deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 06:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/master' into atp-fixes

Browse Source
This commit is contained in:
Joey Caparas 2017-04-28 13:18:59 -07:00
commit 1c29ecc5df
91 changed files with 1733 additions and 1469 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

716
.openpublishing.publish.config.json
View File

@ -1,318 +1,398 @@
{
"build_entry_point": "",
"need_generate_pdf": false,
"need_generate_intellisense": false,
"docsets_to_publish": [
{
"docset_name": "education",
"build_source_folder": "education",
"build_output_subfolder": "education",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "internet-explorer",
"build_source_folder": "browsers/internet-explorer",
"build_output_subfolder": "browsers/internet-explorer",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "itpro-hololens",
"build_source_folder": "devices/hololens",
"build_output_subfolder": "devices/hololens",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "mdop",
"build_source_folder": "mdop",
"build_output_subfolder": "mdop",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "microsoft-edge",
"build_source_folder": "browsers/edge",
"build_output_subfolder": "browsers/edge",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "smb",
"build_source_folder": "smb",
"build_output_subfolder": "smb",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "store-for-business",
"build_source_folder": "store-for-business",
"build_output_subfolder": "store-for-business",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "surface",
"build_source_folder": "devices/surface",
"build_output_subfolder": "devices/surface",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "surface-hub",
"build_source_folder": "devices/surface-hub",
"build_output_subfolder": "devices/surface-hub",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "win-access-protection",
"build_source_folder": "windows/access-protection",
"build_output_subfolder": "win-access-protection",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "win-app-management",
"build_source_folder": "windows/application-management",
"build_output_subfolder": "win-app-management",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "win-client-management",
"build_source_folder": "windows/client-management",
"build_output_subfolder": "win-client-management",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "win-configuration",
"build_source_folder": "windows/configuration",
"build_output_subfolder": "win-configuration",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "win-development",
"build_source_folder": "windows/deployment",
"build_output_subfolder": "win-development",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "win-device-security",
"build_source_folder": "windows/device-security",
"build_output_subfolder": "win-device-security",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "windows",
"build_source_folder": "windows",
"build_output_subfolder": "windows",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "windows-hub",
"build_source_folder": "windows/hub",
"build_output_subfolder": "windows-hub",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "win-threat-protection",
"build_source_folder": "windows/threat-protection",
"build_output_subfolder": "win-threat-protection",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "win-whats-new",
"build_source_folder": "windows/whats-new",
"build_output_subfolder": "win-whats-new",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
}
],
"notification_subscribers": [
"brianlic@microsoft.com"
],
"branches_to_filter": [
""
],
"git_repository_url_open_to_public_contributors": "https://github.com/Microsoft/windows-itpro-docs",
"git_repository_branch_open_to_public_contributors": "master",
"skip_source_output_uploading": false,
"need_preview_pull_request": true,
"dependent_repositories": [
{
"path_to_root": "_themes",
"url": "https://github.com/Microsoft/templates.docs.msft",
"branch": "master",
"branch_mapping": {}
}
],
"need_generate_pdf_url_template": false
}
{
"build_entry_point": "",
"need_generate_pdf": false,
"need_generate_intellisense": false,
"docsets_to_publish": [
{
"docset_name": "education",
"build_source_folder": "education",
"build_output_subfolder": "education",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "internet-explorer",
"build_source_folder": "browsers/internet-explorer",
"build_output_subfolder": "browsers/internet-explorer",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "itpro-hololens",
"build_source_folder": "devices/hololens",
"build_output_subfolder": "devices/hololens",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "mdop",
"build_source_folder": "mdop",
"build_output_subfolder": "mdop",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "microsoft-edge",
"build_source_folder": "browsers/edge",
"build_output_subfolder": "browsers/edge",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "smb",
"build_source_folder": "smb",
"build_output_subfolder": "smb",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "store-for-business",
"build_source_folder": "store-for-business",
"build_output_subfolder": "store-for-business",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "surface",
"build_source_folder": "devices/surface",
"build_output_subfolder": "devices/surface",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "surface-hub",
"build_source_folder": "devices/surface-hub",
"build_output_subfolder": "devices/surface-hub",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "win-access-protection",
"build_source_folder": "windows/access-protection",
"build_output_subfolder": "win-access-protection",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "win-app-management",
"build_source_folder": "windows/application-management",
"build_output_subfolder": "win-app-management",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "win-client-management",
"build_source_folder": "windows/client-management",
"build_output_subfolder": "win-client-management",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "win-configuration",
"build_source_folder": "windows/configuration",
"build_output_subfolder": "win-configuration",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "win-development",
"build_source_folder": "windows/deployment",
"build_output_subfolder": "win-development",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "win-device-security",
"build_source_folder": "windows/device-security",
"build_output_subfolder": "win-device-security",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "windows-hub",
"build_source_folder": "windows/hub",
"build_output_subfolder": "windows-hub",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "win-threat-protection",
"build_source_folder": "windows/threat-protection",
"build_output_subfolder": "win-threat-protection",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "win-whats-new",
"build_source_folder": "windows/whats-new",
"build_output_subfolder": "win-whats-new",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": true,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "keep-secure",
"build_source_folder": "windows/keep-secure",
"build_output_subfolder": "keep-secure",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": false,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "windows-manage",
"build_source_folder": "windows/manage",
"build_output_subfolder": "windows-manage",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": false,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "windows-plan",
"build_source_folder": "windows/plan",
"build_output_subfolder": "windows-plan",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": false,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "windows-update",
"build_source_folder": "windows/update",
"build_output_subfolder": "windows-update",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": false,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "windows-deploy",
"build_source_folder": "windows/deploy",
"build_output_subfolder": "windows-deploy",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": false,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
},
{
"docset_name": "windows-configure",
"build_source_folder": "windows/configure",
"build_output_subfolder": "windows-configure",
"locale": "en-us",
"monikers": [],
"open_to_public_contributors": false,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"version": 0
}
],
"notification_subscribers": [
"brianlic@microsoft.com"
],
"branches_to_filter": [
""
],
"git_repository_url_open_to_public_contributors": "https://github.com/Microsoft/windows-itpro-docs",
"git_repository_branch_open_to_public_contributors": "master",
"skip_source_output_uploading": false,
"need_preview_pull_request": true,
"dependent_repositories": [
{
"path_to_root": "_themes",
"url": "https://github.com/Microsoft/templates.docs.msft",
"branch": "master",
"branch_mapping": {}
}
],
"need_generate_pdf_url_template": false
}

494
.openpublishing.redirection.json
View File

File diff suppressed because it is too large Load Diff

16
browsers/edge/Index.md
View File

@ -22,10 +22,10 @@ Microsoft Edge is the new, default web browser for Windows 10, helping you to e
Microsoft Edge lets you stay up-to-date through the Windows Store and to manage your enterprise through Group Policy or your mobile device management (MDM) tools.
> **Note**<br>This content isn't meant to be a step-by-step guide, so not everything that's talked about in this guide will be necessary for you to manage and deploy Microsoft Edge in your company.
>[!Note]
>For more info about the potential impact of using Microsoft Edge in a large organization, you can download an infographic from here: [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/en-us/download/details.aspx?id=53892).
> **Note**<br>For more info about the potential impact of using Microsoft Edge in a large organization, you can download an infographic from here: [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/en-us/download/details.aspx?id=53892).
>Also, if you've arrived here looking for Internet Explorer 11 content, you'll need to go to the [Internet Explorer 11 (IE11)](https://docs.microsoft.com/en-us/internet-explorer/) area.
## In this section
@ -33,9 +33,9 @@ Microsoft Edge lets you stay up-to-date through the Windows Store and to manage
| -----------------------| ----------------------------------- |
|[Change history for Microsoft Edge](change-history-for-microsoft-edge.md) |Lists new and updated topics in the Microsoft Edge documentation for both Windows 10 and Windows 10 Mobile. |
|[Enterprise guidance about using Microsoft Edge and Internet Explorer 11](enterprise-guidance-using-microsoft-edge-and-ie11.md) |Guidance about how to use both Microsoft Edge and Internet Explorer 11 in your enterprise.|
| [Microsoft Edge requirements and language support](hardware-and-software-requirements.md) | Microsoft Edge is pre-installed on all Windows 10-capable devices that meet the minimum system requirements and are on the supported language list.|
| [Available policies for Microsoft Edge](available-policies.md) | Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. <p>Group Policy objects (GPO's) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences. By using Group Policy and Intune, you can set up a policy setting once, and then copy that setting onto many computers. For example, you can set up multiple security settings in a GPO that's linked to a domain, and then apply all of those settings to every computer in the domain. |
| [Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md) | If you have specific web sites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the web sites will automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work properly with Microsoft Edge, you can set all intranet sites to automatically open using IE11. <p>Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11. |
| [Microsoft Edge requirements and language support](hardware-and-software-requirements.md) |Microsoft Edge is pre-installed on all Windows 10-capable devices that meet the minimum system requirements and are on the supported language list.|
| [Available policies for Microsoft Edge](available-policies.md) |Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings.<br><br>Group Policy objects (GPO's) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences. By using Group Policy and Intune, you can set up a policy setting once, and then copy that setting onto many computers. For example, you can set up multiple security settings in a GPO that's linked to a domain, and then apply all of those settings to every computer in the domain. |
| [Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md) |If you have specific web sites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the web sites will automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work properly with Microsoft Edge, you can set all intranet sites to automatically open using IE11.<br><br>Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11. |
| [Security enhancements for Microsoft Edge](security-enhancements-microsoft-edge.md) |Microsoft Edge is designed with significant security improvements over existing browsers, helping to defend people from increasingly sophisticated and prevalent web-based attacks against Windows. |
## Interoperability goals and enterprise guidance
@ -59,8 +59,10 @@ You'll need to keep running them using IE11. If you don't have IE11 installed an
## Related topics
- [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/en-us/download/details.aspx?id=53892)
- [Download Internet Explorer 11](https://go.microsoft.com/fwlink/p/?linkid=290956)
- [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](https://go.microsoft.com/fwlink/p/?LinkId=760644)
- [Internet Explorer 11 - FAQ for IT Pros](https://go.microsoft.com/fwlink/p/?LinkId=760645)
- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](https://go.microsoft.com/fwlink/p/?LinkId=760646)

2
browsers/internet-explorer/docfx.json
View File

@ -18,7 +18,7 @@
"breadcrumb_path": "/internet-explorer/breadcrumb/toc.json",
"ROBOTS": "INDEX, FOLLOW",
"ms.author": "lizross",
"author": "lizross",
"author": "eross-msft",
"ms.technology": "internet-explorer",
"ms.topic": "article"
},

3
devices/surface-hub/create-and-test-a-device-account-surface-hub.md
View File

@ -50,7 +50,8 @@ For detailed steps using PowerShell to provision a device account, choose an opt
| [On-premises deployment (multiple forests)](on-premises-deployment-surface-hub-multi-forest.md) | Your organization has servers that it controls and uses to host Active Directory, Exchange, and Skype for Business (or Lync) in a multi-forest environment. |
| [Hybrid deployment](hybrid-deployment-surface-hub-device-accounts.md) | Your organization has a mix of services, with some hosted on-premises and some hosted online through Office 365. |
If you prefer to use a graphical user interface, some steps can be done using UI instead of PowerShell.
If you prefer to use a graphical user interface (UI), some steps can be done using UI instead of PowerShell.
For more information, see [Creating a device account using UI](create-a-device-account-using-office-365.md).

