3456789012-345678901-2345

    +

    Disable-AppVClientConnectionGroup "ConnectionGroupA" -UserSID S-1-2-34-56789012-3456789012-345678901-2345

    diff --git a/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md b/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md index febf5efcda..894c51e025 100644 --- a/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md +++ b/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md @@ -25,7 +25,7 @@ Use the following procedure to configure the App-V client configuration. `Set-AppVClientConfiguration $config` - `Set-AppVClientConfiguration –Name1 MyConfig –Name2 “xyz”` + `Set-AppVClientConfiguration –Name1 MyConfig –Name2 "xyz"` ## Have a suggestion for App-V? diff --git a/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md b/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md index 32232234da..f83bdfa3f4 100644 --- a/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md +++ b/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md @@ -30,12 +30,12 @@ Review the following articles to learn more about configuring IIS and NLB for co * [Achieving High Availability and Scalability - ARR and NLB](https://www.iis.net/learn/extensions/configuring-application-request-routing-arr/achieving-high-availability-and-scalability-arr-and-nlb) describes how to configure IIS 7.0. -* [Network load balancing overview]() will tell you more about how to configure Microsoft Windows Server. +* [Network load balancing overview]() will tell you more about how to configure Microsoft Windows Server. This information also applies to IIS NLB clusters in Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012. >[!NOTE] ->The IIS NLB functionality in Windows Server 2012 is generally the same as in Windows Server 2008 R2. However, some task details have changed in Windows Server 2012. To learn how to work with these changes, see [Common management tasks and navigation in Windows](). +>The IIS NLB functionality in Windows Server 2012 is generally the same as in Windows Server 2008 R2. However, some task details have changed in Windows Server 2012. To learn how to work with these changes, see [Common management tasks and navigation in Windows](). ## Support for clustered file servers when running SCS mode @@ -54,8 +54,8 @@ The following steps can be used to validate the configuration: Review the following articles to learn more about configuring Windows Server failover clusters: -* [Create a failover cluster]() -* [Use cluster shared volumes in a failover cluster]() +* [Create a failover cluster]() +* [Use cluster shared volumes in a failover cluster]() ## Support for Microsoft SQL Server mirroring @@ -63,7 +63,7 @@ Using Microsoft SQL Server mirroring, where the App-V management server database Review the following to learn more about how to configure Microsoft SQL Server mirroring: -* [Prepare a mirror database for mirroring (SQL Server)](https://docs.microsoft.com/en-us/sql/database-engine/database-mirroring/prepare-a-mirror-database-for-mirroring-sql-server) +* [Prepare a mirror database for mirroring (SQL Server)](https://docs.microsoft.com/sql/database-engine/database-mirroring/prepare-a-mirror-database-for-mirroring-sql-server) * [Establish a database mirroring session using Windows Authentication (SQL Server Management Studio)](https://msdn.microsoft.com/library/ms188712.aspx) (FIX LINK) The following steps can be used to validate the configuration: @@ -88,13 +88,13 @@ Use the following steps to modify the connection string to include ```failover p Click any of the following links for more information: -* [Prepare a mirror database for mirroring (SQL Server)](https://docs.microsoft.com/en-us/sql/database-engine/database-mirroring/prepare-a-mirror-database-for-mirroring-sql-server). -* [Establish a database mirroring session using Windows Authentication (SQL Server Management Studio)](https://docs.microsoft.com/en-us/sql/database-engine/database-mirroring/establish-database-mirroring-session-windows-authentication). +* [Prepare a mirror database for mirroring (SQL Server)](https://docs.microsoft.com/sql/database-engine/database-mirroring/prepare-a-mirror-database-for-mirroring-sql-server). +* [Establish a database mirroring session using Windows Authentication (SQL Server Management Studio)](https://docs.microsoft.com/sql/database-engine/database-mirroring/establish-database-mirroring-session-windows-authentication). * [Deprecated database engine features in SQL Server 2012](). ## Support for Microsoft SQL Server Always On configuration -The App-V management server database supports deployments to computers running Microsoft SQL Server with the **Always On** configuration. For more information, see [Always On Availability Groups (SQL Server)](https://docs.microsoft.com/en-us/sql/database-engine/availability-groups/windows/always-on-availability-groups-sql-server). +The App-V management server database supports deployments to computers running Microsoft SQL Server with the **Always On** configuration. For more information, see [Always On Availability Groups (SQL Server)](https://docs.microsoft.com/sql/database-engine/availability-groups/windows/always-on-availability-groups-sql-server). ## Have a suggestion for App-V? diff --git a/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md b/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md index 378e61401d..285bffe2fc 100644 --- a/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md +++ b/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md @@ -23,7 +23,7 @@ You can use the App-V Sequencer to create plug-in packages for language packs, l ## Supported versions of Microsoft Office -For a list of supported Office products, see [Microsoft Office Product IDs that App-V supports](https://support.microsoft.com/en-us/help/2842297/product-ids-that-are-supported-by-the-office-deployment-tool-for-click). +For a list of supported Office products, see [Microsoft Office Product IDs that App-V supports](https://support.microsoft.com/help/2842297/product-ids-that-are-supported-by-the-office-deployment-tool-for-click). >[!NOTE] >You must use the Office Deployment Tool instead of the App-V Sequencer to create App-V packages for Office 365 ProPlus. App-V does not support package creation for volume-licensed versions of Office Professional Plus or Office Standard. Support for the [Office 2013 version of Office 365 ended in Februrary 2017](https://support.microsoft.com/kb/3199744). diff --git a/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md index ee75ec9087..857549b340 100644 --- a/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md +++ b/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md @@ -12,7 +12,7 @@ ms.date: 04/18/2018 >Applies to: Windows 10, version 1607 -If you are using an electronic software distribution (ESD) system to deploy App-V packages, review the following planning considerations. For information about deploying App-V with System Center Configuration Manager, see [Introduction to application management in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682125.aspx#BKMK_Appv). +If you are using an electronic software distribution (ESD) system to deploy App-V packages, review the following planning considerations. For information about deploying App-V with System Center Configuration Manager, see [Introduction to application management in Configuration Manager](https://technet.microsoft.com/library/gg682125.aspx#BKMK_Appv). Review the following component and architecture requirements options that apply when you use an ESD to deploy App-V packages: diff --git a/windows/application-management/app-v/appv-publish-a-connection-group.md b/windows/application-management/app-v/appv-publish-a-connection-group.md index 739de9f0a3..cebbaac7ad 100644 --- a/windows/application-management/app-v/appv-publish-a-connection-group.md +++ b/windows/application-management/app-v/appv-publish-a-connection-group.md @@ -6,29 +6,25 @@ ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 -ms.date: 04/19/2017 +ms.date: 09/27/2018 --- - - # How to Publish a Connection Group -**Applies to** -- Windows 10, version 1607 +>Applies to: Windows 10, version 1607 After you create a connection group, you must publish it to computers that run the App-V client. -**To publish a connection group** +## Publish a connection group -1. Open the App-V Management Console, and select **CONNECTION GROUPS**. +1. Open the App-V Management Console and select **CONNECTION GROUPS**. -2. Right-click the connection group to be published, and select **publish**. +2. Right-click the connection group to be published, and select **publish**. ## Have a suggestion for App-V? -Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
    For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). +Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). ## Related topics -[Operations for App-V](appv-operations.md) - -[Managing Connection Groups](appv-managing-connection-groups.md) +* [Operations for App-V](appv-operations.md) +* [Managing connection groups](appv-managing-connection-groups.md) diff --git a/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md b/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md index fb9ad9b19f..8451509577 100644 --- a/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md +++ b/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md @@ -1,51 +1,45 @@ --- -title: How to Publish a Package by Using the Management Console (Windows 10) -description: How to Publish a Package by Using the Management Console +title: How to publish a package by using the Management console (Windows 10) +description: How to publish a package by using the Management console. author: MaggiePucciEvans ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 -ms.date: 04/19/2017 +ms.date: 09/27/2018 --- +# How to publish a package by using the Management console +>Applies to: Windows 10, version 1607 -# How to Publish a Package by Using the Management Console +Use the following procedure to publish an App-V package. Once you publish a package, computers running the App-V client can access and run the applications in that package. -**Applies to** -- Windows 10, version 1607 +>[!NOTE]   +>The ability to enable only administrators to publish or unpublish packages (described below) is supported starting in App-V 5.0 SP3. -Use the following procedure to publish an App-V package. Once you publish a package, computers that are running the App-V client can access and run the applications in that package. +## Publish an App-V package -**Note**   -The ability to enable only administrators to publish or unpublish packages (described below) is supported starting in App-V 5.0 SP3. +1. In the App-V Management console. Select or right-click the name of the package to be published. Select **Publish**. -  - -**To publish an App-V package** - -1. In the App-V Management console. Click or right-click the name of the package to be published. Select **Publish**. - -2. Review the **Status** column to verify that the package has been published and is now available. If the package is available, the status **published** is displayed. +2. Review the **Status** column to verify that the package has been published and is now available. If the package is available, the status **published** is displayed. If the package is not published successfully, the status **unpublished** is displayed, along with error text that explains why the package is not available. -**To enable only administrators to publish or unpublish packages** +## Enable only administrators to publish or unpublish packages -1. Navigate to the following Group Policy Object node: +1. Navigate to the following Group Policy Object node: - **Computer Configuration > Administrative Templates > System > App-V > Publishing**. + **Computer Configuration** > **Administrative Templates** > **System** > **App-V** > **Publishing**. -2. Enable the **Require publish as administrator** Group Policy setting. +2. Enable the **Require publish as administrator** Group Policy setting. - To instead use Windows PowerShell to set this item, see [How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md#bkmk-admins-pub-pkgs). + To instead use Windows PowerShell to set this item, see [Understanding pending packages: UserPending and GlobalPending](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md#about-pending-packages-userpending-and-globalpending). ## Have a suggestion for App-V? -Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
    For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). +Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). ## Related topics -[Operations for App-V](appv-operations.md) - -[How to Configure Access to Packages by Using the Management Console](appv-configure-access-to-packages-with-the-management-console.md) +* [Operations for App-V](appv-operations.md) +* [How to configure access to packages by using the Management console](appv-configure-access-to-packages-with-the-management-console.md) \ No newline at end of file diff --git a/windows/application-management/app-v/appv-reporting.md b/windows/application-management/app-v/appv-reporting.md index 32ae6b094c..d72bc2f199 100644 --- a/windows/application-management/app-v/appv-reporting.md +++ b/windows/application-management/app-v/appv-reporting.md @@ -190,7 +190,7 @@ You can also use the **Send-AppVClientReport** cmdlet to manually collect data. To retrieve report information and create reports using App-V you must use one of the following methods: -* Microsoft SQL Server Reporting Services (SSRS)—Microsoft SSRS is available with Microsoft SQL Server. SSRS is not installed when you install the App-V reporting server. It must be deployed separately to generate the associated reports. For more information, see the [What is SQL Server Reporting Services (SSRS)?](https://docs.microsoft.com/en-us/sql/reporting-services/create-deploy-and-manage-mobile-and-paginated-reports) article. +* Microsoft SQL Server Reporting Services (SSRS)—Microsoft SSRS is available with Microsoft SQL Server. SSRS is not installed when you install the App-V reporting server. It must be deployed separately to generate the associated reports. For more information, see the [What is SQL Server Reporting Services (SSRS)?](https://docs.microsoft.com/sql/reporting-services/create-deploy-and-manage-mobile-and-paginated-reports) article. * Scripting—You can generate reports by scripting directly against the App-V reporting database. For example: @@ -198,7 +198,7 @@ To retrieve report information and create reports using App-V you must use one o **spProcessClientReport** is scheduled to run at midnight or 12:00 AM. - To run the Microsoft SQL Server Scheduled Stored procedure, the Microsoft SQL Server Agent must be running. Make sure the Microsoft SQL Server Agent is set to **AutoStart**. For more information, see [Autostart SQL Server Agent (SQL Server Management Studio)](https://docs.microsoft.com/en-us/sql/ssms/agent/autostart-sql-server-agent-sql-server-management-studio). + To run the Microsoft SQL Server Scheduled Stored procedure, the Microsoft SQL Server Agent must be running. Make sure the Microsoft SQL Server Agent is set to **AutoStart**. For more information, see [Autostart SQL Server Agent (SQL Server Management Studio)](https://docs.microsoft.com/sql/ssms/agent/autostart-sql-server-agent-sql-server-management-studio). The stored procedure is also created when you use the App-V database scripts. diff --git a/windows/application-management/app-v/appv-security-considerations.md b/windows/application-management/app-v/appv-security-considerations.md index c5286a0658..e29423c9c8 100644 --- a/windows/application-management/app-v/appv-security-considerations.md +++ b/windows/application-management/app-v/appv-security-considerations.md @@ -27,9 +27,9 @@ Effective as of June, 2014, the PackageStoreAccessControl (PSAC) feature introdu **Physically secure your computers**. A security strategy that doesn't consider physical security is incomplete. Anyone with physical access to an App-V server could potentially attack the entire client base, so potential physical attacks or thefts should be prevented at all cost. App-V servers should be stored in a physically secure server room with controlled access. Lock the computer with the operating system or a secured screen saver to keep computers secure when the administrators are away. -**Apply the most recent security updates to all computers**. To stay informed about the latest updates for operating systems, Microsoft SQL Server, and App-V, see the [Microsoft Security TechCenter](https://technet.microsoft.com/en-us/security/bb291012). (THIS LINK NEEDS TO BE UPDATED) +**Apply the most recent security updates to all computers**. To stay informed about the latest updates for operating systems, Microsoft SQL Server, and App-V, see the [Microsoft Security TechCenter](https://technet.microsoft.com/security/bb291012). (THIS LINK NEEDS TO BE UPDATED) -**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all App-V and App-V administrator accounts. Never use blank passwords. For more information about password concepts, see [Password Policy](https://docs.microsoft.com/en-us/sql/relational-databases/security/password-policy) and [Strong Passwords](https://docs.microsoft.com/en-us/sql/relational-databases/security/strong-passwords). (THIS LINK NEEDS TO BE UPDATED) +**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all App-V and App-V administrator accounts. Never use blank passwords. For more information about password concepts, see [Password Policy](https://docs.microsoft.com/sql/relational-databases/security/password-policy) and [Strong Passwords](https://docs.microsoft.com/sql/relational-databases/security/strong-passwords). (THIS LINK NEEDS TO BE UPDATED) ## Accounts and groups in App-V diff --git a/windows/application-management/app-v/appv-technical-reference.md b/windows/application-management/app-v/appv-technical-reference.md index 81b431ddac..d8f814afcd 100644 --- a/windows/application-management/app-v/appv-technical-reference.md +++ b/windows/application-management/app-v/appv-technical-reference.md @@ -47,4 +47,4 @@ Add or vote on suggestions on the [Application Virtualization feedback site](htt [Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md) -[Windows PowerShell reference for App-V](https://technet.microsoft.com/en-us/library/dn903534.aspx) +[Windows PowerShell reference for App-V](https://technet.microsoft.com/library/dn903534.aspx) diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md index f29b02af29..afa48aee66 100644 --- a/windows/application-management/apps-in-windows-10.md +++ b/windows/application-management/apps-in-windows-10.md @@ -8,96 +8,163 @@ ms.pagetype: mobile ms.author: elizapo author: lizap ms.localizationpriority: medium -ms.date: 07/10/2018 +ms.date: 12/12/2018 --- # Understand the different apps included in Windows 10 +>Applies to: Windows 10 + The following types of apps run on Windows 10: - Windows apps - introduced in Windows 8, primarily installed from the Store app. - Universal Windows Platform (UWP) apps - designed to work across platforms, can be installed on multiple platforms including Windows client, Windows Phone, and Xbox. All UWP apps are also Windows apps, but not all Windows apps are UWP apps. -- "Win32" apps - traditional Windows applications, built for 32-bit systems. +- "Win32" apps - traditional Windows applications. Digging into the Windows apps, there are two categories: -- System apps - Apps that are installed in the c:\Windows\* directory. These apps are integral to the OS. -- Apps - All other apps, installed in c:\Program Files\WindowsApps. There are two classes of apps: - - Provisioned: Installed the first time you sign into Windows. You'll see a tile or Start menu item for these apps, but they aren't installed until the first sign-in. +- Apps - All other apps, installed in C:\Program Files\WindowsApps. There are two classes of apps: + - Provisioned: Installed in user account the first time you sign in with a new user account. - Installed: Installed as part of the OS. +- System apps - Apps that are installed in the C:\Windows\* directory. These apps are integral to the OS. The following tables list the system apps, installed Windows apps, and provisioned Windows apps in a standard Windows 10 Enterprise installation. (If you have a custom image, your specific apps might differ.) The tables list the app, the full name, show the app's status in Windows 10 version 1607, 1703, and 1709, and indicate whether an app can be uninstalled through the UI. Some of the apps show up in multiple tables - that's because their status changed between versions. Make sure to check the version column for the version you are currently running. + +## Provisioned Windows apps + +Here are the provisioned Windows apps in Windows 10 versions 1703, 1709, 1803 and 1809. + > [!TIP] -> Want to see a list of the apps installed on your specific image? You can run the following PowerShell cmdlet: -> ```powershell -> Get-AppxPackage |Select Name,PackageFamilyName -> Get-AppxProvisionedPackage -Online | select DisplayName,PackageName +> You can list all provisioned Windows apps with this PowerShell command: > ``` +> Get-AppxProvisionedPackage -Online | Format-Table DisplayName, PackageName +> ``` + +
    + +| Package name | App name | 1703 | 1709 | 1803 | 1809 | Uninstall through UI? | +|----------------------------------------|--------------------------------------------------------------------------------------------------------------------|:----:|:----:|:----:|:----:|:---------------------:| +| Microsoft.3DBuilder | [3D Builder](ms-windows-store://pdp/?PFN=Microsoft.3DBuilder_8wekyb3d8bbwe) | x | | | | Yes | +| Microsoft.BingWeather | [MSN Weather](ms-windows-store://pdp/?PFN=Microsoft.BingWeather_8wekyb3d8bbwe) | x | x | x | x | Yes | +| Microsoft.DesktopAppInstaller | [App Installer](ms-windows-store://pdp/?PFN=Microsoft.DesktopAppInstaller_8wekyb3d8bbwe) | x | x | x | x | Via Settings App | +| Microsoft.GetHelp | [Get Help](ms-windows-store://pdp/?PFN=Microsoft.Gethelp_8wekyb3d8bbwe) | | x | x | x | No | +| Microsoft.Getstarted | [Microsoft Tips](ms-windows-store://pdp/?PFN=Microsoft.Getstarted_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.HEIFImageExtension | [HEIF Image Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEIFImageExtension_8wekyb3d8bbwe) | | | | x | No | +| Microsoft.Messaging | [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.Microsoft3DViewer | [Mixed Reality Viewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.MicrosoftOfficeHub | [My Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe) | x | x | x | x | Yes | +| Microsoft.MicrosoftSolitaireCollection | [Microsoft Solitaire Collection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) | x | x | x | x | Yes | +| Microsoft.MicrosoftStickyNotes | [Microsoft Sticky Notes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.MixedReality.Portal | [Mixed Reality Portal](ms-windows-store://pdp/?PFN=Microsoft.MixedReality.Portal_8wekyb3d8bbwe) | | | | x | No | +| Microsoft.MSPaint | [Paint 3D](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.Office.OneNote | [OneNote](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe) | x | x | x | x | Yes | +| Microsoft.OneConnect | [Paid Wi-Fi & Cellular](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.People | [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.Print3D | [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe) | | x | x | x | No | +| Microsoft.SkreenSketch | [Snip & Sketch](ms-windows-store://pdp/?PFN=Microsoft.ScreenSketch_8wekyb3d8bbwe) | | | | x | No | +| Microsoft.SkypeApp | [Skype](ms-windows-store://pdp/?PFN=Microsoft.SkypeApp_kzf8qxf38zg5c) | x | x | x | x | No | +| Microsoft.StorePurchaseApp | [Store Purchase App](ms-windows-store://pdp/?PFN=Microsoft.StorePurchaseApp_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.VP9VideoExtensions | | | | | x | No | +| Microsoft.Wallet | [Microsoft Pay](ms-windows-store://pdp/?PFN=Microsoft.Wallet_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.WebMediaExtensions | [Web Media Extensions](ms-windows-store://pdp/?PFN=Microsoft.WebMediaExtensions_8wekyb3d8bbwe) | | | x | x | No | +| Microsoft.WebpImageExtension | [Webp Image Extension](ms-windows-store://pdp/?PFN=Microsoft.WebpImageExtension_8wekyb3d8bbwe) | | | | x | No | +| Microsoft.Windows.Photos | [Microsoft Photos](ms-windows-store://pdp/?PFN=Microsoft.Windows.Photos_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.WindowsAlarms | [Windows Alarms & Clock](ms-windows-store://pdp/?PFN=Microsoft.WindowsAlarms_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.WindowsCalculator | [Windows Calculator](ms-windows-store://pdp/?PFN=Microsoft.WindowsCalculator_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.WindowsCamera | [Windows Camera](ms-windows-store://pdp/?PFN=Microsoft.WindowsCamera_8wekyb3d8bbwe) | x | x | x | x | No | +| microsoft.windowscommunicationsapps | [Mail and Calendar](ms-windows-store://pdp/?PFN=microsoft.windowscommunicationsapps_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.WindowsFeedbackHub | [Feedback Hub](ms-windows-store://pdp/?PFN=Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.WindowsMaps | [Windows Maps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.WindowsSoundRecorder | [Windows Voice Recorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.WindowsStore | [Microsoft Store](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.Xbox.TCUI | [Xbox TCUI](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe) | | x | x | x | No | +| Microsoft.XboxApp | [Xbox](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.XboxGameOverlay | [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.XboxGamingOverlay | [Xbox Gaming Overlay](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe) | | | x | x | No | +| Microsoft.XboxIdentityProvider | [Xbox Identity Provider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.XboxSpeechToTextOverlay | | x | x | x | x | No | +| Microsoft.YourPhone | [Your Phone](ms-windows-store://pdp/?PFN=Microsoft.YourPhone_8wekyb3d8bbwe) | | | | x | No | +| Microsoft.ZuneMusic | [Groove Music](ms-windows-store://pdp/?PFN=Microsoft.ZuneMusic_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.ZuneVideo | [Movies & TV](ms-windows-store://pdp/?PFN=Microsoft.ZuneVideo_8wekyb3d8bbwe) | x | x | x | x | No | + + +>[!NOTE] +>The Store app can't be removed. If you want to remove and reinstall the Store app, you can only bring Store back by either restoring your system from a backup or resetting your system. Instead of removing the Store app, you should use group policies to hide or disable it. ## System apps System apps are integral to the operating system. Here are the typical system apps in Windows 10 versions 1703, 1709, and 1803. -| Name | Full name |1703 | 1709 | 1803 |Uninstall through UI? | -|------------------|-------------------------------------------|:------:|:------:|:------:|-------------------------------------------------------| -| Cortana UI | CortanaListenUIApp | x | | |No | -| | Desktop Learning | x | | |No | -| | DesktopView | x | | |No | -| | EnvironmentsApp | x | | |No | -| Mixed Reality + | HoloCamera | x | | |No | -| Mixed Reality + | HoloItemPlayerApp | x | | |No | -| Mixed Reality + | HoloShell | x | | |No | -| | InputApp | | x | x |No | -| | Microsoft.AAD.Broker.Plugin | x | x | x |No | -| | Microsoft.AccountsControl | x | x | x |No | -| Hello setup UI | Microsoft.BioEnrollment | x | x | x |No | -| | Microsoft.CredDialogHost | x | x | x |No | -| | Microsoft.ECApp | | x | x |No | -| | Microsoft.LockApp | x | x | x |No | -| Microsoft Edge | Microsoft.Microsoft.Edge | x | x | x |No | -| | Microsoft.PPIProjection | x | x | x |No | -| | Microsoft.Windows. Apprep.ChxApp | x | x | x |No | -| | Microsoft.Windows. AssignedAccessLockApp | x | x | x |No | -| | Microsoft.Windows. CloudExperienceHost | x | x | x |No | -| | Microsoft.Windows. ContentDeliveryManager | x | x | x |No | -| Cortana | Microsoft.Windows.Cortana | x | x | x |No | -| | Microsoft.Windows. Holographic.FirstRun | x | x | x |No | -| | Microsoft.Windows. ModalSharePickerHost | x | | |No | -| | Microsoft.Windows. OOBENetworkCaptivePort | x | x | x |No | -| | Microsoft.Windows. OOBENetworkConnectionFlow | x | x | x |No | -| | Microsoft.Windows. ParentalControls | x | x | x |No | -| People Hub | Microsoft.Windows. PeopleExperienceHost | | x | x |No | -| | Microsoft.Windows. PinningConfirmationDialog | | x | x |No | -| | Microsoft.Windows. SecHealthUI | x | x | x |No | -| | Microsoft.Windows. SecondaryTileExperience | x | x | |No | -| | Microsoft.Windows. SecureAssessmentBrowser | x | x | x |No | -| Start | Microsoft.Windows. ShellExperienceHost | x | x | x |No | -| Windows Feedback | Microsoft.WindowsFeedback | * | * | |No | -| | Microsoft.XboxGameCallableUI | x | x | x |No | -| Contact Support* | Windows.ContactSupport | x | * | |Through the Optional Features app | -| Settings | Windows.ImmersiveControlPanel | x | x | |No | -| Connect | Windows.MiracastView | x | | |No | -| Print 3D | Windows.Print3D | | x | |Yes | -| Print UI | Windows.PrintDialog | x | x | x |No | -| Purchase UI | Windows.PurchaseDialog | | | x |No | -| | Microsoft.AsyncTextService | | | x |No | -| | Microsoft.MicrosoftEdgeDevToolsClient | | | x |No | -| | Microsoft.Win32WebViewHost | | | x |No | -| | Microsoft.Windows.CapturePicker | | | x |No | -| | Windows.CBSPreview | | | x |No | -|File Picker | 1527c705-839a-4832-9118-54d4Bd6a0c89 | | | x |No | -|File Explorer | c5e2524a-ea46-4f67-841f-6a9465d9d515 | | | x |No | -|App Resolver | E2A4F912-2574-4A75-9BB0-0D023378592B | | | x |No | -|Add Suggested folder Dialog box| F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE|| | x |No | +> [!TIP] +> You can list all system apps with this PowerShell command: +> ``` +> Get-AppxPackage -PackageTypeFilter Main | ? { $_.SignatureKind -eq "System" } | Sort Name | Format-Table Name, InstallLocation +> ``` + +
    + +| Name | Package Name | 1703 | 1709 | 1803 | Uninstall through UI? | +|----------------------------------|---------------------------------------------|:-----:|:----:|:----:|-----------------------| +| File Picker | 1527c705-839a-4832-9118-54d4Bd6a0c89 | | | x | No | +| File Explorer | c5e2524a-ea46-4f67-841f-6a9465d9d515 | | | x | No | +| App Resolver UX | E2A4F912-2574-4A75-9BB0-0D023378592B | | | x | No | +| Add Suggested Folders To Library | F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE | | | x | No | +| | InputApp | | x | x | No | +| Cortana UI | CortanaListenUIApp | x | | | No | +| | Desktop Learning | x | | | No | +| | DesktopView | x | | | No | +| | EnvironmentsApp | x | | | No | +| Mixed Reality + | HoloCamera | x | | | No | +| Mixed Reality + | HoloItemPlayerApp | x | | | No | +| Mixed Reality + | HoloShell | x | | | No | +| | Microsoft.AAD.Broker.Plugin | x | x | x | No | +| | Microsoft.AccountsControl | x | x | x | No | +| | Microsoft.AsyncTextService | | | x | No | +| Hello setup UI | Microsoft.BioEnrollment | x | x | x | No | +| | Microsoft.CredDialogHost | x | x | x | No | +| | Microsoft.ECApp | | x | x | No | +| | Microsoft.LockApp | x | x | x | No | +| Microsoft Edge | Microsoft.MicrosoftEdge | x | x | x | No | +| | Microsoft.MicrosoftEdgeDevToolsClient | | | x | No | +| | Microsoft.PPIProjection | x | x | | No | +| | Microsoft.Win32WebViewHost | | | x | No | +| | Microsoft.Windows.Apprep.ChxApp | x | x | x | No | +| | Microsoft.Windows.AssignedAccessLockApp | x | x | x | No | +| | Microsoft.Windows.CapturePicker | | | x | No | +| | Microsoft.Windows.CloudExperienceHost | x | x | x | No | +| | Microsoft.Windows.ContentDeliveryManager | x | x | x | No | +| Cortana | Microsoft.Windows.Cortana | x | x | x | No | +| | Microsoft.Windows.Holographic.FirstRun | x | x | | No | +| | Microsoft.Windows.ModalSharePickerHost | x | | | No | +| | Microsoft.Windows.OOBENetworkCaptivePort | x | x | x | No | +| | Microsoft.Windows.OOBENetworkConnectionFlow | x | x | x | No | +| | Microsoft.Windows.ParentalControls | x | x | x | No | +| People Hub | Microsoft.Windows.PeopleExperienceHost | | x | x | No | +| | Microsoft.Windows.PinningConfirmationDialog | | x | x | No | +| | Microsoft.Windows.SecHealthUI | x | x | x | No | +| | Microsoft.Windows.SecondaryTileExperience | x | x | | No | +| | Microsoft.Windows.SecureAssessmentBrowser | x | x | x | No | +| Start | Microsoft.Windows.ShellExperienceHost | x | x | x | No | +| Windows Feedback | Microsoft.WindowsFeedback | * | * | | No | +| | Microsoft.XboxGameCallableUI | x | x | x | No | +| | Windows.CBSPreview | | | x | No | +| Contact Support* | Windows.ContactSupport | x | * | | Via Settings App | +| Settings | Windows.immersivecontrolpanel | x | x | x | No | +| Connect | Windows.MiracastView | x | | | No | +| Print 3D | Windows.Print3D | | x | | Yes | +| Print UI | Windows.PrintDialog | x | x | x | No | +| Purchase UI | Windows.PurchaseDialog | | | | No | + > [!NOTE] > - The Contact Support app changed to Get Help in version 1709. Get Help is a provisioned app (instead of system app like Contact Support). ## Installed Windows apps + Here are the typical installed Windows apps in Windows 10 versions 1703, 1709, and 1803. | Name | Full name | 1703 | 1709 | 1803 |Uninstall through UI? | -|--------------------|------------------------------------------|:----:|:----:|:----:|----------------------| +|--------------------|------------------------------------------|:----:|:----:|:----:|:---------------------:| | Remote Desktop | Microsoft.RemoteDesktop | x | x | | Yes | | PowerBI | Microsoft.Microsoft PowerBIforWindows | x | | | Yes | | Code Writer | ActiproSoftwareLLC.562882FEEB491 | x | x | x | Yes | @@ -106,7 +173,7 @@ Here are the typical installed Windows apps in Windows 10 versions 1703, 1709, a | Photoshop Express | AdobeSystemIncorporated. AdobePhotoshop | x | x | x | Yes | | Duolingo | D5EA27B7.Duolingo- LearnLanguagesforFree | x | x | x | Yes | | Network Speed Test | Microsoft.NetworkSpeedTest | x | x | x | Yes | -| News | Microsoft.BingNews | x | x | x | Yes | +| News | Microsoft.BingNews | x | x | x | Yes | | Flipboard | | | | | Yes | | | Microsoft.Advertising.Xaml | x | x | x | Yes | | | Microsoft.NET.Native.Framework.1.2 | x | x | x | Yes | @@ -126,52 +193,4 @@ Here are the typical installed Windows apps in Windows 10 versions 1703, 1709, a | | Microsoft.VCLibs.120.00.Universal | | x | | Yes | | | Microsoft.VCLibs.140.00.UWPDesktop | | | x | Yes | | | Microsoft.WinJS.2.0 | x | | | Yes | - -## Provisioned Windows apps - -Here are the typical provisioned Windows apps in Windows 10 versions 1703, 1709, and 1803. - -| Name | Full name | 1703 | 1709 | 1803 | Uninstall through UI? | -|---------------------------------|----------------------------------------|:------:|:------:|:------:|---------------------------| -| 3D Builder | Microsoft.3DBuilder | x | | | Yes | -| Alarms & Clock | Microsoft.WindowsAlarms | x | x | x | No | -| App Installer | Microsoft.DesktopAppInstaller | x | x | x | Via Settings App | -| Calculator | Microsoft.WindowsCalculator | x | x | x | No | -| Camera | Microsoft.WindowsCamera | x | x | x | No | -| Feedback Hub | Microsoft.WindowsFeedbackHub | x | x | x | Yes | -| Get Help | Microsoft.GetHelp | | x | x | No | -| Get Office/My Office | Microsoft.Microsoft OfficeHub | x | x | x | Yes | -| Get Skype/Skype (preview)/Skype | Microsoft.SkypeApp | x | x | x | Yes | -| Get Started/Tips | Microsoft.Getstarted | x | x | x | Yes | -| Groove | Microsoft.ZuneMusic | x | x | x | No | -| Mail and Calendar | Microsoft.windows communicationsapps | x | x | x | No | -| Maps | Microsoft.WindowsMaps | x | x | x | No | -| Messaging | Microsoft.Messaging | x | x | x | No | -| Microsoft 3D Viewer | Microsoft.Microsoft3DViewer | x | x | x | No | -| Movies & TV | Microsoft.ZuneVideo | x | x | x | No | -| OneNote | Microsoft.Office.OneNote | x | x | x | Yes | -| Paid Wi-FI | Microsoft.OneConnect | x | x | x | Yes | -| Paint 3D | Microsoft.MSPaint | x | x | x | No | -| People | Microsoft.People | x | x | x | No | -| Photos | Microsoft.Windows.Photos | x | x | x | No | -| Print 3D | Microsoft.Print3D | | x | x | No | -| Solitaire | Microsoft.Microsoft SolitaireCollection| x | x | x | Yes | -| Sticky Notes | Microsoft.MicrosoftStickyNotes | x | x | x | No | -| Store | Microsoft.WindowsStore | x | x | x | No | -| Sway | Microsoft.Office.Sway | * | x | x | Yes | -| Voice Recorder | Microsoft.SoundRecorder | x | x | x | No | -| Wallet | Microsoft.Wallet | x | x | x | No | -| Weather | Microsoft.BingWeather | x | x | x | Yes | -| Xbox | Microsoft.XboxApp | x | x | x | No | -| | Microsoft.OneConnect | x | x | x | No | -| | Microsoft.DesktopAppInstaller | | | x | No | -| | Microsoft.StorePurchaseApp | x | x | x | No | -| | Microsoft.WebMediaExtensions | | | x | No | -| | Microsoft.Xbox.TCUI | | x | x | No | -| | Microsoft.XboxGameOverlay | x | x | x | No | -| | Microsoft.XboxGamingOverlay | | | x | No | -| | Microsoft.XboxIdentityProvider | x | x | x | No | -| | Microsoft.XboxSpeech ToTextOverlay | x | x | x | No | - ->[!NOTE] ->The Store app can't be removed. If you want to remove and reinstall the Store app, you can only bring Store back by either restoring your system from a backup or resetting your system. Instead of removing the Store app, you should use group policies to hide or disable it. \ No newline at end of file +--- \ No newline at end of file diff --git a/windows/application-management/deploy-app-upgrades-windows-10-mobile.md b/windows/application-management/deploy-app-upgrades-windows-10-mobile.md index b916d7fe60..13e16012bd 100644 --- a/windows/application-management/deploy-app-upgrades-windows-10-mobile.md +++ b/windows/application-management/deploy-app-upgrades-windows-10-mobile.md @@ -55,4 +55,4 @@ You don't need to delete the deployment associated with the older version of the ![Monitoring view in Configuration Manager for the old version of the app](media/app-upgrade-old-version.png) -If you haven't deployed an app through Configuration Manager before, check out [Deploy applications with System Center Configuration Manager](https://docs.microsoft.com/en-us/sccm/apps/deploy-use/deploy-applications). You can also see how to delete deployments (although you don't have to) and notify users about the upgraded app. \ No newline at end of file +If you haven't deployed an app through Configuration Manager before, check out [Deploy applications with System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/deploy-applications). You can also see how to delete deployments (although you don't have to) and notify users about the upgraded app. \ No newline at end of file diff --git a/windows/application-management/docfx.json b/windows/application-management/docfx.json index 7d3ae2dae2..5c20bbd8a7 100644 --- a/windows/application-management/docfx.json +++ b/windows/application-management/docfx.json @@ -36,7 +36,6 @@ "ms.technology": "windows", "ms.topic": "article", "ms.author": "elizapo", - "ms.date": "04/05/2017", "feedback_system": "GitHub", "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app", diff --git a/windows/application-management/images/Createpackage.PNG b/windows/application-management/images/Createpackage.PNG new file mode 100644 index 0000000000..4ae246a743 Binary files /dev/null and b/windows/application-management/images/Createpackage.PNG differ diff --git a/windows/application-management/images/Installation.PNG b/windows/application-management/images/Installation.PNG new file mode 100644 index 0000000000..9c3197ada5 Binary files /dev/null and b/windows/application-management/images/Installation.PNG differ diff --git a/windows/application-management/images/Managefirstlaunchtasks.PNG b/windows/application-management/images/Managefirstlaunchtasks.PNG new file mode 100644 index 0000000000..edcf1a23e8 Binary files /dev/null and b/windows/application-management/images/Managefirstlaunchtasks.PNG differ diff --git a/windows/application-management/images/PackageSupport.PNG b/windows/application-management/images/PackageSupport.PNG new file mode 100644 index 0000000000..1bbca6865a Binary files /dev/null and b/windows/application-management/images/PackageSupport.PNG differ diff --git a/windows/application-management/images/Packageinfo.PNG b/windows/application-management/images/Packageinfo.PNG new file mode 100644 index 0000000000..be3b9b98dd Binary files /dev/null and b/windows/application-management/images/Packageinfo.PNG differ diff --git a/windows/application-management/images/Selectinstaller.PNG b/windows/application-management/images/Selectinstaller.PNG new file mode 100644 index 0000000000..7ffd984bed Binary files /dev/null and b/windows/application-management/images/Selectinstaller.PNG differ diff --git a/windows/application-management/images/donemonitoring..PNG b/windows/application-management/images/donemonitoring..PNG new file mode 100644 index 0000000000..d39102b961 Binary files /dev/null and b/windows/application-management/images/donemonitoring..PNG differ diff --git a/windows/application-management/images/preparecomputer.PNG b/windows/application-management/images/preparecomputer.PNG new file mode 100644 index 0000000000..43b2e3e965 Binary files /dev/null and b/windows/application-management/images/preparecomputer.PNG differ diff --git a/windows/application-management/images/preparingpackagestep.PNG b/windows/application-management/images/preparingpackagestep.PNG new file mode 100644 index 0000000000..5b06e11d0d Binary files /dev/null and b/windows/application-management/images/preparingpackagestep.PNG differ diff --git a/windows/application-management/images/selectEnvironmentThiscomputer.PNG b/windows/application-management/images/selectEnvironmentThiscomputer.PNG new file mode 100644 index 0000000000..bf6f3b4bf0 Binary files /dev/null and b/windows/application-management/images/selectEnvironmentThiscomputer.PNG differ diff --git a/windows/application-management/images/selectEnvironmentVM.PNG b/windows/application-management/images/selectEnvironmentVM.PNG new file mode 100644 index 0000000000..dd6e1f9168 Binary files /dev/null and b/windows/application-management/images/selectEnvironmentVM.PNG differ diff --git a/windows/application-management/images/welcomescreen.PNG b/windows/application-management/images/welcomescreen.PNG new file mode 100644 index 0000000000..cd551740a8 Binary files /dev/null and b/windows/application-management/images/welcomescreen.PNG differ diff --git a/windows/application-management/manage-windows-mixed-reality.md b/windows/application-management/manage-windows-mixed-reality.md index f6af0d88a5..20b71d39e8 100644 --- a/windows/application-management/manage-windows-mixed-reality.md +++ b/windows/application-management/manage-windows-mixed-reality.md @@ -9,7 +9,7 @@ ms.localizationpriority: medium author: jdeckerms ms.author: jdecker ms.topic: article -ms.date: 05/16/2018 +ms.date: 10/02/2018 --- # Enable or block Windows Mixed Reality apps in the enterprise @@ -34,8 +34,7 @@ Organizations that use Windows Server Update Services (WSUS) must take action to 2. Windows Mixed Reality Feature on Demand (FOD) is downloaded from Windows Update. If access to Windows Update is blocked, you must manually install the Windows Mixed Reality FOD. - a. Download [the FOD .cab file for Windows 10, version 1803](http://download.microsoft.com/download/9/9/3/9934B163-FA01-4108-A38A-851B4ACD1244/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab) or [the FOD .cab file for Windows 10, version 1709] - (http://download.microsoft.com/download/6/F/8/6F816172-AC7D-4F45-B967-D573FB450CB7/Microsoft-Windows-Holographic-Desktop-FOD-Package.cab). + a. Download the FOD .cab file for [Windows 10, version 1809](https://software-download.microsoft.com/download/pr/microsoft-windows-holographic-desktop-fod-package31bf3856ad364e35amd64_1.cab), [Windows 10, version 1803](https://download.microsoft.com/download/9/9/3/9934B163-FA01-4108-A38A-851B4ACD1244/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab), or [Windows 10, version 1709](http://download.microsoft.com/download/6/F/8/6F816172-AC7D-4F45-B967-D573FB450CB7/Microsoft-Windows-Holographic-Desktop-FOD-Package.cab). >[!NOTE] >You must download the FOD .cab file that matches your operating system version. @@ -53,7 +52,7 @@ Organizations that use Windows Server Update Services (WSUS) must take action to IT admins can also create [Side by side feature store (shared folder)](https://technet.microsoft.com/library/jj127275.aspx) to allow access to the Windows Mixed Reality FOD. - + ## Block the Mixed Reality Portal You can use the [AppLocker configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/applocker-csp) to block the Mixed Reality software. @@ -73,7 +72,7 @@ In the following example, the **Id** can be any generated GUID and the **Name** chr text/plain - + <RuleCollection Type="Appx" EnforcementMode="Enabled"> <FilePublisherRule Id="a9e18c21-ff8f-43cf-b9fc-db40eed693ba" Name="(Default Rule) All signed packaged apps" Description="Allows members of the Everyone group to run packaged apps that are signed." UserOrGroupSid="S-1-1-0" Action="Allow"> <Conditions> @@ -97,7 +96,7 @@ In the following example, the **Id** can be any generated GUID and the **Name** -``` +``` ## Related topics diff --git a/windows/application-management/media/icon_hyperlink.png b/windows/application-management/media/icon_hyperlink.png new file mode 100644 index 0000000000..847e8f62ad Binary files /dev/null and b/windows/application-management/media/icon_hyperlink.png differ diff --git a/windows/application-management/msix-app-packaging-tool.md b/windows/application-management/msix-app-packaging-tool.md new file mode 100644 index 0000000000..c92489e73a --- /dev/null +++ b/windows/application-management/msix-app-packaging-tool.md @@ -0,0 +1,37 @@ +--- +title: Repackage your existing win32 applications to the MSIX format. +description: Learn how to install and use the MSIX packaging tool. +keywords: ["MSIX", "application", "app", "win32", "packaging tool"] +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.localizationpriority: medium +ms.author: mikeblodge +ms.topic: article +ms.date: 12/03/2018 +--- + +# Repackage existing win32 applications to the MSIX format + +MSIX is a packaging format built to be safe, secure and reliable, based on a combination of .msi, .appx, App-V and ClickOnce installation technologies. You can [use the MSIX packaging tool](https://docs.microsoft.com/windows/msix/packaging-tool/create-app-package-msi-vm) to repackage your existing Win32 applications to the MSIX format. + +You can either run your installer interactivly (through the UI) or create a package from the command line. Either way, you can convert an application without having the source code. Then, you can make your app available through the Microsoft Store. + +- [Package your favorite application installer](https://docs.microsoft.com/windows/msix/packaging-tool/create-app-package-msi-vm) interactively (msi, exe, App-V 5.x and ClickOnce) in MSIX format. +- Create a [modification package](https://docs.microsoft.com/windows/msix/packaging-tool/package-editor) to update an existing MSIX package. +- [Bundle multiple MSIX packages](https://docs.microsoft.com/windows/msix/packaging-tool/bundle-msix-packages) for distribution. + +## Installing the MSIX Packaging Tool + +### Prerequisites + +- Windows 10, version 1809 (or later) +- Participation in the Windows Insider Program (if you're using an Insider build) +- A valid Microsoft account (MSA) alias to access the app from the Microsoft Store +- Admin privileges on your PC account + +### Get the app from the Microsoft Store + +1. Use the MSA login associated with your Windows Insider Program credentials in the [Microsoft Store](https://www.microsoft.com/store/r/9N5LW3JBCXKF). +2. Open the product description page. +3. Click the install icon to begin installation. \ No newline at end of file diff --git a/windows/client-management/TOC.md b/windows/client-management/TOC.md index a01dc76b8c..d3c28bfc73 100644 --- a/windows/client-management/TOC.md +++ b/windows/client-management/TOC.md @@ -11,5 +11,20 @@ ## [Transitioning to modern management](manage-windows-10-in-your-organization-modern-management.md) ## [Windows 10 Mobile deployment and management guide](windows-10-mobile-and-mdm.md) ## [Windows libraries](windows-libraries.md) +## [Troubleshoot Windows 10 clients](windows-10-support-solutions.md) +### [Advanced troubleshooting for Windows networking](troubleshoot-networking.md) +#### [Advanced troubleshooting Wireless network connectivity](advanced-troubleshooting-wireless-network-connectivity.md) +#### [Advanced troubleshooting 802.1X authentication](advanced-troubleshooting-802-authentication.md) +##### [Data collection for troubleshooting 802.1X authentication](data-collection-for-802-authentication.md) +#### [Advanced troubleshooting for TCP/IP](troubleshoot-tcpip.md) +##### [Collect data using Network Monitor](troubleshoot-tcpip-netmon.md) +##### [Troubleshoot TCP/IP connectivity](troubleshoot-tcpip-connectivity.md) +##### [Troubleshoot port exhaustion](troubleshoot-tcpip-port-exhaust.md) +##### [Troubleshoot Remote Procedure Call (RPC) errors](troubleshoot-tcpip-rpc-errors.md) +### [Advanced troubleshooting for Windows startup](troubleshoot-windows-startup.md) +#### [Advanced troubleshooting for Windows boot problems](advanced-troubleshooting-boot-problems.md) +#### [Advanced troubleshooting for Windows-based computer freeze](troubleshoot-windows-freeze.md) +#### [Advanced troubleshooting for stop error or blue screen error](troubleshoot-stop-errors.md) +#### [Advanced troubleshooting for stop error 7B or Inaccessible_Boot_Device](troubleshoot-inaccessible-boot-device.md) ## [Mobile device management for solution providers](mdm/index.md) ## [Change history for Client management](change-history-for-client-management.md) diff --git a/windows/client-management/administrative-tools-in-windows-10.md b/windows/client-management/administrative-tools-in-windows-10.md index b7f6316a52..082c384d37 100644 --- a/windows/client-management/administrative-tools-in-windows-10.md +++ b/windows/client-management/administrative-tools-in-windows-10.md @@ -50,6 +50,10 @@ These tools were included in previous versions of Windows and the associated doc >[!TIP]   >If the content that is linked to a tool in the following list doesn't provide the information you need to use that tool, send us a comment by using the **Was this page helpful?** feature on this **Administrative Tools in Windows 10** page. Details about the information you want for a tool will help us plan future content.  +## Related topics + +[Diagnostic Data Viewer](https://docs.microsoft.com/windows/privacy/diagnostic-data-viewer-overview) +   diff --git a/windows/client-management/advanced-troubleshooting-802-authentication.md b/windows/client-management/advanced-troubleshooting-802-authentication.md new file mode 100644 index 0000000000..24681f6db4 --- /dev/null +++ b/windows/client-management/advanced-troubleshooting-802-authentication.md @@ -0,0 +1,118 @@ +--- +title: Advanced Troubleshooting 802.1X Authentication +description: Learn how 802.1X Authentication works +keywords: advanced troubleshooting, 802.1X authentication, troubleshooting, authentication, Wi-Fi +ms.prod: w10 +ms.mktglfcycl: +ms.sitesec: library +author: kaushika-msft +ms.localizationpriority: medium +ms.author: greg-lindsay +--- + +# Advanced troubleshooting 802.1X authentication + +## Overview + +This is a general troubleshooting of 802.1X wireless and wired clients. With 802.1X and wireless troubleshooting, it's important to know how the flow of authentication works, and then figuring out where it's breaking. It involves a lot of third party devices and software. Most of the time, we have to identify where the problem is, and another vendor has to fix it. Since we don't make access points or wwitches, it won't be an end-to-end Microsoft solution. + +## Scenarios + +This troubleshooting technique applies to any scenario in which wireless or wired connections with 802.1X authentication is attempted and then fails to establish. The workflow covers Windows 7 - 10 for clients, and Windows Server 2008 R2 - 2012 R2 for NPS. + +## Known Issues + +None + +## Data Collection + +See [Advanced troubleshooting 802.1X authentication data collection](data-collection-for-802-authentication.md). + +## Troubleshooting + +Viewing [NPS authentication status events](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc735320(v%3dws.10)) in the Windows Security [event log](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc722404(v%3dws.11)) is one of the most useful troubleshooting methods to obtain information about failed authentications. + +NPS event log entries contain information on the connection attempt, including the name of the connection request policy that matched the connection attempt and the network policy that accepted or rejected the connection attempt. If you are not seeing both success and failure events, see the section below on [NPS audit policy](#audit-policy). + +Check Windows Security Event log on the NPS Server for NPS events corresponding to rejected ([event ID 6273](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc735399(v%3dws.10))) or accepted ([event ID 6272](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc735388(v%3dws.10))) connection attempts. + +In the event message, scroll to the very bottom, and check the [Reason Code](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd197570(v%3dws.10)) field and the text associated with it. + + ![example of an audit failure](images/auditfailure.png) + *Example: event ID 6273 (Audit Failure)*