416
devices/surface-hub/use-room-control-system-with-surface-hub.md
View File

@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: surfacehub
author: TrudyHa
author: jdeckerms
localizationpriority: medium
---
@ -22,45 +22,14 @@ Using a room control system with your Surface Hub involves connecting room contr
To connect to a room control system control panel, you don't need to configure any terminal settings on the Surface Hub. If you want to connect a PC or laptop to your Surface Hub and send serial commands from the Surface Hub, you can use a terminal emulator program like Tera Term or PuTTY.
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Setting</th>
<th align="left">Value</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>Baud rate</p></td>
<td align="left"><p>115200</p></td>
</tr>
<tr class="even">
<td align="left"><p>Data bits</p></td>
<td align="left"><p>8</p></td>
</tr>
<tr class="odd">
<td align="left"><p>Stop bits</p></td>
<td align="left"><p>1</p></td>
</tr>
<tr class="even">
<td align="left"><p>Parity</p></td>
<td align="left"><p>none</p></td>
</tr>
<tr class="odd">
<td align="left"><p>Flow control</p></td>
<td align="left"><p>none</p></td>
</tr>
<tr class="odd">
<td align="left"><p>Line feed</p></td>
<td align="left"><p>every carriage return</p></td>
</tr>
</tbody>
</table>
| Setting | Value |
| --- | --- |
| Baud rate | 115200 |
| Data bits | 8 |
| Stop bits | 1 |
| Parity | none |
| Flow control | none |
| Line feed | every carriage return |
 
## Wiring diagram
@ -77,153 +46,41 @@ Room control systems use common meeting-room scenarios for commands. Commands or
The following command modifiers are available. Commands terminate with a new line character (/n). Responses can come at any time in response to state changes not triggered directly by a management port command.
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Modifier</th>
<th align="left">Result</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>+</p></td>
<td align="left"><p>Increment a value</p></td>
</tr>
<tr class="even">
<td align="left"><p>-</p></td>
<td align="left"><p>Decrease a value</p></td>
</tr>
<tr class="odd">
<td align="left"><p>=</p></td>
<td align="left"><p>Set a discrete value</p></td>
</tr>
<tr class="even">
<td align="left"><p>?</p></td>
<td align="left"><p>Queries for a current value</p></td>
</tr>
</tbody>
</table>
| Modifier | Result |
| --- | --- |
| + | Increment a value |
| - | Decrease a value |
| = | Set a discrete value |
| ? | Queries for a current value |
 
## Power
Surface Hub can be in one of these power states.
<table>
<colgroup>
<col width="33%" />
<col width="33%" />
<col width="33%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">State</th>
<th align="left">Energy Star state</th>
<th align="left">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>0</p></td>
<td align="left"><p>S5</p></td>
<td align="left"><p>Off</p></td>
</tr>
<tr class="even">
<td align="left"><p>1</p></td>
<td align="left"><p>-</p></td>
<td align="left"><p>Power up (indeterminate)</p></td>
</tr>
<tr class="odd">
<td align="left"><p>2</p></td>
<td align="left"><p>S3</p></td>
<td align="left"><p>Sleep</p></td>
</tr>
<tr class="even">
<td align="left"><p>3</p></td>
<td align="left"><p>S0</p></td>
<td align="left"><p>Resting</p></td>
</tr>
<tr class="odd">
<td align="left"><p>4</p></td>
<td align="left"><p>S0</p></td>
<td align="left"><p>Ambient</p></td>
</tr>
<tr class="even">
<td align="left"><p>5</p></td>
<td align="left"><p>S0</p></td>
<td align="left"><p>Ready</p></td>
</tr>
</tbody>
</table>
| State | Energy Star state| Description |
| --- | --- | --- |
| 0 | S5 | Off |
| 1 | - | Power up (indeterminate) |
| 2 | S3 | Sleep |
| 5 | S0 | Ready |
In Replacement PC mode, the power states are only Ready and Off and only change the display. The management port can't be used to power on the replacement PC.
<table>
<colgroup>
<col width="33%" />
<col width="33%" />
<col width="33%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">State</th>
<th align="left">Energy Star state</th>
<th align="left">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>0</p></td>
<td align="left"><p>S5</p></td>
<td align="left"><p>Off</p></td>
</tr>
<tr class="even">
<td align="left"><p>5</p></td>
<td align="left"><p>S0</p></td>
<td align="left"><p>Ready</p></td>
</tr>
</tbody>
</table>
| State | Energy Star state| Description |
| --- | --- | --- |
| 0 | S5 | Off |
| 5 | S0 | Ready |
For a control device, anything other than 5 / Ready should be considered off. Each PowerOn command results in two state changes and reponses.
<table>
<colgroup>
<col width="33%" />
<col width="33%" />
<col width="33%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Command</th>
<th align="left">State change</th>
<th align="left">Response</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>PowerOn</p></td>
<td align="left"><p>Device turns on (display + PC).</p><p>PC service notifies SMC that the PC is ready.</p></td>
<td align="left"><p>Power=0</p><p>Power=5</p></td>
</tr>
| Command | State change| Response |
| --- | --- | --- |
| PowerOn | Device turns on (display + PC).</br></br>PC service notifies SMC that the PC is ready. | Power=0</br></br>Power=5 |
| PowerOff | Device transitions to ambient state (PC on, display dim). | Power=0 |
| Power? | SMC reports the last-known power state. | Power=<#> |
<tr class="even">
<td align="left"><p>PowerOff</p></td>
<td align="left"><p>Device transitions to ambient state (PC on, display dim).</p></td>
<td align="left"><p>Power=0</p></td>
</tr>
<tr class="even">
<td align="left"><p>Power?</p></td>
<td align="left"><p>SMC reports the last-known power state.</p></td>
<td align="left"><p>Power=<#></p></td>
</tr>
</tbody>
</table>
## Brightness
@ -232,34 +89,10 @@ The current brightness level is a range from 0 to 100.
Changes to brightness levels can be sent by a room control system, or other system.
<table>
<colgroup>
<col width="33%" />
<col width="33%" />
<col width="33%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Command</th>
<th align="left">State change</th>
<th align="left">Response</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>Brightness+</p></td>
<td align="left"><p>System management controller (SMC) sends the brightness up command.</p>
<p>PC service on the room control system notifies SMC of new brightness level.</p></td>
<td align="left"><p>Brightness = 51</p></td>
</tr>
<tr class="even">
<td align="left"><p>Brightness-</p></td>
<td align="left"><p>SMC sends the brightness down command.</p>
<p>PC service notifies SMC of new brightness level.</p></td>
<td align="left"><p>Brightness = 50</p></td>
</tr>
</tbody>
</table> 
| Command | State change |Response |
| --- | --- | --- |
| Brightness+ | System management controller (SMC) sends the brightness up command.</br></br>PC service on the room control system notifies SMC of new brightness level. | Brightness = 51 |
| Brightness- | SMC sends the brightness down command.</br></br>PC service notifies SMC of new brightness level. | Brightness = 50 |
## Volume
@ -270,34 +103,11 @@ Changes to volume levels can be sent by a room control system, or other system.
>[!NOTE]
>The Volume command will only control the volume for embedded or Replacement PC mode, not from [Guest sources](connect-and-display-with-surface-hub.md).
<table>
<colgroup>
<col width="33%" />
<col width="33%" />
<col width="33%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Command</th>
<th align="left">State change</th>
<th align="left">Response</br>(On in [Replacement PC mode](connect-and-display-with-surface-hub.md#replacement-pc-mode))</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>Volume+</p></td>
<td align="left"><p>SMC sends the volume up command.</p>
<p>PC service notifies SMC of new volume level.</p></td>
<td align="left"><p>Volume = 51</p></td>
</tr>
<tr class="even">
<td align="left"><p>Volume-</p></td>
<td align="left"><p>SMC sends the volume down command.</p>
<p>PC service notifies SMC of new volume level.</p></td>
<td align="left"><p>Volume = 50</p></td>
</tr>
</tbody>
</table>
| Command | State change | Response</br>(On in [Replacement PC mode](connect-and-display-with-surface-hub.md#replacement-pc-mode)) |
| --- | --- | --- |
| Volume+ | SMC sends the volume up command.</br></br>PC service notifies SMC of new volume level. | Volume = 51 |
| Volume- | SMC sends the volume down command.</br></br>PC service notifies SMC of new volume level. | Volume = 50 |
 
@ -305,28 +115,10 @@ Changes to volume levels can be sent by a room control system, or other system.
Audio can be muted.
<table>
<colgroup>
<col width="33%" />
<col width="33%" />
<col width="33%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Command</th>
<th align="left">State change</th>
<th align="left">Response</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>AudioMute+</p></td>
<td align="left"><p>SMC sends the audio mute command.</p>
<p>PC service notifies SMC that audio is muted.</p></td>
<td align="left"><p>none</p></td>
</tr>
</tbody>
</table>
| Command | State change | Response |
| --- | --- | --- |
| AudioMute+ | SMC sends the audio mute command.</br></br>PC service notifies SMC that audio is muted. | none |
 
@ -334,116 +126,36 @@ Audio can be muted.
Several display sources can be used.
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">State</th>
<th align="left">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>0</p></td>
<td align="left"><p>Onboard PC</p></td>
</tr>
<tr class="even">
<td align="left"><p>1</p></td>
<td align="left"><p>DisplayPort</p></td>
</tr>
<tr class="odd">
<td align="left"><p>2</p></td>
<td align="left"><p>HDMI</p></td>
</tr>
<tr class="even">
<td align="left"><p>3</p></td>
<td align="left"><p>VGA</p></td>
</tr>
</tbody>
</table>
| State | Description |
| --- | --- |
| 0 | Onboard PC |
| 1 | DisplayPort |
| 2 | HDMI |
| 3 | VGA |
 
Changes to display source can be sent by a room control system, or other system.
<table>
<colgroup>
<col width="33%" />
<col width="33%" />
<col width="33%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Command</th>
<th align="left">State change</th>
<th align="left">Response</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>Source=#</p></td>
<td align="left"><p>SMC changes to the desired source.</p>
<p>PC service notifies SMC that the display source has switched.</p></td>
<td align="left"><p>Source=&lt;#&gt;</p></td>
</tr>
<tr class="even">
<td align="left"><p>Source+</p></td>
<td align="left"><p>SMC cycles to the next active input source.</p>
<p>PC service notifies SMC of the current input source.</p></td>
<td align="left"><p>Source=&lt;#&gt;</p></td>
</tr>
<tr class="odd">
<td align="left"><p>Source-</p></td>
<td align="left"><p>SMC cycles to the previous active input source.</p>
<p>PC service notifies SMC of the current input source.</p></td>
<td align="left"><p>Source=&lt;#&gt;</p></td>
</tr>
<tr class="even">
<td align="left"><p>Source?</p></td>
<td align="left"><p>SMC queries PC service for the active input source.</p>
<p>PC service notifies SMC of the current in;put source.</p></td>
<td align="left"><p>Source=&lt;#&gt;</p></td>
</tr>
</tbody>
</table>
| Command | State change | Response |
| --- | --- | --- |
| Source=# | SMC changes to the desired source.</br></br>PC service notifies SMC that the display source has switched. | Source=&lt;#&gt; |
| Source+ | SMC cycles to the next active input source.</br></br>PC service notifies SMC of the current input source. | Source=&lt;#&gt; |
| Source- | SMC cycles to the previous active input source.</br></br>PC service notifies SMC of the current input source. | Source=&lt;#&gt; |
| Source? | SMC queries PC service for the active input source.</br></br>PC service notifies SMC of the current in;put source. | Source=&lt;#&gt; |
## Errors
Errors are returned following the format in this table.
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Error</th>
<th align="left">Notes</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>Error: Unknown command '&lt;input&gt;'.</p></td>
<td align="left"><p>The instruction contains an unknown initial command. For example, &quot;VOL+&quot; would be invalid and return &quot; Error: Unknown command 'VOL'&quot;.</p></td>
</tr>
<tr class="even">
<td align="left"><p>Error: Unknown operator '&lt;input&gt;'.</p></td>
<td align="left"><p>The instruction contains an unknown operator. For example, &quot;Volume!&quot; would be invalid and return &quot; Error: Unknown operator '!'&quot;.</p></td>
</tr>
<tr class="odd">
<td align="left"><p>Error: Unknown parameter '&lt;input&gt;'.</p></td>
<td align="left"><p>The instruction contains an unknown parameter. For example, &quot;Volume=abc&quot; would be invalid and return &quot; Error: Unknown parameter 'abc'&quot;.</p></td>
</tr>
<tr class="even">
<td align="left"><p>Error: Command not available when off '&lt;input&gt;'.</p></td>
<td align="left"><p>When the Surface Hub is off, commands other than Power return this error. For example, &quot;Volume+&quot; would be invalid and return &quot; Error: Command not available when off 'Volume'&quot;.</p></td>
</tr>
</tbody>
</table>
| Error | Notes |
| --- | --- |
| Error: Unknown command '&lt;input&gt;'. | The instruction contains an unknown initial command. For example, &quot;VOL+&quot; would be invalid and return &quot; Error: Unknown command 'VOL'&quot;. |
| Error: Unknown operator '&lt;input&gt;'. | The instruction contains an unknown operator. For example, &quot;Volume!&quot; would be invalid and return &quot; Error: Unknown operator '!'&quot;. |
| Error: Unknown parameter '&lt;input&gt;'. | The instruction contains an unknown parameter. For example, &quot;Volume=abc&quot; would be invalid and return &quot; Error: Unknown parameter 'abc'&quot;. |
| Error: Command not available when off '&lt;input&gt;'. | When the Surface Hub is off, commands other than Power return this error. For example, &quot;Volume+&quot; would be invalid and return &quot; Error: Command not available when off 'Volume'&quot;. |
 

6
education/breadcrumb/toc.yml
View File

@ -2,6 +2,6 @@
tocHref: /
topicHref: /
items:
- name: Education
tocHref: /education
topicHref: /education/index
- name: Windows
tocHref: /education/windows
topicHref: /education/windows/index

BIN
education/windows/images/windows-ad-connect.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 45 KiB

After

Width:  |  Height:  |  Size: 44 KiB

15
education/windows/take-a-test-multiple-pcs.md
View File

@ -200,8 +200,17 @@ Anything hosted on the web can be presented in a locked down manner, not just as
**To provide a link to the test**
1. Create the link to the test using schema activation.
- Create a link using a web UI
Manually embed a URL with a specific prefix. You can select parameters depending on what you want to enable. For more info, see [Create a link using schema activation](#create-a-link-using-schema-activation).
For this option, you can just copy the assessment URL, select the options you want to allow during the test, and click a button to create the link. We recommend this for option for teachers.
To get started, go here: [Create a link using a web UI](https://education.microsoft.com/courses-and-resources/windows-10-create-a-take-a-test-link).
- Create a link using schema activation
You can accomplish the same thing as the first option (using a web UI), by manually embedding a URL with a specific prefix. You can select parameters depending on what you want to enable.
For more info, see [Create a link using schema activation](#create-a-link-using-schema-activation).
2. Distribute the link.
@ -217,7 +226,7 @@ One of the ways you can present content in a locked down manner is by embedding
1. Embed a link or create a desktop shortcut with:
```
ms-edu-secureassessment:<URL>!enforceLockdown
ms-edu-secureassessment:<URL>#enforceLockdown
```
2. To enable printing, screen capture, or both, use the above link and append one of these parameters:
@ -235,7 +244,7 @@ One of the ways you can present content in a locked down manner is by embedding
> The Windows 10, version 1607 legacy configuration, `ms-edu-secureassessment:<URL>!enforcelockdown` is still supported, but not in combination with the new parameters.
### Create a shortcut for the test link
You can also distribute the test link by creating a shortcut. To do this, create the link to the test by either using the [web UI](https://education.microsoft.com/courses-and-resources/windows-10-create-a-take-a-test-l) or using [schema activation](#create-a-link-using-schema-activation). After you have the link, follow these steps:
You can also distribute the test link by creating a shortcut. To do this, create the link to the test by either using the [web UI](https://education.microsoft.com/courses-and-resources/windows-10-create-a-take-a-test-link) or using [schema activation](#create-a-link-using-schema-activation). After you have the link, follow these steps:
1. On a device running Windows, right-click on the desktop and then select **New > Shortcut**.
2. In the **Create Shortcut** window, paste the assessment URL in the field under **Type the location of the item**.

7
education/windows/take-a-test-single-pc.md
View File

@ -58,12 +58,11 @@ Anything hosted on the web can be presented in a locked down manner, not just as
1. Create the link to the test.
There are different ways you can do this:
- Create a link using a web UI
For this option, you can just copy the assessment URL, select the options you want to allow during the test, and click a button to create the link. We recommend this for option for teachers.
To get started, go here: [Create a link using a web UI](https://education.microsoft.com/courses-and-resources/windows-10-create-a-take-a-test-link)
To get started, go here: [Create a link using a web UI](https://education.microsoft.com/courses-and-resources/windows-10-create-a-take-a-test-link).
- Create a link using schema activation
@ -91,7 +90,7 @@ One of the ways you can present content in a locked down manner is by embedding
1. Embed a link or create a desktop shortcut with:
```
ms-edu-secureassessment:<URL>!enforceLockdown
ms-edu-secureassessment:<URL>#enforceLockdown
```
2. To enable printing, screen capture, or both, use the above link and append one of these parameters:
@ -110,7 +109,7 @@ One of the ways you can present content in a locked down manner is by embedding
### Create a shortcut for the test link
You can also distribute the test link by creating a shortcut. To do this, create the link to the test by either using the [web UI](https://education.microsoft.com/courses-and-resources/windows-10-create-a-take-a-test-l) or using [schema activation](#create-a-link-using-schema-activation). After you have the link, follow these steps:
You can also distribute the test link by creating a shortcut. To do this, create the link to the test by either using the [web UI](https://education.microsoft.com/courses-and-resources/windows-10-create-a-take-a-test-link) or using [schema activation](#create-a-link-using-schema-activation). After you have the link, follow these steps:
1. On a device running Windows, right-click on the desktop and then select **New > Shortcut**.
2. In the **Create Shortcut** window, paste the assessment URL in the field under **Type the location of the item**.

61
education/windows/use-set-up-school-pcs-app.md
View File

@ -15,11 +15,6 @@ author: CelesteDG
- Windows 10
> [!NOTE]
> The latest Set up School PCs app will be available for download in the Store very soon. To get familiar with the settings you can configure in the latest app, read the information in this topic.
IT administrators and technical teachers can use the **Set up School PCs** app to quickly set up PCs for students. A student PC set up using the app is tailored to provide students with the tools they need for learning while removing apps and features that they don't need.
![Set up School PCs app](images/suspc_getstarted_resized.png)
@ -49,30 +44,42 @@ A student PC that's set up using the Set up School PCs provisioning package is t
## Tips for success
* **Run the same Windows 10 build on the admin device and the student PCs**
It's critical that the IT administrator's or technical teacher's device is running the same Windows 10 build (Windows 10, version 1607 or Windows 10, version 1703) as the student PCs that you're provisioning.
> [!NOTE]
> If you're using the Windows 10, version 1607 build of the Set up School PCs app, do not use it to provision student PCs with Windows 10, version 1703 images. Conversely, if you're using the Windows 10, version 1703 build of Set up School PCs, do not use it to provision student PCs with Windows 10, version 1607 images. We recommend using the latest Set up School PCs app (for Windows 10, version 1703) along with Windows 10, version 1703 images on the student PCs that you're provisioning.
* **Run the app at work**
For the best results, run the Set up School PCs app on your work device connected to your school's network. That way the app can gather accurate information about your wireless networks and cloud subscriptions.
For the best results, run the Set up School PCs app on your work device connected to your school's network. That way the app can gather accurate information about your wireless networks and cloud subscriptions.
> [!NOTE]
> Don't use the **Set up Schools PCs** app for PCs that must connect to enterprise networks or to open Wi-Fi networks that require the user to accept Terms of Use.
> [!NOTE]
> Don't use the **Set up Schools PCs** app for PCs that must connect to enterprise networks or to open Wi-Fi networks that require the user to accept Terms of Use.
* **Network tips**
* You cannot use Set up School PCs over a certification-based network, or one where you have to enter credentials in a browser. You can only connect to an open network, or one with a basic password.
* If you need to set up a lot of devices over Wi-Fi, make sure that your network configuration can support it.
- We recommend configuring your DHCP so you have a good set of IP addresses available (about 100-200). These IP addresses will expire after a short amount of time (about 30 minutes). This allows you set up many devices simultaneously, and the IP addresses will be freed up quick so you can continue to set up devices without risk of crashing your network.
* **Apply to new student PCs**
* The provisioning package that the Set up School PCs app creates should be used on new PCs that haven't been set up for accounts yet. If you apply the provisioning package to a student PC that has already been set up, existing accounts and data might be lost.
> [!WARNING]
> Only use the provisioning package on PCs that you want to configure and lock down for students. After you apply the provisioning package to a student PC, the PC must be reset to remove the settings.
> [!WARNING]
> Only use the provisioning package on PCs that you want to configure and lock down for students. After you apply the provisioning package to a student PC, the PC must be reset to remove the settings.
* If the PC has already been set up and you want to return to the first-run experience to apply a new package, you can reset the PC to get to a clean state and get it back to the first-run experience and ready to provision again.
To do this:
- Go to **Settings > Update & security > Recovery**. In the **Reset this PC** section of the **Recovery** page, click **Get started**.
- Or, hit **Shift** + click **Restart** in the **Power** menu to load the Windows boot user experience. From there, follow these steps:
1. Click **Troubleshoot** and then choose **Reset this PC**.
2. Select **Remove everything**.
3. Select **No - remove provisioning packages**.
4. Select **Only the drive where Windows is installed** (this may not always show up).
5. Click **Just remove my files**.
6. Click **Reset**.
To do this:
- Go to **Settings > Update & security > Recovery**. In the **Reset this PC** section of the **Recovery** page, click **Get started**.
- Or, hit **Shift** + click **Restart** in the **Power** menu to load the Windows boot user experience. From there, follow these steps:
1. Click **Troubleshoot** and then choose **Reset this PC**.
2. Select **Remove everything**.
3. Select **No - remove provisioning packages**.
4. Select **Only the drive where Windows is installed** (this may not always show up).
5. Click **Just remove my files**.
6. Click **Reset**.
* **Use more than one USB key**
@ -93,9 +100,7 @@ What you need:
- The **Set up School PCs** app, installed on your work PC and connected to your school's network.
<!--
[Download the Set up School PCs app from the Store](https://www.microsoft.com/store/apps/9nblggh4ls40).
-->
To get started, [download the latest Set up School PCs app from the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4ls40).
- A USB drive, 1 GB or larger. We recommend an 8 GB or larger USB drive if you're installing Office.
@ -152,7 +157,11 @@ The **Set up School PCs** app guides you through the configuration choices for t
> If you select this option, the provisioning process will take longer (about 30 minutes).
- Select **Allow local storage (not recommended for shared devices)** to let students save files to the **Desktop** and **Documents** folder on the student PC. We don't recommend this option if the device will be part of a shared cart or lab.
- Select **Optimize device for a single student, instead of a shared cart or lab** to optimize the device for use by a single student (1:1). Check this option if the device will not be part of a shared cart or lab.
- Select **Optimize device for a single student, instead of a shared cart or lab** to optimize the device for use by a single student (1:1).
- Check this option if the device will not be part of a shared cart or lab.
- Set up School PCs will change some account management logic so that it sets the expiration time for an account to 180 days (without requiring sign-in).
- This setting also increases the maximum storage to 100% of the available disk space. This prevents the student's account from being erased if the student stores a lot of files or data, or if the student doesn't use the PC over a prolonged period.
- Select **Let guests sign-in to these PCs** to allow guests to use student PCs without a school account. For example, if the device will be in a library and you want other users (like visiting students or teachers) to be able to use the device, you can select this option.
If you select this option, this adds a **Guest** account button in the PC's sign-in screen to allow anyone to use the PC.
@ -178,13 +187,13 @@ The **Set up School PCs** app guides you through the configuration choices for t
3. Click **Next** or **Skip** depending on whether you want to set up Take a Test.
<!-- comment out
7. If you want to add Store for Business apps to the student PCs, you can select from the list of recommended apps in the **Add STEM and Makerspace apps to Student PCs** page.
7. If you want to add Microsoft Store for Education apps to the student PCs, you can select from the list of recommended apps in the **Add STEM and Makerspace apps to Student PCs** page.
1. Select the apps that you want to add. You'll see a checkmark on apps that you select.
2. Click **Next**.
**Figure 4** - Select Store apps to add to student PCs
**Figure 4** - Select Microsoft Store apps to add to student PCs
![Select Store apps to add to student PCs](images/suspc_choosesettings_apps.png)
![Select Microsoft Store apps to add to student PCs](images/suspc_choosesettings_apps.png)
-->

3
mdop/mbam-v25/copying-the-mbam-25-group-policy-templates.md
View File

@ -22,7 +22,8 @@ MDOP Group Policy templates are available for download in a self-extracting, com
**How to download and deploy the MDOP Group Policy templates**
1. Download the MDOP Group Policy templates from [How to Get MDOP Group Policy (.admx) Templates](https://go.microsoft.com/fwlink/p/?LinkId=393941) .
1. Download the MDOP Group Policy templates from [Microsoft Desktop Optimization Pack Group Policy Administrative Templates
](https://www.microsoft.com/en-us/download/details.aspx?id=54957).
2. Run the downloaded file to extract the template folders.