    +‎ + ![example of an audit success](images/auditsuccess.png) + *Example: event ID 6272 (Audit Success)*
    + +‎The WLAN AutoConfig operational log lists information and error events based on conditions detected by or reported to the WLAN AutoConfig service. The operational log contains information about the wireless network adapter, the properties of the wireless connection profile, the specified network authentication, and, in the event of connectivity problems, the reason for the failure. For wired network access, Wired AutoConfig operational log is equivalent one. + +On the client side, navigate to **Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\WLAN-AutoConfig/Operational** for wireless issues. For wired network access issues, navigate to **..\Wired-AutoConfig/Operational**. See the following example: + +![event viewer screenshot showing wired-autoconfig and WLAN autoconfig](images/eventviewer.png) + +Most 802.1X authentication issues are due to problems with the certificate that is used for client or server authentication (e.g. invalid certificate, expiration, chain verification failure, revocation check failure, etc.). + +First, validate the type of EAP method being used: + +![eap authentication type comparison](images/comparisontable.png) + +If a certificate is used for its authentication method, check if the certificate is valid. For server (NPS) side, you can confirm what certificate is being used from the EAP property menu: + +![Constraints tab of the secure wireless connections properties](images/eappropertymenu.png) + +The CAPI2 event log will be useful for troubleshooting certificate-related issues. +This log is not enabled by default. You can enable this log by expanding **Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\CAPI2**, right-clicking **Operational** and then clicking **Enable Log**. + +![screenshot of event viewer](images/capi.png) + +The following article explains how to analyze CAPI2 event logs: +[Troubleshooting PKI Problems on Windows Vista](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-vista/cc749296%28v=ws.10%29). + +When troubleshooting complex 802.1X authentication issues, it is important to understand the 802.1X authentication process. The following figure is an example of wireless connection process with 802.1X authentication: + +![authenticatior flow chart](images/authenticator_flow_chart.png) + +If you [collect a network packet capture](troubleshoot-tcpip-netmon.md) on both the client and the server (NPS) side, you can see a flow like the one below. Type **EAPOL** in the Display Filter in for a client side capture, and **EAP** for an NPS side capture. See the following examples: + +![client-side packet capture data](images/clientsidepacket_cap_data.png) +*Client-side packet capture data*

    + +![NPS-side packet capture data](images/NPS_sidepacket_capture_data.png) +*NPS-side packet capture data*
    +‎ + +> [!NOTE] +> If you have a wireless trace, you can also [view ETL files with network monitor](https://docs.microsoft.com/windows/desktop/ndf/using-network-monitor-to-view-etl-files) and apply the **ONEX_MicrosoftWindowsOneX** and **WLAN_MicrosoftWindowsWLANAutoConfig** Network Monitor filters. Follow the instructions under the **Help** menu in Network Monitor to load the reqired [parser](https://blogs.technet.microsoft.com/netmon/2010/06/04/parser-profiles-in-network-monitor-3-4/) if needed. See the example below. + +![ETL parse](images/etl.png) + +## Audit policy + +NPS audit policy (event logging) for connection success and failure is enabled by default. If you find that one or both types of logging are disabled, use the following steps to troubleshoot. + +View the current audit policy settings by running the following command on the NPS server: +``` +auditpol /get /subcategory:"Network Policy Server" +``` + +If both success and failure events are enabled, the output should be: +
    +System audit policy
+Category/Subcategory                      Setting
+Logon/Logoff
+  Network Policy Server                   Success and Failure
+
    + +If it shows ‘No auditing’, you can run this command to enable it: + +``` +auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable +``` + +Even if audit policy appears to be fully enabled, it sometimes helps to disable and then re-enable this setting. You can also enable Network Policy Server logon/logoff auditing via Group Policy. The success/failure setting can be found under **Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Advanced Audit Policy Configuration -> Audit Policies -> Logon/Logoff -> Audit Network Policy Server**. + +## Additional references + +[Troubleshooting Windows Vista 802.11 Wireless Connections](https://technet.microsoft.com/library/cc766215%28v=ws.10%29.aspx)
    +[Troubleshooting Windows Vista Secure 802.3 Wired Connections](https://technet.microsoft.com/library/cc749352%28v=ws.10%29.aspx) + diff --git a/windows/client-management/advanced-troubleshooting-boot-problems.md b/windows/client-management/advanced-troubleshooting-boot-problems.md new file mode 100644 index 0000000000..207d12b5d3 --- /dev/null +++ b/windows/client-management/advanced-troubleshooting-boot-problems.md @@ -0,0 +1,389 @@ +--- +title: Advanced troubleshooting for Windows boot problems +description: Learn how to troubleshoot when Windows is unable to boot +ms.prod: w10 +ms.sitesec: library +author: kaushika-msft +ms.localizationpriority: medium +ms.author: elizapo +ms.date: 11/16/2018 +--- + +# Advanced troubleshooting for Windows boot problems + +>[!NOTE] +>This article is intended for use by support agents and IT professionals. If you're looking for more general information about recovery options, see [Recovery options in Windows 10](https://support.microsoft.com/help/12415). + +## Summary + +There are several reasons why a Windows-based computer may have problems during startup. To troubleshoot boot problems, first determine in which of the following phases the computer gets stuck: + +| **Phase** | **Boot Process** | **BIOS** | **UEFI** | +|--------|----------------------|------------------------------| | +| 1 | PreBoot | MBR/PBR (Bootstrap Code) | UEFI Firmware | +| 2 | Windows Boot Manager | %SystemDrive%\bootmgr | \EFI\Microsoft\Boot\bootmgfw.efi | +| 3 | Windows OS Loader | %SystemRoot%\system32\winload.exe | %SystemRoot%\system32\winload.efi | +| 4 | Windows NT OS Kernel | %SystemRoot%\system32\ntoskrnl.exe | | + + +**1. PreBoot** + +The PC’s firmware initiates a Power-On Self Test (POST) and loads firmware settings. This pre-boot process ends when a valid system disk is detected. Firmware reads the master boot record (MBR), and then starts Windows Boot +Manager. + +**2. Windows Boot Manager** + +Windows Boot Manager finds and starts the Windows loader (Winload.exe) on the Windows boot partition. + +**3. Windows operating system loader** + +Essential drivers required to start the Windows kernel are loaded and the kernel starts to run. + +**4. Windows NT OS Kernel** + +The kernel loads into memory the system registry hive and additional drivers that are marked as BOOT_START. + +The kernel passes control to the session manager process (Smss.exe) which initializes the system session, and loads and starts the devices and drivers that are not marked BOOT_START. + +Here is a summary of the boot sequence, what will be seen on the display, and typical boot problems at that point in the sequence. Before starting troubleshooting, you have to understand the outline of the boot process and display status to ensure that the issue is properly identified at the beginning of the engagement. + +![thumbnail of boot sequence flowchart](images/boot-sequence-thumb.png)
    +[Click to enlarge](img-boot-sequence.md)
    + + + + +Each phase has a different approach to troubleshooting. This article provides troubleshooting techniques for problems that occur during the first three phases. + +>[!NOTE] +>If the computer repeatedly boots to the recovery options, run the following command at a command prompt to break the cycle: +> +>`Bcdedit /set {default} recoveryenabled no` +> +>If the F8 options don't work, run the following command: +> +>`Bcdedit /set {default} bootmenupolicy legacy` + + +## BIOS phase + +To determine whether the system has passed the BIOS phase, follow these steps: + +1. If there are any external peripherals connected to the computer, disconnect them. +2. Check whether the hard disk drive light on the physical computer is working. If it is not working, this indicates that the startup process is stuck at the BIOS phase. +3. Press the NumLock key to see whether the indicator light toggles on and off. If it does not, this indicates that the startup process is stuck at BIOS. + +If the system is stuck at the BIOS phase, there may be a hardware problem. + +## Boot loader phase + +If the screen is completely black except for a blinking cursor, or if you receive one of the following error codes, this indicates that the boot process is stuck in the Boot Loader phase: + +- Boot Configuration Data (BCD) missing or corrupted +- Boot file or MBR corrupted +- Operating system Missing +- Boot sector missing or corrupted +- Bootmgr missing or corrupted +- Unable to boot due to system hive missing or corrupted + +To troubleshoot this problem, use Windows installation media to start the computer, press Shift+F10 for a command prompt, and then use any of the following methods. + + +### Method 1: Startup Repair tool + +The Startup Repair tool automatically fixes many common problems. The tool also lets you quickly diagnose and repair more complex startup problems. When the computer detects a startup problem, the computer starts the Startup Repair tool. When the tool starts, it performs diagnostics. These diagnostics include analyzing startup log files to determine the cause of the problem. When the Startup Repair tool determines the cause, the tool tries to fix the problem automatically. + +To do this, follow these steps. + +>[!NOTE] +>For additional methods to start WinRE, see [Entry points into WinRE](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference#span-identrypointsintowinrespanspan-identrypointsintowinrespanspan-identrypointsintowinrespanentry-points-into-winre). + +1. Start the system to the installation media for the installed version of Windows. + **Note** For more information, see [Create installation media for Windows](https://support.microsoft.com/help/15088). + +2. On the **Install Windows** screen, select **Next** > **Repair your computer**. + +3. On the **System Recovery Options** screen, select **Next** > **Command Prompt**. + +4. After Startup Repair, select **Shutdown**, then turn on your PC to see if Windows can boot properly. + +The Startup Repair tool generates a log file to help you understand the startup problems and the repairs that were made. You can find the log file in the following location: + +**%windir%\System32\LogFiles\Srt\Srttrail.txt** + + +For more information see, [A Stop error occurs, or the computer stops responding when you try to start Windows Vista or Windows 7](https://support.microsoft.com/help/925810/a-stop-error-occurs-or-the-computer-stops-responding-when-you-try-to-s) + + +### Method 2: Repair Boot Codes + +To repair boot codes, run the following command: + +```dos +BOOTREC /FIXMBR +``` + +To repair the boot sector, run the following command: + +```dos +BOOTREC /FIXBOOT +``` + +>[!NOTE] +>Running **BOOTREC** together with **Fixmbr** overwrites only the master boot code. If the corruption in the MBR affects the partition table, running **Fixmbr** may not fix the problem. + +### Method 3: Fix BCD errors + +If you receive BCD-related errors, follow these steps: + +1. Scan for all the systems that are installed. To do this, run the following command: + ```dos + Bootrec /ScanOS + ``` + +2. Restart the computer to check whether the problem is fixed. + +3. If the problem is not fixed, run the following command: + ```dos + Bootrec /rebuildbcd + ``` + +4. You might receive one of the following outputs: + + - Scanning all disks for Windows installations. Please wait, since this may take a while...Successfully scanned Windows installations. Total identified Windows installations: 0 + The operation completed successfully. + + - Scanning all disks for Windows installations. Please wait, since this may take a while... Successfully scanned Windows installations. Total identified Windows installations: 1 + D:\Windows + Add installation to boot list? Yes/No/All: + +If the output shows **windows installation: 0**, run the following commands: + +```dos +bcdedit /export c:\bcdbackup + +attrib c:\\boot\\bcd -h -r –s + +ren c:\\boot\\bcd bcd.old + +bootrec /rebuildbcd +``` + +After you run the command, you receive the following output: + + Scanning all disks for Windows installations. Please wait, since this may take a while...Successfully scanned Windows installations. Total identified Windows installations: 1{D}:\Windows +Add installation to boot list? Yes/No/All: Y + +5. Try again to start the system. + +### Method 4: Replace Bootmgr + +If methods 1 and 2 do not fix the problem, replace the Bootmgr file from drive C to the System Reserved partition. To do this, follow these steps: + +1. At a command prompt, change the directory to the System Reserved partition. + +2. Run the **attrib** command to unhide the file: + ```dos + attrib-s -h -r + ``` + +3. Run the same **attrib** command on the Windows (system drive): + ```dos + attrib-s -h –r + ``` + +4. Rename the Bootmgr file as Bootmgr.old: + ```dos + ren c:\\bootmgr bootmgr.old + ``` + +5. Start a text editor, such as Notepad. + +6. Navigate to the system drive. + +7. Copy the Bootmgr file, and then paste it to the System Reserved partition. + +8. Restart the computer. + +### Method 5: Restore System Hive + +If Windows cannot load the system registry hive into memory, you must restore the system hive. To do this, use the Windows Recovery Environment or use Emergency Repair Disk (ERD) to copy the files from the C:\Windows\System32\config\RegBack to C:\Windows\System32\config. + +If the problem persists, you may want to restore the system state backup to an alternative location, and then retrieve the registry hives to be replaced. + + +## Kernel Phase + +If the system gets stuck during the kernel phase, you experience multiple symptoms or receive multiple error messages. These include, but are not limited to, the following: + +- A Stop error appears after the splash screen (Windows Logo screen). + +- Specific error code is displayed. + For example, "0x00000C2" , "0x0000007B" , "inaccessible boot device" and so on. + (To troubleshoot the 0x0000007B error, see [Error code INACCESSIBLE_BOOT_DEVICE (STOP 0x7B)](https://internal.support.services.microsoft.com/help/4343769/troubleshooting-guide-for-windows-boot-problems#0x7bstoperror)) + +- The screen is stuck at the "spinning wheel" (rolling dots) "system busy" icon. + +- A black screen appears after the splash screen. + +To troubleshoot these problems, try the following recovery boot options one at a time. + +**Scenario 1: Try to start the computer in Safe mode or Last Known Good Configuration** + +On the **Advanced Boot Options** screen, try to start the computer in **Safe Mode** or **Safe Mode with Networking**. If either of these options works, use Event Viewer to help identify and diagnose the cause of the boot problem. To view events that are recorded in the event logs, follow these steps: + +1. Use one of the following methods to open Event Viewer: + + - Click **Start**, point to **Administrative Tools**, and then click + **Event Viewer**. + + - Start the Event Viewer snap-in in Microsoft Management Console (MMC). + +2. In the console tree, expand Event Viewer, and then click the log that you + want to view. For example, click **System log** or **Application log**. + +3. In the details pane, double-click the event that you want to view. + +4. On the **Edit** menu, click **Copy**, open a new document in the program in + which you want to paste the event (for example, Microsoft Word), and then + click **Paste**. + +5. Use the Up Arrow or Down Arrow key to view the description of the previous + or next event. + + +### Clean boot + +To troubleshoot problems that affect services, do a clean boot by using System Configuration (msconfig). +Select **Selective startup** to test the services one at a time to determine which one is causing the problem. If you cannot find the cause, try including system services. However, in most cases, the problematic service is third-party. + +Disable any service that you find to be faulty, and try to start the computer again by selecting **Normal startup**. + +For detailed instructions, see [How to perform a clean boot in Windows](https://support.microsoft.com/help/929135/how-to-perform-a-clean-boot-in-windows). + +If the computer starts in Disable Driver Signature mode, start the computer in Disable Driver Signature Enforcement mode, and then follow the steps that are documented in the following article to determine which drivers or files require driver signature enforcement: +[Troubleshooting boot problem caused by missing driver signature (x64)](https://blogs.technet.microsoft.com/askcore/2012/04/15/troubleshooting-boot-issues-due-to-missing-driver-signature-x64/) + +>[!NOTE] +>If the computer is a domain controller, try Directory Services Restore mode (DSRM). +> +>This method is an important step if you encounter Stop error "0xC00002E1" or "0xC00002E2" + + +**Examples** + +>[!WARNING] +>Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these +problems can be solved. Modify the registry at your own risk. + +*Error code INACCESSIBLE_BOOT_DEVICE (STOP 0x7B)* + +To troubleshoot this Stop error, follow these steps to filter the drivers: + +1. Go to Window Recovery Environment (WinRE) by putting an ISO disk of the system in the disk drive. The ISO should be of same version of Windows or a later version. + +2. Open the registry. + +3. Load the system hive, and name it as "test." + +4. Under the following registry subkey, check for lower filter and upper filter items for Non-Microsoft Drivers: + + **HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Class** + +5. For each third-party driver that you locate, click the upper or lower filter, and then delete the value data. + +6. Search through the whole registry for similar items. Process as an appropriate, and then unload the registry hive. + +7. Restart the server in Normal mode. + +For additional troubleshooting steps, see the following articles: + +- [Troubleshooting a Stop 0x7B in Windows](https://blogs.technet.microsoft.com/askcore/2013/08/05/troubleshooting-a-stop-0x7b-in-windows/) + +- [Advanced troubleshooting for "Stop error code 0x0000007B (INACCESSIBLE_BOOT_DEVICE)" errors in Windows XP](https://internal.support.services.microsoft.com/help/324103). + +To fix problems that occur after you install Windows updates, check for pending updates by using these steps: + +1. Open a Command Prompt winodw in WinRE. + +2. Run the command: + ```dos + dism /image:C:\ /get-packages + ``` + +3. If there are any pending updates, uninstall them by running the following commands: + ```dos + DISM /image:C:\ /remove-package /packagename: name of the package + ``` + ```dos + Dism /Image:C:\ /Cleanup-Image /RevertPendingActions + ``` + +Try to start the computer. + +If the computer does not start, follow these steps: + +1. Open A Command Prompt window in WinRE, and start a text editor, such as Notepad. + +2. Navigate to the system drive, and search for windows\winsxs\pending.xml. + +3. If the Pending.xml file is found, rename the file as Pending.xml.old. + +4. Open the registry, and then load the component hive in HKEY_LOCAL_MACHINE as a test. + +5. Highlight the loaded test hive, and then search for the **pendingxmlidentifier** value. + +6. If the **pendingxmlidentifier** value exists, delete the value. + +7. Unload the test hive. + +8. Load the system hive, name it as "test". + +9. Navigate to the following subkey: + + **HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\TrustedInstaller** + +10. Change the **Start** value from **1** to **4** + +11. Unload the hive. + +12. Try to start the computer. + +If the Stop error occurs late in the startup process, or if the Stop error is still being generated, you can capture a memory dump. A good memory dump can help determine the root cause of the Stop error. For details, see the following Knowledge Base article: + +- [969028](https://support.microsoft.com/help/969028) How to generate a kernel or a complete memory dump file in Windows Server 2008 and Windows Server 2008 R2 + +For more information about page file problems in Windows 10 or Windows Server 2016, see the following Knowledge Base article: + +- [4133658](https://support.microsoft.com/help/4133658) Introduction of page file in Long-Term Servicing Channel and Semi-Annual Channel of Windows + +For more information about Stop errors, see the following Knowledge Base article: + +- [3106831](https://support.microsoft.com/help/3106831) Troubleshooting Stop error problems for IT Pros + + +If the dump file shows an error that is related to a driver (for example, windows\system32\drivers\stcvsm.sys is missing or corrupted), follow these guidelines: + +- Check the functionality that is provided by the driver. If the driver is a third-party boot driver, make sure that you understand what it does. + +- If the driver is not important and has no dependencies, load the system hive, and then disable the driver. + +- If the stop error indicates system file corruption, run the system file checker in offline mode. + - To do this, open WinRE, open a command prompt, and then run the following command: + ```dos + SFC /Scannow /OffBootDir=C:\ /OffWinDir=E:\Windows + ``` + For more information, see [Using System File Checker (SFC) To Fix Issues](https://blogs.technet.microsoft.com/askcore/2007/12/18/using-system-file-checker-sfc-to-fix-issues/) + + - If there is disk corruption, run the check disk command: + ```dos + chkdsk /f /r + ``` + + - If the Stop error indicates general registry corruption, or if you believe that new drivers or services were installed, follow these steps: + + 1. Start WinRE, and open a Command Prompt window. + 2. Start a text editor, such as Notepad. + 3. Navigate to C\Windows\System32\Config\. + 4. Rename the all five hives by appending ".old" to the name. + 5. Copy all the hives from the Regback folder, paste them in the Config folder, and then try to start the computer in Normal mode. diff --git a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md new file mode 100644 index 0000000000..412bbb99bc --- /dev/null +++ b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md @@ -0,0 +1,326 @@ +--- +title: Advanced Troubleshooting Wireless Network Connectivity +description: Learn how troubleshooting of establishing Wi-Fi connections +keywords: troubleshooting, wireless network connectivity, wireless, Wi-Fi +ms.prod: w10 +ms.mktglfcycl: +ms.sitesec: library +author: kaushika-msft +ms.localizationpriority: medium +ms.author: greg-lindsay +--- + +# Advanced troubleshooting wireless network connectivity + +> [!NOTE] +> Home users: This article is intended for use by support agents and IT professionals. If you're looking for more general information about Wi-Fi problems in Windows 10, check out this [Windows 10 Wi-Fi fix article](https://support.microsoft.com/en-in/help/4000432/windows-10-fix-wi-fi-problems). + +## Overview + +This is a general troubleshooting of establishing Wi-Fi connections from Windows clients. +Troubleshooting Wi-Fi connections requires understanding the basic flow of the Wi-Fi autoconnect state machine. Understanding this flow makes it easier to determine the starting point in a repro scenario in which a different behavior is found. +This workflow involves knowledge and use of [TextAnalysisTool](https://github.com/TextAnalysisTool/Releases), an extensive text filtering tool that is useful with complex traces with numerous ETW providers such as wireless_dbg trace scenario. + +## Scenarios + +This article applies to any scenario in which Wi-Fi connections fail to establish. The troubleshooter is developed with Windows 10 clients in focus, but also may be useful with traces as far back as Windows 7. + +> [!NOTE] +> This troubleshooter uses examples that demonstrate a general strategy for navigating and interpreting wireless component [Event Tracing for Windows](https://docs.microsoft.com/windows/desktop/etw/event-tracing-portal) (ETW). It is not meant to be representative of every wireless problem scenario. + +Wireless ETW is incredibly verbose and calls out a lot of innocuous errors (rather flagged behaviors that have little or nothing to do with the problem scenario). Simply searching for or filtering on "err", "error", and "fail" will seldom lead you to the root cause of a problematic Wi-Fi scenario. Instead it will flood the screen with meaningless logs that will obfuscate the context of the actual problem. + +It is important to understand the different Wi-Fi components involved, their expected behaviors, and how the problem scenario deviates from those expected behaviors. +The intention of this troubleshooter is to show how to find a starting point in the verbosity of wireless_dbg ETW and home in on the responsible components that are causing the connection problem. + +### Known Issues and fixes +** ** +| **OS version** | **Fixed in** | +| --- | --- | +| **Windows 10, version 1803** | [KB4284848](https://support.microsoft.com/help/4284848) | +| **Windows 10, version 1709** | [KB4284822](https://support.microsoft.com/help/4284822) | +| **Windows 10, version 1703** | [KB4338827](https://support.microsoft.com/help/4338827) | + +Make sure that you install the latest Windows updates, cumulative updates, and rollup updates. To verify the update status, refer to the appropriate update-history webpage for your system: +- [Windows 10 version 1809](https://support.microsoft.com/help/4464619) +- [Windows 10 version 1803](https://support.microsoft.com/help/4099479) +- [Windows 10 version 1709](https://support.microsoft.com/en-us/help/4043454) +- [Windows 10 version 1703](https://support.microsoft.com/help/4018124) +- [Windows 10 version 1607 and Windows Server 2016](https://support.microsoft.com/help/4000825) +- [Windows 10 version 1511](https://support.microsoft.com/help/4000824) +- [Windows 8.1 and Windows Server 2012 R2](https://support.microsoft.com/help/4009470) +- [Windows Server 2012](https://support.microsoft.com/help/4009471) +- [Windows 7 SP1 and Windows Server 2008 R2 SP1](https://support.microsoft.com/help/40009469) + +## Data Collection + +1. Network Capture with ETW. Enter the following at an elevated command prompt: + + ``` + netsh trace start wireless_dbg capture=yes overwrite=yes maxsize=4096 tracefile=c:\tmp\wireless.etl + ``` +2. Reproduce the issue. + - If there is a failure to establish connection, try to manually connect. + - If it is intermittent but easily reproducible, try to manually connect until it fails. Record the time of each connection attempt, and whether it was a success or failure. + - If the issue is intermittent but rare, netsh trace stop command needs to be triggered automatically (or at least alerted to admin quickly) to ensure trace doesn’t overwrite the repro data. + - If intermittent connection drops trigger stop command on a script (ping or test network constantly until fail, then netsh trace stop). +3. Stop the trace by entering the following command: + + ``` + netsh trace stop + ``` +4. To convert the output file to text format: + + ``` + netsh trace convert c:\tmp\wireless.etl + ``` + +See the [example ETW capture](#example-etw-capture) at the bottom of this article for an example of the command output. After running these commands, you will have three files: wireless.cab, wireless.etl, and wireless.txt. + +## Troubleshooting + +The following is a high-level view of the main wifi components in Windows. + + + + + + + +
    The Windows Connection Manager (Wcmsvc) is closely associated with the UI controls (taskbar icon) to connect to various networks, including wireless networks. It accepts and processes input from the user and feeds it to the core wireless service.
    The WLAN Autoconfig Service (WlanSvc) handles the following core functions of wireless networks in windows: + +- Scanning for wireless networks in range +- Managing connectivity of wireless networks
    The Media Specific Module (MSM) handles security aspects of connection being established.
    The Native Wifi stack consists of drivers and wireless APIs to interact with wireless miniports and the supporting user-mode Wlansvc.
    Third-party wireless miniport drivers interface with the upper wireless stack to provide notifications to and receive commands from Windows.
    + + +The wifi connection state machine has the following states: +- Reset +- Ihv_Configuring +- Configuring +- Associating +- Authenticating +- Roaming +- Wait_For_Disconnected +- Disconnected + +Standard wifi connections tend to transition between states such as: + +**Connecting** + +Reset --> Ihv_Configuring --> Configuring --> Associating --> Authenticating --> Connected + +**Disconnecting** + +Connected --> Roaming --> Wait_For_Disconnected --> Disconnected --> Reset + +>Filtering the ETW trace with the [TextAnalysisTool](https://github.com/TextAnalysisTool/Releases) (TAT) is an easy first step to determine where a failed connection setup is breaking down. A useful [wifi filter file](#wifi-filter-file) is included at the bottom of this article. + +Use the **FSM transition** trace filter to see the connection state machine. You can see [an example](#textanalysistool-example) of this filter applied in the TAT at the bottom of this page. + +The following is an example of a good connection setup: + +
    +44676 [2]0F24.1020::‎2018‎-‎09‎-‎17 10:22:14.658 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Disconnected to State: Reset
+45473 [1]0F24.1020::‎2018‎-‎09‎-‎17 10:22:14.667 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Reset to State: Ihv_Configuring
+45597 [3]0F24.1020::‎2018‎-‎09‎-‎17 10:22:14.708 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Ihv_Configuring to State: Configuring
+46085 [2]0F24.17E0::‎2018‎-‎09‎-‎17 10:22:14.710 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Configuring to State: Associating
+47393 [1]0F24.1020::‎2018‎-‎09‎-‎17 10:22:14.879 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Associating to State: Authenticating
+49465 [2]0F24.17E0::‎2018‎-‎09‎-‎17 10:22:14.990 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Authenticating to State: Connected
+
    + +The following is an example of a failed connection setup: + +
    +44676 [2]0F24.1020::‎2018‎-‎09‎-‎17 10:22:14.658 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Disconnected to State: Reset
+45473 [1]0F24.1020::‎2018‎-‎09‎-‎17 10:22:14.667 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Reset to State: Ihv_Configuring
+45597 [3]0F24.1020::‎2018‎-‎09‎-‎17 10:22:14.708 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Ihv_Configuring to State: Configuring
+46085 [2]0F24.17E0::‎2018‎-‎09‎-‎17 10:22:14.710 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Configuring to State: Associating
+47393 [1]0F24.1020::‎2018‎-‎09‎-‎17 10:22:14.879 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Associating to State: Authenticating
+49465 [2]0F24.17E0::‎2018‎-‎09‎-‎17 10:22:14.990 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Authenticating to State: Roaming
+
    + +By identifying the state at which the connection fails, one can focus more specifically in the trace on logs just prior to the last known good state. + +Examining **[Microsoft-Windows-WLAN-AutoConfig]** logs just prior to the bad state change should show evidence of error. Often, however, the error is propagated up through other wireless components. +In many cases the next component of interest will be the MSM, which lies just below Wlansvc. + +The important components of the MSM include: +- Security Manager (SecMgr) - handles all pre and post-connection security operations. +- Authentication Engine (AuthMgr) – Manages 802.1x auth requests + + ![MSM details](images/msmdetails.png) + +Each of these components has their own individual state machines which follow specific transitions. +Enable the **FSM transition, SecMgr Transition,** and **AuthMgr Transition** filters in TextAnalysisTool for more detail. + +Continuing with the example above, the combined filters look like this: + +
    +[2] 0C34.2FF0::08/28/17-13:24:28.693 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: 
+Reset to State: Ihv_Configuring
+[2] 0C34.2FF0::08/28/17-13:24:28.693 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: 
+Ihv_Configuring to State: Configuring
+[1] 0C34.2FE8::08/28/17-13:24:28.711 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: 
+Configuring to State: Associating
+[0] 0C34.275C::08/28/17-13:24:28.902 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition INACTIVE (1) --> ACTIVE (2)
+[0] 0C34.275C::08/28/17-13:24:28.902 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition ACTIVE (2) --> START AUTH (3)
+[4] 0EF8.0708::08/28/17-13:24:28.928 [Microsoft-Windows-WLAN-AutoConfig]Port (14) Peer 0x186472F64FD2 AuthMgr Transition ENABLED  --> START_AUTH  
+[3] 0C34.2FE8::08/28/17-13:24:28.902 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: 
+Associating to State: Authenticating
+[1] 0C34.275C::08/28/17-13:24:28.960 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition START AUTH (3) --> WAIT FOR AUTH SUCCESS (4)
+[4] 0EF8.0708::08/28/17-13:24:28.962 [Microsoft-Windows-WLAN-AutoConfig]Port (14) Peer 0x186472F64FD2 AuthMgr Transition START_AUTH  --> AUTHENTICATING  
+[2] 0C34.2FF0::08/28/17-13:24:29.751 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition WAIT FOR AUTH SUCCESS (7) --> DEACTIVATE (11)
+[2] 0C34.2FF0::08/28/17-13:24:29.7512788 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition DEACTIVATE (11) --> INACTIVE (1)
+[2] 0C34.2FF0::08/28/17-13:24:29.7513404 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: 
+Authenticating to State: Roaming
+
    + +> [!NOTE] +> In the next to last line the SecMgr transition is suddenly deactivating:
    +>\[2\] 0C34.2FF0::08/28/17-13:24:29.7512788 \[Microsoft-Windows-WLAN-AutoConfig\]Port\[13\] Peer 8A:15:14:B6:25:10 SecMgr Transition DEACTIVATE (11) --> INACTIVE (1)