12
mdop/mbam-v25/how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md
View File

@ -43,7 +43,10 @@ This topic explains how to enable BitLocker on an end user's computer by using M
- Optionally encrypt FDDs
- Escrow TPM OwnerAuth, even on Windows 8 or higher (MBAM still must own the TPM on Windows 7 for escrow to occur)
- Escrow TPM OwnerAuth
For Windows 7, MBAM must own the TPM for escrow to occur.
For Windows 8.1, Windows 10 RTM and Windows 10 version 1511, escrow of TPM OwnerAuth is supported.
For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addiiton, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](http://technet.microsoft.com/en-us/itpro/windows/keep-secure/change-the-tpm-owner-password) for further details.
- Escrow recovery keys and recovery key packages
@ -55,13 +58,15 @@ This topic explains how to enable BitLocker on an end user's computer by using M
- Robust error handling
You can download the `Invoke-MbamClientDeployment.ps1` script from [Microsoft.com Download Center](https://www.microsoft.com/download/details.aspx?id=54439). This is the main script that your deployment system will call to configure BitLocker drive encryption and record recovery keys with the MBAM Server.
You can download the `Invoke-MbamClientDeployment.ps1` script from [Microsoft.com Download Center](https://www.microsoft.com/download/details.aspx?id=48698). This is the main script that your deployment system will call to configure BitLocker drive encryption and record recovery keys with the MBAM Server.
**WMI deployment methods for MBAM:** The following WMI methods have been added in MBAM 2.5 SP1 to support enabling BitLocker by using the `Invoke-MbamClientDeployment.ps1` PowerShell script.
<a href="" id="mbam-machine-wmi-class"></a>**MBAM\_Machine WMI Class**
**PrepareTpmAndEscrowOwnerAuth:** Reads the TPM OwnerAuth and sends it to the MBAM recovery database by using the MBAM recovery service. If the TPM is not owned and auto-provisioning is not on, it generates a TPM OwnerAuth and takes ownership. If it fails, an error code is returned for troubleshooting.
**Note** For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addiiton, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](http://technet.microsoft.com/en-us/itpro/windows/keep-secure/change-the-tpm-owner-password) for further details.
| Parameter | Description |
| -------- | ----------- |
| RecoveryServiceEndPoint | A string specifying the MBAM recovery service endpoint. |
@ -172,7 +177,8 @@ Here are a list of common error messages:
3. Name the step **Persist TPM OwnerAuth**
4. Set the command line to `cscript.exe "%SCRIPTROOT%/SaveWinPETpmOwnerAuth.wsf"`
4. Set the command line to `cscript.exe "%SCRIPTROOT%/SaveWinPETpmOwnerAuth.wsf"`
**Note:** For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addiiton, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](http://technet.microsoft.com/en-us/itpro/windows/keep-secure/change-the-tpm-owner-password) for further details.
3. In the **State Restore** folder, delete the **Enable BitLocker** task.

3
mdop/mbam-v25/mbam-25-security-considerations.md
View File

@ -31,6 +31,7 @@ This topic contains the following information about how to secure Microsoft BitL
## <a href="" id="bkmk-tpm"></a>Configure MBAM to escrow the TPM and store OwnerAuth passwords
**Note** For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addiiton, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](http://technet.microsoft.com/en-us/itpro/windows/keep-secure/change-the-tpm-owner-password) for further details.
Depending on its configuration, the Trusted Platform Module (TPM) will lock itself in certain situations ─ such as when too many incorrect passwords are entered ─ and can remain locked for a period of time. During TPM lockout, BitLocker cannot access the encryption keys to perform unlock or decryption operations, requiring the user to enter their BitLocker recovery key to access the operating system drive. To reset TPM lockout, you must provide the TPM OwnerAuth password.
@ -38,6 +39,8 @@ MBAM can store the TPM OwnerAuth password in the MBAM database if it owns the TP
### Escrowing TPM OwnerAuth in Windows 8 and higher
**Note** For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addiiton, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](http://technet.microsoft.com/en-us/itpro/windows/keep-secure/change-the-tpm-owner-password) for further details.
In Windows 8 or higher, MBAM no longer must own the TPM to store the OwnerAuth password, as long as the OwnerAuth is available on the local machine.
To enable MBAM to escrow and then store TPM OwnerAuth passwords, you must configure these Group Policy settings.

13
mdop/mbam-v25/prerequisites-for-mbam-25-clients.md
View File

@ -40,19 +40,26 @@ Before you install the MBAM Client software on end users' computers, ensure that
<td align="left"><p></p></td>
</tr>
<tr class="even">
<td align="left"><p>For Windows 8 and Windows 8.1 client computers only: If you want MBAM to be able to store and manage the TPM recovery keys, TPM auto-provisioning must be turned off, and MBAM must be set as the owner of the TPM before you deploy MBAM.</p>
<td align="left"><p>For Windows 8.1, Windows 10 RTM or Windows 10 version 1511 client computers only: If you want MBAM to be able to store and manage the TPM recovery keys, TPM auto-provisioning must be turned off, and MBAM must be set as the owner of the TPM before you deploy MBAM.</p>
<p>In MBAM 2.5 SP1 only, you no longer need to turn off TPM auto-provisioning, but you must make sure that the TPM Group Policy Objects are set to not escrow TPM OwnerAuth to Active Directory.</p></td>
<td align="left"><p>[MBAM 2.5 Security Considerations](mbam-25-security-considerations.md#bkmk-tpm)</p></td>
</tr>
<tr class="odd">
<td align="left"><p>For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addiiton, Windows will not retain the TPM owner password when provisioning the TPM.</p>
<p>In MBAM 2.5 SP1, you must turn on auto-provisioning.</p>
</p></td>
<td align="left"><p>See [TPM owner password](http://technet.microsoft.com/en-us/itpro/windows/keep-secure/change-the-tpm-owner-password) for further details.
</p></td>
</tr>
<tr class="even">
<td align="left"><p>The TPM chip must be turned on in the BIOS and be resettable from the operating system.</p></td>
<td align="left"><p>See the BIOS documentation for more information.</p></td>
</tr>
<tr class="even">
<tr class="odd">
<td align="left"><p>The computers hard disk must have at least two partitions and must be formatted with the NTFS file system.</p></td>
<td align="left"><p></p></td>
</tr>
<tr class="odd">
<tr class="even">
<td align="left"><p>The computers hard disk must have a BIOS that is compatible with TPM and that supports USB devices during computer startup.</p></td>
<td align="left"><div class="alert">
<strong>Note</strong>  

8
mdop/mbam-v25/release-notes-for-mbam-25-sp1.md
View File

@ -119,13 +119,7 @@ If Internet Explorer Enhanced Security Configuration (ESC) is turned on, an "Acc
**Workaround:** If the "Access Denied" error message appears when you try to view reports on the MBAM Server, you can set a Group Policy Object or change the default manually in your image to disable Enhanced Security Configuration. You can also alternatively view the reports from another computer on which ESC is not enabled.
### Support for Bitlocker XTS-AES encryption algorithm
Bitlocker added support for the XTS-AES encryption algorithm in Windows 10, version 1511.
As of HF02, MBAM now supports this Bitlocker option and is a client-only update.
However, there are two known limitations:
* MBAM will correctly report compliance status but the **Cipher Strength** field in MBAM reports will be empty.
MBAM pre-built reports and compliance charts wont break but the **Cipher Strength** column will be empty for XTS machines.
Also, if a customer has a custom report that uses this particular field, they may have to make adjustments to accommodate this update.
Bitlocker added support for the XTS-AES encryption algorithm in Windows 10, version 1511. With HF02, MBAM added client support for this Bitlocker option and in HF04, the server-side support was added. However, there is one known limitation:
* Customers must use the same encryption strength for OS and data volumes on the same machine.
If different encryption strengths are used, MBAM will report the machine as **non-compliant**.

4
smb/cloud-mode-business-setup.md
View File

@ -12,13 +12,13 @@ ms.pagetype: smb
author: CelesteDG
---
![Are you ready to move to the cloud?](images/business-cloud-mode.png)
# Get started: Deploy and manage a full cloud IT solution for your business
**Applies to:**
- Office 365 Business Premium, Azure AD Premium, Intune, Windows Store for Business, Windows 10
Are you ready to move your business to the cloud or wondering what it takes to make this happen with Microsoft cloud services and tools?
In this walkthrough, we'll show you how to deploy and manage a full cloud IT solution for your small to medium business using Office 365 Business Premium, Microsoft Azure AD, Intune, Windows Store for Business, and Windows 10. We'll show you the basics on how to:
- Acquire an Office 365 business domain
- Add Microsoft Intune and Azure Active Directory (AD) Premium licenses to your business tenant

6
store-for-business/breadcrumb/toc.yml
View File

@ -2,6 +2,6 @@
tocHref: /
topicHref: /
items:
- name: Windows
tocHref: /windows
topicHref: /windows/windows-10
- name: Windows Store for Business
tocHref: /microsoft-store
topicHref: /microsoft-store/index

2
windows/access-protection/TOC.md
View File

@ -24,7 +24,7 @@
### [Credential Guard protection limits](credential-guard/credential-guard-protection-limits.md)
### [Considerations when using Credential Guard](credential-guard/credential-guard-considerations.md)
### [Credential Guard: Additional mitigations](credential-guard/additional-mitigations.md)
### [Credential Guard: Known issues](credential-guard/credential-guard-known-issues.md)
## [Protect Remote Desktop credentials with Remote Credential Guard](remote-credential-guard.md)

70
windows/access-protection/credential-guard/credential-guard-known-issues.md Normal file
View File

@ -0,0 +1,70 @@
---
title: Credential Guard Known issues (Windows 10)
description: Credential Guard - Known issues in Windows 10 Enterprise
ms.prod: w10
ms.mktglfcycl: explore
ms.sitesec: library
ms.pagetype: security
localizationpriority: high
author: brianlic-msft
---
# Credential Guard: Known issues
**Applies to**
- Windows 10
- Windows Server 2016
Credential Guard has certain application requirements. Credential Guard blocks specific authentication capabilities. Therefore applications that require such capabilities will not function when Credential Guard is enabled. For further information, see [Application requirements](https://docs.microsoft.com/en-us/windows/access-protection/credential-guard/credential-guard-requirements#application-requirements).
The following known issues have been fixed by servicing releases made available in the Cumulative Security Updates for April 2017:
- KB4015217: [Credential Guard generates double bad password count on Active Directory domain-joined Windows 10 machines](https://support.microsoft.com/en-us/help/4015217/windows-10-update-kb4015217)
This issue can potentially lead to unexpected account lockouts.
See also Knowledge Base articles [KB4015219](https://support.microsoft.com/en-us/help/4015219/windows-10-update-kb4015219) and
[KB4015221](https://support.microsoft.com/en-us/help/4015221/windows-10-update-kb4015221)
The following issue is under investigation. For available workarounds, see the following Knowledge Base article:
- [Installing AppSense Environment Manager on Windows 10 machines causes LsaIso.exe to exhibit high CPU usage when Credential Guard is enabled](http://www.appsense.com/kb/160525073917945) *
*Registration required to access this article.
- [Blue screen on Windows 10 computers running Device Guard and Credential Guard with Cisco Anyconnect 4.3.04027](https://quickview.cloudapps.cisco.com/quickview/bug/CSCvc66692)**
**Registration required to access this article.
Products that connect to Virtualization Based Security (VBS) protected processes can cause Credential Guard-enabled Windows 10 clients to exhibit high CPU usage. For further information, see the following Knowledge Base articles:
- KB88869: [Windows 10 machines exhibit high CPU usage with McAfee Application and Change Control (MACC) installed when Credential Guard is enabled](https://kc.mcafee.com/corporate/index?page=content&id=KB88869)
- Windows 10 machines exhibit high CPU usage with Citrix applications installed when Credential Guard is enabled.
Microsoft is currently working with Citrix to investigate this issue.
## Vendor support
- [Citrix Support for Secure Boot](https://www.citrix.com/blogs/2016/12/08/windows-server-2016-hyper-v-secure-boot-support-now-available-in-xenapp-7-12/)
Credential Guard is not supported by either these products, products versions, computer systems, or Windows 10 versions:
- For Credential Guard on Windows 10 with McAfee Encryption products, see:
[Support for Device Guard and Credential Guard on Windows 10 with McAfee encryption products](https://kc.mcafee.com/corporate/index?page=content&id=KB86009)
- For Credential Guard on Windows 10 with Check Point Endpoint Security Client, see:
[Check Point Endpoint Security Client support for Microsoft Windows 10 Credential Guard and Device Guard features](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk113912)
- For Credential Guard on Windows 10 with VMWare Workstation
[Windows 10 host fails when running VMWare Workstation when Credential Guard is enabled](https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2146361)
- For Credential Guard on Windows 10 with specific versions of the Lenovo ThinkPad
[ThinkPad support for Device Guard and Credential Guard in Microsoft Windows 10 ThinkPad](https://support.lenovo.com/in/en/solutions/ht503039)
- For Credential Guard on Windows 10 with Symantec Endpoint Protection
[Windows 10 with Credential Guard and Symantec Endpoint Protection 12.1](https://www.symantec.com/connect/forums/windows-10-device-guard-credentials-guard-and-sep-121)
This is not a comprehensive list. Check whether your product vendor, product version, or computer system, supports Credential guard on systems that run Windows 10 or specific versions of Windows 10. Specific computer system models may be incompatible with Credential Guard.
Microsoft encourages third-party vendors to contribute to this page by providing relevant product support information and by adding links to their own product support statements.

3
windows/access-protection/credential-guard/credential-guard-manage.md
View File

@ -15,8 +15,7 @@ author: brianlic-msft
- Windows 10
- Windows Server 2016
Prefer video? See [Protecting privileged users with Credential Guard](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=JNbjYMJyC_8104300474)
in the Deep Dive into Credential Guard video series.
Prefer video? See [Credential Guard Deployment](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=sRcyvLJyC_3304300474) in the Deep Dive into Credential Guard video series.
## Enable Credential Guard
Credential Guard can be enabled either by using [Group Policy](#enable-credential-guard-by-using-group-policy), the [registry](#enable-credential-guard-by-using-the-registry), or the Device Guard and Credential Guard [hardware readiness tool](#hardware-readiness-tool). Credential Guard can also protect secrets in a Hyper-V virtual machine, just as it would on a physical machine.

32
windows/access-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
View File

@ -63,7 +63,7 @@ netsh advfirewall set allprofiles state on
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True
```
### Control firewall behavior
### Control Windows Firewall behavior
The global default settings can be defined through the command-line interface. These modifications are also available through the Windows Firewall with Advanced Security console.
@ -84,6 +84,36 @@ Windows PowerShell
Set-NetFirewallProfile -DefaultInboundAction Block -DefaultOutboundAction Allow NotifyOnListen True -AllowUnicastResponseToMulticast True LogFileName %SystemRoot%\System32\LogFiles\Firewall\pfirewall.log
```
### Disable Windows Firewall
Microsoft recommends that you do not disable Windows Firewall because you lose other benefits provided by the service, such as the ability to use Internet Protocol security (IPsec) connection security rules, network protection from attacks that employ network fingerprinting, [Windows Service Hardening](http://go.microsoft.com/fwlink/?linkid=104976), and [boot time filters](https://blogs.technet.microsoft.com/networking/2009/03/24/stopping-the-windows-authenticating-firewall-service-and-the-boot-time-policy/).
Disabling Windows Firewall with Advanced Security can also cause problems, including:
- Start menu can stop working
- Modern applications can fail to install or update
- Activation of Windows via phone fails
- Application or OS incompatibilities that depend on Windows Firewall
Microsoft recommends disabling Windows Firewall with Advanced Security only when installing a third-party firewall, and resetting Windows Firewall back to defaults when the third-party software is disabled or removed.
If disabling Windows Firewall with Advanced Security is required, do not disable it by stopping the Windows Firewall service (in the **Services** snap-in, the display name is Windows Firewall and the service name is MpsSvc).
Stopping the Windows Firewall service is not supported by Microsoft.
Non-Microsoft firewall software can programmatically disable only the parts of Windows Firewall with Advanced Security that need to be disabled for compatibility.
You should not disable the firewall yourself for this purpose.
The proper method to disable the Windows Firewall is to disable the Windows Firewall Profiles and leave the service running.
Use the following procedure to turn the firewall off, or disable the Group Policy setting **Computer Configuration|Administrative Templates|Network|Network Connections|Windows Firewall|Domain Prolfile|Windows Firewall:Protect all network connections**.
For more information, see [Windows firewall with advanced security deployment guide](windows-firewall-with-advanced-security-deployment-guide.md).
The following example disables Windows Firewall with Advanced Security for all profiles.
```powershell
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False
```
## Deploy basic firewall rules
This section provides scriptlet examples for creating, modifying, and deleting firewall rules.

12
windows/application-management/app-v/appv-auto-batch-sequencing.md
View File

@ -35,7 +35,7 @@ Sequencing multiple apps at the same time requires that you create a **ConfigFil
2. Add the following required XML info for each app:
- **&lt;Name&gt;.** The name of the app you're adding to the package.
- **&lt;AppName&gt;.** The name of the app you're adding to the package.
- **&lt;InstallerFolder&gt;.** The file path to the folder with the app installer.
@ -55,7 +55,7 @@ Sequencing multiple apps at the same time requires that you create a **ConfigFil
<?xml version="1.0"?>
<Applications>
<Application>
<Name>Skype for Windows</Name>
<AppName>Skype for Windows</AppName>
<InstallerFolder>D:\Install\New\SkypeforWindows</InstallerFolder>
<Installer>SkypeSetup.exe</Installer>
<InstallerOptions>/S</InstallerOptions>
@ -64,7 +64,7 @@ Sequencing multiple apps at the same time requires that you create a **ConfigFil
<Enabled>True</Enabled>
</Application>
<Application>
<Name>Power BI</Name>
<AppName>Power BI</AppName>
<InstallerFolder>D:\Install\New\MicrosoftPowerBI</InstallerFolder>
<Installer>PBIDesktop.msi</Installer>
<InstallerOptions>/S</InstallerOptions>
@ -97,7 +97,7 @@ Sequencing multipe apps at the same time requires that you create a **ConfigFIle
2. Add the following required XML info for each app:
- **&lt;Name&gt;.** The name of the app you're adding to the package.
- **&lt;AppName&gt;.** The name of the app you're adding to the package.
- **&lt;InstallerFolder&gt;.** The file path to the folder with the app installer.
@ -115,7 +115,7 @@ Sequencing multipe apps at the same time requires that you create a **ConfigFIle
<?xml version="1.0"?>
<Applications>
<Application>
<Name>Skype for Windows</Name>
<AppName>Skype for Windows</AppName>
<InstallerFolder>D:\Install\New\SkypeforWindows</InstallerFolder>
<Installer>SkypeSetup.exe</Installer>
<TimeoutInMinutes>20</TimeoutInMinutes>
@ -123,7 +123,7 @@ Sequencing multipe apps at the same time requires that you create a **ConfigFIle
<Enabled>True</Enabled>
</Application>
<Application>
<Name>Power BI</Name>
<AppName>Power BI</AppName>
<InstallerFolder>D:\Install\New\MicrosoftPowerBI</InstallerFolder>
<Installer>PBIDesktop.msi</Installer>
<TimeoutInMinutes>20</TimeoutInMinutes>

12
windows/application-management/app-v/appv-auto-batch-updating.md
View File

@ -29,7 +29,7 @@ Updating multiple apps at the same time requires that you create a **ConfigFile*
2. Add the following XML info for each app:
- **&lt;Name&gt;.** The name of the app you're adding to the package.
- **&lt;AppName&gt;.** The name of the app you're adding to the package.
- **&lt;InstallerFolder&gt;.** The file path to the folder with the app installer.
@ -50,7 +50,7 @@ Updating multiple apps at the same time requires that you create a **ConfigFile*
<?xml version="1.0"?>
<Applications>
<Application>
<Name>Skype for Windows Update</Name>
<AppName>Skype for Windows Update</AppName>
<InstallerFolder>D:\Install\Update\SkypeforWindows</InstallerFolder>
<Installer>SkypeSetup.exe</Installer>
<InstallerOptions>/S</InstallerOptions>
@ -60,7 +60,7 @@ Updating multiple apps at the same time requires that you create a **ConfigFile*
<Enabled>True</Enabled>
</Application>
<Application>
<Name>Microsoft Power BI Update</Name>
<AppName>Microsoft Power BI Update</AppName>
<InstallerFolder>D:\Install\Update\PowerBI</InstallerFolder>
<Installer>PBIDesktop.msi</Installer>
<InstallerOptions>/S</InstallerOptions>
@ -95,7 +95,7 @@ Updating multipe apps at the same time requires that you create a **ConfigFile**
2. Add the following XML info for each app:
- **&lt;Name&gt;.** The name of the app you're adding to the package.
- **&lt;AppName&gt;.** The name of the app you're adding to the package.
- **&lt;InstallerFolder&gt;.** The file path to the folder with the app installer.
@ -115,7 +115,7 @@ Updating multipe apps at the same time requires that you create a **ConfigFile**
<?xml version="1.0"?>
<Applications>
<Application>
<Name>Skype for Windows Update</Name>
<AppName>Skype for Windows Update</AppName>
<InstallerFolder>D:\Install\Update\SkypeforWindows</InstallerFolder>
<Installer>SkypeSetup.exe</Installer>
<InstallerOptions>/S</InstallerOptions>
@ -125,7 +125,7 @@ Updating multipe apps at the same time requires that you create a **ConfigFile**
<Enabled>True</Enabled>
</Application>
<Application>
<Name>Microsoft Power BI Update</Name>
<AppName>Microsoft Power BI Update</AppName>
<InstallerFolder>D:\Install\Update\PowerBI</InstallerFolder>
<Installer>PBIDesktop.msi</Installer>
<InstallerOptions>/S</InstallerOptions>

2
windows/client-management/TOC.md
View File

@ -1,4 +1,5 @@
# [Manage clients in Windows 10](index.md)
## [Administrative Tools in Windows 10](administrative-tools-in-windows-10.md)
## [Create mandatory user profiles](mandatory-user-profile.md)
## [Connect to remote Azure Active Directory-joined PC](connect-to-remote-aadj-pc.md)
## [Join Windows 10 Mobile to Azure Active Directory](join-windows-10-mobile-to-azure-active-directory.md)
@ -8,3 +9,4 @@
## [Reset a Windows 10 Mobile device](reset-a-windows-10-mobile-device.md)
## [Windows 10 Mobile deployment and management guide](windows-10-mobile-and-mdm.md)
## [Windows libraries](windows-libraries.md)
## [Change history for Client management](change-history-for-client-management.md)

26
windows/client-management/change-history-for-client-management.md Normal file
View File

@ -0,0 +1,26 @@
---
title: Change history for Client management (Windows 10)
description: This topic lists changes to documentation for configuring Windows 10.
keywords:
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
localizationpriority: high
author: jdeckerMS
---
# Change history for Client management
This topic lists new and updated topics in the [Client management](index.md) documentation for Windows 10 and Windows 10 Mobile.
## April 2017
| New or changed topic | Description |
|----------------------|-------------|
| [New policies for Windows 10](new-policies-for-windows-10.md) | Added a list of new Group Policy settings for Windows 10, version 1703 |
## RELEASE: Windows 10, version 1703
The topics in this library have been updated for Windows 10, version 1703 (also known as the Creators Update). The following new topic has been added:
- [Manage the Settings app with Group Policy](manage-settings-app-with-group-policy.md)

5
windows/client-management/index.md
View File

@ -8,7 +8,7 @@ author: jdeckerMS
localizationpriority: medium
---
# Client Management
# Client management
**Applies to**
- Windows 10
@ -17,7 +17,7 @@ Learn about the administrative tools, tasks and best practices for managing Wind
| Topic | Description |
|---|---|
|[Administrative tools in Windows 10](administrative-tools-in-windows-10.md)| Listing of administrative tools useful for ITPros and advanced users in managing Windows client.|
|[Administrative Tools in Windows 10](administrative-tools-in-windows-10.md)| Links to documentation for tools for IT pros and advanced users in the Administrative Tools folder.|
|[Connect to remote AADJ PCs](connect-to-remote-aadj-pc.md)| Instructions for connecting to a remote PC joined to Azure Active Directory (Azure AD)|
|[Group policies for enterprise and education editions](group-policies-for-enterprise-and-education-editions.md)| Listing of all group policy settings that apply specifically to Windows 10 Enterprise and Education editions|
|[Join Windows 10 Mobile to AAD](join-windows-10-mobile-to-azure-active-directory.md)| Describes the considerations and options for using Windows 10 Mobile with Azure AD in your organization.|
@ -28,3 +28,4 @@ Learn about the administrative tools, tasks and best practices for managing Wind
|[Reset a Windows 10 Mobile device](reset-a-windows-10-mobile-device.md)| Instructions for resetting a Windows 10 Mobile device using either *factory* or *'wipe and persist'* reset options|
|[Deploy Windows 10 Mobile](windows-10-mobile-and-mdm.md)| Considerations and instructions for deploying Windows 10 Mobile|
|[Windows libraries](windows-libraries.md)| Considerations and instructions for managing Windows 10 libraries such as My Documents, My Pictures, and My Music.|
|[Change history for Client management](change-history-for-client-management.md) | This topic lists new and updated topics in the Client management documentation for Windows 10 and Windows 10 Mobile. |