    +>This transition is what eventually propagates to the main connection state machine and causes the Authenticating phase to devolve to Roaming state. As before, it makes sense to focus on tracing just prior to this SecMgr behavior to determine the reason for the deactivation. + +Enabling the **Microsoft-Windows-WLAN-AutoConfig** filter will show more detail leading to the DEACTIVATE transition: + +
    +[3] 0C34.2FE8::08/28/17-13:24:28.902 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: 
+Associating to State: Authenticating
+[1] 0C34.275C::08/28/17-13:24:28.960 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition START AUTH (3) --> WAIT FOR AUTH SUCCESS (4)
+[4] 0EF8.0708::08/28/17-13:24:28.962 [Microsoft-Windows-WLAN-AutoConfig]Port (14) Peer 0x186472F64FD2 AuthMgr Transition START_AUTH  --> AUTHENTICATING  
+[0]0EF8.2EF4::‎08/28/17-13:24:29.549 [Microsoft-Windows-WLAN-AutoConfig]Received Security Packet: PHY_STATE_CHANGE  
+[0]0EF8.2EF4::08/28/17-13:24:29.549 [Microsoft-Windows-WLAN-AutoConfig]Change radio state for interface = Intel(R) Centrino(R) Ultimate-N 6300 AGN :  PHY = 3, software state = on , hardware state = off ) 
+[0] 0EF8.1174::‎08/28/17-13:24:29.705 [Microsoft-Windows-WLAN-AutoConfig]Received Security Packet: PORT_DOWN  
+[0] 0EF8.1174::‎08/28/17-13:24:29.705 [Microsoft-Windows-WLAN-AutoConfig]FSM Current state Authenticating , event Upcall_Port_Down  
+[0] 0EF8.1174:: 08/28/17-13:24:29.705 [Microsoft-Windows-WLAN-AutoConfig]Received IHV PORT DOWN, peer 0x186472F64FD2 
+[2] 0C34.2FF0::08/28/17-13:24:29.751 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition WAIT FOR AUTH SUCCESS (7) --> DEACTIVATE (11)
+ [2] 0C34.2FF0::08/28/17-13:24:29.7512788 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition DEACTIVATE (11) --> INACTIVE (1)
+[2] 0C34.2FF0::08/28/17-13:24:29.7513404 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: 
+Authenticating to State: Roaming
+
    + +The trail backwards reveals a **Port Down** notification: + +\[0\] 0EF8.1174:: 08/28/17-13:24:29.705 \[Microsoft-Windows-WLAN-AutoConfig\]Received IHV PORT DOWN, peer 0x186472F64FD2 + +Port events indicate changes closer to the wireless hardware. The trail can be followed by continuing to see the origin of this indication. + +Below, the MSM is the native wifi stack. These are Windows native wifi drivers which talk to the wifi miniport drivers. It is responsible for converting Wi-Fi (802.11) packets to 802.3 (Ethernet) so that TCPIP and other protocols and can use it. + +Enable trace filter for **[Microsoft-Windows-NWifi]:** + +
    +[3] 0C34.2FE8::08/28/17-13:24:28.902 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: 
+Associating to State: Authenticating
+[1] 0C34.275C::08/28/17-13:24:28.960 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition START AUTH (3) --> WAIT FOR AUTH SUCCESS (4)
+[4] 0EF8.0708::08/28/17-13:24:28.962 [Microsoft-Windows-WLAN-AutoConfig]Port (14) Peer 0x8A1514B62510 AuthMgr Transition START_AUTH  --> AUTHENTICATING  
+[0]0000.0000::‎08/28/17-13:24:29.127 [Microsoft-Windows-NWiFi]DisAssoc: 0x8A1514B62510 Reason: 0x4 
+[0]0EF8.2EF4::‎08/28/17-13:24:29.549 [Microsoft-Windows-WLAN-AutoConfig]Received Security Packet: PHY_STATE_CHANGE  
+[0]0EF8.2EF4::08/28/17-13:24:29.549 [Microsoft-Windows-WLAN-AutoConfig]Change radio state for interface = Intel(R) Centrino(R) Ultimate-N 6300 AGN :  PHY = 3, software state = on , hardware state = off ) 
+[0] 0EF8.1174::‎08/28/17-13:24:29.705 [Microsoft-Windows-WLAN-AutoConfig]Received Security Packet: PORT_DOWN  
+[0] 0EF8.1174::‎08/28/17-13:24:29.705 [Microsoft-Windows-WLAN-AutoConfig]FSM Current state Authenticating , event Upcall_Port_Down  
+[0] 0EF8.1174:: 08/28/17-13:24:29.705 [Microsoft-Windows-WLAN-AutoConfig]Received IHV PORT DOWN, peer 0x186472F64FD2 
+[2] 0C34.2FF0::08/28/17-13:24:29.751 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition WAIT FOR AUTH SUCCESS (7) --> DEACTIVATE (11)
+ [2] 0C34.2FF0::08/28/17-13:24:29.7512788 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition DEACTIVATE (11) --> INACTIVE (1)
+[2] 0C34.2FF0::08/28/17-13:24:29.7513404 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: 
+Authenticating to State: Roaming
    + +In the trace above, we see the line: + +
    +[0]0000.0000::‎08/28/17-13:24:29.127 [Microsoft-Windows-NWiFi]DisAssoc: 0x8A1514B62510 Reason: 0x4
    + +This is followed by **PHY_STATE_CHANGE** and **PORT_DOWN** events due to a disassociate coming from the Access Point (AP), as an indication to deny the connection. This could be due to invalid credentials, connection parameters, loss of signal/roaming, and various other reasons for aborting a connection. The action here would be to examine the reason for the disassociate sent from the indicated AP MAC (8A:15:14:B6:25:10). This would be done by examining internal logging/tracing from the AP. + +### Resources + +[802.11 Wireless Tools and Settings](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc755892(v%3dws.10))
    +[Understanding 802.1X authentication for wireless networks](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc759077%28v%3dws.10%29)
    + +## Example ETW capture + +
    +C:\tmp>netsh trace start wireless_dbg capture=yes overwrite=yes maxsize=4096 tracefile=c:\tmp\wireless.etl
+
+Trace configuration:
+-------------------------------------------------------------------
+Status:             Running
+Trace File:         C:\tmp\wireless.etl
+Append:             Off
+Circular:           On
+Max Size:           4096 MB
+Report:             Off
+
+C:\tmp>netsh trace stop
+Correlating traces ... done
+Merging traces ... done
+Generating data collection ... done
+The trace file and additional troubleshooting information have been compiled as "c:\tmp\wireless.cab".
+File location = c:\tmp\wireless.etl
+Tracing session was successfully stopped.
+
+C:\tmp>netsh trace convert c:\tmp\wireless.etl
+
+Input file:  c:\tmp\wireless.etl
+Dump file:   c:\tmp\wireless.txt
+Dump format: TXT
+Report file: -
+Generating dump ... done
+
+C:\tmp>dir
+ Volume in drive C has no label.
+ Volume Serial Number is 58A8-7DE5
+
+ Directory of C:\tmp
+
+01/09/2019  02:59 PM    [DIR]          .
+01/09/2019  02:59 PM    [DIR]          ..
+01/09/2019  02:59 PM         4,855,952 wireless.cab
+01/09/2019  02:56 PM         2,752,512 wireless.etl
+01/09/2019  02:59 PM         2,786,540 wireless.txt
+               3 File(s)     10,395,004 bytes
+               2 Dir(s)  46,648,332,288 bytes free
+
    + +## Wifi filter file + +Copy and paste all the lines below and save them into a text file named "wifi.tat." Load the filter file into the TextAnalysisTool by clicking **File > Load Filters**. + +``` + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +``` + +## TextAnalysisTool example + +In the following example, the **View** settings are configured to **Show Only Filtered Lines**. + +![TAT filter example](images/tat.png) \ No newline at end of file diff --git a/windows/client-management/change-history-for-client-management.md b/windows/client-management/change-history-for-client-management.md index f5b708473d..91800241a0 100644 --- a/windows/client-management/change-history-for-client-management.md +++ b/windows/client-management/change-history-for-client-management.md @@ -9,13 +9,30 @@ ms.pagetype: security ms.localizationpriority: medium author: jdeckerMS ms.author: jdecker -ms.date: 09/12/2017 +ms.date: 12/06/2018 --- # Change history for Client management This topic lists new and updated topics in the [Client management](index.md) documentation for Windows 10 and Windows 10 Mobile. +## December 2018 + +New or changed topic | Description +--- | --- +[Advanced troubleshooting for TCP/IP](troubleshoot-tcpip.md) | New +[Collect data using Network Monitor](troubleshoot-tcpip-netmon.md) | New +[Troubleshoot TCP/IP connectivity](troubleshoot-tcpip-connectivity.md) | New +[Troubleshoot port exhaustion issues](troubleshoot-tcpip-port-exhaust.md) | New +[Troubleshoot Remote Procedure Call (RPC) errors](troubleshoot-tcpip-rpc-errors.md) | New + +## November 2018 + +New or changed topic | Description +--- | --- + [Advanced troubleshooting for Windows-based computer freeze issues](troubleshoot-windows-freeze.md) | New + [Advanced troubleshooting for Stop error or blue screen error issue](troubleshoot-stop-errors.md) | New + ## RELEASE: Windows 10, version 1709 The topics in this library have been updated for Windows 10, version 1709 (also known as the Fall Creators Update). diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md index d25e2670b7..7c666a3977 100644 --- a/windows/client-management/connect-to-remote-aadj-pc.md +++ b/windows/client-management/connect-to-remote-aadj-pc.md @@ -9,7 +9,7 @@ ms.pagetype: devices author: jdeckerms ms.localizationpriority: medium ms.author: jdecker -ms.date: 11/28/2017 +ms.date: 08/02/2018 --- # Connect to remote Azure Active Directory-joined PC @@ -19,10 +19,13 @@ ms.date: 11/28/2017 - Windows 10 -From its release, Windows 10 has supported remote connections to PCs that are joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is [joined to Azure Active Directory (Azure AD)](https://docs.microsoft.com/azure/active-directory/device-management-azuread-joined-devices-setup). +From its release, Windows 10 has supported remote connections to PCs that are joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is [joined to Azure Active Directory (Azure AD)](https://docs.microsoft.com/azure/active-directory/user-help/device-management-azuread-joined-devices-setup). ![Remote Desktop Connection client](images/rdp.png) +>[!TIP] +>Starting in Windows 10, version 1809, you can [use biometrics to authenticate to a remote desktop session.](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809#remote-desktop-with-biometrics) + ## Set up - Both PCs (local and remote) must be running Windows 10, version 1607 (or later). Remote connection to an Azure AD-joined PC that is running earlier versions of Windows 10 is not supported. @@ -33,11 +36,11 @@ From its release, Windows 10 has supported remote connections to PCs that are jo ![Allow remote connections to this computer](images/allow-rdp.png) - 3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no additional configuration is needed. To allow additional users to connect to the PC, you must allow remote connections for the local **Authenticated Users** group. Click **Select Users**. + 3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no additional configuration is needed. To allow additional users to connect to the PC, you must allow remote connections for the local **Authenticated Users** group. Click **Select Users**. >[!NOTE] >You can specify individual Azure AD accounts for remote connections by having the user sign in to the remote device at least once and then running the following PowerShell cmdlet: > - >`net localgroup "Remote Desktop Users" /add "AzureAD\FirstnameLastname"` + >`net localgroup "Remote Desktop Users" /add "AzureAD\FirstnameLastname"`, where *FirstnameLastname* is the name of the user profile in C:\Users\, which is created based on DisplayName attribute in Azure AD. > >In Windows 10, version 1709, the user does not have to sign in to the remote device first. > @@ -45,6 +48,9 @@ From its release, Windows 10 has supported remote connections to PCs that are jo 4. Enter **Authenticated Users**, then click **Check Names**. If the **Name Not Found** window opens, click **Locations** and select this PC. + >[!TIP] + >When you connect to the remote PC, enter your account name in this format: `AzureADName\YourAccountName`. + ## Supported configurations diff --git a/windows/client-management/data-collection-for-802-authentication.md b/windows/client-management/data-collection-for-802-authentication.md new file mode 100644 index 0000000000..82b0d1b33c --- /dev/null +++ b/windows/client-management/data-collection-for-802-authentication.md @@ -0,0 +1,380 @@ +--- +title: Data collection for troubleshooting 802.1X authentication +description: Data needed for reviewing 802.1X Authentication issues +keywords: troubleshooting, data collection, data, 802.1X authentication, authentication, data +ms.prod: w10 +ms.mktglfcycl: +ms.sitesec: library +author: kaushika-msft +ms.localizationpriority: medium +ms.author: mikeblodge +--- + +# Data collection for troubleshooting 802.1X authentication + +Use the following steps to collect data that can be used to troubleshoot 802.1X authentication issues. When you have collected data, see [Advanced troubleshooting 802.1X authentication](advanced-troubleshooting-802-authentication.md). + +## Capture wireless/wired functionality logs + +Use the following steps to collect wireless and wired logs on Windows and Windows Server: + +1. Create C:\MSLOG on the client machine to store captured logs. +2. Launch an elevated command prompt on the client machine, and run the following commands to start a RAS trace log and a Wireless/Wired scenario log. + + **Wireless Windows 8.1 and Windows 10:** + ``` + netsh ras set tracing * enabled + netsh trace start scenario=wlan,wlan_wpp,wlan_dbg,wireless_dbg globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wireless_cli.etl + ``` + +
    **Wireless Windows 7 and Windows 8:** + ``` + netsh ras set tracing * enabled + netsh trace start scenario=wlan,wlan_wpp,wlan_dbg globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wireless_cli.etl + ``` + +
    **Wired client, regardless of version** + ``` + netsh ras set tracing * enabled + netsh trace start scenario=lan globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wired_cli.etl + ``` + +3. Run the following command to enable CAPI2 logging: + ``` + wevtutil.exe sl Microsoft-Windows-CAPI2/Operational /e:true + ``` + +4. Create C:\MSLOG on the NPS to store captured logs. + +5. Launch an elevated command prompt on the NPS server and run the following commands to start a RAS trace log and a Wireless/Wired scenario log: + + **Windows Server 2012 R2, Windows Server 2016 wireless network:** + ``` + netsh ras set tracing * enabled + netsh trace start scenario=wlan,wlan_wpp,wlan_dbg,wireless_dbg globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wireless_nps.etl + ``` + +
    **Windows Server 2008 R2, Windows Server 2012 wireless network** + ``` + netsh ras set tracing * enabled + netsh trace start scenario=wlan,wlan_wpp,wlan_dbg globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wireless_nps.etl + ``` + +
    **Wired network** + ``` + netsh ras set tracing * enabled + netsh trace start scenario=lan globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wired_nps.etl + ``` + +6. Run the following command to enable CAPI2 logging: + ``` + wevtutil.exe sl Microsoft-Windows-CAPI2/Operational /e:true + ``` +7. Run the following command from the command prompt on the client machine and start PSR to capture screen images: + + > [!NOTE] + > When the mouse button is clicked, the cursor will blink in red while capturing a screen image. + + ``` + psr /start /output c:\MSLOG\%computername%_psr.zip /maxsc 100 + ``` +8. Repro the issue. +9. Run the following command on the client PC to stop the PSR capturing: + + ``` + psr /stop + ``` + +10. Run the following commands from the command prompt on the NPS server. + + - To stop RAS trace log and wireless scenario log: + + ``` + netsh trace stop + netsh ras set tracing * disabled + ``` + - To disable and copy CAPI2 log: + + ``` + wevtutil.exe sl Microsoft-Windows-CAPI2/Operational /e:false + wevtutil.exe epl Microsoft-Windows-CAPI2/Operational C:\MSLOG\%COMPUTERNAME%_CAPI2.evtx + ``` + +11. Run the following commands on the client PC. + - To stop RAS trace log and wireless scenario log: + ``` + netsh trace stop + netsh ras set tracing * disabled + ``` + + - To disable and copy the CAPI2 log: + ``` + wevtutil.exe sl Microsoft-Windows-CAPI2/Operational /e:false + wevtutil.exe epl Microsoft-Windows-CAPI2/Operational C:\MSLOG\%COMPUTERNAME%_CAPI2.evtx + ``` + +12. Save the following logs on the client and the NPS: + + **Client** + - C:\MSLOG\%computername%_psr.zip + - C:\MSLOG\%COMPUTERNAME%_CAPI2.evtx + - C:\MSLOG\%COMPUTERNAME%_wireless_cli.etl + - C:\MSLOG\%COMPUTERNAME%_wireless_cli.cab + - All log files and folders in %Systemroot%\Tracing + + **NPS** + - C:\MSLOG\%COMPUTERNAME%_CAPI2.evtx + - C:\MSLOG\%COMPUTERNAME%_wireless_nps.etl (%COMPUTERNAME%_wired_nps.etl for wired scenario) + - C:\MSLOG\%COMPUTERNAME%_wireless_nps.cab (%COMPUTERNAME%_wired_nps.cab for wired scenario) + - All log files and folders in %Systemroot%\Tracing + +## Save environment and configuration information + +### On Windows client + +1. Create C:\MSLOG to store captured logs. +2. Launch a command prompt as an administrator. +3. Run the following commands. + - Environment information and Group Policy application status + + ``` + gpresult /H C:\MSLOG\%COMPUTERNAME%_gpresult.htm + msinfo32 /report c:\MSLOG\%COMPUTERNAME%_msinfo32.txt + ipconfig /all > c:\MSLOG\%COMPUTERNAME%_ipconfig.txt + route print > c:\MSLOG\%COMPUTERNAME%_route_print.txt + ``` + - Event logs + + ``` + wevtutil epl Application c:\MSLOG\%COMPUTERNAME%_Application.evtx + wevtutil epl System c:\MSLOG\%COMPUTERNAME%_System.evtx + wevtutil epl Security c:\MSLOG\%COMPUTERNAME%_Security.evtx + wevtutil epl Microsoft-Windows-GroupPolicy/Operational C:\MSLOG\%COMPUTERNAME%_GroupPolicy_Operational.evtx + wevtutil epl "Microsoft-Windows-WLAN-AutoConfig/Operational" c:\MSLOG\%COMPUTERNAME%_Microsoft-Windows-WLAN-AutoConfig-Operational.evtx + wevtutil epl "Microsoft-Windows-Wired-AutoConfig/Operational" c:\MSLOG\%COMPUTERNAME%_Microsoft-Windows-Wired-AutoConfig-Operational.evtx + wevtutil epl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-CredentialRoaming_Operational.evtx + wevtutil epl Microsoft-Windows-CertPoleEng/Operational c:\MSLOG\%COMPUTERNAME%_CertPoleEng_Operational.evtx + ``` + - For Windows 8 and later, also run these commands for event logs: + + ``` + wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-Lifecycle-System_Operational.evtx + wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-Lifecycle-User_Operational.evtx + wevtutil epl Microsoft-Windows-CertificateServices-Deployment/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServices-Deployment_Operational.evtx + ``` + - Certificates Store information: + + ``` + certutil -v -silent -store MY > c:\MSLOG\%COMPUTERNAME%_cert-Personal-Registry.txt + certutil -v -silent -store ROOT > c:\MSLOG\%COMPUTERNAME%_cert-TrustedRootCA-Registry.txt + certutil -v -silent -store -grouppolicy ROOT > c:\MSLOG\%COMPUTERNAME%_cert-TrustedRootCA-GroupPolicy.txt + certutil -v -silent -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%_TrustedRootCA-Enterprise.txt + certutil -v -silent -store TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-Reg.txt + certutil -v -silent -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-GroupPolicy.txt + certutil -v -silent -store -enterprise TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-Enterprise.txt + certutil -v -silent -store CA > c:\MSLOG\%COMPUTERNAME%_cert-IntermediateCA-Registry.txt + certutil -v -silent -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%_cert-IntermediateCA-GroupPolicy.txt + certutil -v -silent -store -enterprise CA > c:\MSLOG\%COMPUTERNAME%_cert-Intermediate-Enterprise.txt + certutil -v -silent -store AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-Registry.txt + certutil -v -silent -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-GroupPolicy.txt + certutil -v -silent -store -enterprise AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-Enterprise.txt + certutil -v -silent -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-Registry.txt + certutil -v -silent -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-GroupPolicy.txt + certutil -v -silent -store -enterprise SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-Enterprise.txt + certutil -v -silent -store -enterprise NTAUTH > c:\MSLOG\%COMPUTERNAME%_cert-NtAuth-Enterprise.txt + certutil -v -silent -user -store MY > c:\MSLOG\%COMPUTERNAME%_cert-User-Personal-Registry.txt + certutil -v -silent -user -store ROOT > c:\MSLOG\%COMPUTERNAME%_cert-User-TrustedRootCA-Registry.txt + certutil -v -silent -user -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%_cert-User-TrustedRootCA-Enterprise.txt + certutil -v -silent -user -store TRUST > c:\MSLOG\%COMPUTERNAME%_cert-User-EnterpriseTrust-Registry.txt + certutil -v -silent -user -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%_cert-User-EnterpriseTrust-GroupPolicy.txt + certutil -v -silent -user -store CA > c:\MSLOG\%COMPUTERNAME%_cert-User-IntermediateCA-Registry.txt + certutil -v -silent -user -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%_cert-User-IntermediateCA-GroupPolicy.txt + certutil -v -silent -user -store Disallowed > c:\MSLOG\%COMPUTERNAME%_cert-User-UntrustedCertificates-Registry.txt + certutil -v -silent -user -store -grouppolicy Disallowed > c:\MSLOG\%COMPUTERNAME%_cert-User-UntrustedCertificates-GroupPolicy.txt + certutil -v -silent -user -store AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-3rdPartyRootCA-Registry.txt + certutil -v -silent -user -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-3rdPartyRootCA-GroupPolicy.txt + certutil -v -silent -user -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-SmartCardRoot-Registry.txt + certutil -v -silent -user -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-SmartCardRoot-GroupPolicy.txt + certutil -v -silent -user -store UserDS > c:\MSLOG\%COMPUTERNAME%_cert-User-UserDS.txt + ``` + - Wireless LAN client information: + + ``` + netsh wlan show all > c:\MSLOG\%COMPUTERNAME%_wlan_show_all.txt + netsh wlan export profile folder=c:\MSLOG\ + ``` + - Wired LAN Client information + + ``` + netsh lan show interfaces > c:\MSLOG\%computername%_lan_interfaces.txt + netsh lan show profiles > c:\MSLOG\%computername%_lan_profiles.txt + netsh lan show settings > c:\MSLOG\%computername%_lan_settings.txt + netsh lan export profile folder=c:\MSLOG\ + ``` +4. Save the logs stored in C:\MSLOG. + +### On NPS + +1. Create C:\MSLOG to store captured logs. +2. Launch a command prompt as an administrator. +3. Run the following commands. + - Environmental information and Group Policies application status: + + ``` + gpresult /H C:\MSLOG\%COMPUTERNAME%_gpresult.txt + msinfo32 /report c:\MSLOG\%COMPUTERNAME%_msinfo32.txt + ipconfig /all > c:\MSLOG\%COMPUTERNAME%_ipconfig.txt + route print > c:\MSLOG\%COMPUTERNAME%_route_print.txt + ``` + - Event logs: + + ``` + wevtutil epl Application c:\MSLOG\%COMPUTERNAME%_Application.evtx + wevtutil epl System c:\MSLOG\%COMPUTERNAME%_System.evtx + wevtutil epl Security c:\MSLOG\%COMPUTERNAME%_Security.evtx + wevtutil epl Microsoft-Windows-GroupPolicy/Operational c:\MSLOG\%COMPUTERNAME%_GroupPolicy_Operational.evtx + wevtutil epl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-CredentialRoaming_Operational.evtx + wevtutil epl Microsoft-Windows-CertPoleEng/Operational c:\MSLOG\%COMPUTERNAME%_CertPoleEng_Operational.evtx + ``` + - Run the following 3 commands on Windows Server 2012 and later: + + ``` + wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-Lifecycle-System_Operational.evtx + wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-Lifecycle-User_Operational.evtx + wevtutil epl Microsoft-Windows-CertificateServices-Deployment/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServices-Deployment_Operational.evtx + ``` + - Certificates store information + + ``` + certutil -v -silent -store MY > c:\MSLOG\%COMPUTERNAME%_cert-Personal-Registry.txt + certutil -v -silent -store ROOT > c:\MSLOG\%COMPUTERNAME%_cert-TrustedRootCA-Registry.txt + certutil -v -silent -store -grouppolicy ROOT > c:\MSLOG\%COMPUTERNAME%_cert-TrustedRootCA-GroupPolicy.txt + certutil -v -silent -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%_TrustedRootCA-Enterprise.txt + certutil -v -silent -store TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-Reg.txt + certutil -v -silent -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-GroupPolicy.txt + certutil -v -silent -store -enterprise TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-Enterprise.txt + certutil -v -silent -store CA > c:\MSLOG\%COMPUTERNAME%_cert-IntermediateCA-Registry.txt + certutil -v -silent -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%_cert-IntermediateCA-GroupPolicy.txt + certutil -v -silent -store -enterprise CA > c:\MSLOG\%COMPUTERNAME%_cert-Intermediate-Enterprise.txt + certutil -v -silent -store AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-Registry.txt + certutil -v -silent -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-GroupPolicy.txt + certutil -v -silent -store -enterprise AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-Enterprise.txt + certutil -v -silent -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-Registry.txt + certutil -v -silent -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-GroupPolicy.txt + certutil -v -silent -store -enterprise SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-Enterprise.txt + certutil -v -silent -store -enterprise NTAUTH > c:\MSLOG\%COMPUTERNAME%_cert-NtAuth-Enterprise.txt + certutil -v -silent -user -store MY > c:\MSLOG\%COMPUTERNAME%_cert-User-Personal-Registry.txt + certutil -v -silent -user -store ROOT > c:\MSLOG\%COMPUTERNAME%_cert-User-TrustedRootCA-Registry.txt + certutil -v -silent -user -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%_cert-User-TrustedRootCA-Enterprise.txt + certutil -v -silent -user -store TRUST > c:\MSLOG\%COMPUTERNAME%_cert-User-EnterpriseTrust-Registry.txt + certutil -v -silent -user -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%_cert-User-EnterpriseTrust-GroupPolicy.txt + certutil -v -silent -user -store CA > c:\MSLOG\%COMPUTERNAME%_cert-User-IntermediateCA-Registry.txt + certutil -v -silent -user -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%_cert-User-IntermediateCA-GroupPolicy.txt + certutil -v -silent -user -store Disallowed > c:\MSLOG\%COMPUTERNAME%_cert-User-UntrustedCertificates-Registry.txt + certutil -v -silent -user -store -grouppolicy Disallowed > c:\MSLOG\%COMPUTERNAME%_cert-User-UntrustedCertificates-GroupPolicy.txt + certutil -v -silent -user -store AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-3rdPartyRootCA-Registry.txt + certutil -v -silent -user -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-3rdPartyRootCA-GroupPolicy.txt + certutil -v -silent -user -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-SmartCardRoot-Registry.txt + certutil -v -silent -user -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-SmartCardRoot-GroupPolicy.txt + certutil -v -silent -user -store UserDS > c:\MSLOG\%COMPUTERNAME%_cert-User-UserDS.txt + ``` + - NPS configuration information: + + ``` + netsh nps show config > C:\MSLOG\%COMPUTERNAME%_nps_show_config.txt + netsh nps export filename=C:\MSLOG\%COMPUTERNAME%_nps_export.xml exportPSK=YES + ``` +3. Take the following steps to save an NPS accounting log. + 1. Open **Administrative tools > Network Policy Server**. + 2. On the Network Policy Server administration tool, select **Accounting** in the left pane. + 3. Click **Change Log File Properties**. + 4. On the **Log File** tab, note the log file naming convention shown as **Name** and the log file location shown in **Directory** box. + 5. Copy the log file to C:\MSLOG. + +4. Save the logs stored in C:\MSLOG. + +## Certification Authority (CA) (OPTIONAL) + +1. On a CA, launch a command prompt as an administrator. Create C:\MSLOG to store captured logs. +2. Run the following commands. + - Environmental information and Group Policies application status + + ``` + gpresult /H C:\MSLOG\%COMPUTERNAME%_gpresult.txt + msinfo32 /report c:\MSLOG\%COMPUTERNAME%_msinfo32.txt + ipconfig /all > c:\MSLOG\%COMPUTERNAME%_ipconfig.txt + route print > c:\MSLOG\%COMPUTERNAME%_route_print.txt + ``` + - Event logs + + ``` + wevtutil epl Application c:\MSLOG\%COMPUTERNAME%_Application.evtx + wevtutil epl System c:\MSLOG\%COMPUTERNAME%_System.evtx + wevtutil epl Security c:\MSLOG\%COMPUTERNAME%_Security.evtx + wevtutil epl Microsoft-Windows-GroupPolicy/Operational c:\MSLOG\%COMPUTERNAME%_GroupPolicy_Operational.evtx + wevtutil epl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-CredentialRoaming_Operational.evtx + wevtutil epl Microsoft-Windows-CertPoleEng/Operational c:\MSLOG\%COMPUTERNAME%_CertPoleEng_Operational.evtx + ``` + - Run the following 3 lines on Windows 2012 and up + + ``` + wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-Lifecycle-System_Operational.evtx + wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-Lifecycle-User_Operational.evtx + wevtutil epl Microsoft-Windows-CertificateServices-Deployment/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServices-Deployment_Operational.evtx + ``` + - Certificates store information + + ``` + certutil -v -silent -store MY > c:\MSLOG\%COMPUTERNAME%_cert-Personal-Registry.txt + certutil -v -silent -store ROOT > c:\MSLOG\%COMPUTERNAME%_cert-TrustedRootCA-Registry.txt + certutil -v -silent -store -grouppolicy ROOT > c:\MSLOG\%COMPUTERNAME%_cert-TrustedRootCA-GroupPolicy.txt + certutil -v -silent -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%_TrustedRootCA-Enterprise.txt + certutil -v -silent -store TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-Reg.txt + certutil -v -silent -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-GroupPolicy.txt + certutil -v -silent -store -enterprise TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-Enterprise.txt + certutil -v -silent -store CA > c:\MSLOG\%COMPUTERNAME%_cert-IntermediateCA-Registry.txt + certutil -v -silent -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%_cert-IntermediateCA-GroupPolicy.txt + certutil -v -silent -store -enterprise CA > c:\MSLOG\%COMPUTERNAME%_cert-Intermediate-Enterprise.txt + certutil -v -silent -store AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-Registry.txt + certutil -v -silent -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-GroupPolicy.txt + certutil -v -silent -store -enterprise AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-Enterprise.txt + certutil -v -silent -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-Registry.txt + certutil -v -silent -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-GroupPolicy.txt + certutil -v -silent -store -enterprise SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-Enterprise.txt + certutil -v -silent -store -enterprise NTAUTH > c:\MSLOG\%COMPUTERNAME%_cert-NtAuth-Enterprise.txt + certutil -v -silent -user -store MY > c:\MSLOG\%COMPUTERNAME%_cert-User-Personal-Registry.txt + certutil -v -silent -user -store ROOT > c:\MSLOG\%COMPUTERNAME%_cert-User-TrustedRootCA-Registry.txt + certutil -v -silent -user -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%_cert-User-TrustedRootCA-Enterprise.txt + certutil -v -silent -user -store TRUST > c:\MSLOG\%COMPUTERNAME%_cert-User-EnterpriseTrust-Registry.txt + certutil -v -silent -user -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%_cert-User-EnterpriseTrust-GroupPolicy.txt + certutil -v -silent -user -store CA > c:\MSLOG\%COMPUTERNAME%_cert-User-IntermediateCA-Registry.txt + certutil -v -silent -user -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%_cert-User-IntermediateCA-GroupPolicy.txt + certutil -v -silent -user -store Disallowed > c:\MSLOG\%COMPUTERNAME%_cert-User-UntrustedCertificates-Registry.txt + certutil -v -silent -user -store -grouppolicy Disallowed > c:\MSLOG\%COMPUTERNAME%_cert-User-UntrustedCertificates-GroupPolicy.txt + certutil -v -silent -user -store AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-3rdPartyRootCA-Registry.txt + certutil -v -silent -user -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-3rdPartyRootCA-GroupPolicy.txt + certutil -v -silent -user -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-SmartCardRoot-Registry.txt + certutil -v -silent -user -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-SmartCardRoot-GroupPolicy.txt + certutil -v -silent -user -store UserDS > c:\MSLOG\%COMPUTERNAME%_cert-User-UserDS.txt + ``` + - CA configuration information + + ``` + reg save HKLM\System\CurrentControlSet\Services\CertSvc c:\MSLOG\%COMPUTERNAME%_CertSvc.hiv + reg export HKLM\System\CurrentControlSet\Services\CertSvc c:\MSLOG\%COMPUTERNAME%_CertSvc.txt + reg save HKLM\SOFTWARE\Microsoft\Cryptography c:\MSLOG\%COMPUTERNAME%_Cryptography.hiv + reg export HKLM\SOFTWARE\Microsoft\Cryptography c:\MSLOG\%COMPUTERNAME%_Cryptography.tx + ``` +3. Copy the following files, if exist, to C:\MSLOG: %windir%\CAPolicy.inf +4. Log on to a domain controller and create C:\MSLOG to store captured logs. +5. Launch Windows PowerShell as an administrator. +6. Run the following PowerShell cmdlets. Replace the domain name in ";.. ,DC=test,DC=local"; with appropriate domain name. The example shows commands for ";test.local"; domain. + + ```powershell + Import-Module ActiveDirectory + Get-ADObject -SearchBase ";CN=Public Key Services,CN=Services,CN=Configuration,DC=test,DC=local"; -Filter * -Properties * | fl * > C:\MSLOG\Get-ADObject_$Env:COMPUTERNAME.txt + ``` +7. Save the following logs. + - All files in C:\MSLOG on the CA + - All files in C:\MSLOG on the domain controller + diff --git a/windows/client-management/docfx.json b/windows/client-management/docfx.json index 4fc5382798..eab3b9f62e 100644 --- a/windows/client-management/docfx.json +++ b/windows/client-management/docfx.json @@ -35,8 +35,6 @@ "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", "ms.technology": "windows", "ms.topic": "article", - "ms.author": "dongill", - "ms.date": "04/05/2017", "feedback_system": "GitHub", "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app", diff --git a/windows/client-management/images/NPS_sidepacket_capture_data.png b/windows/client-management/images/NPS_sidepacket_capture_data.png new file mode 100644 index 0000000000..9d43a3ebed Binary files /dev/null and b/windows/client-management/images/NPS_sidepacket_capture_data.png differ diff --git a/windows/client-management/images/auditfailure.png b/windows/client-management/images/auditfailure.png new file mode 100644 index 0000000000..f235ad8148 Binary files /dev/null and b/windows/client-management/images/auditfailure.png differ diff --git a/windows/client-management/images/auditsuccess.png b/windows/client-management/images/auditsuccess.png new file mode 100644 index 0000000000..66ce98acb1 Binary files /dev/null and b/windows/client-management/images/auditsuccess.png differ diff --git a/windows/client-management/images/authenticator_flow_chart.png b/windows/client-management/images/authenticator_flow_chart.png new file mode 100644 index 0000000000..729895e60e Binary files /dev/null and b/windows/client-management/images/authenticator_flow_chart.png differ diff --git a/windows/client-management/images/boot-sequence-thumb.png b/windows/client-management/images/boot-sequence-thumb.png new file mode 100644 index 0000000000..164f9f9848 Binary files /dev/null and b/windows/client-management/images/boot-sequence-thumb.png differ diff --git a/windows/client-management/images/boot-sequence.png b/windows/client-management/images/boot-sequence.png new file mode 100644 index 0000000000..31e6dc34c9 Binary files /dev/null and b/windows/client-management/images/boot-sequence.png differ diff --git a/windows/client-management/images/bugcheck-analysis.png b/windows/client-management/images/bugcheck-analysis.png new file mode 100644 index 0000000000..e4b4f033f8 Binary files /dev/null and b/windows/client-management/images/bugcheck-analysis.png differ diff --git a/windows/client-management/images/capi.png b/windows/client-management/images/capi.png new file mode 100644 index 0000000000..76bbcd0650 Binary files /dev/null and b/windows/client-management/images/capi.png differ diff --git a/windows/client-management/images/check-disk.png b/windows/client-management/images/check-disk.png new file mode 100644 index 0000000000..2c5859470e Binary files /dev/null and b/windows/client-management/images/check-disk.png differ diff --git a/windows/client-management/images/clientsidepacket_cap_data.png b/windows/client-management/images/clientsidepacket_cap_data.png new file mode 100644 index 0000000000..b162d2e285 Binary files /dev/null and b/windows/client-management/images/clientsidepacket_cap_data.png differ diff --git a/windows/client-management/images/comparisontable.png b/windows/client-management/images/comparisontable.png new file mode 100644 index 0000000000..0f6781d93e Binary files /dev/null and b/windows/client-management/images/comparisontable.png differ diff --git a/windows/client-management/images/controlset.png b/windows/client-management/images/controlset.png new file mode 100644 index 0000000000..fe9d3c8820 Binary files /dev/null and b/windows/client-management/images/controlset.png differ diff --git a/windows/client-management/images/eappropertymenu.png b/windows/client-management/images/eappropertymenu.png new file mode 100644 index 0000000000..127d7a7e49 Binary files /dev/null and b/windows/client-management/images/eappropertymenu.png differ diff --git a/windows/client-management/images/etl.png b/windows/client-management/images/etl.png new file mode 100644 index 0000000000..14a62c6450 Binary files /dev/null and b/windows/client-management/images/etl.png differ diff --git a/windows/client-management/images/eventviewer.png b/windows/client-management/images/eventviewer.png new file mode 100644 index 0000000000..e0aa5d1721 Binary files /dev/null and b/windows/client-management/images/eventviewer.png differ diff --git a/windows/client-management/images/loadhive.png b/windows/client-management/images/loadhive.png new file mode 100644 index 0000000000..62c6643140 Binary files /dev/null and b/windows/client-management/images/loadhive.png differ diff --git a/windows/client-management/images/miniport.png b/windows/client-management/images/miniport.png new file mode 100644 index 0000000000..ba1b2fed2d Binary files /dev/null and b/windows/client-management/images/miniport.png differ diff --git a/windows/client-management/images/msm.png b/windows/client-management/images/msm.png new file mode 100644 index 0000000000..397df3e350 Binary files /dev/null and b/windows/client-management/images/msm.png differ diff --git a/windows/client-management/images/msmdetails.png b/windows/client-management/images/msmdetails.png new file mode 100644 index 0000000000..cbcf20e114 Binary files /dev/null and b/windows/client-management/images/msmdetails.png differ diff --git a/windows/client-management/images/nm-adapters.png b/windows/client-management/images/nm-adapters.png new file mode 100644 index 0000000000..f4e25fdbc8 Binary files /dev/null and b/windows/client-management/images/nm-adapters.png differ diff --git a/windows/client-management/images/nm-start.png b/windows/client-management/images/nm-start.png new file mode 100644 index 0000000000..ec92f013a2 Binary files /dev/null and b/windows/client-management/images/nm-start.png differ diff --git a/windows/client-management/images/pendingupdate.png b/windows/client-management/images/pendingupdate.png new file mode 100644 index 0000000000..19d8c9dec4 Binary files /dev/null and b/windows/client-management/images/pendingupdate.png differ diff --git a/windows/client-management/images/revertpending.png b/windows/client-management/images/revertpending.png new file mode 100644 index 0000000000..7b60c6446d Binary files /dev/null and b/windows/client-management/images/revertpending.png differ diff --git a/windows/client-management/images/rpc-error.png b/windows/client-management/images/rpc-error.png new file mode 100644 index 0000000000..0e0828522b Binary files /dev/null and b/windows/client-management/images/rpc-error.png differ diff --git a/windows/client-management/images/rpc-flow.png b/windows/client-management/images/rpc-flow.png new file mode 100644 index 0000000000..a3d9c13030 Binary files /dev/null and b/windows/client-management/images/rpc-flow.png differ diff --git a/windows/client-management/images/screenshot1.png b/windows/client-management/images/screenshot1.png new file mode 100644 index 0000000000..5138b41016 Binary files /dev/null and b/windows/client-management/images/screenshot1.png differ diff --git a/windows/client-management/images/sfc-scannow.png b/windows/client-management/images/sfc-scannow.png new file mode 100644 index 0000000000..1c079288a8 Binary files /dev/null and b/windows/client-management/images/sfc-scannow.png differ diff --git a/windows/client-management/images/tat.png b/windows/client-management/images/tat.png new file mode 100644 index 0000000000..90eb328c38 Binary files /dev/null and b/windows/client-management/images/tat.png differ diff --git a/windows/client-management/images/tcp-ts-1.png b/windows/client-management/images/tcp-ts-1.png new file mode 100644 index 0000000000..621235d5b3 Binary files /dev/null and b/windows/client-management/images/tcp-ts-1.png differ diff --git a/windows/client-management/images/tcp-ts-10.png b/windows/client-management/images/tcp-ts-10.png new file mode 100644 index 0000000000..7bf332b57a Binary files /dev/null and b/windows/client-management/images/tcp-ts-10.png differ diff --git a/windows/client-management/images/tcp-ts-11.png b/windows/client-management/images/tcp-ts-11.png new file mode 100644 index 0000000000..75b0361f89 Binary files /dev/null and b/windows/client-management/images/tcp-ts-11.png differ diff --git a/windows/client-management/images/tcp-ts-12.png b/windows/client-management/images/tcp-ts-12.png new file mode 100644 index 0000000000..592ccf0e76 Binary files /dev/null and b/windows/client-management/images/tcp-ts-12.png differ diff --git a/windows/client-management/images/tcp-ts-13.png b/windows/client-management/images/tcp-ts-13.png new file mode 100644 index 0000000000..da6157c72a Binary files /dev/null and b/windows/client-management/images/tcp-ts-13.png differ diff --git a/windows/client-management/images/tcp-ts-14.png b/windows/client-management/images/tcp-ts-14.png new file mode 100644 index 0000000000..f3a3cc4a35 Binary files /dev/null and b/windows/client-management/images/tcp-ts-14.png differ diff --git a/windows/client-management/images/tcp-ts-15.png b/windows/client-management/images/tcp-ts-15.png new file mode 100644 index 0000000000..e3e161317f Binary files /dev/null and b/windows/client-management/images/tcp-ts-15.png differ diff --git a/windows/client-management/images/tcp-ts-16.png b/windows/client-management/images/tcp-ts-16.png new file mode 100644 index 0000000000..52a5e24e2b Binary files /dev/null and b/windows/client-management/images/tcp-ts-16.png differ diff --git a/windows/client-management/images/tcp-ts-17.png b/windows/client-management/images/tcp-ts-17.png new file mode 100644 index 0000000000..e690bbdf1c Binary files /dev/null and b/windows/client-management/images/tcp-ts-17.png differ diff --git a/windows/client-management/images/tcp-ts-18.png b/windows/client-management/images/tcp-ts-18.png new file mode 100644 index 0000000000..95cf36dbe7 Binary files /dev/null and b/windows/client-management/images/tcp-ts-18.png differ diff --git a/windows/client-management/images/tcp-ts-19.png b/windows/client-management/images/tcp-ts-19.png new file mode 100644 index 0000000000..4f2d239e57 Binary files /dev/null and b/windows/client-management/images/tcp-ts-19.png differ diff --git a/windows/client-management/images/tcp-ts-2.png b/windows/client-management/images/tcp-ts-2.png new file mode 100644 index 0000000000..cdaada6cb6 Binary files /dev/null and b/windows/client-management/images/tcp-ts-2.png differ diff --git a/windows/client-management/images/tcp-ts-20.png b/windows/client-management/images/tcp-ts-20.png new file mode 100644 index 0000000000..9b3c573f7e Binary files /dev/null and b/windows/client-management/images/tcp-ts-20.png differ diff --git a/windows/client-management/images/tcp-ts-21.png b/windows/client-management/images/tcp-ts-21.png new file mode 100644 index 0000000000..1e29a2061e Binary files /dev/null and b/windows/client-management/images/tcp-ts-21.png differ diff --git a/windows/client-management/images/tcp-ts-22.png b/windows/client-management/images/tcp-ts-22.png new file mode 100644 index 0000000000..c49dcd72ee Binary files /dev/null and b/windows/client-management/images/tcp-ts-22.png differ diff --git a/windows/client-management/images/tcp-ts-23.png b/windows/client-management/images/tcp-ts-23.png new file mode 100644 index 0000000000..16ef4604c1 Binary files /dev/null and b/windows/client-management/images/tcp-ts-23.png differ diff --git a/windows/client-management/images/tcp-ts-24.png b/windows/client-management/images/tcp-ts-24.png new file mode 100644 index 0000000000..14ae950076 Binary files /dev/null and b/windows/client-management/images/tcp-ts-24.png differ diff --git a/windows/client-management/images/tcp-ts-25.png b/windows/client-management/images/tcp-ts-25.png new file mode 100644 index 0000000000..21e8b97a08 Binary files /dev/null and b/windows/client-management/images/tcp-ts-25.png differ diff --git a/windows/client-management/images/tcp-ts-3.png b/windows/client-management/images/tcp-ts-3.png new file mode 100644 index 0000000000..ce3072c95e Binary files /dev/null and b/windows/client-management/images/tcp-ts-3.png differ diff --git a/windows/client-management/images/tcp-ts-4.png b/windows/client-management/images/tcp-ts-4.png new file mode 100644 index 0000000000..73bc5f90be Binary files /dev/null and b/windows/client-management/images/tcp-ts-4.png differ diff --git a/windows/client-management/images/tcp-ts-5.png b/windows/client-management/images/tcp-ts-5.png new file mode 100644 index 0000000000..ee64c96da0 Binary files /dev/null and b/windows/client-management/images/tcp-ts-5.png differ diff --git a/windows/client-management/images/tcp-ts-6.png b/windows/client-management/images/tcp-ts-6.png new file mode 100644 index 0000000000..8db75fdb08 Binary files /dev/null and b/windows/client-management/images/tcp-ts-6.png differ diff --git a/windows/client-management/images/tcp-ts-7.png b/windows/client-management/images/tcp-ts-7.png new file mode 100644 index 0000000000..4b61bf7e36 Binary files /dev/null and b/windows/client-management/images/tcp-ts-7.png differ diff --git a/windows/client-management/images/tcp-ts-8.png b/windows/client-management/images/tcp-ts-8.png new file mode 100644 index 0000000000..f0ef8300ba Binary files /dev/null and b/windows/client-management/images/tcp-ts-8.png differ diff --git a/windows/client-management/images/tcp-ts-9.png b/windows/client-management/images/tcp-ts-9.png new file mode 100644 index 0000000000..dba375fd65 Binary files /dev/null and b/windows/client-management/images/tcp-ts-9.png differ diff --git a/windows/client-management/images/unloadhive.png b/windows/client-management/images/unloadhive.png new file mode 100644 index 0000000000..e8eb2f859e Binary files /dev/null and b/windows/client-management/images/unloadhive.png differ diff --git a/windows/client-management/images/unloadhive1.png b/windows/client-management/images/unloadhive1.png new file mode 100644 index 0000000000..3b269f294c Binary files /dev/null and b/windows/client-management/images/unloadhive1.png differ diff --git a/windows/client-management/images/wcm.png b/windows/client-management/images/wcm.png new file mode 100644 index 0000000000..6c26a3aeb7 Binary files /dev/null and b/windows/client-management/images/wcm.png differ diff --git a/windows/client-management/images/wifi-stack.png b/windows/client-management/images/wifi-stack.png new file mode 100644 index 0000000000..cf94f491c4 Binary files /dev/null and b/windows/client-management/images/wifi-stack.png differ diff --git a/windows/client-management/images/wifi.txt b/windows/client-management/images/wifi.txt new file mode 100644 index 0000000000..c35240c56c --- /dev/null +++ b/windows/client-management/images/wifi.txt @@ -0,0 +1,31 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/windows/client-management/images/wifistackcomponents.png b/windows/client-management/images/wifistackcomponents.png new file mode 100644 index 0000000000..7971a3d9bf Binary files /dev/null and b/windows/client-management/images/wifistackcomponents.png differ diff --git a/windows/client-management/images/windbg.png b/windows/client-management/images/windbg.png new file mode 100644 index 0000000000..2f489e81a7 Binary files /dev/null and b/windows/client-management/images/windbg.png differ diff --git a/windows/client-management/images/wiredautoconfig.png b/windows/client-management/images/wiredautoconfig.png new file mode 100644 index 0000000000..cede26ce74 Binary files /dev/null and b/windows/client-management/images/wiredautoconfig.png differ diff --git a/windows/client-management/images/wlan.png b/windows/client-management/images/wlan.png new file mode 100644 index 0000000000..fea20f7272 Binary files /dev/null and b/windows/client-management/images/wlan.png differ diff --git a/windows/client-management/img-boot-sequence.md b/windows/client-management/img-boot-sequence.md new file mode 100644 index 0000000000..ca385d841a --- /dev/null +++ b/windows/client-management/img-boot-sequence.md @@ -0,0 +1,11 @@ +--- +description: A full-sized view of the boot sequence flowchart. +title: Boot sequence flowchart +ms.date: 11/16/2018 +--- + +Return to: [Advanced troubleshooting for Windows boot problems](advanced-troubleshooting-boot-problems.md)
    + + +![Full-sized boot sequence flowchart](images/boot-sequence.png) + diff --git a/windows/client-management/manage-settings-app-with-group-policy.md b/windows/client-management/manage-settings-app-with-group-policy.md index b51971615e..7b80381b7c 100644 --- a/windows/client-management/manage-settings-app-with-group-policy.md +++ b/windows/client-management/manage-settings-app-with-group-policy.md @@ -8,11 +8,28 @@ author: brianlic-msft ms.date: 04/19/2017 --- +**Applies to** + +- Windows 10, Windows Server 2016 + + # Manage the Settings app with Group Policy -Starting in Windows 10, version 1703, you can now manage the pages that are shown in the Settings app by using Group Policy. This lets you hide specific pages from users. Before Windows 10, version 1703, you could either show everything in the Settings app or hide it completely. +You can now manage the pages that are shown in the Settings app by using Group Policy. This lets you hide specific pages from users. Before Windows 10, version 1703, you could either show everything in the Settings app or hide it completely. +To make use of the Settings App group polices on Windows server 2016, install fix [4457127](https://support.microsoft.com/help/4457127/windows-10-update-kb4457127) or a later cumulative update. -This policy is available at **Computer Configuration** > **Administrative Templates** > **Control Panel** > **Settings Page Visibility**. +>[!Note] +>Each server that you want to manage access to the Settings App must be patched. + +To centrally manage the new policies copy the ControlPanel.admx and ControlPanel.adml file to [Central Store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) if your company uses one or the PolicyDefinitions folder of the Domain Controllers used for Group Policy management. + +This policy is available for both User and Computer depending on the version of the OS. Windows Server 2016 with KB 4457127 applied will have both User and Computer policy. Windows 10, version 1703, added Computer policy for the Settings app. Windows 10, version 1809, added User policy for the Settings app. + +Policy paths: + +**Computer Configuration** > **Administrative Templates** > **Control Panel** > **Settings Page Visibility**. + +**User Configuration** > **Administrative Templates** > **Control Panel** > **Settings Page Visibility**. ![Settings page visibility policy](images/settings-page-visibility-gp.png) @@ -21,7 +38,7 @@ This policy is available at **Computer Configuration** > **Administrative Templa The Group Policy can be configured in one of two ways: specify a list of pages that are shown or specify a list of pages to hide. To do this, add either **ShowOnly:** or **Hide:** followed by a semicolon delimited list of URIs in **Settings Page Visiblity**. For a full list of URIs, see the URI scheme reference section in [Launch the Windows Settings app](https://docs.microsoft.com/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference). >[!NOTE] -> When you specify the URI in the Settings Page Visbility textbox, don't include **ms-settings:** in the string. +> When you specify the URI in the Settings Page Visibility textbox, don't include **ms-settings:** in the string. Here are some examples: diff --git a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md index 86eb568add..8581c76291 100644 --- a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md +++ b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md @@ -21,7 +21,7 @@ Your organization can support various operating systems across a wide range of d This six-minute video demonstrates how users can bring in a new retail device and be up and working with their personalized settings and a managed experience in a few minutes, without being on the corporate network. It also demonstrates how IT can apply policies and configurations to ensure device compliance. -> [!VIDEO https://www.youtube.com/embed/g1rIcBhhxpA] +> [!VIDEO https://www.youtube.com/embed/g1rIcBhhxpA] >[!NOTE] >The video demonstrates the configuration process using the classic Azure portal, which is retired. Customers should use the new Azure portal. [Learn how use the new Azure portal to perform tasks that you used to do in the classic Azure portal.](https://docs.microsoft.com/information-protection/deploy-use/migrate-portal) @@ -49,7 +49,7 @@ As indicated in the diagram, Microsoft continues to provide support for deep man With Windows 10, you can continue to use traditional OS deployment, but you can also “manage out of the box.” To transform new devices into fully-configured, fully-managed devices, you can: -- Avoid reimaging by using dynamic provisioning, enabled by a cloud-based device management services such as [Microsoft Autopilot] (https://docs.microsoft.com/en-us/windows/deployment/windows-10-auto-pilot) or [Microsoft Intune](https://docs.microsoft.com/intune/understand-explore/introduction-to-microsoft-intune). +- Avoid reimaging by using dynamic provisioning, enabled by a cloud-based device management services such as [Microsoft Autopilot](https://docs.microsoft.com/windows/deployment/windows-10-auto-pilot) or [Microsoft Intune](https://docs.microsoft.com/intune/understand-explore/introduction-to-microsoft-intune). - Create self-contained provisioning packages built with the [Windows Configuration Designer](https://technet.microsoft.com/itpro/windows/deploy/provisioning-packages). @@ -113,24 +113,24 @@ MDM with Intune provide tools for applying Windows updates to client computers i There are a variety of steps you can take to begin the process of modernizing device management in your organization: -**Assess current management practices, and look for investments you might make today.** Which of your current practices need to stay the same, and which can you change? Specifically, what elements of traditional management do you need to retain and where can you modernize? Whether you take steps to minimize custom imaging, re-evaluate settings management, or reassesses authentication and compliance, the benefits can be immediate. You can use the [MDM Migration Analysis Tool (MMAT)](http://aka.ms/mmat) to help determine which Group Policies are set for a target user/computer and cross-reference them against the list of available MDM policies. +**Assess current management practices, and look for investments you might make today.** Which of your current practices need to stay the same, and which can you change? Specifically, what elements of traditional management do you need to retain and where can you modernize? Whether you take steps to minimize custom imaging, re-evaluate settings management, or reassesses authentication and compliance, the benefits can be immediate. You can use the [MDM Migration Analysis Tool (MMAT)](https://aka.ms/mmat) to help determine which Group Policies are set for a target user/computer and cross-reference them against the list of available MDM policies. **Assess the different use cases and management needs in your environment.** Are there groups of devices that could benefit from lighter, simplified management? BYOD devices, for example, are natural candidates for cloud-based management. Users or devices handling more highly regulated data might require an on-premises Active Directory domain for authentication. Configuration Manager and EMS provide you the flexibility to stage implementation of modern management scenarios while targeting different devices the way that best suits your business needs. **Review the decision trees in this article.** With the different options in Windows 10, plus Configuration Manager and Enterprise Mobility + Security, you have the flexibility to handle imaging, authentication, settings, and management tools for any scenario. -**Take incremental steps.** Moving towards modern device management doesn’t have to be an overnight transformation. New operating systems and devices can be brought in while older ones remain. With this “managed diversity,” users can benefit from productivity enhancements on new Windows 10 devices, while you continue to maintain older devices according to your standards for security and manageability. Starting with Windows 10, version 1803, the new policy [MDMWinsOverGP](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-controlpolicyconflict#controlpolicyconflict-mdmwinsovergp) was added to allow MDM policies to take precedence over GP when both GP and its equivalent MDM policies are set on the device. You can start implementing MDM policies while keeping your GP environment. Here is the list of MDM policies with equivalent GP - [Policies supported by GP](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-configuration-service-provider#policies-supported-by-gp) +**Take incremental steps.** Moving towards modern device management doesn’t have to be an overnight transformation. New operating systems and devices can be brought in while older ones remain. With this “managed diversity,” users can benefit from productivity enhancements on new Windows 10 devices, while you continue to maintain older devices according to your standards for security and manageability. Starting with Windows 10, version 1803, the new policy [MDMWinsOverGP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-controlpolicyconflict#controlpolicyconflict-mdmwinsovergp) was added to allow MDM policies to take precedence over GP when both GP and its equivalent MDM policies are set on the device. You can start implementing MDM policies while keeping your GP environment. Here is the list of MDM policies with equivalent GP - [Policies supported by GP](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#policies-supported-by-gp) **Optimize your existing investments**. On the road from traditional on-premises management to modern cloud-based management, take advantage of the flexible, hybrid architecture of Configuration Manager and Intune. Starting with Configuration Manager 1710, co-management enables you to concurrently manage Windows 10 devices by using both Configuration Manager and Intune. See these topics for details: -- [Co-management for Windows 10 devices](https://docs.microsoft.com/en-us/sccm/core/clients/manage/co-management-overview) -- [Prepare Windows 10 devices for co-management](https://docs.microsoft.com/en-us/sccm/core/clients/manage/co-management-prepare) -- [Switch Configuration Manager workloads to Intune](https://docs.microsoft.com/en-us/sccm/core/clients/manage/co-management-switch-workloads) -- [Co-management dashboard in System Center Configuration Manager](https://docs.microsoft.com/en-us/sccm/core/clients/manage/co-management-dashboard) +- [Co-management for Windows 10 devices](https://docs.microsoft.com/sccm/core/clients/manage/co-management-overview) +- [Prepare Windows 10 devices for co-management](https://docs.microsoft.com/sccm/core/clients/manage/co-management-prepare) +- [Switch Configuration Manager workloads to Intune](https://docs.microsoft.com/sccm/core/clients/manage/co-management-switch-workloads) +- [Co-management dashboard in System Center Configuration Manager](https://docs.microsoft.com/sccm/core/clients/manage/co-management-dashboard) ## Related topics -- [What is Intune?](https://docs.microsoft.com/en-us/intune/introduction-intune) -- [Windows 10 Policy CSP](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-configuration-service-provider) -- [Windows 10 Configuration service Providers](https://docs.microsoft.com/en-us/windows/client-management/mdm/configuration-service-provider-reference) +- [What is Intune?](https://docs.microsoft.com/intune/introduction-intune) +- [Windows 10 Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider) +- [Windows 10 Configuration service Providers](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference) diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md index 675af55231..0a91b0f2ad 100644 --- a/windows/client-management/mandatory-user-profile.md +++ b/windows/client-management/mandatory-user-profile.md @@ -7,7 +7,7 @@ ms.mktglfcycl: manage ms.sitesec: library author: jdeckerms ms.author: jdecker -ms.date: 10/16/2017 +ms.date: 10/02/2018 --- # Create mandatory user profiles @@ -39,7 +39,7 @@ The name of the folder in which you store the mandatory profile must use the cor | Windows 8 | Windows Server 2012 | v3 | | Windows 8.1 | Windows Server 2012 R2 | v4 | | Windows 10, versions 1507 and 1511 | N/A | v5 | -| Windows 10, version 1607 (Anniversary Update) and version 1703 (Creators Update) | Windows Server 2016 | v6 | +| Windows 10, versions 1607, 1703, 1709, 1803, and 1809 | Windows Server 2016 | v6 | For more information, see [Deploy Roaming User Profiles, Appendix B](https://technet.microsoft.com/library/jj649079.aspx) and [Roaming user profiles versioning in Windows 10 and Windows Server Technical Preview](https://support.microsoft.com/kb/3056198). @@ -61,22 +61,11 @@ First, you create a default user profile with the customizations that you want, 3. [Create an answer file (Unattend.xml)](https://msdn.microsoft.com/library/windows/hardware/dn915085.aspx) that sets the [CopyProfile](https://msdn.microsoft.com/library/windows/hardware/dn922656.aspx) parameter to **True**. The CopyProfile parameter causes Sysprep to copy the currently signed-on user’s profile folder to the default user profile. You can use [Windows System Image Manager](https://msdn.microsoft.com/library/windows/hardware/dn922445.aspx), which is part of the Windows Assessment and Deployment Kit (ADK) to create the Unattend.xml file. -3. For devices running Windows 10, use the [Remove-AppxProvisionedPackage](https://technet.microsoft.com/library/dn376476%28v=wps.620%29.aspx) cmdlet in Windows PowerShell to uninstall the following applications: - - - Microsoft.windowscommunicationsapps_8wekyb3d8bbwe - - Microsoft.BingWeather_8wekyb3d8bbwe - - Microsoft.DesktopAppInstaller_8wekyb3d8bbwe - - Microsoft.Getstarted_8wekyb3d8bbwe - - Microsoft.Windows.Photos_8wekyb3d8bbwe - - Microsoft.WindowsCamera_8wekyb3d8bbwe - - Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe - - Microsoft.WindowsStore_8wekyb3d8bbwe - - Microsoft.XboxApp_8wekyb3d8bbwe - - Microsoft.XboxIdentityProvider_8wekyb3d8bbwe - - Microsoft.ZuneMusic_8wekyb3d8bbwe +3. Uninstall any application you do not need or want from the PC. For examples on how to uninstall Windows 10 Application see [Remove-AppxProvisionedPackage](https://docs.microsoft.com/powershell/module/dism/remove-appxprovisionedpackage?view=winserver2012-ps). For a list of uninstallable applications, see [Understand the different apps included in Windows 10](https://docs.microsoft.com/windows/application-management/apps-in-windows-10). + >[!NOTE] - >Uninstalling these apps will decrease sign-in time. If your deployment needs any of these apps, you can leave them installed. + >It is highly recommended to uninstall unwanted or unneeded apps as it will speed up user sign-in times. 3. At a command prompt, type the following command and press **ENTER**. @@ -89,7 +78,7 @@ First, you create a default user profile with the customizations that you want, >![Microsoft Bing Translator package](images/sysprep-error.png) - >Use the [Remove-AppxProvisionedPackage](https://technet.microsoft.com/library/dn376476%28v=wps.620%29.aspx) and [Remove-AppxPackage -AllUsers](https://docs.microsoft.com/en-us/powershell/module/appx/remove-appxpackage?view=win10-ps) cmdlet in Windows PowerShell to uninstall the app that is listed in the log. + >Use the [Remove-AppxProvisionedPackage](https://technet.microsoft.com/library/dn376476%28v=wps.620%29.aspx) and [Remove-AppxPackage -AllUsers](https://docs.microsoft.com/powershell/module/appx/remove-appxpackage?view=win10-ps) cmdlet in Windows PowerShell to uninstall the app that is listed in the log. 5. The sysprep process reboots the PC and starts at the first-run experience screen. Complete the set up, and then sign in to the computer using an account that has local administrator privileges. diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index b51844c487..07e2cb8f96 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -6,7 +6,7 @@ ### [Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md) ### [Federated authentication device enrollment](federated-authentication-device-enrollment.md) ### [Certificate authentication device enrollment](certificate-authentication-device-enrollment.md) -### [On-premise authentication device enrollment](on-premise-authentication-device-enrollment.md) +### [On-premises authentication device enrollment](on-premise-authentication-device-enrollment.md) ## [Understanding ADMX-backed policies](understanding-admx-backed-policies.md) ## [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md) ## [Win32 and Desktop Bridge app policy configuration](win32-and-centennial-app-policy-configuration.md) @@ -17,7 +17,7 @@ ### [Add an Azure AD tenant and Azure AD subscription](add-an-azure-ad-tenant-and-azure-ad-subscription.md) ### [Register your free Azure Active Directory subscription](register-your-free-azure-active-directory-subscription.md) ## [Enterprise app management](enterprise-app-management.md) -## [Device update management](device-update-management.md) +## [Mobile device management (MDM) for device updates](device-update-management.md) ## [Bulk enrollment](bulk-enrollment-using-windows-provisioning-tool.md) ## [Management tool for the Microsoft Store for Business](management-tool-for-windows-store-for-business.md) ### [REST API reference for Microsoft Store for Business](rest-api-reference-windows-store-for-business.md) @@ -189,6 +189,7 @@ #### [Authentication](policy-csp-authentication.md) #### [Autoplay](policy-csp-autoplay.md) #### [Bitlocker](policy-csp-bitlocker.md) +#### [BITS](policy-csp-bits.md) #### [Bluetooth](policy-csp-bluetooth.md) #### [Browser](policy-csp-browser.md) #### [Camera](policy-csp-camera.md) @@ -208,6 +209,7 @@ #### [DeviceInstallation](policy-csp-deviceinstallation.md) #### [DeviceLock](policy-csp-devicelock.md) #### [Display](policy-csp-display.md) +#### [DmaGuard](policy-csp-dmaguard.md) #### [Education](policy-csp-education.md) #### [EnterpriseCloudPrint](policy-csp-enterprisecloudprint.md) #### [ErrorReporting](policy-csp-errorreporting.md) @@ -223,7 +225,6 @@ #### [LanmanWorkstation](policy-csp-lanmanworkstation.md) #### [Licensing](policy-csp-licensing.md) #### [LocalPoliciesSecurityOptions](policy-csp-localpoliciessecurityoptions.md) -#### [Location](policy-csp-location.md) #### [LockDown](policy-csp-lockdown.md) #### [Maps](policy-csp-maps.md) #### [Messaging](policy-csp-messaging.md) @@ -293,6 +294,8 @@ #### [SUPL DDF file](supl-ddf-file.md) ### [SurfaceHub CSP](surfacehub-csp.md) #### [SurfaceHub DDF file](surfacehub-ddf-file.md) +### [TenantLockdown CSP](tenantlockdown-csp.md) +#### [TenantLockdown DDF file](tenantlockdown-ddf.md) ### [TPMPolicy CSP](tpmpolicy-csp.md) #### [TPMPolicy DDF file](tpmpolicy-ddf-file.md) ### [UEFI CSP](uefi-csp.md) @@ -313,6 +316,8 @@ #### [WiFi DDF file](wifi-ddf-file.md) ### [Win32AppInventory CSP](win32appinventory-csp.md) #### [Win32AppInventory DDF file](win32appinventory-ddf-file.md) +### [Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md) +#### [Win32CompatibilityAppraiser DDF file](win32compatibilityappraiser-ddf.md) ### [WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md) #### [WindowsAdvancedThreatProtection DDF file](windowsadvancedthreatprotection-ddf.md) ### [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md) diff --git a/windows/client-management/mdm/accounts-ddf-file.md b/windows/client-management/mdm/accounts-ddf-file.md index a6e5b3ded3..c0bc44f76f 100644 --- a/windows/client-management/mdm/accounts-ddf-file.md +++ b/windows/client-management/mdm/accounts-ddf-file.md @@ -68,7 +68,7 @@ The XML below is for Windows 10, version 1803. - This node specifies the name for a device. This setting can be managed remotely. A couple of macros can be embedded within the value for dynamic substitution: %RAND:<# of digits>% and %SERIAL%. Examples: (a) "Test%RAND:6%" will generate a name "Test" followed by 6 random digits (e.g., "Test123456"). (b) "Foo%SERIAL%", will generate a name "Foo" followed by the serial number derived from device's ID. The server must explicitly reboot the device for this value to take effect. + This node specifies the name for a device. This setting can be managed remotely. A couple of macros can be embedded within the value for dynamic substitution: %RAND:<# of digits>% and %SERIAL%. Examples: (a) "Test%RAND:6%" will generate a name "Test" followed by 6 random digits (e.g., "Test123456"). (b) "Foo%SERIAL%", will generate a name "Foo" followed by the serial number derived from device's ID. The server must explicitly reboot the device for this value to take effect. diff --git a/windows/client-management/mdm/activesync-csp.md b/windows/client-management/mdm/activesync-csp.md index aed29f1f97..d77371ecc7 100644 --- a/windows/client-management/mdm/activesync-csp.md +++ b/windows/client-management/mdm/activesync-csp.md @@ -89,7 +89,7 @@ Required. A character string that specifies the location of the icon associated Supported operations are Get, Replace, and Add (cannot Add after the account is created). -The account icon can be used as a tile in the **Start** list or an icon in the applications list under **Settings > email & accounts**. Some icons are already provided on the device. The suggested icon for POP/IMAP or generic ActiveSync accounts is at res://AccountSettingsSharedRes{*ScreenResolution*}!%s.genericmail.png. The suggested icon for Exchange Accounts is at res://AccountSettingsSharedRes{*ScreenResolution*}!%s.office.outlook.png. Custom icons can be added if desired. +The account icon can be used as a tile in the **Start** list or an icon in the applications list under **Settings > email & accounts**. Some icons are already provided on the device. The suggested icon for POP/IMAP or generic ActiveSync accounts is at res://AccountSettingsSharedRes{*ScreenResolution*}!%s.genericmail.png. The suggested icon for Exchange Accounts is at res://AccountSettingsSharedRes{*ScreenResolution*}!%s.office.outlook.png. Custom icons can be added if desired. ***Account GUID*/AccountType** Required. A character string that specifies the account type. diff --git a/windows/client-management/mdm/alljoynmanagement-csp.md b/windows/client-management/mdm/alljoynmanagement-csp.md index 8745e5a972..2362bb66f0 100644 --- a/windows/client-management/mdm/alljoynmanagement-csp.md +++ b/windows/client-management/mdm/alljoynmanagement-csp.md @@ -22,7 +22,7 @@ This CSP was added in Windows 10, version 1511.   -For the firewall settings, note that PublicProfile and PrivateProfile are mutually exclusive. The Private Profile must be set on the directly on the device itself, and the only supported operation is Get. For PublicProfile, both Add and Get are supported. This CSP is intended to be used in conjunction with the AllJoyn Device System Bridge, and an understanding of the bridge will help when determining when and how to use this CSP. For more information, see [Device System Bridge (DSB) Project](http://go.microsoft.com/fwlink/p/?LinkId=615876) and [AllJoyn Device System Bridge](http://go.microsoft.com/fwlink/p/?LinkId=615877). +For the firewall settings, note that PublicProfile and PrivateProfile are mutually exclusive. The Private Profile must be set on the directly on the device itself, and the only supported operation is Get. For PublicProfile, both Add and Get are supported. This CSP is intended to be used in conjunction with the AllJoyn Device System Bridge, and an understanding of the bridge will help when determining when and how to use this CSP. For more information, see [Device System Bridge (DSB) Project](https://go.microsoft.com/fwlink/p/?LinkId=615876) and [AllJoyn Device System Bridge](https://go.microsoft.com/fwlink/p/?LinkId=615877). The following diagram shows the AllJoynManagement configuration service provider in tree format @@ -30,47 +30,47 @@ The following diagram shows the AllJoynManagement configuration service provider The following list describes the characteristics and parameters. -**./Vendor/MSFT/AllJoynManagement** +**./Vendor/MSFT/AllJoynManagement** The root node for the AllJoynManagement configuration service provider. -**Services** +**Services** List of all AllJoyn objects that are discovered on the AllJoyn bus. All AllJoyn objects that expose the "com.microsoft.alljoynmanagement.config" are included. -**Services/****_Node name_** +**Services/****_Node name_** The unique AllJoyn device ID (a GUID) that hosts one or more configurable objects. -**Services/*Node name*/Port** +**Services/*Node name*/Port** The set of ports that the AllJoyn object uses to communicate configuration settings. Typically only one port is used for communication, but it is possible to specify additional ports. -**Services/*Node name*/Port/****_Node name_** +**Services/*Node name*/Port/****_Node name_** Port number used for communication. This is specified by the configurable AllJoyn object and reflected here. -**Services/*Node name*/Port/*Node name*/CfgObject** +**Services/*Node name*/Port/*Node name*/CfgObject** The set of configurable interfaces that are available on the port of the AllJoyn object. -**Services/*Node name*/Port/*Node name*/CfgObject/****_Node name_** +**Services/*Node name*/Port/*Node name*/CfgObject/****_Node name_** The remainder of this URI is an escaped path to the configurable AllJoyn object hosted by the parent ServiceID and accessible by the parent PortNum. For example an AllJoyn Bridge with the Microsoft specific AllJoyn configuration interface "\\FabrikamService\\BridgeConfig" would be specified in the URI as: %2FFabrikamService%2FBridgeConfig. -**Credentials** +**Credentials** This is the credential store. An administrator can set credentials for each AllJoyn device that requires authentication at this node. When a SyncML request arrives in the CSP to replace or query a configuration item on an AllJoyn object that requires authentication, then the CSP uses the credentials stored here during the authentication phase. -**Credentials/****_Node name_** +**Credentials/****_Node name_** This is the same service ID specified in \\AllJoynManagement\\Services\\ServiceID URI. It is typically implemented as a GUID. -**Credentials/*Node name*/Key** +**Credentials/*Node name*/Key** An alphanumeric key value that conforms to the AllJoyn SRP KEYX authentication standard. -**Firewall** +**Firewall** Firewall setting for the AllJoyn service. -**Firewall/PublicProfile** +**Firewall/PublicProfile** Boolean value to enable or disable the AllJoyn router service (AJRouter.dll) for public network profile. -**Firewall/PrivateProfile** +**Firewall/PrivateProfile** Boolean value indicating whether AllJoyn router service (AJRouter.dll) is enabled for private network profile. ## Examples @@ -123,7 +123,7 @@ Get the firewall PrivateProfile ``` syntax - + 1 @@ -131,7 +131,7 @@ Get the firewall PrivateProfile ./Vendor/MSFT/AllJoynManagement/Firewall/PrivateProfile - + diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md index f1f1e0aaaa..c9d931e3e6 100644 --- a/windows/client-management/mdm/applocker-csp.md +++ b/windows/client-management/mdm/applocker-csp.md @@ -19,7 +19,7 @@ The AppLocker configuration service provider is used to specify which applicatio > When you create a list of allowed apps, all [inbox apps](#inboxappsandcomponents) are also blocked, and you must include them in your list of allowed apps. Don't forget to add the inbox apps for Phone, Messaging, Settings, Start, Email and accounts, Work and school, and other apps that you need. > > In Windows 10 Mobile, when you create a list of allowed apps, the [settings app that rely on splash apps](#settingssplashapps) are blocked. To unblock these apps, you must include them in your list of allowed apps. -> +> > Delete/unenrollment is not properly supported unless Grouping values are unique across enrollments. If multiple enrollments use the same Grouping value, then unenrollment will not work as expected since there are duplicate URIs that get deleted by the resource manager. To prevent this problem, the Grouping value should include some randomness. The best practice is to use a randomly generated GUID. However, there is no requirement on the exact value of the node. @@ -27,15 +27,15 @@ The following diagram shows the AppLocker configuration service provider in tree ![applocker csp](images/provisioning-csp-applocker.png) -**./Vendor/MSFT/AppLocker** +**./Vendor/MSFT/AppLocker** Defines the root node for the AppLocker configuration service provider. -**ApplicationLaunchRestrictions** +**ApplicationLaunchRestrictions** Defines restrictions for applications. > [!NOTE]   > When you create a list of allowed apps, all [inbox apps](#inboxappsandcomponents) are also blocked, and you must include them in your list of allowed apps. Don't forget to add the inbox apps for Phone, Messaging, Settings, Start, Email and accounts, Work and school, and other apps that you need. -> +> > In Windows 10 Mobile, when you create a list of allowed apps, the [settings app that rely on splash apps](#settingssplashapps) are blocked. To unblock these apps, you must include them in your list of allowed apps. Additional information: @@ -43,10 +43,10 @@ Additional information: - [Find publisher and product name of apps](#productname) - step-by-step guide for getting the publisher and product names for various Windows apps. - [Whitelist example](#whitelist-example) - example for Windows 10 Mobile that denies all apps except the ones listed. -**EnterpriseDataProtection** +**EnterpriseDataProtection** Captures the list of apps that are allowed to handle enterprise data. Should be used in conjunction with the settings in **./Device/Vendor/MSFT/EnterpriseDataProtection** in [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md). -In Windows 10, version 1607 the Windows Information Protection has a concept for allowed and exempt applications. Allowed applications can access enterprise data and the data handled by those applications are protected with encryption. Exempt applications can also access enterprise data, but the data handled by those applications are not protected. This is because some critical enterprise applications may have compatibility problems with encrypted data. +In Windows 10, version 1607 the Windows Information Protection has a concept for allowed and exempt applications. Allowed applications can access enterprise data and the data handled by those applications are protected with encryption. Exempt applications can also access enterprise data, but the data handled by those applications are not protected. This is because some critical enterprise applications may have compatibility problems with encrypted data. You can set the allowed list using the following URI: - ./Vendor/MSFT/AppLocker/EnterpriseDataProtection/_Grouping_/EXE/Policy @@ -155,7 +155,7 @@ Each of the previous nodes contains one or more of the following leaf nodes:

    Policy

    Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.

    Policy nodes are a Base64-encoded blob of the binary policy representation. The binary policy may be signed or unsigned.

    -

    For CodeIntegrity/Policy, you can use the [certutil -encode](http://go.microsoft.com/fwlink/p/?LinkId=724364) command line tool to encode the data to base-64.

    +

    For CodeIntegrity/Policy, you can use the [certutil -encode](https://go.microsoft.com/fwlink/p/?LinkId=724364) command line tool to encode the data to base-64.

    Here is a sample certutil invocation:

    ``` @@ -164,7 +164,7 @@ certutil -encode WinSiPolicy.p7b WinSiPolicy.cer

    An alternative to using certutil would be to use the following PowerShell invocation:

    -``` +``` [Convert]::ToBase64String($(Get-Content -Encoding Byte -ReadCount 0 -Path )) ``` @@ -259,7 +259,7 @@ Here is an example AppLocker publisher rule: ``` syntax FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Reader" BinaryName="*"> - + ``` @@ -587,7 +587,7 @@ The following list shows the apps that may be included in the inbox. Microsoft Frameworks ProductID = 00000000-0000-0000-0000-000000000000 -

    PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"

    +

    PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"

    @@ -851,7 +851,7 @@ The following example disables the calendar application. chr text/plain - <AppPolicy Version="1" xmlns="http://schemas.microsoft.com/phone/2013/policy"><Deny><App ProductId="{a558feba-85d7-4665-b5d8-a2ff9c19799b}"/></Deny></AppPolicy> + @@ -875,28 +875,28 @@ The following example blocks the usage of the map application. chr - <RuleCollection Type="Appx" EnforcementMode="Enabled"> - <FilePublisherRule Id="a9e18c21-ff8f-43cf-b9fc-db40eed693ba" Name="(Default Rule) All signed Appx packages" Description="Allows members of the Everyone group to run Appx packages that are signed." UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*"> - <BinaryVersionRange LowSection="0.0.0.0" HighSection="*" /> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + + - <FilePublisherRule Id="fd686d83-a829-4351-8ff4-27c7de5755d2" Name="Deny Splash appmaps" Description="Deny members of the local Administrators group to run maps." UserOrGroupSid="S-1-1-0" Action="Deny"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsMaps" BinaryName="*" /> - </Conditions> - </FilePublisherRule> - - </RuleCollection> + + + + + + + - + ``` The following example disables the Mixed Reality Portal. In the example, the **Id** can be any generated GUID and the **Name** can be any name you choose. Note that `BinaryName="*"` allows you to block any app executable in the Mixed Reality Portal package. **Binary/VersionRange**, as shown in the example, will block all versions of the Mixed Reality Portal app. @@ -914,30 +914,30 @@ The following example disables the Mixed Reality Portal. In the example, the **I chr text/plain - - <RuleCollection Type="Appx" EnforcementMode="Enabled"> - <FilePublisherRule Id="a9e18c21-ff8f-43cf-b9fc-db40eed693ba" Name="(Default Rule) All signed packaged apps" Description="Allows members of the Everyone group to run packaged apps that are signed." UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*"> - <BinaryVersionRange LowSection="0.0.0.0" HighSection="*" /> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> - <FilePublisherRule Id="d26da4e7-0b01-484d-a8d3-d5b5341b2d55" Name="Block Mixed Reality Portal" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Windows.HolographicFirstRun" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*" /> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> - </RuleCollection>> + + + + + + + + + + + + + + + + + > -``` +``` The following example for Windows 10 Mobile denies all apps and allows the following apps: @@ -976,421 +976,421 @@ In this example, **MobileGroup0** is the node name. We recommend using a GUID fo chr -<RuleCollection Type="Appx" EnforcementMode="Enabled"> + - <FilePublisherRule Id="172B8ACE-AAF5-41FA-941A-93AEE126B4A9" Name="Default Rule to Deny ALL" Description="Deny all publisher" UserOrGroupSid="S-1-1-0" Action="Deny"> - <Conditions> - <FilePublisherCondition PublisherName="CN=*" ProductName="*" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*"/> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + - <FilePublisherRule Id="DDCD112F-E003-4874-8B3E-14CB23851D54" Name="Whitelist Settings splash app" Description="Allow Admins to run Settings." UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="2A4E62D8-8809-4787-89F8-69D0F01654FB" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*"/> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + - <FilePublisherRule Id="757D94A8-C752-4013-9896-D46EF10925E9" Name="Whitelist Settings WorkOrSchool" Description="Allow Admins to run WorkOrSchool" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA562A" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*"/> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + - <FilePublisherRule Id="473BCE1A-94D2-4AE1-8CB1-064B0677CACB" Name="Whitelist WorkPlace AAD BrokerPlugin" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.AAD.BrokerPlugin" BinaryName="*" > - <BinaryVersionRange LowSection="*" HighSection="*"/> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + - <FilePublisherRule Id="E13EA64B-B0D3-4257-87F4-1B522D06EA03" Name="Whitelist Start" Description="Allow Admins to run Start." UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA5602" BinaryName="*" > - <BinaryVersionRange LowSection="*" HighSection="*"/> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + - <FilePublisherRule Id="2898C4B2-4B37-4BFF-8F7B-16B377EDEA88" Name="Whitelist SettingsPageKeyboard" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5608" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*"/> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + - <FilePublisherRule Id="15BBA04F-3989-4FF7-9FEF-83C4DFDABA27" Name="Whitelist SettingsPageTimeRegion" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea560c" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*"/> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + - <FilePublisherRule Id="C3735CB1-060D-4D40-9708-6D33B98A7A2D" Name="Whitelist SettingsPagePCSystemBluetooth" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5620" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*"/> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + - <FilePublisherRule Id="AFACF5A3-2974-41EE-A31A-1486F593C145" Name="Whitelist SettingsPageNetworkAirplaneMode" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5621" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*"/> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + - <FilePublisherRule Id="7B02A339-9E77-4694-AF86-119265138129" Name="Whitelist SettingsPageNetworkWiFi" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA5623" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*"/> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + - <FilePublisherRule Id="F912172F-9D83-46F5-8D6C-BA7AB17063BE" Name="Whitelist SettingsPageNetworkInternetSharing" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA5629" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*"/> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + - <FilePublisherRule Id="67AE8001-4E49-442A-AD72-F837129ABF63" Name="Whitelist SettingsPageRestoreUpdate" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5640" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*"/> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + - <FilePublisherRule Id="7B65BCB2-4B1D-42B6-921B-B87F1474BDC5" Name="Whitelist SettingsPageKidsCorner" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5802" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*"/> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + - <FilePublisherRule Id="3964A53B-E131-4ED6-88DA-71FBDBE4E232" Name="Whitelist SettingsPageDrivingMode" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5804" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*"/> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + - <FilePublisherRule Id="99C4CD58-51A2-429A-B479-976ADB4EA757" Name="Whitelist SettingsPageTimeLanguage" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5808" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*"/> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + - <FilePublisherRule Id="EBA3BCBE-4651-48CE-8F94-C5AC5D8F72FB" Name="Whitelist SettingsPageAppsCorner" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea580a" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*"/> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + - <FilePublisherRule Id="E16EABCC-46E7-4AB3-9F48-67FFF941BBDC" Name="Whitelist SettingsPagePhoneNfc" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="b0894dfd-4671-4bb9-bc17-a8b39947ffb6" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*"/> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> + + + + + + + - <FilePublisherRule Id="1F4C3904-9976-4FEE-A492-5708F14EABA5" Name="Whitelist MSA Cloud Experience Host" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.CloudExperienceHost" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="AA741A28-7C02-49A5-AA5C-35D53FB8A9DC" Name="Whitelist Email and Accounts" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.AccountsControl" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="863BE063-D134-4C5C-9825-9DF9A86B6B56" Name="Whitelist Calculator" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsCalculator" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="1DA2F479-3D1D-4425-9FFA-D4E6908F945A" Name="Whitelist Alarms and Clock" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsAlarms" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="18E12372-21C6-4DA5-970E-0A58739D7151" Name="Whitelist People" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.People" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="FD686D83-A829-4351-8FF4-27C7DE5755D2" Name="Whitelist Camera" Description="Allow Admins to run camera." UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsCamera" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="16875F70-1778-43CC-96BB-783C9A8E53D5" Name="Whitelist WindowsMaps" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsMaps" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="D21D6F9D-CFF6-4AD1-867A-2411CE6A388D" Name="Whitelist FileExplorer" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="c5e2524a-ea46-4f67-841f-6a9465d9d515" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="450B6D7E-1738-41C9-9241-466C3FA4AB0C" Name="Whitelist FM Radio" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="F725010E-455D-4C09-AC48-BCDEF0D4B626" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="37F4272C-F4A0-4AB8-9B5F-C9194A0EC6F3" Name="Whitelist Microsoft Edge" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.MicrosoftEdge" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="253D3AEA-36C0-4877-B932-9E9C9493F3F3" Name="Whitelist Movies" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.ZuneVideo" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="9A73E081-01D1-4BFD-ADF4-5C29AD4031F7" Name="Whitelist Money" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.BingFinance" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="EE4BF66C-EBF0-4565-982C-922FFDCB2E6D" Name="Whitelist News" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.BingNews" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="D78E6A9D-10F8-4C23-B620-40B01B60E5EA" Name="Whitelist Onedrive" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="AD543082-80EC-45BB-AA02-FFE7F4182BA8" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="0012F35E-C242-47FF-A573-3DA06AF7E43C" Name="Whitelist Onedrive APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.MicrosoftSkydrive" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="178B0D68-3498-40CE-A0C3-295C6B3DA169" Name="Whitelist OneNote" Description="Allow Admins to run onenote." UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Office.OneNote" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="673914E4-D73A-405D-8DCF-173E36EA6722" Name="Whitelist GetStarted" Description="Allow Admins to run onenote." UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Getstarted" BinaryName="*" /> - </Conditions> - </FilePublisherRule> - - <FilePublisherRule Id="4546BD28-69B6-4175-A44C-33197D48F658" Name="Whitelist Outlook Calendar" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="microsoft.windowscommunicationsapps" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="7B843572-E1AD-45E6-A1F2-C551C70E4A34" Name="Whitelist Outlook Mail" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="microsoft.windowscommunicationsapps" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="E5A1CD1A-8C23-41E4-AACF-BF82FCE775A5" Name="Whitelist Photos" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Windows.Photos" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="0A194DD1-B25B-4512-8AFC-6F560D0EC205" Name="Whitelist PodCasts" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.MSPodcast" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="F5D27860-0238-4D1A-8011-9B8B263C3A33" Name="Whitelist SkypeApp" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="Microsoft.SkypeApp" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="B8BBC965-EC6D-4C16-AC68-C5F0090CB703" Name="Whitelist Store" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsStore" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="6031E1E7-A659-4B3D-87FB-3CB4C900F9D2" Name="Whitelist Sports" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.BingSports" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="A6D61B56-7CF7-4E95-953C-3A5913309B4E" Name="Whitelist Wallet" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.MicrosoftWallet" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="A2C44744-0627-4A52-937E-E3EC1ED476E0" Name="Whitelist Weather" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.BingWeather" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="D79978B4-EFAE-4458-8FE1-0F13B5CE6764" Name="Whitelist Xbox" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.XboxApp" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="395713B9-DD39-4741-8AB3-63D0A0DCA2B0" Name="Whitelist Xbox Identity Provider" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.XboxIdentityProvider" BinaryName="*" /> - </Conditions> - </FilePublisherRule> - - <FilePublisherRule Id="7565A8BB-D50B-4237-A9E9-B0997B36BDF9" Name="Whitelist Voice recorder" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsSoundRecorder" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="409A286E-8C3D-48AB-9D7C-3225A48B30C9" Name="Whitelist Word" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Office.Word" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="F72A5DA6-CA6A-4E7F-A350-AC9FACAB47DB" Name="Whitelist Excel" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Office.Excel" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="169B3498-2A73-4D5C-8AFB-A0DE2908A07D" Name="Whitelist PowerPoint" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Office.PowerPoint" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="A483B662-3538-4D70-98A7-1312D51A0DB9" Name="Whitelist Contact Support" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Windows.ContactSupport" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="EAB1CEDC-DD8A-4311-9146-27A3C689DEAF" Name="Whitelist Cortana" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Windows.Cortana" BinaryName="*" /> - </Conditions> - </FilePublisherRule> - - <FilePublisherRule Id="01CD8E68-666B-4DE6-8849-7CE4F0C37CA8" Name="Whitelist Storage" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA564D" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="15D9AD89-58BC-458E-9B96-3A18DA63AC3E" Name="Whitelist Groove Music" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.ZuneMusic" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="E2B71B03-D759-4AE2-8526-E1A0CE2801DE" Name="Whitelist Windows Feedback" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsFeedback" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="E7A30489-A20B-44C3-91A8-19D9F61A8B5B" Name="Whitelist Messaging and Messaging Video" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Messaging" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="D2A16D0C-8CC0-4C3A-9FB5-C1DB1B380CED" Name="Whitelist Phone splash" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA5611" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="2A355478-7449-43CB-908A-A378AA59FBB9" Name="Whitelist Phone APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.CommsPhone" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="89441630-7F1C-439B-8FFD-0BEEFF400C9B" Name="Whitelist Connect APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.DevicesFlow" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="E8AF01B5-7039-44F4-8072-6A6CC71EDF2E" Name="Whitelist Miracast APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="906BEEDA-B7E6-4DDC-BA8D-AD5031223EF9" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="DA02425B-0291-4A10-BE7E-B9C7922F4EDF" Name="Whitelist Print Dialog APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.PrintDialog" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="42919A05-347B-4A5F-ACB2-73710A2E6203" Name="Whitelist Block and Filter APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.BlockandFilterglobal" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + - <FilePublisherRule Id="6F3D8885-C15E-4D7E-8E1F-F2A560C08F9E" Name="Whitelist MSFacebook" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.MSFacebook" BinaryName="*" /> - </Conditions> - </FilePublisherRule> - - <FilePublisherRule Id="5168A5C3-5DC9-46C1-87C0-65A9DE1B4D18" Name="Whitelist Advanced Info" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"> - <Conditions> - <FilePublisherCondition PublisherName="*" ProductName="B6E3E590-9FA5-40C0-86AC-EF475DE98E88" BinaryName="*" /> - </Conditions> - </FilePublisherRule> + + + + + -</RuleCollection> + + + + + + + + + + + + + + + + + + + + + + + + + @@ -1689,119 +1689,119 @@ In this example, Contoso is the node name. We recommend using a GUID for this no chr - <RuleCollection Type="Exe" EnforcementMode="Enabled"> - <FilePublisherRule Id="b005eade-a5ee-4f5a-be45-d08fa557a4b2" Name="MICROSOFT OFFICE, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"> - <Conditions> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*" /> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> - <FilePublisherRule Id="de9f3461-6856-405d-9624-a80ca701f6cb" Name="MICROSOFT OFFICE 2003, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"> - <Conditions> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2003" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*" /> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> - <FilePublisherRule Id="ade1b828-7055-47fc-99bc-432cf7d1209e" Name="2007 MICROSOFT OFFICE SYSTEM, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"> - <Conditions> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="2007 MICROSOFT OFFICE SYSTEM" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*" /> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> - <FilePublisherRule Id="f6a075b5-a5b5-4654-abd6-731dacb40d95" Name="MICROSOFT OFFICE ONENOTE, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"> - <Conditions> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE ONENOTE" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="12.0.9999.9999" /> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> - <FilePublisherRule Id="0ec03b2f-e9a4-4743-ae60-6d29886cf6ae" Name="MICROSOFT OFFICE OUTLOOK, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"> - <Conditions> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE OUTLOOK" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="12.0.9999.9999" /> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> - <FilePublisherRule Id="7b272efd-4105-4fb7-9d40-bfa597c6792a" Name="MICROSOFT OFFICE 2013, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"> - <Conditions> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2013" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*" /> - </FilePublisherCondition> - </Conditions> - </FilePublisherRule> - <FilePublisherRule Id="89d8a4d3-f9e3-423a-92ae-86e7333e2662" Name="MICROSOFT ONENOTE, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"> - <Conditions> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT ONENOTE" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*" /> - </FilePublisherCondition> - </Conditions> - <Exceptions> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT ONENOTE" BinaryName="ONENOTE.EXE"> - <BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" /> - </FilePublisherCondition> - </Exceptions> - </FilePublisherRule> - <FilePublisherRule Id="5a2138bd-8042-4ec5-95b4-f990666fbf61" Name="MICROSOFT OUTLOOK, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"> - <Conditions> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OUTLOOK" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*" /> - </FilePublisherCondition> - </Conditions> - <Exceptions> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OUTLOOK" BinaryName="OUTLOOK.EXE"> - <BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" /> - </FilePublisherCondition> - </Exceptions> - </FilePublisherRule> - <FilePublisherRule Id="3fc5f9c5-f180-435b-838f-2960106a3860" Name="MICROSOFT ONEDRIVE, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"> - <Conditions> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT ONEDRIVE" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*" /> - </FilePublisherCondition> - </Conditions> - <Exceptions> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT ONEDRIVE" BinaryName="ONEDRIVE.EXE"> - <BinaryVersionRange LowSection="17.3.6386.0412" HighSection="*" /> - </FilePublisherCondition> - </Exceptions> - </FilePublisherRule> - <FilePublisherRule Id="17d988ef-073e-4d92-b4bf-f477b2ecccb5" Name="MICROSOFT OFFICE 2016, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"> - <Conditions> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="*"> - <BinaryVersionRange LowSection="*" HighSection="*" /> - </FilePublisherCondition> - </Conditions> - <Exceptions> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="LYNC.EXE"> - <BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" /> - </FilePublisherCondition> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="LYNC99.EXE"> - <BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" /> - </FilePublisherCondition> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="UCMAPI.EXE"> - <BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" /> - </FilePublisherCondition> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="OCPUBMGR.EXE"> - <BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" /> - </FilePublisherCondition> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="WINWORD.EXE"> - <BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" /> - </FilePublisherCondition> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="EXCEL.EXE"> - <BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" /> - </FilePublisherCondition> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="POWERPNT.EXE"> - <BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" /> - </FilePublisherCondition> - <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="MSOSYNC.EXE"> - <BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" /> - </FilePublisherCondition> - </Exceptions> - </FilePublisherRule> - </RuleCollection> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/windows/client-management/mdm/appv-deploy-and-config.md b/windows/client-management/mdm/appv-deploy-and-config.md index 62c91ca217..cd811d320d 100644 --- a/windows/client-management/mdm/appv-deploy-and-config.md +++ b/windows/client-management/mdm/appv-deploy-and-config.md @@ -19,7 +19,7 @@ ms.date: 06/26/2017 ### EnterpriseAppVManagement CSP node structure -[EnterpriseAppVManagement CSP reference](https://msdn.microsoft.com/en-us/windows/hardware/commercialize/customize/mdm/enterpriseappvmanagement-csp) +[EnterpriseAppVManagement CSP reference](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterpriseappvmanagement-csp) ![enterpriseappvmanagement csp](images/provisioning-csp-enterpriseappvmanagement.png) @@ -54,7 +54,7 @@ ms.date: 06/26/2017

    Dynamic policy examples:

    -[Dynamic configuration processing](https://technet.microsoft.com/en-us/itpro/windows/manage/appv-application-publishing-and-client-interaction#bkmk-dynamic-config">Dynamic configuration processing) +[Dynamic configuration processing](https://technet.microsoft.com/itpro/windows/manage/appv-application-publishing-and-client-interaction#bkmk-dynamic-config">Dynamic configuration processing)

    AppVPackageManagement - Primarily read-only App-V package inventory data for MDM servers to query current packages.