160
windows/client-management/new-policies-for-windows-10.md
View File

@ -20,32 +20,144 @@ localizationpriority: high
Windows 10 includes the following new policies for management, in addition to policies that were available for Windows 8.1 and Windows Phone 8.1. [Download the complete set of Administrative Template (.admx) files for Windows 10](https://go.microsoft.com/fwlink/p/?LinkID=625081).
## New Group Policy settings in Windows 10
## New Group Policy settings in Windows 10, version 1703
The following Group Policy settings were added in Windows 10, version 1703:
**Control Panel**
- Control Panel\Add or Remove Programs\Specify default category for Add New Programs
- Control Panel\Add or Remove Programs\Hide the "Add a program from CD-ROM or floppy disk" option
- Control Panel\Personalization\Prevent changing lock screen and logon image
**Network**
- Network\Background Intelligent Transfer Service (BITS)\Limit the maximum network bandwidth for BITS background transfers
- Network\Background Intelligent Transfer Service (BITS)\Allow BITS Peercaching
- Network\Background Intelligent Transfer Service (BITS)\Limit the age of files in the BITS Peercache
- Network\Background Intelligent Transfer Service (BITS)\Limit the BITS Peercache size
- Network\DNS Client\Allow NetBT queries for fully qualified domain names
- Network\Network Connections\Prohibit access to properties of components of a LAN connection
- Network\Network Connections\Ability to Enable/Disable a LAN connection
- Network\Offline Files\Turn on economical application of administratively assigned Offline Files
- Network\Offline Files\Configure slow-link mode
- Network\Offline Files\Enable Transparent Caching
- Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Site-Local Clouds\Set the Seed Server
- Network\Microsoft Peer-to-Peer Networking Services\Disable password strength validation for Peer Grouping
**System**
- System\App-V\Streaming\Location Provider
- System\App-V\Streaming\Certificate Filter For Client SSL
- System\Credentials Delegation\Allow delegating default credentials with NTLM-only server authentication
- System\Ctrl+Alt+Del Options\Remove Change Password
- System\Ctrl+Alt+Del Options\Remove Lock Computer
- System\Ctrl+Alt+Del Options\Remove Task Manager
- System\Ctrl+Alt+Del Options\Remove Logoff
- System\Device Installation\Do not send a Windows error report when a generic driver is installed on a device
- System\Device Installation\Prevent Windows from sending an error report when a device driver requests additional software during installation
- System\Locale Services\Disallow user override of locale settings
- System\Logon\Do not process the legacy run list
- System\Logon\Always use custom logon background
- System\Logon\Do not display network selection UI
- System\Logon\Block user from showing account details on sign-in
- System\Logon\Turn off app notifications on the lock screen
- System\User Profiles\Establish timeout value for dialog boxes
- System\Enable Windows NTP Server\Windows Time Service\Enable Windows NTP Client
**Windows Components**
- Windows Components\ActiveX Installer Service\Approved Installation Sites for ActiveX Controls
- Windows Components\ActiveX Installer Service\Establish ActiveX installation policy for sites in Trusted zones
- Windows Components\Application Compatibility\Turn off Application Compatibility Engine
- Windows Components\Application Compatibility\Turn off Program Compatibility Assistant
- Windows Components\Application Compatibility\Turn off Program Compatibility Assistant
- Windows Components\Application Compatibility\Turn off Steps Recorder
- Windows Components\Attachment Manager\Notify antivirus programs when opening attachments
- Windows Components\Biometrics\Allow the use of biometrics
- Windows Components\NetMeeting\Disable Whiteboard
- Windows Components\Data Collection and Preview Builds\Configure the Commercial ID
- Windows Components\File Explorer\Display the menu bar in File Explorer
- Windows Components\File History\Turn off File History
- Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Play animations in web pages
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Turn on Cross-Site Scripting Filter
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Turn on Cross-Site Scripting Filter
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Run ActiveX controls and plugins
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Script ActiveX controls marked safe for scripting
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Run ActiveX controls and plugins
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Script ActiveX controls marked safe for scripting
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Run ActiveX controls and plugins
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Script ActiveX controls marked safe for scripting
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Run ActiveX controls and plugins
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Script ActiveX controls marked safe for scripting
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Run ActiveX controls and plugins
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Script ActiveX controls marked safe for scripting
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Run ActiveX controls and plugins
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Script ActiveX controls marked safe for scripting
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Run ActiveX controls and plugins
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Script ActiveX controls marked safe for scripting
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Run ActiveX controls and plugins
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Script ActiveX controls marked safe for scripting
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Run ActiveX controls and plugins
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Script ActiveX controls marked safe for scripting
- Windows Components\Internet Explorer\Accelerators\Restrict Accelerators to those deployed through Group Policy
- Windows Components\Internet Explorer\Compatibility View\Turn on Internet Explorer 7 Standards Mode
- Windows Components\Location and Sensors\Windows Location Provider\Turn off Windows Location Provider
- Windows Components\Microsoft Edge\Configure Autofill
- Windows Components\Microsoft Edge\Allow Developer Tools
- Windows Components\Microsoft Edge\Allow Developer Tools
- Windows Components\Microsoft Edge\Configure Do Not Track
- Windows Components\Microsoft Edge\Allow InPrivate browsing
- Windows Components\Microsoft Edge\Configure Password Manager
- Windows Components\Microsoft Edge\Configure Password Manager
- Windows Components\Microsoft Edge\Configure Pop-up Blocker
- Windows Components\Microsoft Edge\Configure Pop-up Blocker
- Windows Components\Microsoft Edge\Allow search engine customization
- Windows Components\Microsoft Edge\Allow search engine customization
- Windows Components\Microsoft Edge\Configure search suggestions in Address bar
- Windows Components\Microsoft Edge\Set default search engine
- Windows Components\Microsoft Edge\Configure additional search engines
- Windows Components\Microsoft Edge\Configure additional search engines
- Windows Components\Microsoft Edge\Configure the Enterprise Mode Site List
- Windows Components\Microsoft Edge\Configure the Enterprise Mode Site List
- Windows Components\Microsoft Edge\Prevent using Localhost IP address for WebRTC
- Windows Components\Microsoft Edge\Prevent using Localhost IP address for WebRTC
- Windows Components\Microsoft Edge\Configure Start pages
- Windows Components\Microsoft Edge\Configure Start pages
- Windows Components\Microsoft Edge\Disable lockdown of Start pages
- Windows Components\Microsoft Edge\Disable lockdown of Start pages
- Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites
- Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites
- Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\.Net Framework Configuration
- Windows Components\Windows Installer\Prohibit use of Restart Manager
- Windows Components\Desktop Gadgets\Restrict unpacking and installation of gadgets that are not digitally signed.
- Windows Components\Desktop Gadgets\Turn Off user-installed desktop gadgets
- Windows Components\Desktop Gadgets\Turn Off user-installed desktop gadgets
- Windows Components\OneDrive\Prevent the usage of OneDrive for file storage
- Windows Components\OneDrive\Prevent the usage of OneDrive for file storage on Windows 8.1
- Windows Components\OneDrive\Prevent OneDrive files from syncing over metered connections
- Windows Components\OneDrive\Save documents to OneDrive by default
- Windows Components\Smart Card\Allow certificates with no extended key usage certificate attribute
- Windows Components\Smart Card\Turn on certificate propagation from smart card
- Windows Components\Tablet PC\Pen UX Behaviors\Prevent flicks
- Windows Components\BitLocker Drive Encryption\Choose drive encryption method and cipher strength (Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10 [Version 1507])
- Windows Components\Windows Defender Antivirus\Real-time Protection\Turn on behavior monitoring
- Windows Components\Windows Defender Antivirus\Signature Updates\Define file shares for downloading definition updates
- Windows Components\Windows Defender Antivirus\Signature Updates\Turn on scan after signature update
- Windows Components\File Explorer\Display confirmation dialog when deleting files
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow OpenSearch queries in File Explorer
- Windows Components\Windows Update\Remove access to use all Windows Update features
- Windows Components\Windows Update\Configure Automatic Updates
- Windows Components\Windows Update\Specify intranet Microsoft update service location
- Windows Components\Windows Update\Automatic Updates detection frequency
- Windows Components\Windows Update\Allow non-administrators to receive update notifications
- Windows Components\Windows Update\Allow Automatic Updates immediate installation
- Windows Components\Windows Update\Turn on recommended updates via Automatic Updates
- Windows Components\Shutdown Options\Turn off legacy remote shutdown interface
There are some new policy settings in Group Policy for devices running Windows 10 , such as:
- Microsoft Edge browser settings
- Universal Windows app settings, such as:
- Disable deployment of Windows Store apps to non-system volumes
- Restrict users' application data to always stay on the system volume
- Allow applications to share app data between users
- [Start screen and Start menu layout](/windows/configuration/customize-windows-10-start-screens-by-using-group-policy)
- Windows Tips
- Consumer experiences, such as suggested apps in Start and app tiles from Microsoft dynamically inserted in the default Start menu
- [Microsoft Passport](https://go.microsoft.com/fwlink/p/?LinkId=623294)
- Windows Updates for Business
For a spreadsheet of Group Policy settings included in Windows, see [Group Policy Settings Reference for Windows and Windows Server](https://go.microsoft.com/fwlink/p/?LinkId=613627).
For a spreadsheet of Group Policy settings included in Windows 10 and Windows Server 2016, see [Group Policy Settings Reference for Windows and Windows Server](https://go.microsoft.com/fwlink/p/?LinkId=613627).
## New MDM policies

6
windows/configuration/change-history-for-configure-windows-10.md
View File

@ -14,6 +14,12 @@ author: jdeckerMS
This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile.
## April 2017
| New or changed topic | Description |
| --- | --- |
| [Set up a shared or guest PC with Windows 10](set-up-shared-or-guest-pc.md) | Added instructions for using WMI bridge to configure shared PC |
## RELEASE: Windows 10, version 1703

2
windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
View File

@ -1288,7 +1288,7 @@ To change the level of diagnostic and usage data sent when you **Send your devic
-or-
- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\DataCollection!AllowTelemetry**, with a value of 0 (zero).
- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DataCollection\\AllowTelemetry**, with a value of 0 (zero).
-or-

25
windows/configuration/set-up-shared-or-guest-pc.md
View File

@ -69,7 +69,7 @@ Shared PC mode exposes a set of customizations to tailor the behavior to your re
| Customization: MaintenanceStartTime | By default, the maintenance start time (which is when automatic maintenance tasks run, such as Windows Update) is midnight. You can adjust the start time in this setting by entering a new start time in minutes from midnight. For example, if you want maintenance to begin at 2 AM, enter `120` as the value. |
| Customization: MaxPageFileSizeMB | Adjusts the maximum page file size in MB. This can be used to fine-tune page file behavior, especially on low end PCs. |
| Customization: RestrictLocalStorage | Set as **True** to restrict the user from saving or viewing local storage when using File Explorer. This setting controls this API: [ShouldAvoidLocalStorage](https://docs.microsoft.com/uwp/api/windows.system.profile.sharedmodesettings) |
| Customization: SetEduPolicies | Set to **True** for PCs that will be used in a school. This setting controls this API: [IsEducationEnvironment](https://docs.microsoft.com/uwp/api/windows.system.profile.educationsettings) |
| Customization: SetEduPolicies | Set to **True** for PCs that will be used in a school. For more information, see [Windows 10 configuration recommendations for education customers](https://docs.microsoft.com/education/windows/configure-windows-for-education). This setting controls this API: [IsEducationEnvironment](https://docs.microsoft.com/uwp/api/windows.system.profile.educationsettings) |
| Customization: SetPowerPolicies | When set as **True**:<br/>- Prevents users from changing power settings<br/>- Turns off hibernate<br/>- Overrides all power state transitions to sleep (e.g. lid close) |
| Customization: SignInOnResume | This setting specifies if the user is required to sign in with a password when the PC wakes from sleep. |
| Customization: SleepTimeout | Specifies all timeouts for when the PC should sleep. Enter the amount of idle time in seconds. If you don't set sleep timeout, the default of 1 hour applies. |
@ -85,7 +85,28 @@ You can configure Windows to be in shared PC mode in a couple different ways:
![Shared PC settings in ICD](images/icd-adv-shared-pc.png)
- WMI bridge: Environments that use Group Policy can use the WMI bridge to configure the [SharedPC CSP](https://msdn.microsoft.com/library/windows/hardware/mt723294.aspx).
- WMI bridge: Environments that use Group Policy can use the [MDM Bridge WMI Provider](https://msdn.microsoft.com/library/windows/desktop/dn905224.aspx) to configure the [MDM_SharedPC class](https://msdn.microsoft.com/library/windows/desktop/mt779129.aspx). For example, open PowerShell as an administrator and enter the following:
```
$sharedPC = Get-CimInstance -Namespace "root\cimv2\mdm\dmmap" -ClassName "MDM_SharedPC"
$sharedPC.EnableSharedPCMode = $True
$sharedPC.SetEduPolicies = $True
$sharedPC.SetPowerPolicies = $True
$sharedPC.MaintenanceStartTime = 0
$sharedPC.SignInOnResume = $True
$sharedPC.SleepTimeout = 0
$sharedPC.EnableAccountManager = $True
$sharedPC.AccountModel = 2
$sharedPC.DeletionPolicy = 1
$sharedPC.DiskLevelDeletion = 25
$sharedPC.DiskLevelCaching = 50
$sharedPC.RestrictLocalStorage = $False
$sharedPC.KioskModeAUMID = ""
$sharedPC.KioskModeUserTileDisplayText = ""
$sharedPC.InactiveThreshold = 0
Set-CimInstance -CimInstance $sharedPC
Get-CimInstance -Namespace $namespaceName -ClassName $MDM_SharedPCClass
```
### Create a provisioning package for shared use

37
windows/configure/docfx.json Normal file
View File

@ -0,0 +1,37 @@
{
"build": {
"content": [
{
"files": [
"**/*.md"
],
"exclude": [
"**/obj/**",
"**/includes/**",
"README.md",
"LICENSE",
"LICENSE-CODE",
"ThirdPartyNotices"
]
}
],
"resource": [
{
"files": [
"**/*.png",
"**/*.jpg"
],
"exclude": [
"**/obj/**",
"**/includes/**"
]
}
],
"overwrite": [],
"externalReference": [],
"globalMetadata": {},
"fileMetadata": {},
"template": [],
"dest": "windows-configure"
}
}