    @@ -83,9 +83,9 @@ ms.date: 06/26/2017

    A complete list of App-V policies can be found here:

    -[ADMX-backed policy reference](https://msdn.microsoft.com/en-us/windows/hardware/commercialize/customize/mdm/policy-admx-backed) +[ADMX-backed policy reference](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-admx-backed) -[EnterpriseAppVManagement CSP reference](https://msdn.microsoft.com/en-us/windows/hardware/commercialize/customize/mdm/enterpriseappvmanagement-csp) +[EnterpriseAppVManagement CSP reference](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterpriseappvmanagement-csp) ### SyncML examples @@ -106,7 +106,7 @@ ms.date: 06/26/2017 ./Device/Vendor/MSFT/Policy/Config/AppVirtualization/AllowAppvClient - <enabled/> + ``` @@ -126,14 +126,14 @@ ms.date: 06/26/2017 ./Device/Vendor/MSFT/Policy/Config/AppVirtualization/AllowPackageScripts - <enabled/> + ```

    Complete list of App-V policies can be found here:

    -[Policy CSP](https://msdn.microsoft.com/en-us/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider) +[Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider) #### SyncML with package published for a device (global to all users for that device) diff --git a/windows/client-management/mdm/assignedaccess-csp.md b/windows/client-management/mdm/assignedaccess-csp.md index 9ee6c9171a..e6004a22a5 100644 --- a/windows/client-management/mdm/assignedaccess-csp.md +++ b/windows/client-management/mdm/assignedaccess-csp.md @@ -7,7 +7,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 04/25/2018 +ms.date: 09/18/2018 --- # AssignedAccess CSP @@ -15,9 +15,12 @@ ms.date: 04/25/2018 The AssignedAccess configuration service provider (CSP) is used to set the device to run in kiosk mode. Once the CSP has been executed, then the next user login that is associated with the kiosk mode puts the device into the kiosk mode running the application specified in the CSP configuration. -For a step-by-step guide for setting up devices to run in kiosk mode, see [Set up a kiosk on Windows 10 Pro, Enterprise, or Education.](http://go.microsoft.com/fwlink/p/?LinkID=722211) +For a step-by-step guide for setting up devices to run in kiosk mode, see [Set up a kiosk on Windows 10 Pro, Enterprise, or Education.](https://go.microsoft.com/fwlink/p/?LinkID=722211) - In Windows 10, version 1709, the AssignedAccess configuration service provider (CSP) has been expanded to make it easy for administrators to create kiosks that run more than one app. You can configure multi-app kiosks using a provisioning package. For a step-by-step guide, see [Create a Windows 10 kiosk that runs multiple apps](https://docs.microsoft.com/en-us/windows/configuration/lock-down-windows-10-to-specific-apps). + In Windows 10, version 1709, the AssignedAccess configuration service provider (CSP) has been expanded to make it easy for administrators to create kiosks that run more than one app. You can configure multi-app kiosks using a provisioning package. For a step-by-step guide, see [Create a Windows 10 kiosk that runs multiple apps](https://docs.microsoft.com/windows/configuration/lock-down-windows-10-to-specific-apps). + +> [!Warning] +> You can only assign one single app kiosk profile to an individual user account on a device. The single app profile does not support domain groups. > [!Note] > The AssignedAccess CSP is supported in Windows 10 Enterprise and Windows 10 Education. Starting from Windows 10, version 1709 it is also supported in Windows 10 Pro and Windows 10 S. Starting in Windows 10, version 1803, it is also supported in Windows Holographic for Business edition. @@ -26,19 +29,19 @@ The following diagram shows the AssignedAccess configuration service provider in ![assignedaccess csp diagram](images/provisioning-csp-assignedaccess.png) -**./Device/Vendor/MSFT/AssignedAccess** +**./Device/Vendor/MSFT/AssignedAccess** Root node for the CSP. -**./Device/Vendor/MSFT/AssignedAccess/KioskModeApp** -A JSON string that contains the user account name and Application User Model ID (AUMID) of the Kiosk mode app. For more information about how to get the AUMID, see [Find the Application User Model ID of an installed app](https://docs.microsoft.com/en-us/windows-hardware/customize/enterprise/find-the-application-user-model-id-of-an-installed-app). +**./Device/Vendor/MSFT/AssignedAccess/KioskModeApp** +A JSON string that contains the user account name and Application User Model ID (AUMID) of the Kiosk mode app. For more information about how to get the AUMID, see [Find the Application User Model ID of an installed app](https://docs.microsoft.com/windows-hardware/customize/enterprise/find-the-application-user-model-id-of-an-installed-app). -For a step-by-step guide for setting up devices to run in kiosk mode, see [Set up a kiosk on Windows 10 Pro, Enterprise, or Education.](http://go.microsoft.com/fwlink/p/?LinkID=722211) +For a step-by-step guide for setting up devices to run in kiosk mode, see [Set up a kiosk on Windows 10 Pro, Enterprise, or Education.](https://go.microsoft.com/fwlink/p/?LinkID=722211) -> [!Note] -> In Windows 10, version 1803 the Configuration node introduces single app kiosk profile to replace KioskModeApp CSP node. KioskModeApp node will be deprecated soon, so you should use the single app kiosk profile in config xml for Configuration node to configure public-facing single app Kiosk. +> [!Note] +> In Windows 10, version 1803 the Configuration node introduces single app kiosk profile to replace KioskModeApp CSP node. KioskModeApp node will be deprecated soon, so you should use the single app kiosk profile in config xml for Configuration node to configure public-facing single app Kiosk. > > Starting in Windows 10, version 1803 the KioskModeApp node becomes No-Op if Configuration node is configured on the device. That Add/Replace/Delete command on KioskModeApp node always returns SUCCESS to the MDM server if Configuration node is set, but the data of KioskModeApp will not take any effect on the device. Get command on KioskModeApp will return the configured JSON string even it’s not effective. - + > [!Note] > You cannot set both KioskModeApp and ShellLauncher at the same time on the device. @@ -50,14 +53,14 @@ Here's an example: {"Account":"contoso\\kioskuser","AUMID":"Microsoft.Windows.Contoso_cw5n1h2txyewy!Microsoft.ContosoApp.ContosoApp"} ``` -> [!Tip] +> [!Tip] > In this example the double \\\ is required because it's in JSON and JSON escapes \ into \\\\. If an MDM server uses JSON parser\composer, they should ask customers to type only one \\, which will be \\\ in the JSON. If user types \\\\, it'll become \\\\\\\ in JSON, which will cause erroneous results. For the same reason, domain\account used in Configuration xml does not need \\\ but only one \\, because xml does not (need to) escape \\. > > This applies to both domain\account, AzureAD\someone@contoso.onmicrosoft.com, i.e. as long as a \ used in JSON string.  When configuring the kiosk mode app, the account name will be used to find the target user. The account name includes domain name and user name. -> [!Note] +> [!Note] > The domain name can be optional if the user name is unique across the system. For a local account, the domain name should be the device name. When Get is executed on this node, the domain name is always returned in the output. @@ -65,33 +68,32 @@ For a local account, the domain name should be the device name. When Get is exec The supported operations are Add, Delete, Get and Replace. When there's no configuration, the Get and Delete methods fail. When there's already a configuration for kiosk mode app, the Add method fails. The data pattern for Add and Replace is the same. -**./Device/Vendor/MSFT/AssignedAccess/Configuration** -Added in Windows 10, version 1709. Specifies the settings that you can configure in the kiosk or device. This node accepts an AssignedAccessConfiguration xml as input to configure the device experience. For details about the configuration settings in the XML, see [Create a Windows 10 kiosk that runs multiple apps](https://docs.microsoft.com/en-us/windows/configuration/lock-down-windows-10-to-specific-apps). Here is the schema for the [AssignedAccessConfiguration](#assignedaccessconfiguration-xsd). +**./Device/Vendor/MSFT/AssignedAccess/Configuration** +Added in Windows 10, version 1709. Specifies the settings that you can configure in the kiosk or device. This node accepts an AssignedAccessConfiguration xml as input to configure the device experience. For details about the configuration settings in the XML, see [Create a Windows 10 kiosk that runs multiple apps](https://docs.microsoft.com/windows/configuration/lock-down-windows-10-to-specific-apps). Here is the schema for the [AssignedAccessConfiguration](#assignedaccessconfiguration-xsd). -> [!Note] -> In Windows 10, version 1803 the Configuration node introduces single app kiosk profile to replace KioskModeApp CSP node. KioskModeApp node will be deprecated soon, so you should use the single app kiosk profile in config xml for Configuration node to configure public-facing single app Kiosk. +> [!Note] +> In Windows 10, version 1803 the Configuration node introduces single app kiosk profile to replace KioskModeApp CSP node. KioskModeApp node will be deprecated soon, so you should use the single app kiosk profile in config xml for Configuration node to configure public-facing single app Kiosk. > > Starting in Windows 10, version 1803 the KioskModeApp node becomes No-Op if Configuration node is configured on the device. That Add/Replace/Delete command on KioskModeApp node always returns SUCCESS to the MDM server if Configuration node is set, but the data of KioskModeApp will not take any effect on the device. Get command on KioskModeApp will return the configured JSON string even it’s not effective. -Enterprises can use this to easily configure and manage the curated lockdown experience. +Enterprises can use this to easily configure and manage the curated lockdown experience. Supported operations are Add, Get, Delete, and Replace. Deleting the multi-app configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all the enforced policies back (e.g. Start Layout). -**./Device/Vendor/MSFT/AssignedAccess/Status** +**./Device/Vendor/MSFT/AssignedAccess/Status** Added in Windows 10, version 1803. This read only polling node allows MDM server to query the current KioskModeAppRuntimeStatus as long as the StatusConfiguration node is set to “On” or “OnWithAlerts”. If the StatusConfiguration is “Off”, a node not found error will be reported to the MDM server. Click [link](#status-example) to see an example SyncML. [Here](#assignedaccessalert-xsd) is the schema for the Status payload. - -In Windows 10, version 1803, Assigned Access runtime status only supports monitoring single app kiosk mode. Here are the possible status available for single app kiosk mode. - + +In Windows 10, version 1803, Assigned Access runtime status only supports monitoring single app kiosk mode. Here are the possible status available for single app kiosk mode. + |Status |Description | |---------|---------|---------| | KioskModeAppRunning | This means the kiosk app is running normally. | | KioskModeAppNotFound | This occurs when the kiosk app is not deployed to the machine. | | KioskModeAppActivationFailure | This happens when the assigned access controller detects the process terminated unexpectedly after exceeding the max retry. | -Note that status codes available in the Status payload correspond to a specific KioskModeAppRuntimeStatus. - +Note that status codes available in the Status payload correspond to a specific KioskModeAppRuntimeStatus. |Status code | KioskModeAppRuntimeStatus | |---------|---------| @@ -99,38 +101,60 @@ Note that status codes available in the Status payload correspond to a specific | 2 | KioskModeAppNotFound | | 3 | KioskModeAppActivationFailure | +Additionally, the status payload includes a profileId that can be used by the MDM server to correlate which kiosk app caused the error. -Additionally, the status payload includes a profileId, which can be used by the MDM server to correlate which kiosk app caused the error. +In Windows 10, version 1809, Assigned Access runtime status supports monitoring single-app kiosk and multi-app modes. Here are the possible status codes. + +|Status|Description| +|---|---| +|Running|The AssignedAccess account (kiosk or multi-app) is running normally.| +|AppNotFound|The kiosk app isn't deployed to the machine.| +|ActivationFailed|The AssignedAccess account (kiosk or multi-app) failed to sign in.| +|AppNoResponse|The kiosk app launched successfully but is now unresponsive.| + +Note that status codes available in the Status payload correspond to a specific AssignedAccessRuntimeStatus. + +|Status code|AssignedAccessRuntimeStatus| +|---|---| +|1|Running| +|2|AppNotFound| +|3|ActivationFailed| +|4|AppNoResponse| + +Additionally, the Status payload includes the following fields: + +- profileId: can be used by the MDM server to correlate which account caused the error. +- OperationList: list of failed operations that occurred while applying the assigned access CSP, if any exist. Supported operation is Get. -**./Device/Vendor/MSFT/AssignedAccess/ShellLauncher** -Added in Windows 10,version 1803. This node accepts a ShellLauncherConfiguration xml as input. Click [link](#shelllauncherconfiguration-xsd) to see the schema. For more information, see [Shell Launcher](https://docs.microsoft.com/en-us/windows-hardware/customize/enterprise/shell-launcher). +**./Device/Vendor/MSFT/AssignedAccess/ShellLauncher** +Added in Windows 10,version 1803. This node accepts a ShellLauncherConfiguration xml as input. Click [link](#shelllauncherconfiguration-xsd) to see the schema. For more information, see [Shell Launcher](https://docs.microsoft.com/windows-hardware/customize/enterprise/shell-launcher). -> [!Note] +> [!Note] > You cannot set both ShellLauncher and KioskModeApp at the same time on the device. > -> Configuring Shell Launcher using the ShellLauncher node automatically enables the Shell Launcher feature if it is available within the SKU. I. Shell Launcher as a feature and the ShellLauncher node both require Windows Enterprise or Windows Education to function. -> +> Configuring Shell Launcher using the ShellLauncher node automatically enables the Shell Launcher feature if it is available within the SKU. I. Shell Launcher as a feature and the ShellLauncher node both require Windows Enterprise or Windows Education to function. +> >The ShellLauncher node is not supported in Windows 10 Pro. -**./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration** +**./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration** Added in Windows 10, version 1803. This node accepts a StatusConfiguration xml as input to configure the Kiosk App Health monitoring. There are three possible values for StatusEnabled node inside StatusConfiguration xml: On, OnWithAlerts, and Off. Click [link](#statusconfiguration-xsd) to see the StatusConfiguration schema. - -By default the StatusConfiguration node does not exist, and it implies this feature is off. Once enabled via CSP, Assigned Access will check kiosk app status and wait for MDM server to query the latest status from the Status node. - -Optionally, the MDM server can opt-in to the MDM alert so a MDM alert will be generated and sent immediately to the MDM server when the assigned access runtime status is changed. This MDM alert will contain the status payload that is available via the Status node. - -This MDM alert header is defined as follows: -- MDMAlertMark: Critical -- MDMAlertType: "com.microsoft.mdm.assignedaccess.status" -- MDMAlertDataType: String -- Source: "./Vendor/MSFT/AssignedAccess" -- Target: N/A - -> [!Note] -> MDM alert will only be sent for errors. +By default the StatusConfiguration node does not exist, and it implies this feature is off. Once enabled via CSP, Assigned Access will check kiosk app status and wait for MDM server to query the latest status from the Status node. + +Optionally, the MDM server can opt-in to the MDM alert so a MDM alert will be generated and sent immediately to the MDM server when the assigned access runtime status is changed. This MDM alert will contain the status payload that is available via the Status node. + +This MDM alert header is defined as follows: + +- MDMAlertMark: Critical +- MDMAlertType: "com.microsoft.mdm.assignedaccess.status" +- MDMAlertDataType: String +- Source: "./Vendor/MSFT/AssignedAccess" +- Target: N/A + +> [!Note] +> MDM alert will only be sent for errors. ## KioskModeApp examples @@ -146,9 +170,9 @@ KioskModeApp Add ./Device/Vendor/MSFT/AssignedAccess/KioskModeApp - - chr - + + chr + {"Account":"Domain\\AccountName","AUMID":"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App"} @@ -204,9 +228,9 @@ KioskModeApp Replace ./Device/Vendor/MSFT/AssignedAccess/KioskModeApp - - chr - + + chr + {"Account":"Domain\\AccountName","AUMID":"Microsoft.WindowsAlarms_8wekyb3d8bbwe!App"} @@ -232,7 +256,7 @@ KioskModeApp Replace - + @@ -362,61 +386,61 @@ KioskModeApp Replace ## Example AssignedAccessConfiguration XML ``` syntax - - -    -      -        -          -          -          -          -          -          -          -        -      -      -        -                      -                      -                        -                          -                            -                              -                              -                              -                              -                              -                            -                            -                              -                              -                            -                          -                        -                      -                    -                ]]> -      -      -    -    -      MultiAppKioskUser -      -    - + + +    +      +        +          +          +          +          +          +          +          +        +      +      +        +                      +                      +                        +                          +                            +                              +                              +                              +                              +                              +                            +                            +                              +                              +                            +                          +                        +                      +                    +                ]]> +      +      +    +    +      MultiAppKioskUser +      +    + ``` ## Configuration examples -XML encoding (escaped) and CDATA of the XML in the Data node both ensure that DM client can properly interpret the SyncML and send the configuration xml as string (in original format, unescaped) to AssignedAccess CSP to handle. +XML encoding (escaped) and CDATA of the XML in the Data node both ensure that DM client can properly interpret the SyncML and send the configuration xml as string (in original format, unescaped) to AssignedAccess CSP to handle. -Similarly, the StartLayout xml inside the configuration xml is using the same format, xml inside xml as string. In the sample Configuration xml provided above, CDATA is used to embed the StartLayout xml. If you use CDATA to embed configuration xml in SyncML as well, you’ll have nested CDATA so pay attention to how CDATA is used in the provided CDATA sample. With that being said, when the Configuration xml is being constructed, MDM server can either escape start layout xml or put startlayout xml inside CDATA, when MDM server puts configuration xml inside SyncML, MDM server can also either escape it or wrap with CDATA. +Similarly, the StartLayout xml inside the configuration xml is using the same format, xml inside xml as string. In the sample Configuration xml provided above, CDATA is used to embed the StartLayout xml. If you use CDATA to embed configuration xml in SyncML as well, you’ll have nested CDATA so pay attention to how CDATA is used in the provided CDATA sample. With that being said, when the Configuration xml is being constructed, MDM server can either escape start layout xml or put startlayout xml inside CDATA, when MDM server puts configuration xml inside SyncML, MDM server can also either escape it or wrap with CDATA. Escape and CDATA are mechanisms when handling xml in xml. Consider it’s a transportation channel to send the configuration xml as payload from server to client. It’s transparent to both end user who configures the CSP and transparent to our CSP. Both the customer on the server side and our CSP must only see the original configuration XML. @@ -451,26 +475,26 @@ This example shows escaped XML of the Data node. </AllowedApps> </AllAppsList> <StartLayout> - <![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification"> - <LayoutOptions StartTileGroupCellWidth="6" /> - <DefaultLayoutOverride> - <StartLayoutCollection> - <defaultlayout:StartLayout GroupCellWidth="6"> - <start:Group Name="Group1"> - <start:Tile Size="4x4" Column="0" Row="0" AppUserModelID="Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic" /> - <start:Tile Size="2x2" Column="4" Row="2" AppUserModelID="Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo" /> - <start:Tile Size="2x2" Column="4" Row="0" AppUserModelID="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" /> - <start:Tile Size="2x2" Column="4" Row="4" AppUserModelID="Microsoft.BingWeather_8wekyb3d8bbwe!App" /> - <start:Tile Size="4x2" Column="0" Row="4" AppUserModelID="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" /> - </start:Group> - <start:Group Name="Group2"> - <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationID="{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\mspaint.exe" /> - <start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationID="{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\notepad.exe" /> - </start:Group> - </defaultlayout:StartLayout> - </StartLayoutCollection> - </DefaultLayoutOverride> - </LayoutModificationTemplate> + <![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification"> + <LayoutOptions StartTileGroupCellWidth="6" /> + <DefaultLayoutOverride> + <StartLayoutCollection> + <defaultlayout:StartLayout GroupCellWidth="6"> + <start:Group Name="Group1"> + <start:Tile Size="4x4" Column="0" Row="0" AppUserModelID="Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic" /> + <start:Tile Size="2x2" Column="4" Row="2" AppUserModelID="Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo" /> + <start:Tile Size="2x2" Column="4" Row="0" AppUserModelID="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" /> + <start:Tile Size="2x2" Column="4" Row="4" AppUserModelID="Microsoft.BingWeather_8wekyb3d8bbwe!App" /> + <start:Tile Size="4x2" Column="0" Row="4" AppUserModelID="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" /> + </start:Group> + <start:Group Name="Group2"> + <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationID="{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\mspaint.exe" /> + <start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationID="{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\notepad.exe" /> + </start:Group> + </defaultlayout:StartLayout> + </StartLayoutCollection> + </DefaultLayoutOverride> + </LayoutModificationTemplate> ]]> </StartLayout> <Taskbar ShowTaskbar="true"/> @@ -521,26 +545,26 @@ This example shows escaped XML of the Data node. </AllowedApps> </AllAppsList> <StartLayout> - <![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification"> - <LayoutOptions StartTileGroupCellWidth="6" /> - <DefaultLayoutOverride> - <StartLayoutCollection> - <defaultlayout:StartLayout GroupCellWidth="6"> - <start:Group Name="Group1"> - <start:Tile Size="4x4" Column="0" Row="0" AppUserModelID="Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic" /> - <start:Tile Size="2x2" Column="4" Row="2" AppUserModelID="Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo" /> - <start:Tile Size="2x2" Column="4" Row="0" AppUserModelID="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" /> - <start:Tile Size="2x2" Column="4" Row="4" AppUserModelID="Microsoft.BingWeather_8wekyb3d8bbwe!App" /> - <start:Tile Size="4x2" Column="0" Row="4" AppUserModelID="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" /> - </start:Group> - <start:Group Name="Group2"> - <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationID="{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\mspaint.exe" /> - <start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationID="{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\notepad.exe" /> - </start:Group> - </defaultlayout:StartLayout> - </StartLayoutCollection> - </DefaultLayoutOverride> - </LayoutModificationTemplate> + <![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification"> + <LayoutOptions StartTileGroupCellWidth="6" /> + <DefaultLayoutOverride> + <StartLayoutCollection> + <defaultlayout:StartLayout GroupCellWidth="6"> + <start:Group Name="Group1"> + <start:Tile Size="4x4" Column="0" Row="0" AppUserModelID="Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic" /> + <start:Tile Size="2x2" Column="4" Row="2" AppUserModelID="Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo" /> + <start:Tile Size="2x2" Column="4" Row="0" AppUserModelID="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" /> + <start:Tile Size="2x2" Column="4" Row="4" AppUserModelID="Microsoft.BingWeather_8wekyb3d8bbwe!App" /> + <start:Tile Size="4x2" Column="0" Row="4" AppUserModelID="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" /> + </start:Group> + <start:Group Name="Group2"> + <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationID="{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\mspaint.exe" /> + <start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationID="{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\notepad.exe" /> + </start:Group> + </defaultlayout:StartLayout> + </StartLayoutCollection> + </DefaultLayoutOverride> + </LayoutModificationTemplate> ]]> </StartLayout> <Taskbar ShowTaskbar="true"/> @@ -576,53 +600,53 @@ This example uses CData for the XML. chr - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ]]]]> - - - - - - - MultiAppKioskUser - - - + + + + + + + MultiAppKioskUser + + + ]]> @@ -700,117 +724,117 @@ Example of the Delete command. ## StatusConfiguration example -StatusConfiguration Add OnWithAlerts +StatusConfiguration Add OnWithAlerts ``` syntax - - - - 2 - - - ./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration - - - chr - - - - - OnWithAlerts - - ]]> - - - - - - -``` - - -StatusConfiguration Delete -``` syntax - - - - 2 - - - ./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration - - - - - - -``` - -StatusConfiguration Get - -``` syntax - - - - 2 - - - ./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration - - - - - + + + + 2 + + + ./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration + + + chr + + + + + OnWithAlerts + + ]]> + + + + + ``` - -StatusConfiguration Replace On - + + +StatusConfiguration Delete +``` syntax + + + + 2 + + + ./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration + + + + + + +``` + +StatusConfiguration Get + +``` syntax + + + + 2 + + + ./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration + + + + + + +``` + +StatusConfiguration Replace On + ```syntax - - - - 2 - - - ./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration - - - chr - - - - - On - - ]]> - - - - - - + + + + 2 + + + ./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration + + + chr + + + + + On + + ]]> + + + + + + ``` ## Status example -Status Get +Status Get ``` syntax - - - - 2 - - - ./Device/Vendor/MSFT/AssignedAccess/Status - - - - - - + + + + 2 + + + ./Device/Vendor/MSFT/AssignedAccess/Status + + + + + + ``` ## ShellLauncherConfiguration XSD @@ -1113,10 +1137,11 @@ ShellLauncherConfiguration Get - - - - + + + + + @@ -1126,35 +1151,51 @@ ShellLauncherConfiguration Get + + + + + + + + + + + + + + + + - + - + - + ``` -## Windows Holographic for Business edition example +## Windows Holographic for Business edition example -This example configures the following apps: Skype, Learning, Feedback Hub, and Calibration, for first line workers. Use this XML in a provisioning package using Windows Configuration Designer. For instructions, see [Configure HoloLens using a provisioning package](https://docs.microsoft.com/en-us/hololens/hololens-provisioning). +This example configures the following apps: Skype, Learning, Feedback Hub, and Calibration, for first line workers. Use this XML in a provisioning package using Windows Configuration Designer. For instructions, see [Configure HoloLens using a provisioning package](https://docs.microsoft.com/hololens/hololens-provisioning). ``` syntax - @@ -1193,8 +1234,8 @@ This example configures the following apps: Skype, Learning, Feedback Hub, and C - AzureAD\multiusertest@analogfre.onmicrosoft.com @@ -1202,4 +1243,4 @@ This example configures the following apps: Skype, Learning, Feedback Hub, and C -``` \ No newline at end of file +``` diff --git a/windows/client-management/mdm/assignedaccess-ddf.md b/windows/client-management/mdm/assignedaccess-ddf.md index a76545fe53..e68f76f543 100644 --- a/windows/client-management/mdm/assignedaccess-ddf.md +++ b/windows/client-management/mdm/assignedaccess-ddf.md @@ -17,8 +17,8 @@ This topic shows the OMA DM device description framework (DDF) for the **Assigne You can download the DDF files from the links below: -- [Download all the DDF files for Windows 10, version 1703](http://download.microsoft.com/download/C/7/C/C7C94663-44CF-4221-ABCA-BC895F42B6C2/Windows10_1703_DDF_download.zip) -- [Download all the DDF files for Windows 10, version 1607](http://download.microsoft.com/download/2/3/E/23E27D6B-6E23-4833-B143-915EDA3BDD44/Windows10_1607_DDF.zip) +- [Download all the DDF files for Windows 10, version 1703](https://download.microsoft.com/download/C/7/C/C7C94663-44CF-4221-ABCA-BC895F42B6C2/Windows10_1703_DDF_download.zip) +- [Download all the DDF files for Windows 10, version 1607](https://download.microsoft.com/download/2/3/E/23E27D6B-6E23-4833-B143-915EDA3BDD44/Windows10_1607_DDF.zip) The XML below is for Windows 10, version 1803. @@ -62,7 +62,7 @@ The XML below is for Windows 10, version 1803. This node can accept and return json string which comprises of account name, and AUMID for Kiosk mode app. -Example: {"User":"domain\\user", "AUMID":"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App"}. +Example: {"User":"domain\\user", "AUMID":"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App"}. When configuring kiosk mode app, account name will be used to find the target user. Account name includes domain name and user name. Domain name can be optional if user name is unique across the system. For a local account, domain name should be machine name. When "Get" is executed on this node, domain name is always returned in the output. diff --git a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md index e5d61253aa..8cc949f6b9 100644 --- a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md +++ b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md @@ -58,9 +58,9 @@ In both scenarios, the enrollment flow provides an opportunity for the MDM servi In the out-of-the-box scenario, the web view is 100% full screen, which gives the MDM vendor the ability to paint an edge-to-edge experience. With great power comes great responsibility! It is important that MDM vendors who chose to integrate with Azure AD to respect the Windows 10 design guidelines to the letter. This includes using a responsive web design and respecting the Windows accessibility guidelines, which includes the forward and back buttons that are properly wired to the navigation logic. Additional details are provided later in this topic. -For Azure AD enrollment to work for an Active Directory Federated Services (AD FS) backed Azure AD account, you must enable password authentication for the intranet on the ADFS service as described in solution \#2 in [this article](http://go.microsoft.com/fwlink/?LinkId=690246). +For Azure AD enrollment to work for an Active Directory Federated Services (AD FS) backed Azure AD account, you must enable password authentication for the intranet on the ADFS service as described in solution \#2 in [this article](https://go.microsoft.com/fwlink/?LinkId=690246). -Once a user has an Azure AD account added to Windows 10 and enrolled in MDM, the enrollment can be manages through **Settings** > **Accounts** > **Work access**. Device management of either Azure AD Join for corporate scenarios or BYOD scenarios are similar. +Once a user has an Azure AD account added to Windows 10 and enrolled in MDM, the enrollment can be manages through **Settings** > **Accounts** > **Work access**. Device management of either Azure AD Join for corporate scenarios or BYOD scenarios are similar. > **Note**  Users cannot remove the device enrollment through the **Work access** user interface because management is tied to the Azure AD or work account. @@ -79,31 +79,31 @@ Azure AD MDM enrollment is a two-step process: To support Azure AD enrollment, MDM vendors must host and expose a Terms of Use endpoint and an MDM enrollment endpoint. -**Terms of Use endpoint** +**Terms of Use endpoint** Use this endpoint to inform users of the ways in which their device can be controlled by their organization. The Terms of Use page is responsible for collecting user’s consent before the actual enrollment phase begins. It’s important to understand that the Terms of Use flow is a "black box" to Windows and Azure AD. The whole web view is redirected to the Terms of Use URL, and the user is expected to be redirected back after approving (or in some cases rejecting) the Terms. This design allows the MDM vendor to customize their Terms of Use for different scenarios (e.g., different levels of control are applied on BYOD vs. company-owned devices) or implement user/group based targeting (e.g. users in certain geographies may be subject to stricter device management policies). The Terms of Use endpoint can be used to implement additional business logic, such as collecting a one-time PIN provided by IT to control device enrollment. However, MDM vendors must not use the Terms of Use flow to collect user credentials, which could lead to a highly degraded user experience. It’s not needed, since part of the MDM integration ensures that the MDM service can understand tokens issued by Azure AD. -**MDM enrollment endpoint** +**MDM enrollment endpoint** After the users accepts the Terms of Use, the device is registered in Azure AD and the automatic MDM enrollment begins. The following diagram illustrates the high-level flow involved in the actual enrollment process. The device is first registered with Azure AD. This process assigns a unique device identifier to the device and presents the device with the ability to authenticate itself with Azure AD (device authentication). Subsequently, the device is enrolled for management with the MDM. This is done by calling the enrollment endpoint and requesting enrollment for the user and device. At this point, the user has been authenticated and device has been registered and authenticated with Azure AD. This information is made available to the MDM in the form of claims within an access token presented at the enrollment endpoint. ![azure ad enrollment flow](images/azure-ad-enrollment-flow.png) -The MDM is expected to use this information about the device (Device ID) when reporting device compliance back to Azure AD using the [Azure AD Graph API](http://go.microsoft.com/fwlink/p/?LinkID=613654). A sample for reporting device compliance is provided later in this topic. +The MDM is expected to use this information about the device (Device ID) when reporting device compliance back to Azure AD using the [Azure AD Graph API](https://go.microsoft.com/fwlink/p/?LinkID=613654). A sample for reporting device compliance is provided later in this topic. ## Make the MDM a reliable party of Azure AD -To participate in the integrated enrollment flow outlined in the previous section, the MDM must be able to consume access tokens issued by Azure AD. To report compliance to Azure AD, the MDM must be able to authenticate itself to Azure AD and obtain authorization in the form of an access token that allows it to invoke the [Azure AD Graph API](http://go.microsoft.com/fwlink/p/?LinkID=613654). +To participate in the integrated enrollment flow outlined in the previous section, the MDM must be able to consume access tokens issued by Azure AD. To report compliance to Azure AD, the MDM must be able to authenticate itself to Azure AD and obtain authorization in the form of an access token that allows it to invoke the [Azure AD Graph API](https://go.microsoft.com/fwlink/p/?LinkID=613654). ### Add a cloud-based MDM A cloud-based MDM is a SaaS application that provides device management capabilities in the cloud. It is a multi-tenant application. This application is registered with Azure AD in the home tenant of the MDM vendor. When an IT admin decides to use this MDM solution, an instance of this application is made visible in the tenant of the customer. -The MDM vendor must first register the application in their home tenant and mark it as a multi-tenant application. Here a code sample from GitHub that explains how to add multi-tenant applications to Azure AD, [WepApp-WebAPI-MultiTenant-OpenIdConnect-DotNet](http://go.microsoft.com/fwlink/p/?LinkId=613661). +The MDM vendor must first register the application in their home tenant and mark it as a multi-tenant application. Here a code sample from GitHub that explains how to add multi-tenant applications to Azure AD, [WepApp-WebAPI-MultiTenant-OpenIdConnect-DotNet](https://go.microsoft.com/fwlink/p/?LinkId=613661). > **Note**  For the MDM provider, if you don't have an existing Azure AD tentant with an Azure AD subscription that you manage, follow the step-by-step guide in [Add an Azure AD tenant and Azure AD subscription](add-an-azure-ad-tenant-and-azure-ad-subscription.md) to set up a tenant, add a subscription, and manage it via the Azure Portal. @@ -115,14 +115,14 @@ Use the following steps to register a cloud-based MDM application with Azure AD. 1. Login to the Azure Management Portal using an admin account in your home tenant. 2. In the left navigation, click on the **Active Directory**. 3. Click the directory tenant where you want to register the application. - + Ensure that you are logged into your home tenant. 4. Click the **Applications** tab. 5. In the drawer, click **Add**. 6. Click **Add an application my organization is developing**. 7. Enter a friendly name for the application, such as ContosoMDM, select **Web Application and or Web API**, then click **Next**. 8. Enter the login URL for your MDM service. -9. For the App ID, enter **https://<your\_tenant\_name>/ContosoMDM**, then click OK. +9. For the App ID, enter **https://<your\_tenant\_name>/ContosoMDM**, then click OK. 10. While still in the Azure portal, click the **Configure** tab of your application. 11. Mark your application as **multi-tenant**. 12. Find the client ID value and copy it. @@ -132,7 +132,7 @@ Use the following steps to register a cloud-based MDM application with Azure AD. You will need this to call the Azure AD Graph API to report device compliance. This is covered in the subsequent section. -For more information about how to register a sample application with Azure AD, see the steps to register the **TodoListService Web API** in [NativeClient-DotNet](http://go.microsoft.com/fwlink/p/?LinkId=613667) +For more information about how to register a sample application with Azure AD, see the steps to register the **TodoListService Web API** in [NativeClient-DotNet](https://go.microsoft.com/fwlink/p/?LinkId=613667) ### Add an on-premises MDM @@ -142,13 +142,13 @@ The customer experience for adding an on-premises MDM to their tenant is similar Your on-premises MDM product must expose a configuration experience where administrators can provide the client ID, app ID, and the key configured in their directory for that MDM application. You can use this client ID and key to request tokens from Azure AD when reporting device compliance. -For more information about registering applications with Azure AD, see [Basics of Registering an Application in Azure AD](http://go.microsoft.com/fwlink/p/?LinkId=613671). +For more information about registering applications with Azure AD, see [Basics of Registering an Application in Azure AD](https://go.microsoft.com/fwlink/p/?LinkId=613671). ### Key management and security guidelines The application keys used by your MDM service are a sensitive resource. They should be protected and rolled over periodically for greater security. Access tokens obtained by your MDM service to call the Azure AD Graph API are bearer tokens and should be protected to avoid unauthorized disclosure. -For security best practices, see [Windows Azure Security Essentials](http://go.microsoft.com/fwlink/p/?LinkId=613715). +For security best practices, see [Windows Azure Security Essentials](https://go.microsoft.com/fwlink/p/?LinkId=613715). You can rollover the application keys used by a cloud-based MDM service without requiring a customer interaction. There is a single set of keys across all customer tenants that are managed by the MDM vendor in their Azure AD tenant. @@ -167,7 +167,7 @@ The following image illustrates how MDM applications will show up in the Azure a You should work with the Azure AD engineering team if your MDM application is cloud-based. The following table shows the required information to create an entry in the Azure AD app gallery. - +
    @@ -211,7 +211,7 @@ However, key management is different for on-premises MDM. You must obtain the cl ## Themes -The pages rendered by the MDM as part of the integrated enrollment process must use Windows 10 templates ([Download the Windows 10 templates and CSS files](http://download.microsoft.com/download/3/E/5/3E535D52-6432-47F6-B460-4E685C5D543A/MDM-ISV_1.1.3.zip)). This is important for enrollment during the Azure AD Join experience in OOBE where all of the pages are edge-to-edge HTML pages. Don't try to copy the templates because you'll never get the button placement right. Using the shared Windows 10 templates ensure a seamless experience for the customers. +The pages rendered by the MDM as part of the integrated enrollment process must use Windows 10 templates ([Download the Windows 10 templates and CSS files](https://download.microsoft.com/download/3/E/5/3E535D52-6432-47F6-B460-4E685C5D543A/MDM-ISV_1.1.3.zip)). This is important for enrollment during the Azure AD Join experience in OOBE where all of the pages are edge-to-edge HTML pages. Don't try to copy the templates because you'll never get the button placement right. Using the shared Windows 10 templates ensure a seamless experience for the customers. There are 3 distinct scenarios: @@ -221,7 +221,7 @@ There are 3 distinct scenarios: Scenarios 1, 2, and 3 are available in Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education. Scenarios 1 and 3 are available in Windows 10 Mobile. Support for scenario 1 was added in Windows 10 Mobile, version 1511. -The CSS files provided by Microsoft contains version information and we recommend that you use the latest version. There are separate CSS files for desktop and mobile devices, OOBE, and post-OOBE experiences. [Download the Windows 10 templates and CSS files](http://download.microsoft.com/download/3/E/5/3E535D52-6432-47F6-B460-4E685C5D543A/MDM-ISV_1.1.3.zip). +The CSS files provided by Microsoft contains version information and we recommend that you use the latest version. There are separate CSS files for desktop and mobile devices, OOBE, and post-OOBE experiences. [Download the Windows 10 templates and CSS files](https://download.microsoft.com/download/3/E/5/3E535D52-6432-47F6-B460-4E685C5D543A/MDM-ISV_1.1.3.zip). ### Using themes @@ -348,7 +348,7 @@ The following claims are expected in the access token passed by Windows to the T > **Note**  There is no device ID claim in the access token because the device may not yet be enrolled at this time.   -To retrieve the list of group memberships for the user, you can use the [Azure AD Graph API](http://go.microsoft.com/fwlink/p/?LinkID=613654). +To retrieve the list of group memberships for the user, you can use the [Azure AD Graph API](https://go.microsoft.com/fwlink/p/?LinkID=613654). Here's an example URL. @@ -399,8 +399,8 @@ Location: Example: -HTTP/1.1 302 -Location: ms-appx-web://App1/ToUResponse?error=access_denied&error_description=Acess%20is%20denied%2E +HTTP/1.1 302 +Location: ms-appx-web://App1/ToUResponse?error=access_denied&error_description=Access%20is%20denied%2E ``` The following table shows the error codes. @@ -594,13 +594,13 @@ With Azure integrated MDM enrollment, there is no discovery phase and the discov There are two different MDM enrollment types that take advantage of integration with Azure AD and therefore make use of Azure AD user and device identities. Depending on the enrollment type, the MDM service may need to manage a single user or multiple users. -**Multiple user management for Azure AD joined devices** +**Multiple user management for Azure AD joined devices** In this scenario the MDM enrollment applies to every Azure AD user who logs on to the Azure AD joined device - call this enrollment type a device enrollment or a multi-user enrollment. The management server can determine the user identity, conclude what policies are targeted for this user, and send corresponding policies to the device. To allow management server to identify current user that is logged on to the device, the OMA DM client uses the Azure AD user tokens. Each management session contains an additional HTTP header that contains an Azure AD user token. This information is provided in the DM package sent to the management server. However, in some circumstances Azure AD user token is not sent over to the management server. One such scenario happens immediately after MDM enrollments completes during Azure AD join process. Until Azure AD join process is finished and Azure AD user logs on to the machine, Azure AD user token is not available to OMA-DM process. Typically MDM enrollment completes before Azure AD user logs on to machine and the initial management session does not contain an Azure AD user token. The management server should check if the token is missing and only send device policies in such case. Another possible reason for a missing Azure AD token in the OMA-DM payload is when a guest user is logged on to the device. -**Adding a work account and MDM enrollment to a device** +**Adding a work account and MDM enrollment to a device** In this scenario, the MDM enrollment applies to a single user who initially added his work account and enrolled the device. In this enrollment type the management server can ignore Azure AD tokens that may be sent over during management session. Whether Azure AD token is present or missing, the management server sends both user and device policies to the device. -**Evaluating Azure AD user tokens** +**Evaluating Azure AD user tokens** The Azure AD token is in the HTTP Authorization header in the following format: ``` syntax @@ -616,8 +616,8 @@ Additional claims may be present in the Azure AD token, such as: Access token issued by Azure AD are JSON web tokens (JWTs). A valid JWT token is presented by Windows at the MDM enrollment endpoint to initiate the enrollment process. There are a couple of options to evaluate the tokens: -- Use the JWT Token Handler extension for WIF to validate the contents of the access token and extract claims required for use. For more information, see [JSON Web Token Handler](http://go.microsoft.com/fwlink/p/?LinkId=613820). -- Refer to the Azure AD authentication code samples to get a sample for working with access tokens. For an example, see [NativeClient-DotNet](http://go.microsoft.com/fwlink/p/?LinkId=613667). +- Use the JWT Token Handler extension for WIF to validate the contents of the access token and extract claims required for use. For more information, see [JSON Web Token Handler](https://go.microsoft.com/fwlink/p/?LinkId=613820). +- Refer to the Azure AD authentication code samples to get a sample for working with access tokens. For an example, see [NativeClient-DotNet](https://go.microsoft.com/fwlink/p/?LinkId=613667). ## Device Alert 1224 for Azure AD user token @@ -625,21 +625,21 @@ An alert is sent when the DM session starts and there is an Azure AD user logged ``` syntax Alert Type: com.microsoft/MDM/AADUserToken - -Alert sample: - - - 1 - 1224 - - - com.microsoft/MDM/AADUserToken - - UserToken inserted here - - - … other xml tags … - + +Alert sample: + + + 1 + 1224 + + + com.microsoft/MDM/AADUserToken + + UserToken inserted here + + + … other xml tags … + ``` ## Determine when a user is logged in through polling @@ -656,18 +656,18 @@ An alert is send to the MDM server in DM package\#1. Here's an example. ``` syntax - - - 1 - 1224 - - - com.microsoft/MDM/LoginStatus - - user - - - … other xml tags … + + + 1 + 1224 + + + com.microsoft/MDM/LoginStatus + + user + + + … other xml tags … ``` @@ -675,7 +675,7 @@ Here's an example. Once a device is enrolled with the MDM for management, corporate policies configured by the IT administrator are enforced on the device. The device compliance with configured policies is evaluated by the MDM and then reported to Azure AD. This section covers the Graph API call you can use to report a device compliance status to Azure AD. -For a sample that illustrates how an MDM can obtain an access token using OAuth 2.0 client\_credentials grant type, see [Daemon\_CertificateCredential-DotNet](http://go.microsoft.com/fwlink/p/?LinkId=613822). +For a sample that illustrates how an MDM can obtain an access token using OAuth 2.0 client\_credentials grant type, see [Daemon\_CertificateCredential-DotNet](https://go.microsoft.com/fwlink/p/?LinkId=613822). - **Cloud-based MDM** - If your product is a cloud-based multi-tenant MDM service, you have a single key configured for your service within your tenant. Use this key to authenticate the MDM service with Azure AD, in order to obtain authorization. - **On-premises MDM** - If your product is an on-premises MDM, customers must configure your product with the key used to authenticate with Azure AD. This is because each on-premises instance of your MDM product has a different tenant-specific key. For this purpose, you may need to expose a configuration experience in your MDM product that enables administrators to specify the key to be used to authenticate with Azure AD. @@ -687,15 +687,15 @@ The following sample REST API call illustrates how an MDM can use the Azure AD G > **Note**  This is only applicable for approved MDM apps on Windows 10 devices. ``` syntax -Sample Graph API Request: +Sample Graph API Request: -PATCH https://graph.windows.net/contoso.com/devices/db7ab579-3759-4492-a03f-655ca7f52ae1?api-version=beta HTTP/1.1 -Authorization: Bearer eyJ0eXAiO……… -Accept: application/json -Content-Type: application/json -{ “isManaged”:true, - “isCompliant”:true -} +PATCH https://graph.windows.net/contoso.com/devices/db7ab579-3759-4492-a03f-655ca7f52ae1?api-version=beta HTTP/1.1 +Authorization: Bearer eyJ0eXAiO……… +Accept: application/json +Content-Type: application/json +{ "isManaged":true, + "isCompliant":true +} ``` Where: diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md index 17c167b863..2e0b0840bd 100644 --- a/windows/client-management/mdm/bitlocker-csp.md +++ b/windows/client-management/mdm/bitlocker-csp.md @@ -6,13 +6,14 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 01/04/2018 +ms.date: 12/06/2018 --- - # BitLocker CSP +> [!WARNING] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -The BitLocker configuration service provider (CSP) is used by the enterprise to manage encryption of PCs and devices. This CSP was added in Windows 10, version 1703. +The BitLocker configuration service provider (CSP) is used by the enterprise to manage encryption of PCs and devices. This CSP was added in Windows 10, version 1703. Starting in Windows 10, version 1809, it is also supported in Windows 10 Pro. > [!Note] > Settings are enforced only at the time encryption is started. Encryption is not restarted with settings changes. @@ -255,7 +256,7 @@ The following diagram shows the BitLocker configuration service provider in tree

    On a computer with a compatible TPM, four types of authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can use only the TPM for authentication, or it can also require insertion of a USB flash drive containing a startup key, the entry of a 6-digit to 20-digit personal identification number (PIN), or both.

    > [!Note] -> In Windows 10, version 1709, you can use a minimum PIN of 4 digits. SystemDrivesMinimumPINLength policy must be set to allow PINs shorter than 6 digits. +> In Windows 10, version 1703 release B, you can use a minimum PIN of 4 digits. SystemDrivesMinimumPINLength policy must be set to allow PINs shorter than 6 digits.

    If you enable this policy setting, users can configure advanced startup options in the BitLocker setup wizard.

    @@ -345,7 +346,7 @@ The following diagram shows the BitLocker configuration service provider in tree

    This setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 6 digits and can have a maximum length of 20 digits.

    > [!Note] -> In Windows 10, version 1709, you can use a minimum PIN length of 4 digits. +> In Windows 10, version 1703 release B, you can use a minimum PIN length of 4 digits. > >In TPM 2.0 if minimum PIN length is set below 6 digits, Windows will attempt to update the TPM lockout period to be greater than the default when a PIN is changed. If successful, Windows will only reset the TPM lockout period back to default if the TPM is reset. This does not apply to TPM 1.2. @@ -793,13 +794,13 @@ The following diagram shows the BitLocker configuration service provider in tree **AllowWarningForOtherDiskEncryption** -

    Allows the Admin to disable the warning prompt for other disk encryption on the user machines.

    +

    Allows the admin to disable the warning prompt for other disk encryption on the user machines that are targeted when the RequireDeviceEncryption policy is also set to 1.

    > [!Important] -> Starting in Windows 10, version 1803, the value 0 can only be set for Azure Active Directory joined devices. Windows will attempt to silently enable [BitLocker](https://docs.microsoft.com/en-us/windows/device-security/bitlocker/bitlocker-overview) for value 0. +> Starting in Windows 10, version 1803, the value 0 can only be set for Azure Active Directory joined devices. When RequireDeviceEncryption is set to 1 and AllowWarningForOtherDiskEncryption is set to 0, Windows will attempt to silently enable [BitLocker](https://docs.microsoft.com/windows/device-security/bitlocker/bitlocker-overview). > [!Warning] -> When you enable BitLocker on a device with third party encryption, it may render the device unusable and will require reinstallation of Windows. +> When you enable BitLocker on a device with third-party encryption, it may render the device unusable and require you to reinstall Windows.
    @@ -842,6 +843,47 @@ The following diagram shows the BitLocker configuration service provider in tree ``` +>[!NOTE] +>When you disable the warning prompt, the OS drive's recovery key will back up to the user's Azure Active Directory account. When you allow the warning prompt, the user who receives the prompt can select where to back up the OS drive's recovery key. +> +>The endpoint for a fixed data drive's backup is chosen in the following order: + >1. The user's Windows Server Active Directory Domain Services account. + >2. The user's Azure Active Directory account. + >3. The user's personal OneDrive (MDM/MAM only). +> +>Encryption will wait until one of these three locations backs up successfully. + +**AllowStandardUserEncryption** +Allows Admin to enforce "RequireDeviceEncryption" policy for scenarios where policy is pushed while current logged on user is non-admin/standard user Azure AD account. + +> [!Note] +> This policy is only supported in Azure AD accounts. + +"AllowStandardUserEncryption" policy is tied to "AllowWarningForOtherDiskEncryption" policy being set to "0", i.e, silent encryption is enforced. + +If "AllowWarningForOtherDiskEncryption" is not set, or is set to "1", "RequireDeviceEncryption" policy will not try to encrypt drive(s) if a standard user is the current logged on user in the system. + +The expected values for this policy are: + +- 1 = "RequireDeviceEncryption" policy will try to enable encryption on all fixed drives even if a current logged in user is standard user. +- 0 = This is the default, when the policy is not set. If current logged on user is a standard user, "RequireDeviceEncryption" policy will not try to enable encryption on any drive. + +If you want to disable this policy use the following SyncML: + +``` syntax + + 111 + + + ./Device/Vendor/MSFT/BitLocker/AllowStandardUserEncryption + + + int + + 0 + + +``` ### SyncML example The following example is provided to show proper format and should not be taken as a recommendation. diff --git a/windows/client-management/mdm/bitlocker-ddf-file.md b/windows/client-management/mdm/bitlocker-ddf-file.md index b3df788f7c..9d1fd9bf4d 100644 --- a/windows/client-management/mdm/bitlocker-ddf-file.md +++ b/windows/client-management/mdm/bitlocker-ddf-file.md @@ -6,16 +6,19 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 12/05/2017 +ms.date: 06/29/2018 --- # BitLocker DDF file +> [!WARNING] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + This topic shows the OMA DM device description framework (DDF) for the **BitLocker** configuration service provider. Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). -The XML below is the current version for this CSP. +The XML below is the current version Windows 10, version 1809. ``` syntax @@ -41,7 +44,7 @@ The XML below is the current version for this CSP. - com.microsoft/1.0/MDM/BitLocker + com.microsoft/3.0/MDM/BitLocker @@ -63,7 +66,7 @@ The XML below is the current version for this CSP. Disabling the policy will not turn off the encryption on the storage card. But will stop prompting the user to turn it on. If you want to disable this policy use the following SyncML: - $CmdID$ + 100 ./Device/Vendor/MSFT/BitLocker/RequireStorageCardEncryption @@ -87,6 +90,10 @@ The XML below is the current version for this CSP. text/plain + + + + @@ -106,7 +113,7 @@ The XML below is the current version for this CSP. Disabling the policy will not turn off the encryption on the system drive. But will stop prompting the user to turn it on. If you want to disable this policy use the following SyncML: - $CmdID$ + 101 ./Device/Vendor/MSFT/BitLocker/RequireDeviceEncryption @@ -130,6 +137,10 @@ The XML below is the current version for this CSP. text/plain + + + + @@ -160,7 +171,7 @@ The XML below is the current version for this CSP. If you want to disable this policy use the following SyncML: - $CmdID$ + 102 ./Device/Vendor/MSFT/BitLocker/EncryptionMethodByDriveType @@ -186,6 +197,9 @@ The XML below is the current version for this CSP. text/plain + VolumeEncryption.admx + VolumeEncryption~AT~WindowsComponents~FVECategory + EncryptionMethodWithXts_Name @@ -200,7 +214,7 @@ The XML below is the current version for this CSP. This policy setting allows you to configure whether BitLocker requires additional authentication each time the computer starts and whether you are using BitLocker with or without a Trusted Platform Module (TPM). This policy setting is applied when you turn on BitLocker. Note: Only one of the additional authentication options can be required at startup, otherwise a policy error occurs. If you want to use BitLocker on a computer without a TPM, set the "ConfigureNonTPMStartupKeyUsage_Name" data. In this mode either a password or a USB drive is required for start-up. When using a startup key, the key information used to encrypt the drive is stored on the USB drive, creating a USB key. When the USB key is inserted the access to the drive is authenticated and the drive is accessible. If the USB key is lost or unavailable or if you have forgotten the password then you will need to use one of the BitLocker recovery options to access the drive. - On a computer with a compatible TPM, four types of authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can use only the TPM for authentication, or it can also require insertion of a USB flash drive containing a startup key, the entry of a 6-digit to 20-digit personal identification number (PIN), or both. + On a computer with a compatible TPM, four types of authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can use only the TPM for authentication, or it can also require insertion of a USB flash drive containing a startup key, the entry of a 4-digit to 20-digit personal identification number (PIN), or both. If you enable this policy setting, users can configure advanced startup options in the BitLocker setup wizard. If you disable or do not configure this policy setting, users can configure only basic options on computers with a TPM. Note: If you want to require the use of a startup PIN and a USB flash drive, you must configure BitLocker settings using the command-line tool manage-bde instead of the BitLocker Drive Encryption setup wizard. @@ -227,7 +241,7 @@ The XML below is the current version for this CSP. Disabling the policy will let the system choose the default behaviors. If you want to disable this policy use the following SyncML: - $CmdID$ + 103 ./Device/Vendor/MSFT/BitLocker/SystemDrivesRequireStartupAuthentication @@ -253,6 +267,9 @@ The XML below is the current version for this CSP. text/plain + VolumeEncryption.admx + VolumeEncryption~AT~WindowsComponents~FVECategory~FVEOSCategory + ConfigureAdvancedStartup_Name @@ -264,9 +281,10 @@ The XML below is the current version for this CSP. - This policy setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This policy setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 6 digits and can have a maximum length of 20 digits. + This policy setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This policy setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 4 digits and can have a maximum length of 20 digits. If you enable this policy setting, you can require a minimum number of digits to be used when setting the startup PIN. If you disable or do not configure this policy setting, users can configure a startup PIN of any length between 6 and 20 digits. + NOTE: If minimum PIN length is set below 6 digits, Windows will attempt to update the TPM 2.0 lockout period to be greater than the default when a PIN is changed. If successful, Windows will only reset the TPM lockout period back to default if the TPM is reset. The format is string. Sample value for this node to enable this policy is: <enabled/><data id="MinPINLength" value="xx"/> @@ -274,7 +292,7 @@ The XML below is the current version for this CSP. Disabling the policy will let the system choose the default behaviors. If you want to disable this policy use the following SyncML: - $CmdID$ + 104 ./Device/Vendor/MSFT/BitLocker/SystemDrivesMinimumPINLength @@ -300,6 +318,9 @@ The XML below is the current version for this CSP. text/plain + VolumeEncryption.admx + VolumeEncryption~AT~WindowsComponents~FVECategory~FVEOSCategory + MinimumPINLength_Name @@ -331,7 +352,7 @@ The XML below is the current version for this CSP. Disabling the policy will let the system choose the default behaviors. If you want to disable this policy use the following SyncML: - $CmdID$ + 105 ./Device/Vendor/MSFT/BitLocker/SystemDrivesRecoveryMessage @@ -357,6 +378,9 @@ The XML below is the current version for this CSP. text/plain + VolumeEncryption.admx + VolumeEncryption~AT~WindowsComponents~FVECategory~FVEOSCategory + PrebootRecoveryInfo_Name @@ -397,7 +421,7 @@ The XML below is the current version for this CSP. Disabling the policy will let the system choose the default behaviors. If you want to disable this policy use the following SyncML: - $CmdID$ + 106 ./Device/Vendor/MSFT/BitLocker/SystemDrivesRecoveryOptions @@ -423,6 +447,9 @@ The XML below is the current version for this CSP. text/plain + VolumeEncryption.admx + VolumeEncryption~AT~WindowsComponents~FVECategory~FVEOSCategory + OSRecoveryUsage_Name @@ -463,7 +490,7 @@ The XML below is the current version for this CSP. Disabling the policy will let the system choose the default behaviors. If you want to disable this policy use the following SyncML: - $CmdID$ + 107 ./Device/Vendor/MSFT/BitLocker/FixedDrivesRecoveryOptions @@ -489,6 +516,9 @@ The XML below is the current version for this CSP. text/plain + VolumeEncryption.admx + VolumeEncryption~AT~WindowsComponents~FVECategory~FVEFDVCategory + FDVRecoveryUsage_Name @@ -510,7 +540,7 @@ The XML below is the current version for this CSP. Disabling the policy will let the system choose the default behaviors. If you want to disable this policy use the following SyncML: - $CmdID$ + 108 ./Device/Vendor/MSFT/BitLocker/FixedDrivesRequireEncryption @@ -536,6 +566,9 @@ The XML below is the current version for this CSP. text/plain + VolumeEncryption.admx + VolumeEncryption~AT~WindowsComponents~FVECategory~FVEFDVCategory + FDVDenyWriteAccess_Name @@ -563,7 +596,7 @@ The XML below is the current version for this CSP. Disabling the policy will let the system choose the default behaviors. If you want to disable this policy use the following SyncML: - $CmdID$ + 109 ./Device/Vendor/MSFT/BitLocker/RemovableDrivesRequireEncryption @@ -589,6 +622,116 @@ The XML below is the current version for this CSP. text/plain + VolumeEncryption.admx + VolumeEncryption~AT~WindowsComponents~FVECategory~FVERDVCategory + RDVDenyWriteAccess_Name + + + + AllowWarningForOtherDiskEncryption + + + + + + + + Allows Admin to disable all UI (notification for encryption and warning prompt for other disk encryption) + and turn on encryption on the user machines silently. + Warning: When you enable BitLocker on a device with third party encryption, it may render the device unusable and will + require reinstallation of Windows. + Note: This policy takes effect only if "RequireDeviceEncryption" policy is set to 1. + The format is integer. + The expected values for this policy are: + + 1 = This is the default, when the policy is not set. Warning prompt and encryption notification is allowed. + 0 = Disables the warning prompt and encryption notification. Starting in Windows 10, next major update, + the value 0 only takes affect on Azure Active Directory joined devices. + Windows will attempt to silently enable BitLocker for value 0. + + If you want to disable this policy use the following SyncML: + + 110 + + + ./Device/Vendor/MSFT/BitLocker/AllowWarningForOtherDiskEncryption + + + int + + 0 + + + + + + + + + + + + + + text/plain + + + + + + + + + AllowStandardUserEncryption + + + + + + + + Allows Admin to enforce "RequireDeviceEncryption" policy for scenarios where policy is pushed while current logged on user is non-admin/standard user. + "AllowStandardUserEncryption" policy is tied to "AllowWarningForOtherDiskEncryption" policy being set to "0", i.e, Silent encryption is enforced. + If "AllowWarningForOtherDiskEncryption" is not set, or is set to "1", "RequireDeviceEncryption" policy will not try to encrypt drive(s) if a standard user + is the current logged on user in the system. + + The expected values for this policy are: + + 1 = "RequireDeviceEncryption" policy will try to enable encryption on all fixed drives even if a current logged in user is standard user. + 0 = This is the default, when the policy is not set. If current logged on user is a standard user, "RequireDeviceEncryption" policy + will not try to enable encryption on any drive. + + If you want to disable this policy use the following SyncML: + + 111 + + + ./Device/Vendor/MSFT/BitLocker/AllowStandardUserEncryption + + + int + + 0 + + + + + + + + + + + + + + text/plain + + + + + diff --git a/windows/client-management/mdm/browserfavorite-csp.md b/windows/client-management/mdm/browserfavorite-csp.md index de3a4c2736..343ffbf2c3 100644 --- a/windows/client-management/mdm/browserfavorite-csp.md +++ b/windows/client-management/mdm/browserfavorite-csp.md @@ -33,7 +33,7 @@ The following diagram shows the BrowserFavorite configuration service provider i ***favorite name*** Required. Specifies the user-friendly name of the favorite URL that is displayed in the Favorites list of Internet Explorer. -> **Note**  The *favorite name* should contain only characters that are valid in the Windows file system. The invalid characters are: \\ / : \* ? " < > | +> **Note**  The *favorite name* should contain only characters that are valid in the Windows file system. The invalid characters are: \\ / : \* ? " < > |   diff --git a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md index fc0c578410..8aa018c18c 100644 --- a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md +++ b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md @@ -32,7 +32,7 @@ On the desktop and mobile devices, you can use an enrollment certificate or enro >[!NOTE]   > - Bulk-join is not supported in Azure Active Directory Join. -> - Bulk enrollment does not work in Intune standalone enviroment. +> - Bulk enrollment does not work in Intune standalone environment. > - Bulk enrollment works in System Center Configuration Manager (SCCM) + Intune hybrid environment where the ppkg is generated from the SCCM console.   @@ -79,7 +79,7 @@ Using the ICD, create a provisioning package using the enrollment information re 12. Enter the values for your package and specify the package output location. ![enter package information](images/bulk-enrollment3.png) - ![enter additonal information for package information](images/bulk-enrollment4.png) + ![enter additional information for package information](images/bulk-enrollment4.png) ![specify file location](images/bulk-enrollment6.png) 13. Click **Build**. diff --git a/windows/client-management/mdm/certificate-authentication-device-enrollment.md b/windows/client-management/mdm/certificate-authentication-device-enrollment.md index 6562fc73d0..680d7840ab 100644 --- a/windows/client-management/mdm/certificate-authentication-device-enrollment.md +++ b/windows/client-management/mdm/certificate-authentication-device-enrollment.md @@ -187,7 +187,7 @@ The following snippet shows the policy web service response. ``` HTTP/1.1 200 OK Date: Fri, 03 Aug 2012 20:00:00 GMT -Server: +Server: Content-Type: application/soap+xml Content-Length: xxxx diff --git a/windows/client-management/mdm/certificatestore-csp.md b/windows/client-management/mdm/certificatestore-csp.md index cde5940e24..aff0b23244 100644 --- a/windows/client-management/mdm/certificatestore-csp.md +++ b/windows/client-management/mdm/certificatestore-csp.md @@ -194,7 +194,7 @@ Required. Specifies the root CA thumbprint. It is a 20-byte value of the SHA1 ce Supported operations are Get, Add, Delete, and Replace. **My/SCEP/*UniqueID*/Install/SubjectAlternativeNames** -Optional. Specifies the subject alternative name. Multiple alternative names can be specified. Each name is the combination of name format+actual name. Refer to the name type definition in MSDN. Each pair is separated by semicolon. For example, multiple subject alternative names are presented in the format *<nameformat1>*+*<actual name1>*;*<name format 2>*+*<actual name2>*. Value type is chr. +Optional. Specifies the subject alternative name. Multiple alternative names can be specified. Each name is the combination of name format+actual name. Refer to the name type definition in MSDN. Each pair is separated by semicolon. For example, multiple subject alternative names are presented in the format **+**;**+**. Value type is chr. Supported operations are Get, Add, Delete, and Replace. @@ -299,7 +299,7 @@ For ROBO renewal failure, the client retries the renewal periodically until the For manual retry failure, there are no built-in retries. The user can retry later. At the next scheduled certificate renewal retry period, the device prompts the credential dialog again. -The default value is 7 and the valid values are 1 – 1000 AND =< RenewalPeriod, otherwise it will result in errors. Value type is an integer. +The default value is 7 and the valid values are 1 – 1000 AND =< RenewalPeriod, otherwise it will result in errors. Value type is an integer. Supported operations are Add, Get, Delete, and Replace. diff --git a/windows/client-management/mdm/clientcertificateinstall-csp.md b/windows/client-management/mdm/clientcertificateinstall-csp.md index bf01d38374..f3c9fd3fc3 100644 --- a/windows/client-management/mdm/clientcertificateinstall-csp.md +++ b/windows/client-management/mdm/clientcertificateinstall-csp.md @@ -2,18 +2,18 @@ title: ClientCertificateInstall CSP description: ClientCertificateInstall CSP ms.assetid: B624EB73-2972-47F2-9D7E-826D641BF8A7 -ms.author: maricia +ms.author: pashort ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque -ms.date: 11/03/2017 +author: shortpatti +ms.date: 10/16/2018 --- # ClientCertificateInstall CSP -The ClientCertificateInstall configuration service provider enables the enterprise to install client certificates. +The ClientCertificateInstall configuration service provider enables the enterprise to install client certificates. A client certificate has a unique ID, which is the *\[UniqueID\]* for this configuration. Each client certificate must have different UniqueIDs for the SCEP enrollment request. For PFX certificate installation and SCEP installation, the SyncML commands must be wrapped in atomic commands to ensure enrollment execution is not triggered until all settings are configured. The Enroll command must be the last item in the atomic block. @@ -27,18 +27,18 @@ The following image shows the ClientCertificateInstall configuration service pro ![clientcertificateinstall csp](images/provisioning-csp-clientcertificateinstall.png) -**Device or User** +**Device or User**

    For device certificates, use **./Device/Vendor/MSFT** path and for user certificates use **./User/Vendor/MSFT** path. -**ClientCertificateInstall** +**ClientCertificateInstall**

    The root node for the ClientCertificateInstaller configuration service provider. -**ClientCertificateInstall/PFXCertInstall** +**ClientCertificateInstall/PFXCertInstall**

    Required for PFX certificate installation. The parent node grouping the PFX certificate related settings.

    Supported operation is Get. -**ClientCertificateInstall/PFXCertInstall/****_UniqueID_** +**ClientCertificateInstall/PFXCertInstall/****_UniqueID_**

    Required for PFX certificate installation. A unique ID to differentiate different certificate install requests.

    The data type format is node. @@ -47,7 +47,7 @@ The following image shows the ClientCertificateInstall configuration service pro

    Calling Delete on this node should delete the certificates and the keys that were installed by the corresponding PFX blob. -**ClientCertificateInstall/PFXCertInstall/*UniqueID*/KeyLocation** +**ClientCertificateInstall/PFXCertInstall/*UniqueID*/KeyLocation**

    Required for PFX certificate installation. Indicates the KeyStorage provider to target the private key installation to.

    Supported operations are Get, Add, and Replace. @@ -62,14 +62,14 @@ The following image shows the ClientCertificateInstall configuration service pro | 4 | Install to Windows Hello for Business (formerly known as Microsoft Passport for Work) whose name is specified | -**ClientCertificateInstall/PFXCertInstall/*UniqueID*/ContainerName** +**ClientCertificateInstall/PFXCertInstall/*UniqueID*/ContainerName**

    Optional. Specifies the Windows Hello for Business (formerly known as Microsoft Passport for Work) container name (if Windows Hello for Business storage provider (KSP) is chosen for the KeyLocation). If this node is not specified when Windows Hello for Business KSP is chosen, enrollment will fail.

    Date type is string.

    Supported operations are Get, Add, Delete, and Replace. -**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertBlob** +**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertBlob**

    CRYPT\_DATA\_BLOB structure that contains a PFX packet with the exported and encrypted certificates and keys. The Add operation triggers the addition to the PFX certificate. This requires that all the other nodes under UniqueID that are parameters for PFX installation (Container Name, KeyLocation, CertPassword, KeyExportable) are present before this is called. This also sets the Status node to the current Status of the operation.

    The data type format is binary. @@ -80,17 +80,17 @@ The following image shows the ClientCertificateInstall configuration service pro

    If Add is called on this node for a new PFX, the certificate will be added. When a certificate does not exist, Replace operation on this node will fail. -

    In other words, using Replace or Add will result in the effect of either overwriting the old certificate or adding a new certificate CRYPT\_DATA\_BLOB, which can be found in [CRYPT\_INTEGER\_BLOB](http://go.microsoft.com/fwlink/p/?LinkId=523871). +

    In other words, using Replace or Add will result in the effect of either overwriting the old certificate or adding a new certificate CRYPT\_DATA\_BLOB, which can be found in [CRYPT\_INTEGER\_BLOB](https://go.microsoft.com/fwlink/p/?LinkId=523871). -**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertPassword** +**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertPassword**

    Password that protects the PFX blob. This is required if the PFX is password protected.

    Data Type is a string.

    Supported operations are Get, Add, and Replace. -**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertPasswordEncryptionType** -

    Optional. Used to specify whtether the PFX certificate password is encrypted with the MDM certificate by the MDM sever. +**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertPasswordEncryptionType** +

    Optional. Used to specify whether the PFX certificate password is encrypted with the MDM certificate by the MDM server.

    The data type is int. Valid values: @@ -102,7 +102,7 @@ The following image shows the ClientCertificateInstall configuration service pro

    Supported operations are Get, Add, and Replace. -**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXKeyExportable** +**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXKeyExportable**

    Optional. Used to specify if the private key installed is exportable (and can be exported later). The PFX is not exportable when it is installed to TPM. > **Note**  You can only set PFXKeyExportable to true if KeyLocation=3. For any other KeyLocation value, the CSP will fail. @@ -112,38 +112,38 @@ The following image shows the ClientCertificateInstall configuration service pro

    Supported operations are Get, Add, and Replace. -**ClientCertificateInstall/PFXCertInstall/*UniqueID*/Thumbprint** +**ClientCertificateInstall/PFXCertInstall/*UniqueID*/Thumbprint**

    Returns the thumbprint of the installed PFX certificate.

    The datatype is a string.

    Supported operation is Get. -**ClientCertificateInstall/PFXCertInstall/*UniqueID*/Status** +**ClientCertificateInstall/PFXCertInstall/*UniqueID*/Status**

    Required. Returns the error code of the PFX installation from the GetLastError command called after the PfxImportCertStore.

    Data type is an integer.

    Supported operation is Get. -**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertPasswordEncryptionStore** +**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertPasswordEncryptionStore**

    Added in Windows 10, version 1511. When PFXCertPasswordEncryptionType = 2, it specifies the store name of the certificate used for decrypting the PFXCertPassword.

    Data type is string.

    Supported operations are Add, Get, and Replace. -**ClientCertificateInstall/SCEP** +**ClientCertificateInstall/SCEP**

    Node for SCEP. > **Note**  An alert is sent after the SCEP certificate is installed.   -**ClientCertificateInstall/SCEP/****_UniqueID_** +**ClientCertificateInstall/SCEP/****_UniqueID_**

    A unique ID to differentiate different certificate installation requests. -**ClientCertificateInstall/SCEP/*UniqueID*/Install** +**ClientCertificateInstall/SCEP/*UniqueID*/Install**

    A node required for SCEP certificate enrollment. Parent node to group SCEP cert installation related requests.

    Supported operations are Get, Add, Replace, and Delete. @@ -151,21 +151,21 @@ The following image shows the ClientCertificateInstall configuration service pro > **Note**  Although the child nodes under Install support Replace commands, once the Exec command is sent to the device, the device will take the values that are set when the Exec command is accepted. The server should not expect the node value change after Exec command is accepted, as it will impact the current enrollment underway. The server should check the Status node value and make sure the device is not at an unknown state before changing child node values.   -**ClientCertificateInstall/SCEP/*UniqueID*/Install/ServerURL** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/ServerURL**

    Required for SCEP certificate enrollment. Specifies the certificate enrollment server. Multiple server URLs can be listed, separated by semicolons.

    Data type is string.

    Supported operations are Get, Add, Delete, and Replace. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/Challenge** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/Challenge**

    Required for SCEP certificate enrollment. B64 encoded SCEP enrollment challenge. Challenge is deleted shortly after the Exec command is accepted.

    Data type is string.

    Supported operations are Add, Get, Delete, and Replace. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/EKUMapping** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/EKUMapping**

    Required. Specifies extended key usages. Subject to SCEP server configuration. The list of OIDs are separated by a plus **+**. For example, *OID1*+*OID2*+*OID3*. Data type is string. @@ -175,14 +175,14 @@ Data type is string.

    Supported operations are Add, Get, Delete, and Replace. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/SubjectName** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/SubjectName**

    Required. Specifies the subject name.

    Data type is string.

    Supported operations are Add, Get, and Replace. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/KeyProtection** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/KeyProtection**

    Optional. Specifies where to keep the private key. > **Note**  Even if the private key is protected by TPM, it is not protected with a TPM PIN. @@ -200,12 +200,12 @@ Data type is string.  

    Supported operations are Add, Get, Delete, and Replace. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/KeyUsage** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/KeyUsage**

    Required for enrollment. Specify the key usage bits (0x80, 0x20, 0xA0, etc.) for the certificate in decimal format. The value should at least have second (0x20) or forth (0x80) or both bits set. If the value doesn’t have those bits set, configuration will fail.

    Supported operations are Add, Get, Delete, and Replace. Value type is integer. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/RetryDelay** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/RetryDelay**

    Optional. When the SCEP server sends a pending status, this value specifies the device retry waiting time in minutes.

    Data type format is an integer. @@ -216,7 +216,7 @@ Data type is string.

    Supported operations are Add, Get, Delete, and Replace. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/RetryCount** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/RetryCount**

    Optional. Unique to SCEP. Specifies the device retry times when the SCEP server sends a pending status.

    Data type is integer. @@ -229,7 +229,7 @@ Data type is string.

    Supported operations are Add, Get, Delete, and Replace. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/TemplateName** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/TemplateName**

    Optional. OID of certificate template name. > **Note**  This name is typically ignored by the SCEP server; therefore the MDM server typically doesn’t need to provide it. @@ -239,7 +239,7 @@ Data type is string.

    Supported operations are Add, Get, Delete, and Replace. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/KeyLength** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/KeyLength**

    Required for enrollment. Specify private key length (RSA).

    Data type is integer. @@ -250,7 +250,7 @@ Data type is string.

    Supported operations are Add, Get, Delete, and Replace. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/HashAlgorithm** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/HashAlgorithm**

    Required. Hash algorithm family (SHA-1, SHA-2, SHA-3) specified by MDM server. If multiple hash algorithm families are specified, they must be separated with **+**.

    For Windows Hello for Business, only SHA256 is the supported algorithm. @@ -259,14 +259,14 @@ Data type is string.

    Supported operations are Add, Get, Delete, and Replace. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/CAThumbprint** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/CAThumbprint**

    Required. Specifies Root CA thumbprint. This is a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value. When client authenticates the SCEP server, it checks the CA certificate from the SCEP server to verify a match with this certificate. If it is not a match, the authentication will fail.

    Data type is string.

    Supported operations are Add, Get, Delete, and Replace. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/SubjectAlternativeNames** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/SubjectAlternativeNames**

    Optional. Specifies subject alternative names (SAN). Multiple alternative names can be specified by this node. Each name is the combination of name format+actual name. Refer to the name type definitions in MSDN for more information.

    Each pair is separated by semicolon. For example, multiple SANs are presented in the format of *\[name format1\]*+*\[actual name1\]*;*\[name format 2\]*+*\[actual name2\]*. @@ -275,7 +275,7 @@ Data type is string.

    Supported operations are Add, Get, Delete, and Replace. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/ValidPeriod** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/ValidPeriod**

    Optional. Specifies the units for the valid certificate period.

    Data type is string. @@ -291,7 +291,7 @@ Data type is string.  

    Supported operations are Add, Get, Delete, and Replace. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/ValidPeriodUnits** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/ValidPeriodUnits**

    Optional. Specifies the desired number of units used in the validity period. This is subject to SCEP server configuration. Default value is 0. The unit type (days, months, or years) are defined in the ValidPeriod node. Note the valid period specified by MDM will overwrite the valid period specified in the certificate template. For example, if ValidPeriod is Days and ValidPeriodUnits is 30, it means the total valid duration is 30 days.

    Data type is string. @@ -301,35 +301,35 @@ Data type is string.  

    Supported operations are Add, Get, Delete, and Replace. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/ContainerName** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/ContainerName**

    Optional. Specifies the Windows Hello for Business container name (if Windows Hello for Business KSP is chosen for the node). If this node is not specified when Windows Hello for Business KSP is chosen, the enrollment will fail.

    Data type is string.

    Supported operations are Add, Get, Delete, and Replace. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/CustomTextToShowInPrompt** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/CustomTextToShowInPrompt**

    Optional. Specifies the custom text to show on the Windows Hello for Business PIN prompt during certificate enrollment. The admin can choose to provide more contextual information in this field for why the user needs to enter the PIN and what the certificate will be used for.

    Data type is string.

    Supported operations are Add, Get, Delete, and Replace. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/Enroll** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/Enroll**

    Required. Triggers the device to start the certificate enrollment. The device will not notify MDM server after certificate enrollment is done. The MDM server could later query the device to find out whether new certificate is added.

    The date type format is Null, meaning this node doesn’t contain a value.

    The only supported operation is Execute. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/AADKeyIdentifierList** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/AADKeyIdentifierList**

    Optional. Specify the AAD Key Identifier List as a list of semicolon separated values. On Enroll, the values in this list are validated against the AAD Key present on the device. If no match is found, enrollment will fail.

    Data type is string.

    Supported operations are Add, Get, Delete, and Replace. -**ClientCertificateInstall/SCEP/*UniqueID*/CertThumbprint** +**ClientCertificateInstall/SCEP/*UniqueID*/CertThumbprint**

    Optional. Specifies the current certificate’s thumbprint if certificate enrollment succeeds. It is a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value.

    If the certificate on the device becomes invalid (Cert expired, Cert chain is not valid, private key deleted) then it will return an empty string. @@ -338,7 +338,7 @@ Data type is string.

    The only supported operation is Get. -**ClientCertificateInstall/SCEP/*UniqueID*/Status** +**ClientCertificateInstall/SCEP/*UniqueID*/Status**

    Required. Specifies latest status of the certificated during the enrollment request.

    Data type is string. Valid values: @@ -353,12 +353,12 @@ Data type is string. | 32 | Unknown |   -**ClientCertificateInstall/SCEP/*UniqueID*/ErrorCode** +**ClientCertificateInstall/SCEP/*UniqueID*/ErrorCode**

    Optional. An integer value that indicates the HRESULT of the last enrollment error code.

    The only supported operation is Get. -**ClientCertificateInstall/SCEP/*UniqueID*/RespondentServerUrl** +**ClientCertificateInstall/SCEP/*UniqueID*/RespondentServerUrl**

    Required. Returns the URL of the SCEP server that responded to the enrollment request.

    Data type is string. @@ -561,7 +561,7 @@ Enroll a client certificate through SCEP. - + @@ -617,7 +617,7 @@ Add a PFX certificate. The PFX certificate password is encrypted with a custom c Base64Encoded_Encrypted_Password_Blog - + $CmdID$ @@ -629,7 +629,7 @@ Add a PFX certificate. The PFX certificate password is encrypted with a custom c 2 - + $CmdID$ @@ -641,7 +641,7 @@ Add a PFX certificate. The PFX certificate password is encrypted with a custom c My - + $CmdID$ diff --git a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md index 977dd79898..b5ef7a8349 100644 --- a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md +++ b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md @@ -168,7 +168,7 @@ Supported operations are Get, Add, Replace If Add is called on this node and a blob already exists, it will fail. If Replace is called on this node, the certificates will be overwritten. If Add is called on this node for a new PFX, the certificate will be added. If Replace is called on this node when it does not exist, this will fail. In other words, using Replace or Add will result in the effect of either overwriting the old certificate or adding a new certificate -CRYPT_DATA_BLOB on MSDN can be found at http://msdn.microsoft.com/en-us/library/windows/desktop/aa381414(v=vs.85).aspx +CRYPT_DATA_BLOB on MSDN can be found at http://msdn.microsoft.com/library/windows/desktop/aa381414(v=vs.85).aspx @@ -626,7 +626,7 @@ Supported operations are Get, Add, Delete noreplace 3 - Optional. Special to SCEP. Specify device retry times when the SCEP sever sends pending status. Format is int. Default value is 3. Max value: the value cannot be larger than 30. If it is larger than 30, the device will use 30. + Optional. Special to SCEP. Specify device retry times when the SCEP server sends pending status. Format is int. Default value is 3. Max value: the value cannot be larger than 30. If it is larger than 30, the device will use 30. The min value is 0 which means no retry. Supported operations are Get, Add, Delete, Replace. diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md index 5cbbae1bca..dfd6b9d464 100644 --- a/windows/client-management/mdm/configuration-service-provider-reference.md +++ b/windows/client-management/mdm/configuration-service-provider-reference.md @@ -7,7 +7,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 04/24/2018 +ms.date: 08/27/2018 --- # Configuration service provider reference @@ -15,30 +15,29 @@ ms.date: 04/24/2018 A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. These settings map to registry keys or files. Some configuration service providers support the WAP format, some support SyncML, and some support both. SyncML is only used over–the–air for Open Mobile Alliance Device Management (OMA DM), whereas WAP can be used over–the–air for OMA Client Provisioning, or it can be included in the phone image as a .provxml file that is installed during boot. -For information about the bridge WMI provider classes that map to these CSPs, see [MDM Bridge WMI Provider](https://msdn.microsoft.com/en-us/library/windows/desktop/dn905224). For CSP DDF files, see [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +For information about the bridge WMI provider classes that map to these CSPs, see [MDM Bridge WMI Provider](https://msdn.microsoft.com/library/windows/desktop/dn905224). For CSP DDF files, see [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). Additional lists: - [List of CSPs supported in Windows Holographic](#hololens) - [List of CSPs supported in Microsoft Surface Hub ](#surfacehubcspsupport) - [List of CSPs supported in Windows 10 IoT Core](#iotcoresupport) -- [List of CSPs supported in Windows 10 S](#windows10s) -The following tables show the configuration service providers support in Windows 10. -Footnotes: +The following tables show the configuration service providers support in Windows 10. +Footnotes: - 1 - Added in Windows 10, version 1607 - 2 - Added in Windows 10, version 1703 - 3 - Added in Windows 10, version 1709 - 4 - Added in Windows 10, version 1803 -- 5 - Added in Windows 10, next major version +- 5 - Added in Windows 10, version 1809