37
windows/deploy/docfx.json Normal file
View File

@ -0,0 +1,37 @@
{
"build": {
"content": [
{
"files": [
"**/*.md"
],
"exclude": [
"**/obj/**",
"**/includes/**",
"README.md",
"LICENSE",
"LICENSE-CODE",
"ThirdPartyNotices"
]
}
],
"resource": [
{
"files": [
"**/*.png",
"**/*.jpg"
],
"exclude": [
"**/obj/**",
"**/includes/**"
]
}
],
"overwrite": [],
"externalReference": [],
"globalMetadata": {},
"fileMetadata": {},
"template": [],
"dest": "windows-deploy"
}
}

1
windows/deployment/TOC.md
View File

@ -46,7 +46,6 @@
### [Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md)
#### [Upgrade Readiness architecture](upgrade/upgrade-readiness-architecture.md)
#### [Upgrade Readiness requirements](upgrade/upgrade-readiness-requirements.md)
#### [Upgrade Readiness release notes](upgrade/upgrade-readiness-release-notes.md)
#### [Get started with Upgrade Readiness](upgrade/upgrade-readiness-get-started.md)
##### [Upgrade Readiness deployment script](upgrade/upgrade-readiness-deployment-script.md)
#### [Use Upgrade Readiness to manage Windows upgrades](upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md)

28
windows/deployment/change-history-for-deploy-windows-10.md
View File

@ -21,7 +21,7 @@ This topic lists new and updated topics in the [Deploy Windows 10](index.md) doc
## RELEASE: Windows 10, version 1703
The topics in this library have been updated for Windows 10, version 1703 (also known as the Creators Update). The provisioning topics have been moved to [Configure Windows 10](/windows/configuration/index.md).
The topics in this library have been updated for Windows 10, version 1703 (also known as the Creators Update). The provisioning topics have been moved to [Configure Windows 10](/windows/configuration/index).
## March 2017
@ -37,14 +37,14 @@ The topics in this library have been updated for Windows 10, version 1703 (also
|----------------------|-------------|
| [Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md) | Multiple topics updated, name changed from Upgrade Analytics to Upgrade Readiness, and other content updates. |
| [USMT Requirements](usmt/usmt-requirements.md) | Updated: Vista support removed and other minor changes |
| [Get started with Upgrade Analytics](upgrade/upgrade-analytics-get-started.md) | Updated structure and content |
| [Upgrade Analytics deployment script](upgrade/upgrade-analytics-deployment-script.md) | Added as a separate page from get started |
| [Use Upgrade Analytics to manage Windows upgrades](upgrade/use-upgrade-analytics-to-manage-windows-upgrades.md) | Updated with links to new content and information about the target OS setting |
| [Upgrade Analytics - Upgrade overview](upgrade/upgrade-analytics-upgrade-overview.md) | New |
| [Upgrade Analytics - Step 1: Identify important apps](upgrade/upgrade-analytics-identify-apps.md) | Updated topic title and content |
| [Upgrade Analytics - Step 2: Resolve app and driver issues](upgrade/upgrade-analytics-resolve-issues.md) | New |
| [Upgrade Analytics - Step 3: Deploy Windows](upgrade/upgrade-analytics-deploy-windows.md) | New |
| [Upgrade Analytics - Additional insights](upgrade/upgrade-analytics-additional-insights.md) | New |
| [Get started with Upgrade Analytics](upgrade/upgrade-readiness-get-started.md) | Updated structure and content |
| [Upgrade Analytics deployment script](upgrade/upgrade-readiness-deployment-script.md) | Added as a separate page from get started |
| [Use Upgrade Analytics to manage Windows upgrades](upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md) | Updated with links to new content and information about the target OS setting |
| [Upgrade Analytics - Upgrade overview](upgrade/upgrade-readiness-upgrade-overview.md) | New |
| [Upgrade Analytics - Step 1: Identify important apps](upgrade/upgrade-readiness-identify-apps.md) | Updated topic title and content |
| [Upgrade Analytics - Step 2: Resolve app and driver issues](upgrade/upgrade-readiness-resolve-issues.md) | New |
| [Upgrade Analytics - Step 3: Deploy Windows](upgrade/upgrade-readiness-deploy-windows.md) | New |
| [Upgrade Analytics - Additional insights](upgrade/upgrade-readiness-additional-insights.md) | New |
## January 2017
@ -62,7 +62,7 @@ The topics in this library have been updated for Windows 10, version 1703 (also
| [Settings changed when you uninstall a provisioning package](/windows/configuration/provisioning-packages/provisioning-uninstall-package.md) | New (previously published in Hardware Dev Center on MSDN) |
| [Use a script to install a desktop app in provisioning packages](/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md) | New (previously published in Hardware Dev Center on MSDN) |
| [Windows ICD command-line interface (reference)](/windows/configuration/provisioning-packages/provisioning-command-line.md) | New (previously published in Hardware Dev Center on MSDN) |
| [Get started with Upgrade Analytics](upgrade/upgrade-analytics-get-started.md) | Updated exit code table with suggested fixes, and added link to the Upgrade Analytics blog |
| [Get started with Upgrade Analytics](upgrade/upgrade-readiness-get-started.md) | Updated exit code table with suggested fixes, and added link to the Upgrade Analytics blog |
| [Provision PCs with common settings for initial deployment (simple provisioning)](/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md) | Instructions for applying the provisioning package moved to [Apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-apply-package.md) |
| [Provision PCs with apps and certificates for initial deployments (advanced provisioning)](/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md) | Instructions for applying the provisioning package moved to [Apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-apply-package.md) |
@ -76,9 +76,9 @@ The topics in this library have been updated for Windows 10, version 1703 (also
| New or changed topic | Description |
|----------------------|-------------|
| [Windows 10 Enterprise E3 in CSP Overview](windows-10-enterprise-e3-overview.md) | New |
| [Get started with Upgrade Analytics](upgrade/upgrade-analytics-get-started.md) | Updated with prerequisites for site discovery |
| [Resolve application and driver issues](upgrade/upgrade-analytics-resolve-issues.md) | Updated with app status info for Ready For Windows |
| [Review site discovery](upgrade/upgrade-analytics-additional-insights.md) | New |
| [Get started with Upgrade Analytics](upgrade/upgrade-readiness-get-started.md) | Updated with prerequisites for site discovery |
| [Resolve application and driver issues](upgrade/upgrade-readiness-resolve-issues.md) | Updated with app status info for Ready For Windows |
| [Review site discovery](upgrade/upgrade-readiness-additional-insights.md) | New |
## RELEASE: Windows 10, version 1607
@ -96,7 +96,7 @@ The topics in this library have been updated for Windows 10, version 1607 (also
## July 2016
| New or changed topic | Description |
|----------------------|-------------|
| [Manage Windows upgrades with Upgrade Analytics](upgrade/manage-windows-upgrades-with-upgrade-analytics.md) | New |
| [Manage Windows upgrades with Upgrade Analytics](upgrade/manage-windows-upgrades-with-upgrade-readiness.md) | New |
## June 2016
| New or changed topic | Description |

BIN
windows/deployment/images/UR-lift-report.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 712 KiB

2
windows/deployment/mbr-to-gpt.md
View File

@ -36,6 +36,8 @@ Offline conversion of system disks with earlier versions of Windows installed, s
>[!IMPORTANT]
>After the disk has been converted to GPT partition style, the firmware must be reconfigured to boot in UEFI mode. <BR>Make sure that your device supports UEFI before attempting to convert the disk.
<iframe width="560" height="315" align="center" src="https://www.youtube.com/embed/hfJep4hmg9o" frameborder="0" allowfullscreen></iframe>
## Syntax
<table style="font-family:consolas;font-size:12px" >

2
windows/deployment/planning/change-history-for-plan-for-windows-10-deployment.md
View File

@ -42,7 +42,7 @@ The topics in this library have been updated for Windows 10, version 1607 (also
| New or changed topic | Description |
|--------------------------------------------------------------------------------------------------------------------------------------------------|-------------|
|[Application Compatibility Toolkit (ACT) Technical Reference](act-technical-reference.md) (multiple topics) |Redirected deprecated content to the [Upgrade Analytics](../upgrade/manage-windows-upgrades-with-upgrade-analytics.md) content. Only Standard User Analyzer and Compatibility Administrator continue to be supported.|
|[Application Compatibility Toolkit (ACT) Technical Reference](act-technical-reference.md) (multiple topics) |Redirected deprecated content to the [Upgrade Analytics](../upgrade/manage-windows-upgrades-with-upgrade-readiness.md) content. Only Standard User Analyzer and Compatibility Administrator continue to be supported.|
| [Windows 10 servicing overview](../update/waas-overview.md) | Content on this page was summarized. Detailed content about servicing branches was moved to the [Windows 10 servicing options](../update/waas-servicing-strategy-windows-10-updates.md) page. |

8
windows/deployment/update/index.md
View File

@ -36,10 +36,10 @@ Windows as a service provides a new way to think about building, deploying, and
| [Assign devices to servicing branches for Windows 10 updates](waas-servicing-branches-windows-10-updates.md) | Explains how to assign devices to Current Branch (CB) or Current Branch for Business (CBB) for feature and quality updates, and how to enroll devices in Windows Insider. |
| [Monitor Windows Updates with Update Compliance](update-compliance-monitor.md) | Explains how to use Windows Analytics: Update Compliance to monitor and manage Windows Updates on devices in your organization. |
| [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) | Explains the benefits of using Delivery Optimization or BranchCache for update distribution. |
| [Manage updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](waas-mobile-updates.md) | Explains updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile. |
| [Manage updates using Windows Update for Business](waas-manage-updates-wufb.md) | Explains how to use Windows Update for Business to manage when devices receive updates directly from Windows Update. Includes walkthroughs for configuring Windows Update for Business using Group Policy and Microsoft Intune. |
| [Manage Windows 10 updates using Windows Server Update Services (WSUS)](waas-manage-updates-wsus.md) | Explains how to use WSUS to manage Windows 10 updates. |
| [Manage Windows 10 updates using System Center Configuration Manager](waas-manage-updates-configuration-manager.md) | Explains how to use Configuration Manager to manage Windows 10 updates. |
| [Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](waas-mobile-updates.md) | Explains updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile. |
| [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md) | Explains how to use Windows Update for Business to manage when devices receive updates directly from Windows Update. Includes walkthroughs for configuring Windows Update for Business using Group Policy and Microsoft Intune. |
| [Deploy Windows 10 updates using Windows Server Update Services (WSUS)](waas-manage-updates-wsus.md) | Explains how to use WSUS to manage Windows 10 updates. |
| [Deploy Windows 10 updates using System Center Configuration Manager](waas-manage-updates-configuration-manager.md) | Explains how to use Configuration Manager to manage Windows 10 updates. |
| [Manage device restarts after updates](waas-restart.md) | Explains how to use Group Policy to manage device restarts. |
| [Windows Insider Program for Business](waas-windows-insider-for-business.md) | Explains how the Windows Insider Program for Business works and how to become an insider. |

2
windows/deployment/update/waas-manage-updates-configuration-manager.md
View File

@ -1,5 +1,5 @@
---
title: Manage Windows 10 updates using System Center Configuration Manager (Windows 10)
title: Deploy Windows 10 updates using System Center Configuration Manager (Windows 10)
description: System Center Configuration Manager provides maximum control over quality and feature updates for Windows 10.
ms.prod: w10
ms.mktglfcycl: manage

2
windows/deployment/update/waas-manage-updates-wsus.md
View File

@ -1,5 +1,5 @@
---
title: Manage Windows 10 updates using Windows Server Update Services (Windows 10)
title: Deploy Windows 10 updates using Windows Server Update Services (Windows 10)
description: WSUS allows companies to defer, selectively approve, choose when delivered, and determine which devices receive updates.
ms.prod: w10
ms.mktglfcycl: manage

2
windows/deployment/update/waas-manage-updates-wufb.md
View File

@ -1,5 +1,5 @@
---
title: Manage updates using Windows Update for Business (Windows 10)
title: Deploy updates using Windows Update for Business (Windows 10)
description: Windows Update for Business lets you manage when devices received updates from Windows Update.
ms.prod: w10
ms.mktglfcycl: manage

2
windows/deployment/update/waas-mobile-updates.md
View File

@ -1,5 +1,5 @@
---
title: Manage updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile (Windows 10)
title: Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile (Windows 10)
description: tbd
ms.prod: w10
ms.mktglfcycl: manage