    -## CSP support +## CSP support -[AccountManagement CSP](accountmanagement-csp.md) +[AccountManagement CSP](accountmanagement-csp.md)
    @@ -66,7 +65,7 @@ Footnotes: -[Accounts CSP](accounts-csp.md) +[Accounts CSP](accounts-csp.md)
    @@ -94,7 +93,7 @@ Footnotes: -[ActiveSync CSP](activesync-csp.md) +[ActiveSync CSP](activesync-csp.md)
    @@ -122,7 +121,7 @@ Footnotes: -[AllJoynManagement CSP](alljoynmanagement-csp.md) +[AllJoynManagement CSP](alljoynmanagement-csp.md)
    @@ -150,7 +149,7 @@ Footnotes: -[APPLICATION CSP](application-csp.md) +[APPLICATION CSP](application-csp.md)
    @@ -178,7 +177,7 @@ Footnotes: -[AppLocker CSP](applocker-csp.md) +[AppLocker CSP](applocker-csp.md)
    @@ -206,7 +205,7 @@ Footnotes: -[AssignedAccess CSP](assignedaccess-csp.md) +[AssignedAccess CSP](assignedaccess-csp.md)
    @@ -234,7 +233,7 @@ Footnotes: -[BOOTSTRAP CSP](bootstrap-csp.md) +[BOOTSTRAP CSP](bootstrap-csp.md)
    @@ -262,7 +261,7 @@ Footnotes: -[BitLocker CSP](bitlocker-csp.md) +[BitLocker CSP](bitlocker-csp.md)
    @@ -277,7 +276,7 @@ Footnotes: - + @@ -290,7 +289,7 @@ Footnotes: -[BrowserFavorite CSP](browserfavorite-csp.md) +[BrowserFavorite CSP](browserfavorite-csp.md)
    cross markcross markcheck mark5 check mark2 check mark2 check mark2
    @@ -318,7 +317,7 @@ Footnotes: -[CMPolicy CSP](cmpolicy-csp.md) +[CMPolicy CSP](cmpolicy-csp.md)
    @@ -346,7 +345,7 @@ Footnotes: -[CMPolicyEnterprise CSP](cmpolicyenterprise-csp.md) +[CMPolicyEnterprise CSP](cmpolicyenterprise-csp.md)
    @@ -374,7 +373,7 @@ Footnotes: -[CM_CellularEntries CSP](cm-cellularentries-csp.md) +[CM_CellularEntries CSP](cm-cellularentries-csp.md)
    @@ -402,7 +401,7 @@ Footnotes: -[CM_ProxyEntries CSP](cm-proxyentries-csp.md) +[CM_ProxyEntries CSP](cm-proxyentries-csp.md)
    @@ -430,7 +429,7 @@ Footnotes: -[CellularSettings CSP](cellularsettings-csp.md) +[CellularSettings CSP](cellularsettings-csp.md)
    @@ -458,7 +457,7 @@ Footnotes: -[CertificateStore CSP](certificatestore-csp.md) +[CertificateStore CSP](certificatestore-csp.md)
    @@ -486,7 +485,7 @@ Footnotes: -[CleanPC CSP](cleanpc-csp.md) +[CleanPC CSP](cleanpc-csp.md)
    @@ -514,7 +513,7 @@ Footnotes: -[ClientCertificateInstall CSP](clientcertificateinstall-csp.md) +[ClientCertificateInstall CSP](clientcertificateinstall-csp.md)
    @@ -542,7 +541,7 @@ Footnotes: -[CustomDeviceUI CSP](customdeviceui-csp.md) +[CustomDeviceUI CSP](customdeviceui-csp.md)
    @@ -570,7 +569,7 @@ Footnotes: -[DMAcc CSP](dmacc-csp.md) +[DMAcc CSP](dmacc-csp.md)
    @@ -598,7 +597,7 @@ Footnotes: -[DMClient CSP](dmclient-csp.md) +[DMClient CSP](dmclient-csp.md)
    @@ -626,7 +625,7 @@ Footnotes: -[Defender CSP](defender-csp.md) +[Defender CSP](defender-csp.md)
    @@ -654,7 +653,7 @@ Footnotes: -[DevDetail CSP](devdetail-csp.md) +[DevDetail CSP](devdetail-csp.md)
    @@ -682,7 +681,7 @@ Footnotes: -[DevInfo CSP](devinfo-csp.md) +[DevInfo CSP](devinfo-csp.md)
    @@ -710,7 +709,7 @@ Footnotes: -[DeveloperSetup CSP](developersetup-csp.md) +[DeveloperSetup CSP](developersetup-csp.md)
    @@ -738,7 +737,7 @@ Footnotes: -[DeviceInstanceService CSP](deviceinstanceservice-csp.md) +[DeviceInstanceService CSP](deviceinstanceservice-csp.md)
    @@ -766,7 +765,7 @@ Footnotes: -[DeviceLock CSP](devicelock-csp.md) +[DeviceLock CSP](devicelock-csp.md)
    @@ -794,7 +793,7 @@ Footnotes: -[DeviceManageability CSP](devicemanageability-csp.md) +[DeviceManageability CSP](devicemanageability-csp.md)
    @@ -822,7 +821,7 @@ Footnotes: -[DeviceStatus CSP](devicestatus-csp.md) +[DeviceStatus CSP](devicestatus-csp.md)
    @@ -850,7 +849,7 @@ Footnotes: -[DiagnosticLog CSP](diagnosticlog-csp.md) +[DiagnosticLog CSP](diagnosticlog-csp.md)
    @@ -878,7 +877,7 @@ Footnotes: -[DynamicManagement CSP](dynamicmanagement-csp.md) +[DynamicManagement CSP](dynamicmanagement-csp.md)
    @@ -906,7 +905,7 @@ Footnotes: -[EMAIL2 CSP](email2-csp.md) +[EMAIL2 CSP](email2-csp.md)
    @@ -934,7 +933,7 @@ Footnotes: -[EnterpriseAPN CSP](enterpriseapn-csp.md) +[EnterpriseAPN CSP](enterpriseapn-csp.md)
    @@ -962,7 +961,7 @@ Footnotes: -[EnterpriseAppManagement CSP](enterpriseappmanagement-csp.md) +[EnterpriseAppManagement CSP](enterpriseappmanagement-csp.md)
    @@ -990,7 +989,7 @@ Footnotes: -[EnterpriseAppVManagement CSP](enterpriseappvmanagement-csp.md) +[EnterpriseAppVManagement CSP](enterpriseappvmanagement-csp.md)
    @@ -1018,7 +1017,7 @@ Footnotes: -[EnterpriseAssignedAccess CSP](enterpriseassignedaccess-csp.md) +[EnterpriseAssignedAccess CSP](enterpriseassignedaccess-csp.md)
    @@ -1046,7 +1045,7 @@ Footnotes: -[EnterpriseDataProtection CSP](enterprisedataprotection-csp.md) +[EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)
    @@ -1074,7 +1073,7 @@ Footnotes: -[EnterpriseDesktopAppManagement CSP](enterprisedesktopappmanagement-csp.md) +[EnterpriseDesktopAppManagement CSP](enterprisedesktopappmanagement-csp.md)
    @@ -1102,7 +1101,7 @@ Footnotes: -[EnterpriseExt CSP](enterpriseext-csp.md) +[EnterpriseExt CSP](enterpriseext-csp.md)
    @@ -1130,7 +1129,7 @@ Footnotes: -[EnterpriseExtFileSystem CSP](enterpriseextfilessystem-csp.md) +[EnterpriseExtFileSystem CSP](enterpriseextfilessystem-csp.md)
    @@ -1158,7 +1157,7 @@ Footnotes: -[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) +[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)
    @@ -1186,7 +1185,7 @@ Footnotes: -[eUICCs CSP](euiccs-csp.md) +[eUICCs CSP](euiccs-csp.md)
    @@ -1214,7 +1213,7 @@ Footnotes: -[FileSystem CSP](filesystem-csp.md) +[FileSystem CSP](filesystem-csp.md)
    @@ -1242,7 +1241,7 @@ Footnotes: -[Firewall CSP](firewall-csp.md) +[Firewall CSP](firewall-csp.md)
    @@ -1270,7 +1269,7 @@ Footnotes: -[HealthAttestation CSP](healthattestation-csp.md) +[HealthAttestation CSP](healthattestation-csp.md)
    @@ -1298,7 +1297,7 @@ Footnotes: -[HotSpot CSP](hotspot-csp.md) +[HotSpot CSP](hotspot-csp.md)
    @@ -1326,7 +1325,7 @@ Footnotes: -[Maps CSP](maps-csp.md) +[Maps CSP](maps-csp.md)
    @@ -1354,7 +1353,7 @@ Footnotes: -[Messaging CSP](messaging-csp.md) +[Messaging CSP](messaging-csp.md)
    @@ -1382,7 +1381,7 @@ Footnotes: -[MultiSIM CSP](multisim-csp.md) +[MultiSIM CSP](multisim-csp.md)
    @@ -1410,7 +1409,7 @@ Footnotes: -[NAP CSP](nap-csp.md) +[NAP CSP](nap-csp.md)
    @@ -1438,7 +1437,7 @@ Footnotes: -[NAPDEF CSP](napdef-csp.md) +[NAPDEF CSP](napdef-csp.md)
    @@ -1466,7 +1465,7 @@ Footnotes: -[NetworkProxy CSP](networkproxy-csp.md) +[NetworkProxy CSP](networkproxy-csp.md)
    @@ -1494,7 +1493,7 @@ Footnotes: -[NetworkQoSPolicy CSP](networkqospolicy-csp.md) +[NetworkQoSPolicy CSP](networkqospolicy-csp.md)
    @@ -1522,7 +1521,7 @@ Footnotes: -[NodeCache CSP](nodecache-csp.md) +[NodeCache CSP](nodecache-csp.md)
    @@ -1550,7 +1549,7 @@ Footnotes: -[Office CSP](office-csp.md) +[Office CSP](office-csp.md)
    @@ -1578,7 +1577,7 @@ Footnotes: -[PROXY CSP](proxy-csp.md) +[PROXY CSP](proxy-csp.md)
    @@ -1606,7 +1605,7 @@ Footnotes: -[PXLOGICAL CSP](pxlogical-csp.md) +[PXLOGICAL CSP](pxlogical-csp.md)
    @@ -1634,7 +1633,7 @@ Footnotes: -[PassportForWork CSP](passportforwork-csp.md) +[PassportForWork CSP](passportforwork-csp.md)
    @@ -1662,7 +1661,7 @@ Footnotes: -[Personalization CSP](personalization-csp.md) +[Personalization CSP](personalization-csp.md)
    @@ -1690,7 +1689,7 @@ Footnotes: -[Policy CSP](policy-configuration-service-provider.md) +[Policy CSP](policy-configuration-service-provider.md)
    @@ -1718,7 +1717,7 @@ Footnotes: -[PolicyManager CSP](policymanager-csp.md) +[PolicyManager CSP](policymanager-csp.md)
    @@ -1746,7 +1745,7 @@ Footnotes: -[Provisioning CSP](provisioning-csp.md) +[Provisioning CSP](provisioning-csp.md)
    @@ -1774,7 +1773,7 @@ Footnotes: -[Reboot CSP](reboot-csp.md) +[Reboot CSP](reboot-csp.md)
    @@ -1802,7 +1801,7 @@ Footnotes: -[Registry CSP](registry-csp.md) +[Registry CSP](registry-csp.md)
    @@ -1830,7 +1829,7 @@ Footnotes: -[RemoteFind CSP](remotefind-csp.md) +[RemoteFind CSP](remotefind-csp.md)
    @@ -1858,7 +1857,7 @@ Footnotes: -[RemoteLock](remotelock-csp.md) +[RemoteLock](remotelock-csp.md)
    @@ -1886,7 +1885,7 @@ Footnotes: -[RemoteRing CSP](remotering-csp.md) +[RemoteRing CSP](remotering-csp.md)
    @@ -1914,7 +1913,7 @@ Footnotes: -[RemoteWipe CSP](remotewipe-csp.md) +[RemoteWipe CSP](remotewipe-csp.md)
    @@ -1942,7 +1941,7 @@ Footnotes: -[Reporting CSP](reporting-csp.md) +[Reporting CSP](reporting-csp.md)
    @@ -1970,7 +1969,7 @@ Footnotes: -[RootCATrustedCertificates CSP](rootcacertificates-csp.md) +[RootCATrustedCertificates CSP](rootcacertificates-csp.md)
    @@ -1998,7 +1997,7 @@ Footnotes: -[SUPL CSP](supl-csp.md) +[SUPL CSP](supl-csp.md)
    @@ -2026,7 +2025,7 @@ Footnotes: -[SecureAssessment CSP](secureassessment-csp.md) +[SecureAssessment CSP](secureassessment-csp.md)
    @@ -2054,7 +2053,7 @@ Footnotes: -[SecurityPolicy CSP](securitypolicy-csp.md) +[SecurityPolicy CSP](securitypolicy-csp.md)
    @@ -2082,7 +2081,7 @@ Footnotes: -[SharedPC CSP](sharedpc-csp.md) +[SharedPC CSP](sharedpc-csp.md)
    @@ -2110,7 +2109,7 @@ Footnotes: -[Storage CSP](storage-csp.md) +[Storage CSP](storage-csp.md)
    @@ -2138,7 +2137,7 @@ Footnotes: -[SurfaceHub](surfacehub-csp.md) +[SurfaceHub](surfacehub-csp.md)
    @@ -2166,7 +2165,35 @@ Footnotes: -[TPMPolicy CSP](tpmpolicy-csp.md) +[TenantLockdown CSP](tenantlockdown-csp.md) + + +
    + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    cross markcheck mark5check mark5check mark5check mark5cross markcross mark
    + + + + + +[TPMPolicy CSP](tpmpolicy-csp.md) @@ -2194,7 +2221,7 @@ Footnotes: -[UEFI CSP](uefi-csp.md) +[UEFI CSP](uefi-csp.md)
    @@ -2222,7 +2249,7 @@ Footnotes: -[UnifiedWriteFilter CSP](unifiedwritefilter-csp.md) +[UnifiedWriteFilter CSP](unifiedwritefilter-csp.md)
    @@ -2250,7 +2277,7 @@ Footnotes: -[Update CSP](update-csp.md) +[Update CSP](update-csp.md)
    @@ -2278,7 +2305,7 @@ Footnotes: -[VPN CSP](vpn-csp.md) +[VPN CSP](vpn-csp.md)
    @@ -2306,7 +2333,7 @@ Footnotes: -[VPNv2 CSP](vpnv2-csp.md) +[VPNv2 CSP](vpnv2-csp.md)
    @@ -2334,7 +2361,7 @@ Footnotes: -[W4 APPLICATION CSP](w4-application-csp.md) +[W4 APPLICATION CSP](w4-application-csp.md)
    @@ -2362,7 +2389,7 @@ Footnotes: -[WiFi CSP](wifi-csp.md) +[WiFi CSP](wifi-csp.md)
    @@ -2390,7 +2417,7 @@ Footnotes: -[Win32AppInventory CSP](win32appinventory-csp.md) +[Win32AppInventory CSP](win32appinventory-csp.md)
    @@ -2418,7 +2445,35 @@ Footnotes: -[WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md) +[Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md) + + +
    + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    cross markcheck mark5check mark5check mark5check mark5cross markcross mark
    + + + + + +[WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md) @@ -2448,7 +2503,7 @@ Footnotes: -[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md) +[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)
    @@ -2477,7 +2532,7 @@ Footnotes: -[WindowsLicensing CSP](windowslicensing-csp.md) +[WindowsLicensing CSP](windowslicensing-csp.md)
    @@ -2505,7 +2560,7 @@ Footnotes: -[WindowsSecurityAuditing CSP](windowssecurityauditing-csp.md) +[WindowsSecurityAuditing CSP](windowssecurityauditing-csp.md)
    @@ -2533,7 +2588,7 @@ Footnotes: -[WiredNetwork CSP](wirednetwork-csp.md) +[WiredNetwork CSP](wirednetwork-csp.md)
    @@ -2561,7 +2616,7 @@ Footnotes: -[w7 APPLICATION CSP](w7-application-csp.md) +[w7 APPLICATION CSP](w7-application-csp.md)
    @@ -2592,21 +2647,21 @@ Footnotes: - Footnotes: + Footnotes: - 1 - Added in Windows 10, version 1607 -- 2 - Added in Windows 10, version 1703 +- 2 - Added in Windows 10, version 1703 - 3 - Added in Windows 10, version 1709 - 4 - Added in Windows 10, version 1803 -- 5 - Added in Windows 10, next major version +- 5 - Added in Windows 10, version 1809 ## CSP DDF files download You can download the DDF files for various CSPs from the links below: -- [Download all the DDF files for Windows 10, version 1803](http://download.microsoft.com/download/6/2/7/6276FE19-E3FD-4254-9C16-3C31CAA2DE50/Windows10_1803_DDF_download.zip) -- [Download all the DDF files for Windows 10, version 1709](http://download.microsoft.com/download/9/7/C/97C6CF99-F75C-475E-AF18-845F8CECCFA4/Windows10_1709_DDF_download.zip) -- [Download all the DDF files for Windows 10, version 1703](http://download.microsoft.com/download/C/7/C/C7C94663-44CF-4221-ABCA-BC895F42B6C2/Windows10_1703_DDF_download.zip) -- [Download all the DDF files for Windows 10, version 1607](http://download.microsoft.com/download/2/3/E/23E27D6B-6E23-4833-B143-915EDA3BDD44/Windows10_1607_DDF.zip) +- [Download all the DDF files for Windows 10, version 1803](https://download.microsoft.com/download/6/2/7/6276FE19-E3FD-4254-9C16-3C31CAA2DE50/Windows10_1803_DDF_download.zip) +- [Download all the DDF files for Windows 10, version 1709](https://download.microsoft.com/download/9/7/C/97C6CF99-F75C-475E-AF18-845F8CECCFA4/Windows10_1709_DDF_download.zip) +- [Download all the DDF files for Windows 10, version 1703](https://download.microsoft.com/download/C/7/C/C7C94663-44CF-4221-ABCA-BC895F42B6C2/Windows10_1703_DDF_download.zip) +- [Download all the DDF files for Windows 10, version 1607](https://download.microsoft.com/download/2/3/E/23E27D6B-6E23-4833-B143-915EDA3BDD44/Windows10_1607_DDF.zip) ## CSPs supported in Windows Holographic @@ -2632,6 +2687,7 @@ The following list shows the configuration service providers supported in Window | [NodeCache CSP](nodecache-csp.md) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) | [PassportForWork CSP](passportforwork-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | | [Policy CSP](policy-configuration-service-provider.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | +| [RemoteFind CSP](remotefind-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)4 | | [RemoteWipe CSP](remotewipe-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)4 | | [RootCATrustedCertificates CSP](rootcacertificates-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | | [Update CSP](update-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | @@ -2639,12 +2695,12 @@ The following list shows the configuration service providers supported in Window | [WiFi CSP](wifi-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | | [WindowsLicensing CSP](windowslicensing-csp.md) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) | - Footnotes: + Footnotes: - 1 - Added in Windows 10, version 1607 -- 2 - Added in Windows 10, version 1703 +- 2 - Added in Windows 10, version 1703 - 3 - Added in Windows 10, version 1709 - 4 - Added in Windows 10, version 1803 -- 5 - Added in Windows 10, next major version +- 5 - Added in Windows 10, version 1809 ## CSPs supported in Microsoft Surface Hub @@ -2671,7 +2727,7 @@ The following list shows the configuration service providers supported in Window - [Reporting CSP](reporting-csp.md) - [RootCATrustedCertificates CSP](rootcacertificates-csp.md) - [SurfaceHub CSP](surfacehub-csp.md) -- [UEFI CSP](uefi-csp.md) +- [UEFI CSP](uefi-csp.md) - [WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md) @@ -2688,66 +2744,17 @@ The following list shows the configuration service providers supported in Window - [DMAcc CSP](dmacc-csp.md) - [DMClient CSP](dmclient-csp.md) - [EnterpriseAppManagement CSP](enterpriseappmanagement-csp.md) +- [HealthAttestation CSP](healthattestation-csp.md) +- [NetworkProxy CSP](networkproxy-csp.md) - [Policy CSP](policy-configuration-service-provider.md) - [Provisioning CSP (Provisioning only)](provisioning-csp.md) -- [RootCATrustedCertificates CSP](rootcacertificates-csp.md) -- [Update CSP](update-csp.md) -- [VPNv2 CSP](vpnv2-csp.md) -- [WiFi CSP](wifi-csp.md) - -## CSPs supported in Windows 10 S - -The CSPs supported in Windows 10 S is the same as in Windows 10 Pro except that Office CSP and EnterpriseDesktop CSP are not available in Windows 10 S. Here is the list: - -- [ActiveSync CSP](activesync-csp.md) -- [APPLICATION CSP](application-csp.md) -- [AppLocker CSP](applocker-csp.md) -- [AssignedAccess CSP](assignedaccess-csp.md) -- [BOOTSTRAP CSP](bootstrap-csp.md) -- [CellularSettings CSP](cellularsettings-csp.md) -- [CertificateStore CSP](certificatestore-csp.md) -- [ClientCertificateInstall CSP](clientcertificateinstall-csp.md) -- [CMPolicy CSP](cmpolicy-csp.md) -- [CM_ProxyEntries CSP](cm-proxyentries-csp.md) -- [CM_CellularEntries CSP](cm-cellularentries-csp.md) -- [Defender CSP](defender-csp.md) -- [DevDetail CSP](devdetail-csp.md) -- [DeviceManageability CSP](devicemanageability-csp.md) -- [DeviceStatus CSP](devicestatus-csp.md) -- [DevInfo CSP](devinfo-csp.md) -- [DiagnosticLog CSP](diagnosticlog-csp.md) -- [DMAcc CSP](dmacc-csp.md) -- [DMClient CSP](dmclient-csp.md) -- [eUICCs CSP](euiccs-csp.md) -- [Firewall CSP](firewall-csp.md) -- [EMAIL2 CSP](email2-csp.md) -- [EnterpriseAPN CSP](enterpriseapn-csp.md) -- [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md) -- [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) -- [HealthAttestation CSP](healthattestation-csp.md) -- [NAP CSP](nap-csp.md) -- [NAPDEF CSP](napdef-csp.md) -- [NetworkProxy CSP](networkproxy-csp.md) -- [NodeCache CSP](nodecache-csp.md) -- [PassportForWork CSP](passportforwork-csp.md) -- [Policy CSP](policy-configuration-service-provider.md) -- [Provisioning CSP](provisioning-csp.md) -- [PROXY CSP](proxy-csp.md) -- [PXLOGICAL CSP](pxlogical-csp.md) - [Reboot CSP](reboot-csp.md) -- [RemoteFind CSP](remotefind-csp.md) -- [RemoteWipe CSP](remotewipe-csp.md) -- [Reporting CSP](reporting-csp.md) +- [RemoteWipe CSP](remotewipe-csp.md) 1 - [RootCATrustedCertificates CSP](rootcacertificates-csp.md) -- [SecureAssessment CSP](secureassessment-csp.md) -- [SecurityPolicy CSP](securitypolicy-csp.md) -- [SharedPC CSP](sharedpc-csp.md) -- [Storage CSP](storage-csp.md) -- [SUPL CSP](supl-csp.md) +- [UnifiedWriteFilter CSP](unifiedwritefilter-csp.md) - [Update CSP](update-csp.md) - [VPNv2 CSP](vpnv2-csp.md) - [WiFi CSP](wifi-csp.md) -- [Win32AppInventory CSP](win32appinventory-csp.md) -- [WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md) -- [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md) -- [WindowsLicensing CSP](windowslicensing-csp.md) + + Footnotes: +- 1 - Added in Windows 10, version 1809 diff --git a/windows/client-management/mdm/create-a-custom-configuration-service-provider.md b/windows/client-management/mdm/create-a-custom-configuration-service-provider.md index e9e64f8c54..8604379b77 100644 --- a/windows/client-management/mdm/create-a-custom-configuration-service-provider.md +++ b/windows/client-management/mdm/create-a-custom-configuration-service-provider.md @@ -33,7 +33,7 @@ To write a custom configuration service provider, the OEM must implement the fol - [ICSPValidate](icspvalidate.md) (optional, for UI only) -This code must be compiled into a single .dll file and added to a package by using the instructions found in "Adding content to a package" in [Creating packages](https://msdn.microsoft.com/en-us/library/windows/hardware/dn756642). While writing this code, OEMs can store registry settings and files in the following locations. +This code must be compiled into a single .dll file and added to a package by using the instructions found in "Adding content to a package" in [Creating packages](https://msdn.microsoft.com/library/windows/hardware/dn756642). While writing this code, OEMs can store registry settings and files in the following locations.
    diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index 3e9c038842..9782ed9ad1 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -7,11 +7,13 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 01/29/2018 +ms.date: 07/19/2018 --- # Defender CSP +> [!WARNING] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. The Windows Defender configuration service provider is used to configure various Windows Defender actions across the enterprise. @@ -114,6 +116,9 @@ The following table describes the supported values: | 46 | Behavior | | 47 | Vulnerability | | 48 | Policy | +| 49 | EUS (Enterprise Unwanted Software)| +| 50 | Ransomware | +| 51 | ASR Rule |   @@ -126,19 +131,17 @@ The data type is a integer. The following list shows the supported values: -- 0 = Unknown -- 1 = Detected -- 2 = Cleaned -- 3 = Quarantined -- 4 = Removed -- 5 = Allowed -- 6 = Blocked -- 102 = Clean failed -- 103 = Quarantine failed -- 104 = Remove failed -- 105 = Allow failed -- 106 = Abandoned -- 107 = Block failed +- 0 = Active +- 1 = Action failed +- 2 = Manual steps required +- 3 = Full scan required +- 4 = Reboot required +- 5 = Remediated with non critical failures +- 6 = Quarantined +- 7 = Removed +- 8 = Cleaned +- 9 = Allowed +- 10 = No Status ( Cleared) Supported operation is Get. @@ -175,6 +178,57 @@ An interior node to group information about Windows Defender health status. Supported operation is Get. +**Health/ProductStatus** +Added in Windows 10, version 1809. Provide the current state of the product. This is a bitmask flag value that can represent one or multiple product states from below list. + +Data type is integer. Supported operation is Get. + +Supported product status values: +- No status = 0 +- Service not running = 1 << 0 +- Service started without any malware protection engine = 1 << 1 +- Pending full scan due to threat action = 1 << 2 +- Pending reboot due to threat action = 1 << 3 +- ending manual steps due to threat action = 1 << 4 +- AV signatures out of date = 1 << 5 +- AS signatures out of date = 1 << 6 +- No quick scan has happened for a specified period = 1 << 7 +- No full scan has happened for a specified period = 1 << 8 +- System initiated scan in progress = 1 << 9 +- System initiated clean in progress = 1 << 10 +- There are samples pending submission = 1 << 11 +- Product running in evaluation mode = 1 << 12 +- Product running in non-genuine Windows mode = 1 << 13 +- Product expired = 1 << 14 +- Off-line scan required = 1 << 15 +- Service is shutting down as part of system shutdown = 1 << 16 +- Threat remediation failed critically = 1 << 17 +- Threat remediation failed non-critically = 1 << 18 +- No status flags set (well initialized state) = 1 << 19 +- Platform is out of date = 1 << 20 +- Platform update is in progress = 1 << 21 +- Platform is about to be outdated = 1 << 22 +- Signature or platform end of life is past or is impending = 1 << 23 +- Windows SMode signatures still in use on non-Win10S install = 1 << 24 + +Example: + +``` syntax + + + + 1 + + + ./Vendor/MSFT/Defender/Health/ProductStatus + + + + + + +``` + **Health/ComputerState** Provide the current state of the device. @@ -185,9 +239,9 @@ The following list shows the supported values: - 0 = Clean - 1 = Pending full scan - 2 = Pending reboot -- 4 = Pending manual steps +- 4 = Pending manual steps (Windows Defender is waiting for the user to take some action, such as restarting the computer or running a full scan) - 8 = Pending offline scan -- 16 = Pending critical failure +- 16 = Pending critical failure (Windows Defender has failed critically and an Adminsitrator needs to investigate and take some action, such as restarting the computer or reinstalling Windows Defender) Supported operation is Get. @@ -311,7 +365,7 @@ Node that can be used to perform signature updates for Windows Defender. Supported operations are Get and Execute. **OfflineScan** -Added in Windows 10, version 1803. OfflineScan action starts a Windows Defender offline scan on the computer where you run the command. This command causes the computer reboot and start in Windows Defender offline mode to begin the scan. +Added in Windows 10, version 1803. OfflineScan action starts a Windows Defender offline scan on the computer where you run the command. After the next OS reboot, the device will start in Windows Defender offline mode to begin the scan. Supported operations are Get and Execute. @@ -320,12 +374,3 @@ Supported operations are Get and Execute. [Configuration service provider reference](configuration-service-provider-reference.md) -  - -  - - - - - - diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md index c0f90952b5..7d4f147be9 100644 --- a/windows/client-management/mdm/defender-ddf.md +++ b/windows/client-management/mdm/defender-ddf.md @@ -7,7 +7,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 01/29/20178 +ms.date: 07/12/2018 --- # Defender DDF file @@ -17,7 +17,7 @@ This topic shows the OMA DM device description framework (DDF) for the **Defende Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). -The XML below is the current version for this CSP. +The XML below is for Windows 10, version 1809. ``` syntax @@ -43,7 +43,7 @@ The XML below is the current version for this CSP. - com.microsoft/1.1/MDM/Defender + com.microsoft/1.2/MDM/Defender @@ -286,6 +286,26 @@ The XML below is the current version for this CSP. + + ProductStatus + + + + + + + + + + + + + + + text/plain + + + ComputerState diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md index 27dd7bead4..5f9609bccf 100644 --- a/windows/client-management/mdm/devdetail-csp.md +++ b/windows/client-management/mdm/devdetail-csp.md @@ -146,7 +146,7 @@ The following diagram shows the DevDetail configuration service provider managem Supported operation is Get. **Ext/Microsoft/SMBIOSSerialNumber** -Added in Windows 10, next major version. SMBIOS Serial Number of the device. +Added in Windows 10, version 1809. SMBIOS Serial Number of the device. Value type is string. Supported operation is Get. diff --git a/windows/client-management/mdm/devdetail-ddf-file.md b/windows/client-management/mdm/devdetail-ddf-file.md index 737bb65143..e84b804e6c 100644 --- a/windows/client-management/mdm/devdetail-ddf-file.md +++ b/windows/client-management/mdm/devdetail-ddf-file.md @@ -19,7 +19,7 @@ This topic shows the OMA DM device description framework (DDF) for the **DevDeta Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). -The XML below is for Windows 10, next major version. +The XML below is for Windows 10, version 1809. ``` syntax diff --git a/windows/client-management/mdm/developersetup-csp.md b/windows/client-management/mdm/developersetup-csp.md index f8e2889036..0d91af34b6 100644 --- a/windows/client-management/mdm/developersetup-csp.md +++ b/windows/client-management/mdm/developersetup-csp.md @@ -12,7 +12,7 @@ ms.date: 06/26/2018 # DeveloperSetup CSP -The DeveloperSetup configuration service provider (CSP) is used to configure Developer Mode on the device and connect to the Windows Device Portal. For more information about the Windows Device Portal, see [Windows Device Portal overview](https://msdn.microsoft.com/en-us/windows/uwp/debug-test-perf/device-portal). This CSP was added in Windows 10, version 1703. +The DeveloperSetup configuration service provider (CSP) is used to configure Developer Mode on the device and connect to the Windows Device Portal. For more information about the Windows Device Portal, see [Windows Device Portal overview](https://msdn.microsoft.com/windows/uwp/debug-test-perf/device-portal). This CSP was added in Windows 10, version 1703. > [!NOTE] The DeveloperSetup configuration service provider (CSP) is only supported in Windows 10 Holographic Enterprise edition and with runtime provisioning via provisioning packages. It is not supported in MDM. diff --git a/windows/client-management/mdm/device-update-management.md b/windows/client-management/mdm/device-update-management.md index 2e48c36d75..82cf5ef7d9 100644 --- a/windows/client-management/mdm/device-update-management.md +++ b/windows/client-management/mdm/device-update-management.md @@ -1,7 +1,8 @@ --- -title: Device update management +title: Mobile device management MDM for device updates description: In the current device landscape of PC, tablets, phones, and IoT devices, the Mobile Device Management (MDM) solutions are becoming prevalent as a lightweight device management technology. ms.assetid: C27BAEE7-2890-4FB7-9549-A6EACC790777 +keywords: mdm,management,administrator ms.author: maricia ms.topic: article ms.prod: w10 @@ -11,17 +12,20 @@ ms.date: 11/15/2017 --- -# Device update management +# Mobile device management (MDM) for device updates -In the current device landscape of PC, tablets, phones, and IoT devices, the Mobile Device Management (MDM) solutions are becoming prevalent as a lightweight device management technology. In Windows 10, we are investing heavily in extending the management capabilities available to MDMs. One key feature we are adding is the ability for MDMs to keep devices up-to-date with the latest Microsoft Updates. +>[!TIP] +>If you're not a developer or administrator, you'll find more helpful information in the [Windows Update: Frequently Asked Questions](https://support.microsoft.com/help/12373/windows-update-faq). -In particular, Windows 10 provides additional APIs to enable MDMs to: +In the current device landscape of PC, tablets, phones, and IoT devices, Mobile Device Management (MDM) solutions are becoming prevalent as a lightweight device management technology. In Windows 10, we are investing heavily in extending the management capabilities available to MDMs. One key feature we are adding is the ability for MDMs to keep devices up-to-date with the latest Microsoft updates. + +In particular, Windows 10 provides APIs to enable MDMs to: - Ensure machines stay up-to-date by configuring Automatic Update policies. - Test updates on a smaller set of machines before enterprise-wide rollout by configuring which updates are approved for a given device. - Get compliance status of managed devices so IT can easily understand which machines still need a particular security patch, or how up-to-date is a particular machine. -This topic provides MDM ISVs with the information they need to implement update management in Windows 10. +This topic provides MDM independent software vendors (ISV) with the information they need to implement update management in Windows 10. In Windows 10, the MDM protocol has been extended to better enable IT admins to manage updates. In particular, Windows has added configuration service providers (CSPs) that expose policies and actions for MDMs to: @@ -30,7 +34,8 @@ In Windows 10, the MDM protocol has been extended to better enable IT admins to - Specify a per-device update approval list, to ensure devices don’t install unapproved updates that have not been tested. - Approve EULAs on behalf of the end-user so update deployment can be automated even for updates with EULAs. -The OMA DM APIs for specifying update approvals and getting compliance status reference updates using an Update ID, which is a GUID that identifies a particular update. The MDM, of course, will want to expose IT-friendly information about the update (instead of a raw GUID), including the update’s title, description, KB, update type (for example, a security update or service pack). For more information, see [\[MS-WSUSSS\]: Windows Update Services: Server-Server Protocol](http://go.microsoft.com/fwlink/p/?LinkId=526707). +The OMA DM APIs for specifying update approvals and getting compliance status refer to updates by using an Update ID, which is a GUID that identifies a particular update. The MDM, of course, will want to expose IT-friendly information about the update (instead of a raw GUID), including the update’s title, description, KB, update type (for example, a security update or service pack). For more information, see [\[MS-WSUSSS\]: Windows Update Services: Server-Server Protocol](https://go.microsoft.com/fwlink/p/?LinkId=526707). + For more information about the CSPs, see [Update CSP](update-csp.md) and the update policy area of the [Policy CSP](policy-configuration-service-provider.md). The following diagram provides a conceptual overview of how this works: @@ -53,12 +58,12 @@ This section describes how this is done. The following diagram shows the server- MSDN provides much information about the Server-Server sync protocol. In particular: -- It is a SOAP-based protocol, and you can get the WSDL in [Server Sync Web Service](http://go.microsoft.com/fwlink/p/?LinkId=526727). The WSDL can be used to generate calling proxies for many programming environments, which will simplify your development. -- You can find code samples in [Protocol Examples](http://go.microsoft.com/fwlink/p/?LinkId=526720). The sample code shows raw SOAP commands, which can be used. Although it’s even simpler to make the call from a programming language like .NET (calling the WSDL-generated proxies). The stub generated by the Server Sync WSDL from the MSDN link above generates an incorrect binding URL. The binding URL should be set to https://fe2.update.microsoft.com/v6/ServerSyncWebService/serversyncwebservice.asmx. +- It is a SOAP-based protocol, and you can get the WSDL in [Server Sync Web Service](https://go.microsoft.com/fwlink/p/?LinkId=526727). The WSDL can be used to generate calling proxies for many programming environments, which will simplify your development. +- You can find code samples in [Protocol Examples](https://go.microsoft.com/fwlink/p/?LinkId=526720). The sample code shows raw SOAP commands, which can be used. Although it’s even simpler to make the call from a programming language like .NET (calling the WSDL-generated proxies). The stub generated by the Server Sync WSDL from the MSDN link above generates an incorrect binding URL. The binding URL should be set to https://fe2.update.microsoft.com/v6/ServerSyncWebService/serversyncwebservice.asmx. Some important highlights: -- The protocol has an authorization phase (calling GetAuthConfig, GetAuthorizationCookie, and GetCookie). In [Protocol Examples](http://go.microsoft.com/fwlink/p/?LinkId=526720), the **Sample 1: Authorization** code shows how this is done. Even though this is called the authorization phase, the protocol is completely open (no credentials are needed to run this phase of the protocol). This sequence of calls needs to be done to obtain a cookie for the main part of the sync protocol. As an optimization, you can cache the cookie and only call this sequence again if your cookie has expired. +- The protocol has an authorization phase (calling GetAuthConfig, GetAuthorizationCookie, and GetCookie). In [Protocol Examples](https://go.microsoft.com/fwlink/p/?LinkId=526720), the **Sample 1: Authorization** code shows how this is done. Even though this is called the authorization phase, the protocol is completely open (no credentials are needed to run this phase of the protocol). This sequence of calls needs to be done to obtain a cookie for the main part of the sync protocol. As an optimization, you can cache the cookie and only call this sequence again if your cookie has expired. - The protocol allows the MDM to sync update metadata for a particular update by calling GetUpdateData. For more information, see [GetUpdateData](https://msdn.microsoft.com/library/dd304816.aspx) in MSDN. The LocURI to get the applicable updates with their revision Numbers is `./Vendor/MSFT/Update/InstallableUpdates?list=StructData`. Because not all updates are available via S2S sync, make sure you handle SOAP errors. - For mobile devices, you can either sync metadata for a particular update by calling GetUpdateData, or for a local on-premises solution, you can use WSUS and manually import the mobile updates from the Microsoft Update Catalog site. For more information, see [Process flow diagram and screenshots of server sync process](#process-flow-diagram-and-screenshots-of-server-sync-process). @@ -67,7 +72,7 @@ Some important highlights: ## Examples of update metadata XML structure and element descriptions -The response of the GetUpdateData call returns an array of ServerSyncUpdateData that contains the update metadata in the XmlUpdateBlob element. The schema of the update xml is available at [Protocol Examples](http://go.microsoft.com/fwlink/p/?LinkId=526720). Some of the key elements are described below: +The response of the GetUpdateData call returns an array of ServerSyncUpdateData that contains the update metadata in the XmlUpdateBlob element. The schema of the update xml is available at [Protocol Examples](https://go.microsoft.com/fwlink/p/?LinkId=526720). Some of the key elements are described below: - **UpdateID** – The unique identifier for an update - **RevisionNumber** – Revision number for the update in case the update was modified. @@ -101,8 +106,8 @@ The following procedure describes a basic algorithm for a metadata sync service: - Initialization, composed of the following: 1. Create an empty list of “needed update IDs to fault in”. This list will get updated by the MDM service component that uses OMA DM. We recommend not adding definition updates to this list, since those are temporary in nature (for example, Defender releases about 4 new definition updates per day, each of which is cumulative). - Sync periodically (we recommend once every 2 hours - no more than once/hour). - 1. Implement the authorization phase of the protocol to get a cookie if you don’t already have a non-expired cookie. See **Sample 1: Authorization** in [Protocol Examples](http://go.microsoft.com/fwlink/p/?LinkId=526720). - 2. Implement the metadata portion of the protocol (see **Sample 2: Metadata and Deployments Synchronization** in [Protocol Examples](http://go.microsoft.com/fwlink/p/?LinkId=526720)), and: + 1. Implement the authorization phase of the protocol to get a cookie if you don’t already have a non-expired cookie. See **Sample 1: Authorization** in [Protocol Examples](https://go.microsoft.com/fwlink/p/?LinkId=526720). + 2. Implement the metadata portion of the protocol (see **Sample 2: Metadata and Deployments Synchronization** in [Protocol Examples](https://go.microsoft.com/fwlink/p/?LinkId=526720)), and: - Call GetUpdateData for all updates in the "needed update IDs to fault in" list if the update metadata has not already been pulled into the DB. - If the update is a newer revision of an existing update (same UpdateID, higher revision number), replace the previous update metadata with the new one. - Remove updates from the "needed update IDs to fault in" list once they have been brought in. @@ -134,7 +139,7 @@ The following diagram shows the Update policies in a tree format. ![update csp diagram](images/update-policies.png) -**Update/ActiveHoursEnd** +**Update/ActiveHoursEnd** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -148,7 +153,7 @@ The following diagram shows the Update policies in a tree format.

    The default is 17 (5 PM). -**Update/ActiveHoursMaxRange** +**Update/ActiveHoursMaxRange** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -159,7 +164,7 @@ The following diagram shows the Update policies in a tree format.

    The default value is 18 (hours). -**Update/ActiveHoursStart** +**Update/ActiveHoursStart** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -173,7 +178,7 @@ The following diagram shows the Update policies in a tree format.

    The default value is 8 (8 AM). -**Update/AllowAutoUpdate** +**Update/AllowAutoUpdate** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -197,7 +202,7 @@ The following diagram shows the Update policies in a tree format.

    If the policy is not configured, end-users get the default behavior (Auto install and restart). -**Update/AllowMUUpdateService** +**Update/AllowMUUpdateService** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education @@ -209,7 +214,7 @@ The following diagram shows the Update policies in a tree format. - 0 – Not allowed or not configured. - 1 – Allowed. Accepts updates received through Microsoft Update. -**Update/AllowNonMicrosoftSignedUpdate** +**Update/AllowNonMicrosoftSignedUpdate** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -225,7 +230,7 @@ The following diagram shows the Update policies in a tree format.

    This policy is specific to desktop and local publishing via WSUS for 3rd party updates (binaries and updates not hosted on Microsoft Update) and allows IT to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location. -**Update/AllowUpdateService** +**Update/AllowUpdateService** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -245,7 +250,7 @@ The following diagram shows the Update policies in a tree format. > This policy applies only when the desktop or device is configured to connect to an intranet update service using the "Specify intranet Microsoft update service location" policy. -**Update/AutoRestartNotificationSchedule** +**Update/AutoRestartNotificationSchedule** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -256,7 +261,7 @@ The following diagram shows the Update policies in a tree format.

    The default value is 15 (minutes). -**Update/AutoRestartRequiredNotificationDismissal** +**Update/AutoRestartRequiredNotificationDismissal** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -268,7 +273,7 @@ The following diagram shows the Update policies in a tree format. - 1 (default) – Auto Dismissal. - 2 – User Dismissal. -**Update/BranchReadinessLevel** +**Update/BranchReadinessLevel** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -280,7 +285,7 @@ The following diagram shows the Update policies in a tree format. - 16 (default) – User gets all applicable upgrades from Current Branch (CB). - 32 – User gets upgrades from Current Branch for Business (CBB). -**Update/DeferFeatureUpdatesPeriodInDays** +**Update/DeferFeatureUpdatesPeriodInDays** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education.

    Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. @@ -290,7 +295,7 @@ The following diagram shows the Update policies in a tree format.

    Supported values are 0-180. -**Update/DeferQualityUpdatesPeriodInDays** +**Update/DeferQualityUpdatesPeriodInDays** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -299,7 +304,7 @@ The following diagram shows the Update policies in a tree format.

    Supported values are 0-30. -**Update/DeferUpdatePeriod** +**Update/DeferUpdatePeriod** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise > @@ -371,7 +376,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego

    -**Update/DeferUpgradePeriod** +**Update/DeferUpgradePeriod** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education. > @@ -388,7 +393,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego

    If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. -**Update/EngagedRestartDeadline** +**Update/EngagedRestartDeadline** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -399,7 +404,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego

    The default value is 0 days (not specified). -**Update/EngagedRestartSnoozeSchedule** +**Update/EngagedRestartSnoozeSchedule** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -410,7 +415,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego

    The default value is 3 days. -**Update/EngagedRestartTransitionSchedule** +**Update/EngagedRestartTransitionSchedule** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -421,7 +426,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego

    The default value is 7 days. -**Update/ExcludeWUDriversInQualityUpdate** +**Update/ExcludeWUDriversInQualityUpdate** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education. > Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. @@ -433,8 +438,8 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego - 0 (default) – Allow Windows Update drivers. - 1 – Exclude Windows Update drivers. -**Update/IgnoreMOAppDownloadLimit** -

    Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for apps and their updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. +**Update/IgnoreMOAppDownloadLimit** +

    Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for apps and their updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. > [!WARNING] > Setting this policy might cause devices to incur costs from MO operators. @@ -447,7 +452,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego

    To validate this policy: 1. Enable the policy ensure the device is on a cellular network. -2. Run the scheduled task on your device to check for app updates in the background. For example, on a mobile device, run the following commands in TShell: +2. Run the scheduled task on your device to check for app updates in the background. For example, on a mobile device, run the following commands in TShell: - `regd delete HKEY_USERS\S-1-5-21-2702878673-795188819-444038987-2781\software\microsoft\windows\currentversion\windowsupdate /v LastAutoAppUpdateSearchSuccessTime /f` - `exec-device schtasks.exe -arguments ""/run /tn """"\Microsoft\Windows\WindowsUpdate\Automatic App Update"""" /I""` @@ -455,8 +460,8 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego 3. Verify that any downloads that are above the download size limit will complete without being paused. -**Update/IgnoreMOUpdateDownloadLimit** -

    Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for OS updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. +**Update/IgnoreMOUpdateDownloadLimit** +

    Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for OS updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. > [!WARNING] > Setting this policy might cause devices to incur costs from MO operators. @@ -469,13 +474,13 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego

    To validate this policy: 1. Enable the policy and ensure the device is on a cellular network. -2. Run the scheduled task on phone to check for OS updates in the background. For example, on a mobile device, run the following commands in TShell: +2. Run the scheduled task on phone to check for OS updates in the background. For example, on a mobile device, run the following commands in TShell: - `exec-device schtasks.exe -arguments ""/run /tn """"\Microsoft\Windows\WindowsUpdate\AUScheduledInstall"""" /I""` 3. Verify that any downloads that are above the download size limit will complete without being paused. -**Update/PauseDeferrals** +**Update/PauseDeferrals** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise > @@ -493,7 +498,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego

    If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. -**Update/PauseFeatureUpdates** +**Update/PauseFeatureUpdates** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education.

    Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. @@ -506,7 +511,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego - 0 (default) – Feature Updates are not paused. - 1 – Feature Updates are paused for 60 days or until value set to back to 0, whichever is sooner. -**Update/PauseQualityUpdates** +**Update/PauseQualityUpdates** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -518,7 +523,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego - 0 (default) – Quality Updates are not paused. - 1 – Quality Updates are paused for 35 days or until value set back to 0, whichever is sooner. -**Update/RequireDeferUpgrade** +**Update/RequireDeferUpgrade** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise > @@ -532,7 +537,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego - 0 (default) – User gets upgrades from Current Branch. - 1 – User gets upgrades from Current Branch for Business. -**Update/RequireUpdateApproval** +**Update/RequireUpdateApproval** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -552,7 +557,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego - 0 – Not configured. The device installs all applicable updates. - 1 – The device only installs updates that are both applicable and on the Approved Updates list. Set this policy to 1 if IT wants to control the deployment of updates on devices, such as when testing is required prior to deployment. -**Update/ScheduleImminentRestartWarning** +**Update/ScheduleImminentRestartWarning** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -563,7 +568,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego

    The default value is 15 (minutes). -**Update/ScheduledInstallDay** +**Update/ScheduledInstallDay** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -585,7 +590,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego - 6 – Friday - 7 – Saturday -**Update/ScheduledInstallTime** +**Update/ScheduledInstallTime** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -600,7 +605,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego

    The default value is 3. -**Update/ScheduleRestartWarning** +**Update/ScheduleRestartWarning** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -611,7 +616,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego

    The default value is 4 (hours). -**Update/SetAutoRestartNotificationDisable** +**Update/SetAutoRestartNotificationDisable** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -623,11 +628,11 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego - 0 (default) – Enabled - 1 – Disabled -**Update/UpdateServiceUrl** +**Update/UpdateServiceUrl** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise -> [!Important] +> [!Important] > Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enteprise and IoT Enterprise.

    Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premises MDMs that need to update devices that cannot connect to the Internet. @@ -657,7 +662,7 @@ Example ``` -**Update/UpdateServiceUrlAlternate** +**Update/UpdateServiceUrlAlternate** > **Note**  This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education. @@ -669,9 +674,9 @@ Example

    Value type is string and the default value is an empty string, "". If the setting is not configured, and if Automatic Updates is not disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet. -> [!Note] -> If the "Configure Automatic Updates" Group Policy is disabled, then this policy has no effect. -> If the "Alternate Download Server" Group Policy is not set, it will use the WSUS server by default to download updates. +> [!Note] +> If the "Configure Automatic Updates" Group Policy is disabled, then this policy has no effect. +> If the "Alternate Download Server" Group Policy is not set, it will use the WSUS server by default to download updates. > This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs. ### Update management @@ -680,12 +685,12 @@ The enterprise IT can configure the set of approved updates and get compliance s ![update csp diagram](images/provisioning-csp-update.png) -**Update** +**Update** The root node. Supported operation is Get. -**ApprovedUpdates** +**ApprovedUpdates** Node for update approvals and EULA acceptance on behalf of the end-user. > **Note** When the RequireUpdateApproval policy is set, the MDM uses the ApprovedUpdates list to pass the approved GUIDs. These GUIDs should be a subset of the InstallableUpdates list. @@ -700,10 +705,10 @@ The update approval list enables IT to approve individual updates and update cla Supported operations are Get and Add. -**ApprovedUpdates/****_Approved Update Guid_** +**ApprovedUpdates/****_Approved Update Guid_** Specifies the update GUID. -To auto-approve a class of updates, you can specify the [Update Classifications](http://go.microsoft.com/fwlink/p/?LinkId=526723) GUIDs. We strongly recommend to always specify the DefinitionsUpdates classification (E0789628-CE08-4437-BE74-2495B842F43B), which are used for anti-malware signatures. There are released periodically (several times a day). Some businesses may also want to auto-approve security updates to get them deployed quickly. +To auto-approve a class of updates, you can specify the [Update Classifications](https://go.microsoft.com/fwlink/p/?LinkId=526723) GUIDs. We strongly recommend to always specify the DefinitionsUpdates classification (E0789628-CE08-4437-BE74-2495B842F43B), which are used for anti-malware signatures. There are released periodically (several times a day). Some businesses may also want to auto-approve security updates to get them deployed quickly. Supported operations are Get and Add. @@ -713,52 +718,52 @@ Sample syncml: ./Vendor/MSFT/Update/ApprovedUpdates/%7ba317dafe-baf4-453f-b232-a7075efae36e%7d ``` -**ApprovedUpdates/*Approved Update Guid*/ApprovedTime** +**ApprovedUpdates/*Approved Update Guid*/ApprovedTime** Specifies the time the update gets approved. Supported operations are Get and Add. -**FailedUpdates** +**FailedUpdates** Specifies the approved updates that failed to install on a device. Supported operation is Get. -**FailedUpdates/****_Failed Update Guid_** +**FailedUpdates/****_Failed Update Guid_** Update identifier field of the UpdateIdentity GUID that represent an update that failed to download or install. Supported operation is Get. -**FailedUpdates/*Failed Update Guid*/HResult** +**FailedUpdates/*Failed Update Guid*/HResult** The update failure error code. Supported operation is Get. -**FailedUpdates/*Failed Update Guid*/Status** +**FailedUpdates/*Failed Update Guid*/Status** Specifies the failed update status (for example, download, install). Supported operation is Get. -**InstalledUpdates** +**InstalledUpdates** The updates that are installed on the device. Supported operation is Get. -**InstalledUpdates/****_Installed Update Guid_** +**InstalledUpdates/****_Installed Update Guid_** UpdateIDs that represent the updates installed on a device. Supported operation is Get. -**InstallableUpdates** +**InstallableUpdates** The updates that are applicable and not yet installed on the device. This includes updates that are not yet approved. Supported operation is Get. -**InstallableUpdates/****_Installable Update Guid_** +**InstallableUpdates/****_Installable Update Guid_** Update identifiers that represent the updates applicable and not installed on a device. Supported operation is Get. -**InstallableUpdates/*Installable Update Guid*/Type** +**InstallableUpdates/*Installable Update Guid*/Type** The UpdateClassification value of the update. Valid values are: - 0 - None @@ -767,32 +772,32 @@ The UpdateClassification value of the update. Valid values are: Supported operation is Get. -**InstallableUpdates/*Installable Update Guid*/RevisionNumber** +**InstallableUpdates/*Installable Update Guid*/RevisionNumber** The revision number for the update that must be passed in server to server sync to get the metadata for the update. Supported operation is Get. -**PendingRebootUpdates** +**PendingRebootUpdates** The updates that require a reboot to complete the update session. Supported operation is Get. -**PendingRebootUpdates/****_Pending Reboot Update Guid_** +**PendingRebootUpdates/****_Pending Reboot Update Guid_** Update identifiers for the pending reboot state. Supported operation is Get. -**PendingRebootUpdates/*Pending Reboot Update Guid*/InstalledTime** +**PendingRebootUpdates/*Pending Reboot Update Guid*/InstalledTime** The time the update is installed. Supported operation is Get. -**LastSuccessfulScanTime** +**LastSuccessfulScanTime** The last successful scan time. Supported operation is Get. -**DeferUpgrade** +**DeferUpgrade** Upgrades deferred until the next period. Supported operation is Get. diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md index 89a798ab13..a20317c21f 100644 --- a/windows/client-management/mdm/devicestatus-csp.md +++ b/windows/client-management/mdm/devicestatus-csp.md @@ -7,7 +7,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 03/12/2018 +ms.date: 07/26/2018 --- # DeviceStatus CSP @@ -178,11 +178,24 @@ Supported operation is Get. **DeviceStatus/Antispyware/SignatureStatus** Added in Windows, version 1607. Integer that specifies the status of the antispyware signature. +Valid values: + +- 0 - The security software reports that it is not the most recent version. +- 1 - The security software reports that it is the most recent version. +- 2 - Not applicable. This is returned for devices like the phone that do not have an antivirus (where the API doesn’t exist.) + Supported operation is Get. **DeviceStatus/Antispyware/Status** Added in Windows, version 1607. Integer that specifies the status of the antispyware. +Valid values: + +- 0 - The status of the security provider category is good and does not need user attention. +- 1 - The status of the security provider category is not monitored by Windows Security Center (WSC). +- 2 - The status of the security provider category is poor and the computer may be at risk. +- 3 - The security provider category is in snooze state. Snooze indicates that WSC is not actively protecting the computer. + Supported operation is Get. **DeviceStatus/Firewall** diff --git a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md index a0cec11bb0..699a3d4489 100644 --- a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md +++ b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md @@ -32,7 +32,7 @@ To help diagnose enrollment or device management issues in Windows 10 devices m Starting with the Windows 10, version 1511, MDM logs are captured in the Event Viewer in the following location: -- Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostic-Provider +- Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostic-Provider Here's a screenshot: @@ -138,7 +138,7 @@ Since there is no Event Viewer in Windows 10 Mobile, you can use the [Field Medi ![field medic screenshot](images/diagnose-mdm-failures5.png) 7. Save the logs. They will be stored in the Field Medic log location on the device. -8. You can send the logs via email by attaching the files from **Documents > Field Medic > Reports > ...** folder. +8. You can send the logs via email by attaching the files from **Documents > Field Medic > Reports > ...** folder. ![device documents folder](images/diagnose-mdm-failures6.png)![device folder screenshot](images/diagnose-mdm-failures7.png)![device folder screenshot](images/diagnose-mdm-failures8.png) diff --git a/windows/client-management/mdm/diagnosticlog-ddf.md b/windows/client-management/mdm/diagnosticlog-ddf.md index 4fb7edff7c..97ae506323 100644 --- a/windows/client-management/mdm/diagnosticlog-ddf.md +++ b/windows/client-management/mdm/diagnosticlog-ddf.md @@ -25,7 +25,7 @@ The content below are the latest versions of the DDF files: ## DiagnosticLog CSP version 1.2 -``` syntax +```xml 4 - This node is used for setting or getting the block size (in Kilobytes) for the download of assoicated log file. The value range is 1~16. Default value is 4. + This node is used for setting or getting the block size (in Kilobytes) for the download of associated log file. The value range is 1~16. Default value is 4. @@ -634,7 +634,7 @@ The content below are the latest versions of the DDF files: ## DiagnosticLog CSP version 1.3 -``` syntax +```xml 4 - This node is used for setting or getting the block size (in Kilobytes) for the download of assoicated log file. The value range is 1~16. Default value is 4. + This node is used for setting or getting the block size (in Kilobytes) for the download of associated log file. The value range is 1~16. Default value is 4. diff --git a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md index 13878c6f74..d794478a6f 100644 --- a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md +++ b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md @@ -42,7 +42,7 @@ In Windows, after the user confirms the account deletion command and before the This action utilizes the OMA DM generic alert 1226 function to send a user an MDM unenrollment user alert to the MDM server after the device accepts the user unenrollment request, but before it deletes any enterprise data. The server should set the expectation that unenrollment may succeed or fail, and the server can check whether the device is unenrolled by either checking whether the device calls back at scheduled time or by sending a push notification to the device to see whether it responds back. If the server plans to send a push notification, it should allow for some delay to give the device the time to complete the unenrollment work. -> **Note**  The user unenrollment is an OMA DM standard. For more information about the 1226 generic alert, refer to the OMA Device Management Protocol specification (OMA-TS-DM\_Protocol-V1\_2\_1-20080617-A), available from the [OMA website](http://go.microsoft.com/fwlink/p/?LinkId=267526). +> **Note**  The user unenrollment is an OMA DM standard. For more information about the 1226 generic alert, refer to the OMA Device Management Protocol specification (OMA-TS-DM\_Protocol-V1\_2\_1-20080617-A), available from the [OMA website](https://go.microsoft.com/fwlink/p/?LinkId=267526).   The vendor uses the Type attribute to specify what type of generic alert it is. For device initiated MDM unenrollment, the alert type is **com.microsoft:mdm.unenrollment.userrequest**. @@ -71,8 +71,8 @@ The following sample shows an OMA DM first package that contains a generic alert 1226 - com.microsoft:mdm.unenrollment.userrequest - int + com.microsoft:mdm.unenrollment.userrequest + int 1 diff --git a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md index f035ff93d4..09918702d2 100644 --- a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md +++ b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md @@ -23,7 +23,7 @@ ms.date: 06/26/2017 # DMProcessConfigXMLFiltered function > **Important**   -The use of this function for automatic data configuration (ADC) is deprecated in Windows Phone 8.1. Please see [Connectivity configuration](https://msdn.microsoft.com/en-us/library/windows/hardware/dn757424) for more information about the new process for provisioning connectivity configuration. However, this function is still supported for other OEM uses. +The use of this function for automatic data configuration (ADC) is deprecated in Windows Phone 8.1. Please see [Connectivity configuration](https://msdn.microsoft.com/library/windows/hardware/dn757424) for more information about the new process for provisioning connectivity configuration. However, this function is still supported for other OEM uses. Configures phone settings by using OMA Client Provisioning XML. Use of this function is strictly limited to the following scenarios. diff --git a/windows/client-management/mdm/dynamicmanagement-csp.md b/windows/client-management/mdm/dynamicmanagement-csp.md index 4d50badd48..710e19855a 100644 --- a/windows/client-management/mdm/dynamicmanagement-csp.md +++ b/windows/client-management/mdm/dynamicmanagement-csp.md @@ -93,8 +93,8 @@ Disable Cortana based on Geo location and time, From 9am-5pm, when in the 100 me text/plain chr - <SyncML> - <SyncBody><Replace><CmdID>1001</CmdID><Item><Target><LocURI>./Vendor/MSFT/Policy/Config/Experience/AllowCortana</LocURI></Target><Meta><Format xmlns="syncml:metinf">int</Format></Meta><Data>0</Data></Item></Replace><Final/></SyncBody></SyncML> + + 1001./Vendor/MSFT/Policy/Config/Experience/AllowCortanaint0 @@ -108,15 +108,15 @@ Disable Cortana based on Geo location and time, From 9am-5pm, when in the 100 me chr - <rule schemaVersion="1.0"> + - <and> - <signal type="geoloc" latitude="47.6375" longitude="-122.1402" radiusInMeters="100"/> - <signal type="time"> - <daily startTime="09:00:00" endTime="17:00:00"/> - </signal> - </and> - </rule> + + + + + + + @@ -147,31 +147,31 @@ Disable camera using network trigger with time trigger, from 9-5, when ip4 gatew text/plain chr - <SyncML> - <SyncBody><Replace><CmdID>1002</CmdID><Item><Target><LocURI>./Vendor/MSFT/Policy/Config/Camera/AllowCamera</LocURI></Target><Meta><Format xmlns="syncml:metinf">int</Format></Meta><Data>0</Data></Item></Replace> <Final/></SyncBody></SyncML> + + 1002./Vendor/MSFT/Policy/Config/Camera/AllowCameraint0 301 - ./Vendor/MSFT/DynamicManagement/Contexts/ NetworkWithTime /SignalDefinition + ./Vendor/MSFT/DynamicManagement/Contexts/NetworkWithTime/SignalDefinition text/plain chr - <rule schemaVersion="1.0"> - <and> - <signal type="ipConfig"> - <ipv4Gateway>192.168.0.1</ipv4Gateway> - </signal> - <signal type="time"> - <daily startTime="09:00:00" endTime="17:00:00"/> - </signal> - </and> - </rule> + + + + 192.168.0.1 + + + + + + @@ -179,7 +179,7 @@ Disable camera using network trigger with time trigger, from 9-5, when ip4 gatew 302 - ./Vendor/MSFT/DynamicManagement/Contexts/ NetworkWithTime /Altitude + ./Vendor/MSFT/DynamicManagement/Contexts/NetworkWithTime/Altitude int diff --git a/windows/client-management/mdm/eap-configuration.md b/windows/client-management/mdm/eap-configuration.md index 4c66aef7db..38dc886b20 100644 --- a/windows/client-management/mdm/eap-configuration.md +++ b/windows/client-management/mdm/eap-configuration.md @@ -124,7 +124,7 @@ A production ready deployment must have the appropriate certificate details as p EAP XML must be updated with relevant information for your environment This can be done either manually by editing the XML sample below, or by using the step by step UI guide. After the EAP XML is updated, refer to instructions from your MDM to deploy the updated configuration as follows: -- For Wi-Fi, look for the <EAPConfig> section of your current WLAN Profile XML (This is what you specify for the WLanXml node in the Wi-Fi CSP). Within these tags you will find the complete EAP configuration. Replace the section under <EAPConfig> with your updated XML and update your Wi-Fi profile. You might need to refer to your MDM’s guidance on how to deploy a new Wi-Fi profile. +- For Wi-Fi, look for the section of your current WLAN Profile XML (This is what you specify for the WLanXml node in the Wi-Fi CSP). Within these tags you will find the complete EAP configuration. Replace the section under with your updated XML and update your Wi-Fi profile. You might need to refer to your MDM’s guidance on how to deploy a new Wi-Fi profile. - For VPN, EAP Configuration is a separate field in the MDM Configuration. Work with your MDM provider to identify and update the appropriate Field. For information about EAP Settings, see diff --git a/windows/client-management/mdm/email2-csp.md b/windows/client-management/mdm/email2-csp.md index dce5177a0f..e54767ae8b 100644 --- a/windows/client-management/mdm/email2-csp.md +++ b/windows/client-management/mdm/email2-csp.md @@ -302,7 +302,7 @@ Value is one of the following: When an application removal or configuration roll-back is provisioned, the EMAIL2 CSP passes the request to Configuration Manager, which handles the transaction externally. When a MAPI application is removed, the accounts that were created with it are deleted and all messages and other properties that the transport (for example, Short Message Service \[SMS\], Post Office Protocol \[POP\], or Simple Mail Transfer Protocol \[SMTP\]) might have stored, are lost. If an attempt to create a new email account is unsuccessful, the new account is automatically deleted. If an attempt to edit an existing account is unsuccessful, the original configuration is automatically rolled back (restored). -For OMA DM, the EMAIL2 CSP handles the Replace command differently from most other configuration service providers. For the EMAIL2 CSP, Configuration Manager implicitly adds the missing part of the node to be replaced or any segment in the path of the node if it is left out in the <LocURI></LocURI> block. There are separate parameters defined for the outgoing server logon credentials. The following are the usage rules for these credentials: +For OMA DM, the EMAIL2 CSP handles the Replace command differently from most other configuration service providers. For the EMAIL2 CSP, Configuration Manager implicitly adds the missing part of the node to be replaced or any segment in the path of the node if it is left out in the \\ block. There are separate parameters defined for the outgoing server logon credentials. The following are the usage rules for these credentials: - The incoming server logon credentials are used (AUTHNAME, AUTHSECRET, and DOMAIN) unless the outgoing server credentials are set. diff --git a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md index acb4952dea..fb26b71e0c 100644 --- a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md +++ b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md @@ -70,7 +70,7 @@ Summary of steps to enable a policy: ./Device/Vendor/MSFT/Policy/Config/AppVirtualization/AllowAppVClient - <Enabled/> + @@ -270,7 +270,7 @@ The \ payload is \. Here is an example to disable AppVirtualiza ./Device/Vendor/MSFT/Policy/Config/AppVirtualization/PublishingAllowServer2 - <disabled/> + diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index 010ca41cad..24e4a9039a 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -11,15 +11,16 @@ ms.date: 10/04/2017 # Enroll a Windows 10 device automatically using Group Policy -Starting in Windows 10, version 1709 you can use a Group Policy to trigger auto-enrollment to MDM for Active Directory (AD) domain joined devices. +Starting in Windows 10, version 1709, you can use a Group Policy to trigger auto-enrollment to MDM for Active Directory (AD) domain-joined devices. Requirements: -- AD-joined PC running Windows 10, version 1709 -- Enterprise has MDM service already configured -- Enterprise AD must be registered with Azure AD +- AD-joined PC running Windows 10, version 1709 or later +- The enterprise has configured a mobile device management (MDM) service +- The enterprise AD must be [registered with Azure Active Directory (Azure AD)](azure-active-directory-integration-with-mdm.md) +- The device should not already be enrolled in Intune using the classic agents (devices managed using agents will fail enrollment with `error 0x80180026`) > [!Tip] -> [How to configure automatic registration of Windows domain-joined devices with Azure Active Directory](https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-automatic-device-registration-setup) +> [How to configure automatic registration of Windows domain-joined devices with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access-automatic-device-registration-setup) To verify if the device is Azure AD registered, run `dsregcmd /status` from the command line. @@ -30,7 +31,7 @@ Here is a partial screenshot of the result: The auto-enrollment relies of the presence of an MDM service and the Azure Active Directory registration for the PC. Starting in Windows 10, version 1607, once the enterprise has registered its AD with Azure AD, a Windows PC that is domain joined is automatically AAD registered. > [!Note] -> In Windows 10, version 1709, the enrollment protocol was updated to check whether the device is domain-joined. For details, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](https://msdn.microsoft.com/en-us/library/mt221945.aspx). For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation. +> In Windows 10, version 1709, the enrollment protocol was updated to check whether the device is domain-joined. For details, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](https://msdn.microsoft.com/library/mt221945.aspx). For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation. When the auto-enrollment Group Policy is enabled, a task is created in the background that initiates the MDM enrollment. The task will use the existing MDM service configuration from the Azure Active Directory information of the user. If multi-factor authentication is required, the user will get a prompt to complete the authentication. Once the enrollment is configured, the user can check the status in the Settings page. @@ -114,8 +115,8 @@ Requirements: ### Related topics -- [Group Policy Management Console](https://technet.microsoft.com/en-us/library/cc753298(v=ws.11).aspx) -- [Create and Edit a Group Policy Object](https://technet.microsoft.com/en-us/library/cc754740(v=ws.11).aspx) -- [Link a Group Policy Object](https://technet.microsoft.com/en-us/library/cc732979(v=ws.11).aspx) -- [Filter Using Security Groups](https://technet.microsoft.com/en-us/library/cc752992(v=ws.11).aspx) -- [Enforce a Group Policy Object Link](https://technet.microsoft.com/en-us/library/cc753909(v=ws.11).aspx) +- [Group Policy Management Console](https://technet.microsoft.com/library/cc753298(v=ws.11).aspx) +- [Create and Edit a Group Policy Object](https://technet.microsoft.com/library/cc754740(v=ws.11).aspx) +- [Link a Group Policy Object](https://technet.microsoft.com/library/cc732979(v=ws.11).aspx) +- [Filter Using Security Groups](https://technet.microsoft.com/library/cc752992(v=ws.11).aspx) +- [Enforce a Group Policy Object Link](https://technet.microsoft.com/library/cc753909(v=ws.11).aspx) diff --git a/windows/client-management/mdm/enterpriseappmanagement-csp.md b/windows/client-management/mdm/enterpriseappmanagement-csp.md index a17fca7628..d5e7c87b9c 100644 --- a/windows/client-management/mdm/enterpriseappmanagement-csp.md +++ b/windows/client-management/mdm/enterpriseappmanagement-csp.md @@ -23,33 +23,33 @@ The following diagram shows the EnterpriseAppManagement configuration service pr ![enterpriseappmanagement csp](images/provisioning-csp-enterpriseappmanagement.png) -***EnterpriseID*** +***EnterpriseID*** Optional. A dynamic node that represents the EnterpriseID as a GUID. It is used to enroll or unenroll enterprise applications. Supported operations are Add, Delete, and Get. -***EnterpriseID*/EnrollmentToken** +***EnterpriseID*/EnrollmentToken** Required. Used to install or update the binary representation of the application enrollment token (AET) and initiate "phone home" token validation. Scope is dynamic. Supported operations are Get, Add, and Replace. -***EnterpriseID*/StoreProductID** +***EnterpriseID*/StoreProductID** Required. The node to host the ProductId node. Scope is dynamic. Supported operation is Get. -**/StoreProductID/ProductId** +**/StoreProductID/ProductId** The character string that contains the ID of the first enterprise application (usually a Company Hub app), which is automatically installed on the device. Scope is dynamic. Supported operations are Get and Add. -***EnterpriseID*/StoreUri** +***EnterpriseID*/StoreUri** Optional. The character string that contains the URI of the first enterprise application to be installed on the device. The enrollment client downloads and installs the application from this URI. Scope is dynamic. Supported operations are Get and Add. -***EnterpriseID*/CertificateSearchCriteria** -Optional. The character string that contains the search criteria to search for the DM-enrolled client certificate. The certificate is used for client authentication during enterprise application download. The company's application content server should use the enterprise-enrolled client certificate to authenticate the device. The value must be a URL encoded representation of the X.500 distinguished name of the client certificates Subject property. The X.500 name must conform to the format required by the [CertStrToName](http://go.microsoft.com/fwlink/p/?LinkId=523869) function. This search parameter is case sensitive. Scope is dynamic. +***EnterpriseID*/CertificateSearchCriteria** +Optional. The character string that contains the search criteria to search for the DM-enrolled client certificate. The certificate is used for client authentication during enterprise application download. The company's application content server should use the enterprise-enrolled client certificate to authenticate the device. The value must be a URL encoded representation of the X.500 distinguished name of the client certificates Subject property. The X.500 name must conform to the format required by the [CertStrToName](https://go.microsoft.com/fwlink/p/?LinkId=523869) function. This search parameter is case sensitive. Scope is dynamic. Supported operations are Get and Add. @@ -57,77 +57,77 @@ Supported operations are Get and Add.   -***EnterpriseID*/Status** +***EnterpriseID*/Status** Required. The integer value that indicates the current status of the application enrollment. Valid values are 0 (ENABLED), 1 (INSTALL\_DISABLED), 2 (REVOKED), and 3 (INVALID). Scope is dynamic. Supported operation is Get. -***EnterpriseID*/CRLCheck** +***EnterpriseID*/CRLCheck** Optional. Character value that specifies whether the device should do a CRL check when using a certificate to authenticate the server. Valid values are "1" (CRL check required), "0" (CRL check not required). Scope is dynamic. Supported operations are Get, Add, and Replace. -***EnterpriseID*/EnterpriseApps** +***EnterpriseID*/EnterpriseApps** Required. The root node to for individual enterprise application related settings. Scope is dynamic (this node is automatically created when EnterpriseID is added to the configuration service provider). Supported operation is Get. -**/EnterpriseApps/Inventory** +**/EnterpriseApps/Inventory** Required. The root node for individual enterprise application inventory settings. Scope is dynamic (this node is automatically created when EnterpriseID is added to the configuration service provider). Supported operation is Get. -**/Inventory/****_ProductID_** +**/Inventory/****_ProductID_** Optional. A node that contains s single enterprise application product ID in GUID format. Scope is dynamic. Supported operation is Get. -**/Inventory/*ProductID*/Version** +**/Inventory/*ProductID*/Version** Required. The character string that contains the current version of the installed enterprise application. Scope is dynamic. Supported operation is Get. -**/Inventory/*ProductID*/Title** +**/Inventory/*ProductID*/Title** Required. The character string that contains the name of the installed enterprise application. Scope is dynamic. Supported operation is Get. -**/Inventory/*ProductID*/Publisher** +**/Inventory/*ProductID*/Publisher** Required. The character string that contains the name of the publisher of the installed enterprise application. Scope is dynamic. Supported operation is Get. -**/Inventory/*ProductID*/InstallDate** +**/Inventory/*ProductID*/InstallDate** Required. The time (in the character format YYYY-MM-DD-HH:MM:SS) that the application was installed or updated. Scope is dynamic. Supported operation is Get. -**/EnterpriseApps/Download** +**/EnterpriseApps/Download** Required. This node groups application download-related parameters. The enterprise server can only automatically update currently installed enterprise applications. The end user controls which enterprise applications to download and install. Scope is dynamic. Supported operation is Get. -**/Download/****_ProductID_** +**/Download/****_ProductID_** Optional. This node contains the GUID for the installed enterprise application. Each installed application has a unique ID. Scope is dynamic. Supported operations are Get, Add, and Replace. -**/Download/*ProductID*/Version** +**/Download/*ProductID*/Version** Optional. The character string that contains version information (set by the caller) for the application currently being downloaded. Scope is dynamic. Supported operations are Get, Add, and Replace. -**/Download/*ProductID*/Name** +**/Download/*ProductID*/Name** Required. The character string that contains the name of the installed application. Scope is dynamic. Supported operation is Get. -**/Download/*ProductID*/URL** +**/Download/*ProductID*/URL** Optional. The character string that contains the URL for the updated version of the installed application. The device will download application updates from this link. Scope is dynamic. Supported operations are Get, Add, and Replace. -**/Download/*ProductID*/Status** +**/Download/*ProductID*/Status** Required. The integer value that indicates the status of the current download process. The following table shows the possible values. @@ -175,15 +175,15 @@ Required. The integer value that indicates the status of the current download pr Scope is dynamic. Supported operations are Get, Add, and Replace. -**/Download/*ProductID*/LastError** +**/Download/*ProductID*/LastError** Required. The integer value that indicates the HRESULT of the last error code. If there are no errors, the value is 0 (S\_OK). Scope is dynamic. Supported operation is Get. -**/Download/*ProductID*/LastErrorDesc** +**/Download/*ProductID*/LastErrorDesc** Required. The character string that contains the human readable description of the last error code. -**/Download/*ProductID*/DownloadInstall** +**/Download/*ProductID*/DownloadInstall** Required. The node to allow the server to trigger the download and installation for an updated version of the user installed application. The format for this node is null. The server must query the device later to determine the status. For each product ID, the status field is retained for up to one week. Scope is dynamic. Supported operation is Exec. @@ -342,7 +342,7 @@ Response from the device (that contains two installed applications): -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB316008A-141D-4A79-810F-8B764C4CFDFB%7D +./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB316008A-141D-4A79-810F-8B764C4CFDFB%7D diff --git a/windows/client-management/mdm/enterpriseappvmanagement-csp.md b/windows/client-management/mdm/enterpriseappvmanagement-csp.md index 006a9353a2..5b6097fb0f 100644 --- a/windows/client-management/mdm/enterpriseappvmanagement-csp.md +++ b/windows/client-management/mdm/enterpriseappvmanagement-csp.md @@ -117,7 +117,7 @@ The following diagram shows the EnterpriseAppVManagement configuration service p

    Used to perform App-V synchronization.

    **AppVPublishing/Sync/PublishXML** -

    Used to execute the App-V synchronization using the Publishing protocol. For more information about the protocol see [[MS-VAPR]: Virtual Application Publishing and Reporting (App-V) Protocol](https://msdn.microsoft.com/en-us/library/mt739986.aspx).

    +

    Used to execute the App-V synchronization using the Publishing protocol. For more information about the protocol see [[MS-VAPR]: Virtual Application Publishing and Reporting (App-V) Protocol](https://msdn.microsoft.com/library/mt739986.aspx).

    Supported operations are Get, Delete, and Execute.

    diff --git a/windows/client-management/mdm/enterpriseassignedaccess-csp.md b/windows/client-management/mdm/enterpriseassignedaccess-csp.md index e5f202eacb..1497a04465 100644 --- a/windows/client-management/mdm/enterpriseassignedaccess-csp.md +++ b/windows/client-management/mdm/enterpriseassignedaccess-csp.md @@ -18,7 +18,7 @@ The EnterpriseAssignedAccess configuration service provider allows IT administra > **Note**   The EnterpriseAssignedAccess CSP is only supported in Windows 10 Mobile. -To use an app to create a lockdown XML see [Use the Lockdown Designer app to create a Lockdown XML file](https://docs.microsoft.com/en-us/windows/configuration/mobile-devices/mobile-lockdown-designer). For more information about how to interact with the lockdown XML at runtime, see [**DeviceLockdownProfile class**](https://msdn.microsoft.com/library/windows/hardware/mt186983). +To use an app to create a lockdown XML see [Use the Lockdown Designer app to create a Lockdown XML file](https://docs.microsoft.com/windows/configuration/mobile-devices/mobile-lockdown-designer). For more information about how to interact with the lockdown XML at runtime, see [**DeviceLockdownProfile class**](https://msdn.microsoft.com/library/windows/hardware/mt186983). The following diagram shows the EnterpriseAssignedAccess configuration service provider in tree format as used by both the Open Mobile Alliance (OMA) Device Management (DM) and OMA Client Provisioning. @@ -26,13 +26,13 @@ The following diagram shows the EnterpriseAssignedAccess configuration service p The following list shows the characteristics and parameters. -**./Vendor/MSFT/EnterpriseAssignedAccess/** +**./Vendor/MSFT/EnterpriseAssignedAccess/** The root node for the EnterpriseAssignedAccess configuration service provider. Supported operations are Add, Delete, Get and Replace. -**AssignedAccess/** +**AssignedAccess/** The parent node of assigned access XML. -**AssignedAccess/AssignedAccessXml** +**AssignedAccess/AssignedAccessXml** The XML code that controls the assigned access settings that will be applied to the device. Supported operations are Add, Delete, Get and Replace. @@ -40,7 +40,7 @@ Supported operations are Add, Delete, Get and Replace. The Apps and Settings sections of lockdown XML constitute an Allow list. Any app or setting that is not specified in AssignedAccessXML will not be available on the device to users. The following table describes the entries in lockdown XML. > [!Important]    -> When using the AssignedAccessXml in the EnterpriseAssignedAccess CSP through an MDM, the XML must use escaped characters, such as \< instead of < because it is embedded in an XML. The examples provided in the topic are formatted for readability. +> When using the AssignedAccessXml in the EnterpriseAssignedAccess CSP through an MDM, the XML must use escaped characters, such as \< instead of < because it is embedded in an XML. The examples provided in the topic are formatted for readability. When using the AssignedAccessXml in a provisioning package using the Windows Configuration Designer tool, do not use escaped characters. @@ -51,8 +51,8 @@ ActionCenter | Example: `` ActionCenter | In Windows 10, when the Action Center is disabled, Above Lock notifications and toasts are also disabled. When the Action Center is enabled, the following policies are also enabled; **AboveLock/AllowActionCenterNotifications** and **AboveLock/AllowToasts**. For more information about these policies, see [Policy CSP](policy-configuration-service-provider.md) ActionCenter | You can also add the following optional attributes to the ActionCenter element to override the default behavior: **aboveLockToastEnabled** and **actionCenterNotificationEnabled**. Valid values are 0 (policy disabled), 1 (policy enabled), and -1 (not set, policy enabled). In this example, the Action Center is enabled and both policies are disabled.: `` ActionCenter | These optional attributes are independent of each other. In this example, Action Center is enabled, the notifications policy is disabled, and the toast policy is enabled by default because it is not set. `` -StartScreenSize | Specify the size of the Start screen. In addition to 4/6 columns, you can also use 4/6/8 depending on screen resolutions. Valid values: **Small** - sets the width to 4 columns on device with short axis <400epx or 6 columns on devices with short axis >=400epx. **Large** - sets the width to 6 columns on devices with short axis <400epx or 8 columns on devices with short axis >=400epx. -StartScreenSize | If you have existing lockdown XML, you must update it if your device has >=400epx on its short axis so that tiles on Start can fill all 8 columns if you want to use all 8 columns instead of 6, or use 6 columns instead of 4. Example: `Large` +StartScreenSize | Specify the size of the Start screen. In addition to 4/6 columns, you can also use 4/6/8 depending on screen resolutions. Valid values: **Small** - sets the width to 4 columns on device with short axis <400epx or 6 columns on devices with short axis >=400epx. **Large** - sets the width to 6 columns on devices with short axis <400epx or 8 columns on devices with short axis >=400epx. +StartScreenSize | If you have existing lockdown XML, you must update it if your device has >=400epx on its short axis so that tiles on Start can fill all 8 columns if you want to use all 8 columns instead of 6, or use 6 columns instead of 4. Example: `Large` Application | Provide the product ID for each app that will be available on the device. You can find the product ID for a locally developed app in the AppManifest.xml file of the app. For the list of product ID and AUMID see [ProductIDs in Windows 10 Mobile](#productid). Application | To turn on the notification for a Windows app, you must include the application's AUMID in the lockdown XML. However, the user can change the setting at any time from user interface. Example: `` Application | modern app notification @@ -79,7 +79,7 @@ Application example: ``` syntax - Large @@ -90,7 +90,7 @@ aumid="microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.c - Large @@ -105,7 +105,7 @@ aumid="microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.m Entry | Description ----------- | ------------ -Folder | A folder should be contained in <Applications/> node among with other <Application/> nodes, it shares most grammar with the Application Node, **folderId** is mandatory, **folderName** is optional, which is the folder name displayed on Start. **folderId** is a unique unsigned integer for each folder. +Folder | A folder should be contained in node among with other nodes, it shares most grammar with the Application Node, **folderId** is mandatory, **folderName** is optional, which is the folder name displayed on Start. **folderId** is a unique unsigned integer for each folder. Folder example: ``` syntax @@ -246,7 +246,7 @@ Entry | Description ----------- | ------------ Settings | Starting in Windows 10, version 1703, you can specify the settings pages using the settings URI. -For example, in place of SettingPageDisplay, you would use ms-settings:display. See [ms-settings: URI scheme reference](https://docs.microsoft.com/en-us/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference) to find the URI for each settings page. +For example, in place of SettingPageDisplay, you would use ms-settings:display. See [ms-settings: URI scheme reference](https://docs.microsoft.com/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference) to find the URI for each settings page. Here is an example for Windows 10, version 1703. @@ -262,11 +262,11 @@ Here is an example for Windows 10, version 1703. ``` -**Quick action settings** +**Quick action settings** Starting in Windows 10, version 1511, you can specify the following quick action settings in the lockdown XML file. The following list shows the quick action settings and settings page dependencies (group and page). -> [!Note] +> [!Note] > Only Windows 10, versions 1511 and 1607, the dependent settings group and pages are automatically added when the quick action item is specified in the lockdown XML. In Windows 10, version 1703, Quick action settings no longer require any dependencies from related group or page.
      @@ -323,27 +323,27 @@ Starting in Windows 10, version 1703, Quick action settings no longer require an - SystemSettings_System_Display_QuickAction_Brightness -In this example, all settings pages and quick action settings are allowed. An empty \ node indicates that none of the settings are blocked. +In this example, all settings pages and quick action settings are allowed. An empty \ node indicates that none of the settings are blocked. ``` syntax ``` -In this example for Windows 10, version 1511, all System setting pages are enabled. Note that the System page group is added as well as all of the System subpage names. +In this example for Windows 10, version 1511, all System setting pages are enabled. Note that the System page group is added as well as all of the System subpage names. ``` syntax - - - + + + - - + + - - - + + + ``` Here is an example for Windows 10, version 1703. @@ -363,7 +363,7 @@ Here is an example for Windows 10, version 1703. Entry | Description ----------- | ------------ Buttons | The following list identifies the hardware buttons on the device that you can lock down in ButtonLockdownList. When a user taps a button that is in the lockdown list, nothing will happen. - +

      • Start

      • Back

        • @@ -374,12 +374,12 @@ Buttons | The following list identifies the hardware buttons on the device that

      • Custom3

      -> [!Note] -> Lock down of the Start button only prevents the press and hold event. +> [!Note] +> Lock down of the Start button only prevents the press and hold event. > > Custom buttons are hardware buttons that can be added to devices by OEMs. -Buttons example: +Buttons example: ``` syntax @@ -398,12 +398,12 @@ Buttons example: ``` The Search and custom buttons can be remapped or configured to open a specific application. Button remapping takes effect for the device and applies to all users. -> [!Note] -> The lockdown settings for a button, per user role, will apply regardless of the button mapping. +> [!Note] +> The lockdown settings for a button, per user role, will apply regardless of the button mapping. > > Button remapping can enable a user to open an application that is not in the Allow list. Use button lock down to prevent application access for a user role. -To remap a button in lockdown XML, you supply the button name, the button event (typically "press"), and the product ID for the application the button will open. +To remap a button in lockdown XML, you supply the button name, the button event (typically "press"), and the product ID for the application the button will open. ``` syntax @@ -415,7 +415,7 @@ To remap a button in lockdown XML, you supply the button name, the button event ``` -**Disabling navigation buttons** +**Disabling navigation buttons** To disable navigation buttons (such as Home or Back) in lockdown XML, you supply the name (for example, Start) and button event (typically "press"). The following section contains a sample lockdown XML file that shows how to disable navigation buttons. @@ -496,7 +496,7 @@ Entry | Description ----------- | ------------ MenuItems | Use **DisableMenuItems** to prevent use of the context menu, which is displayed when a user presses and holds an application in the All Programs list. You can include this entry in the default profile and in any additional user role profiles that you create. -> [!Important] +> [!Important] > If **DisableMenuItems** is not included in a profile, users of that profile can uninstall apps. MenuItems example: @@ -511,12 +511,12 @@ Entry | Description ----------- | ------------ Tiles | **Turning-on tile manipulation** - By default, under Assigned Access, tile manipulation is turned off (blocked) and only available if enabled in the user’s profile. If tile manipulation is enabled in the user’s profile, they can pin/unpin, move, and resize tiles based on their preferences. When multiple people use one device and you want to enable tile manipulation for multiple users, you must enable it for each user in their user profile. -> [!Important] +> [!Important] > If a device is turned off then back on, the tiles reset to their predefined layout. If a device has only one profile, the only way to reset the tiles is to turn off then turn on the device. If a device has multiple profiles, the device resets the tiles to the predefined layout based on the logged-in user’s profile. The following sample file contains configuration for enabling tile manipulation. -> [!Note] +> [!Note] > Tile manipulation is disabled when you don’t have a `` node in lockdown XML, or if you have a `` node but don’t have the `` node. ``` syntax @@ -596,25 +596,25 @@ Entry | Description CSP Runner | Allows CSPs to be executed on the device per user role. You can use this to implement role specific policies, such as changing the color scheme when an admin logs on the device, or to set configurations per role.   -**LockscreenWallpaper/** +**LockscreenWallpaper/** The parent node of the lock screen-related parameters that let administrators query and manage the lock screen image on devices. Supported operations are Add, Delete, Get and Replace. -**LockscreenWallpaper/BGFileName** +**LockscreenWallpaper/BGFileName** The file name of the lock screen. The image file for the lock screen can be in .jpg or .png format and must not exceed 2 MB. The file name can also be in the Universal Naming Convention (UNC) format, in which case the device downloads it from the shared network and then sets it as the lock screen wallpaper. Supported operations are Add, Get, and Replace. -**Theme/** +**Theme/** The parent node of theme-related parameters. Supported operations are Add, Delete, Get and Replace. -**Theme/ThemeBackground** +**Theme/ThemeBackground** Indicates whether the background color is light or dark. Set to **0** for light; set to **1** for dark. Supported operations are Get and Replace. -**Theme/ThemeAccentColorID** +**Theme/ThemeAccentColorID** The accent color to apply as the foreground color for tiles, controls, and other visual elements on the device. The following table shows the possible values.
    @@ -724,22 +724,22 @@ The accent color to apply as the foreground color for tiles, controls, and other Supported operations are Get and Replace. -**Theme/ThemeAccentColorValue** +**Theme/ThemeAccentColorValue** A 6-character string for the accent color to apply to controls and other visual elements. To use a custom accent color for Enterprise, enter **151** for *ThemeAccentColorID* before *ThemeAccentColorValue* in lockdown XML. *ThemeAccentColorValue* configures the custom accent color using hex values for red, green, and blue, in RRGGBB format. For example, enter FF0000 for red. Supported operations are Get and Replace. -**PersistData** +**PersistData** Not supported in Windows 10. The parent node of whether to persist data that has been provisioned on the device. -**PersistData/PersistProvisionedData** +**PersistData/PersistProvisionedData** Not supported in Windows 10. Use doWipePersistProvisionedData in [RemoteWipe CSP](remotewipe-csp.md) instead. -**Clock/TimeZone/** +**Clock/TimeZone/** An integer that specifies the time zone of the device. The following table shows the possible values. Supported operations are Get and Replace. @@ -1172,8 +1172,8 @@ Supported operations are Get and Replace.
    -**Locale/Language/** -The culture code that identifies the language to display on a device, and specifies the formatting of numbers, currencies, time, and dates. For language values, see [Locale IDs Assigned by Microsoft](http://go.microsoft.com/fwlink/p/?LinkID=189567). +**Locale/Language/** +The culture code that identifies the language to display on a device, and specifies the formatting of numbers, currencies, time, and dates. For language values, see [Locale IDs Assigned by Microsoft](https://go.microsoft.com/fwlink/p/?LinkID=189567). The language setting is configured in the Default User profile only. @@ -1195,14 +1195,14 @@ The XML examples in this section show how to perform various tasks by using OMA The following example shows how to add a new policy. ``` syntax - -    -      -    - + +    +      "/> +    + ``` ### Language @@ -1210,13 +1210,13 @@ The following example shows how to add a new policy. The following example shows how to specify the language to display on the device. ``` syntax - -    -      +    +      -    - +    + ``` ## OMA DM examples @@ -1229,20 +1229,20 @@ These XML examples show how to perform various tasks using OMA DM. The following example shows how to lock down a device. ``` syntax - - - - 2 - - - ./Vendor/MSFT/EnterpriseAssignedAccess/AssignedAccess/AssignedAccessXml - - <?xml version="1.0" encoding="utf-8"?><HandheldLockdown version="1.0"><Default><Apps><Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5615}" pinToStart="1"/><Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5612}" pinToStart="2"/></Apps><Settings><System name="Microsoft.Themes" /><System name="Microsoft.About" /></Settings><Buttons><Button name="Start" disableEvents="PressAndHold" /><Button name="Camera" disableEvents="All" /><Button name="Search" disableEvents="All" /></Buttons><MenuItems><DisableMenuItems/></MenuItems></Default><RoleList><Role guid="{76C01983-A872-4C4E-B4C6-321EAC709CEA}" name="Associate"><Apps><Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5615}" pinToStart="1"/></Apps><Settings><System name="Microsoft.Themes" /><System name="Microsoft.About" /></Settings><Buttons><Button name="Start" disableEvents="PressAndHold" /><Button name="Camera" disableEvents="All" /></Buttons><MenuItems><DisableMenuItems/></MenuItems></Role><Role guid="{8ABB8A10-4418-4467-9E18-99D11FA54E30}" name="Manager"><Apps><Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5612}" pinToStart="1"/></Apps><Settings><System name="Microsoft.Themes" /></Settings><Buttons><Button name="Start" disableEvents="PressAndHold" /></Buttons><MenuItems><DisableMenuItems/></MenuItems></Role></RoleList></HandheldLockdown> - - - - - + + + + 2 + + + ./Vendor/MSFT/EnterpriseAssignedAccess/AssignedAccess/AssignedAccessXml + +