12
windows/deployment/update/waas-quick-start.md
View File

@ -22,19 +22,19 @@ Windows as a service is a new concept, introduced with the release of Windows 10
## Definitions
Some new terms have been introduced as part of Windows as a service, so you should know what these terms mean.
- **Feature updates** will be released two to three times per year. As the name suggests, these will add new features to Windows 10, delivered in bite-sized chunks compared to the previous practice of Windows releases every 3-5 years.
- **Feature updates** will be released twice per year, around March and September. As the name suggests, these will add new features to Windows 10, delivered in bite-sized chunks compared to the previous practice of Windows releases every 3-5 years.
- **Quality updates** are released monthly, delivering both security and non-security fixes. These are cumulative, so installing the latest quality update is sufficient to get all the available fixes for a specific Windows 10 feature update.
- **Insider Preview** builds are made available during the development of the features that will be shipped in the next feature update, enabling organizations to validate new features as well as compatibility with existing apps and infrastructure, providing feedback to Microsoft on any issues encountered.
- **Servicing branches** allow organizations to choose when to deploy new features. Current Branch (CB) deploys the fastest, soon after a feature update is released. Current Branch for Business (CBB) defers the installation of the same feature update by about four months, until that feature update is considered ready for broad deployment. Long Term Servicing Branch (LTSB) is different, used only for specialized devices (which typically dont run Office) such as those that control medical equipment or ATM machines that need to be kept stable and secure.
- **Servicing channels** allow organizations to choose when to deploy new features. The Semi-Annual Channel receives feature updates twice per year. The Long Term Servicing Channel, which is designed to be used only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases about every three years.
- **Deployment rings** are groups of devices used to initially pilot, and then to broadly deploy, each feature update in an organization.
See [Overview of Windows as a service](waas-overview.md) for more information.
## Key Concepts
New feature update releases are initially considered **Current Branch (CB) releases**; organizations will use these for pilot deployments to ensure compatibility with existing apps and infrastructure. After about four months, the feature update will be declared as **Current Branch for Business (CBB)**, indicating that it is ready for broad deployment.
Windows 10 gains new functionality with twice-per-year feature update releases. Initially, organizations will use these feature update releases for pilot deployments to ensure compatibility with existing apps and infrastructure. After a period of time, typically about four months after the feature update release, broad deployment throughout the organization can begin. The exact timeframe is determined by feedback from customers, ISVs, OEMs, and others, with an explicit "ready for broad deployment" declaration signaling this to customers.
Each Windows 10 feature update (which initially begins as CB and then is declared as CBB) will be serviced with quality updates for a minimum of 18 months after it is released. The total length of time can be longer, as there will be two CBB releases serviced at all times. There will be a minimum of 60 days advanced notice (a grace period) after a CBB declaration occurs before an older feature update is no longer serviced.
Each Windows 10 feature update will be serviced with quality updates for 18 months from the date of the feature update release.
Windows 10 Enterprise LTSB is a separate **Long Term Servicing Branch (LTSB)** version. Each release is supported for a total of 10 years (five years standard support, five years extended support). New releases are expected about every three years.
@ -44,9 +44,9 @@ See [Assign devices to servicing branches for Windows 10 updates](waas-servicing
The process for keeping Windows 10 up to date involves deploying a feature update, at an appropriate time after its release. A variety of tools management and patching tools such as Windows Update, Windows Update for Business, Windows Server Update Services, System Center Configuration Manager, and third-party products) can be used to help with this process. [Windows Analytics Upgrade Readiness](https://www.microsoft.com/en-us/WindowsForBusiness/windows-analytics), a free tool to streamline Windows upgrade projects, is another important tool to help.
Because app compatibility, both for desktop apps and web apps, is outstanding with Windows 10, extensive advanced testing isnt required. Instead, only business-critical apps need to be tested, with the remaining apps validated through a series of pilot deployment rings. Once these pilot deployments have validated most apps and CBB has been declared, broad deployment can begin.
Because app compatibility, both for desktop apps and web apps, is outstanding with Windows 10, extensive advanced testing isnt required. Instead, only business-critical apps need to be tested, with the remaining apps validated through a series of pilot deployment rings. Once these pilot deployments have validated most apps, broad deployment can begin.
This process repeats with each new feature update, two to three times per year. These are small deployment projects, compared to the big projects that were necessary with the old three-to-five-year Windows release cycles.
This process repeats with each new feature update, twice per year. These are small deployment projects, compared to the big projects that were necessary with the old three-to-five-year Windows release cycles.
Additional technologies such as BranchCache and Delivery Optimization, both peer-to-peer distribution tools, can help with the distribution of the feature update installation files.

2
windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
View File

@ -30,7 +30,7 @@ Windows 10 spreads the traditional deployment effort of a Windows upgrade, which
- **Identify excluded PCs.** For some organizations, special-purpose devices such as those used to control factory or medical equipment or run ATMs require a stricter, less frequent feature update cycle than CB or Current Branch for Business (CBB) can offer. For those machines, you must install Windows 10 Enterprise LTSB to avoid feature updates for up to 10 years. Identify these PCs, and separate them from the phased deployment and servicing cycles to help remove confusion for your administrators and ensure that devices are handled correctly.
- **Recruit volunteers.** The purpose of testing a deployment is to receive feedback. One effective way to recruit pilot users is to request volunteers. When doing so, clearly state that youre looking for feedback rather than people to just “try it out” and that there could be occasional issues involved with accepting feature updates right away. With Windows as a service, the expectation is that there should be few issues, but if an issue does arise, you want testers to let you know as soon as possible. When considering whom to recruit for pilot groups, be sure to include members who provide the broadest set of applications and devices to validate the largest number of apps and devices possible.
- **Choose a servicing tool.** Decide which product youll use to manage the Windows updates in your environment. If youre currently using Windows Server Update Services (WSUS) or System Center Configuration Manager to manage your Windows updates, you can continue using those products to manage Windows 10 updates. Alternatively, you can use Windows Update for Business. In addition to which product youll use, consider how youll deliver the updates. With Windows 10, multiple peer-to-peer options are available to make update distribution faster. For a comparison of tools, see [Servicing tools](waas-overview.md#servicing-tools).
- **Prioritize applications.** First, create an application portfolio. This list should include everything installed in your organization and any webpages your organization hosts. Next, prioritize this list to identify those that are the most business critical. Because the expectation is that application compatibility with Windows 10 will be high, only the most business critical applications should be tested before the pilot phase; everything else can be tested afterwards. For more information about identifying compatibility issues withe applications, see [Manage Windows upgrades with Upgrade Analytics](../upgrade/manage-windows-upgrades-with-upgrade-analytics.md).
- **Prioritize applications.** First, create an application portfolio. This list should include everything installed in your organization and any webpages your organization hosts. Next, prioritize this list to identify those that are the most business critical. Because the expectation is that application compatibility with Windows 10 will be high, only the most business critical applications should be tested before the pilot phase; everything else can be tested afterwards. For more information about identifying compatibility issues withe applications, see [Manage Windows upgrades with Upgrade Analytics](../upgrade/manage-windows-upgrades-with-upgrade-readiness.md).
>[!NOTE]
>This strategy is applicable to approaching an environment in which Windows 10 already exists. For information about how to deploy or upgrade to Windows 10 where another version of Windows exists, see [Plan for Windows 10 deployment](../planning/index.md).

4
windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-analytics.md
View File

@ -1,4 +0,0 @@
---
title: Manage Windows upgrades with Upgrade Analytics (Windows 10)
redirect_url: manage-windows-upgrades-with-upgrade-readiness
---

6
windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness.md
View File

@ -29,15 +29,15 @@ The Upgrade Readiness workflow steps you through the discovery and rationalizati
**Important** For system, application, and driver data to be shared with Microsoft, you must configure user computers to send data. For information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see:
- [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization)
- [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)
- [Configure Windows telemetry in your organization](/windows/configuration/configure-windows-telemetry-in-your-organization)
- [Manage connections from Windows operating system components to Microsoft services](/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services)
- [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)
##**Related topics**
[Upgrade Readiness architecture](upgrade-readiness-architecture.md)<BR>
[Upgrade Readiness requirements](upgrade-readiness-requirements.md)<BR>
[Upgrade Readiness release notes](upgrade-readiness-release-notes.md)<BR>
[Upgrade Readiness release notes](upgrade-readiness-requirements.md#important-information-about-this-release)<BR>
[Get started with Upgrade Readiness](upgrade-readiness-get-started.md)<BR>
[Use Upgrade Readiness to manage Windows upgrades](use-upgrade-readiness-to-manage-windows-upgrades.md)<BR>
[Troubleshoot Upgrade Readiness](troubleshoot-upgrade-readiness.md)<BR>

4
windows/deployment/upgrade/troubleshoot-upgrade-analytics.md
View File

@ -1,4 +0,0 @@
---
title: Troubleshoot Upgrade Analytics (Windows 10)
redirect_url: troubleshoot-upgrade-readiness
---

4
windows/deployment/upgrade/upgrade-analytics-additional-insights.md
View File

@ -1,4 +0,0 @@
---
title: Upgrade Analytics - Additional insights
redirect_url: upgrade-readiness-additional-insights
---

4
windows/deployment/upgrade/upgrade-analytics-architecture.md
View File

@ -1,4 +0,0 @@
---
title: Upgrade Analytics architecture (Windows 10)
redirect_url: upgrade-readiness-architecture
---

4
windows/deployment/upgrade/upgrade-analytics-deploy-windows.md
View File

@ -1,4 +0,0 @@
---
title: Upgrade Analytics - Get a list of computers that are upgrade-ready (Windows 10)
redirect_url: upgrade-readiness-deploy-windows
---

4
windows/deployment/upgrade/upgrade-analytics-deployment-script.md
View File

@ -1,4 +0,0 @@
---
title: Upgrade Analytics deployment script (Windows 10)
redirect_url: upgrade-readiness-deployment-script
---

4
windows/deployment/upgrade/upgrade-analytics-get-started.md
View File

@ -1,4 +0,0 @@
---
title: Get started with Upgrade Analytics (Windows 10)
redirect_url: upgrade-readiness-get-started
---

5
windows/deployment/upgrade/upgrade-analytics-identify-apps.md
View File

@ -1,5 +0,0 @@
---
title: Upgrade Analytics - Identify important apps (Windows 10)
redirect_url: upgrade-readiness-identify-apps
---

5
windows/deployment/upgrade/upgrade-analytics-requirements.md
View File

@ -1,5 +0,0 @@
---
title: Upgrade Analytics requirements (Windows 10)
redirect_url: upgrade-readiness-requirements
---

5
windows/deployment/upgrade/upgrade-analytics-resolve-issues.md
View File

@ -1,5 +0,0 @@
---
title: Upgrade Analytics - Resolve application and driver issues (Windows 10)
redirect_url: upgrade-readiness-resolve-issues
---

4
windows/deployment/upgrade/upgrade-analytics-upgrade-overview.md
View File

@ -1,4 +0,0 @@
---
title: Upgrade Analytics - Upgrade Overview (Windows 10)
redirect_url: upgrade-readiness-upgrade-overview
---

6
windows/deployment/upgrade/upgrade-readiness-architecture.md
View File

@ -19,12 +19,12 @@ After you enable Windows telemetry on user computers and install the compatibili
For more information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see:
[Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization)<BR>
[Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)<BR>
[Configure Windows telemetry in your organization](/windows/configuration/configure-windows-telemetry-in-your-organization)<BR>
[Manage connections from Windows operating system components to Microsoft services](/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services)<BR>
[Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)<BR>
##**Related topics**
[Upgrade Readiness requirements](upgrade-readiness-requirements.md)<BR>
[Upgrade Readiness release notes](upgrade-readiness-release-notes.md)<BR>
[Upgrade Readiness release notes](upgrade-readiness-requirements.md#important-information-about-this-release)<BR>
[Get started with Upgrade Readiness](upgrade-readiness-get-started.md)<BR>

413
windows/deployment/upgrade/upgrade-readiness-deployment-script.md
View File

@ -68,227 +68,196 @@ To run the Upgrade Readiness deployment script:
5. After you finish editing the parameters in RunConfig.bat, you are ready to run the script. If you are using the Pilot version, run RunConfig.bat from an elevated command prompt. If you are using the Deployment version, use ConfigMgr or other software deployment service to run RunConfig.bat as system.
The deployment script displays the following exit codes to let you know if it was successful, or if an error was encountered.
<div style='font-size:8.0pt'>
<TABLE border=1 cellspacing=0 cellpadding=0>
<TR><TD BGCOLOR="#a0e4fa" width=5>Exit code</TD>
<TD BGCOLOR="#a0e4fa">Meaning
<TD BGCOLOR="#a0e4fa">Suggested fix
<TR><TD>0</TD>
<TD>Success
<TD>N/A
<TR><TD>1</TD>
<TD>Unexpected error occurred while executing the script.
<TD> The files in the deployment script are likely corrupted. Download the [latest script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) from the download center and try again.
<TR><TD>2</TD>
<TD>Error when logging to console. $logMode = 0.<BR>(console only)
<TD>Try changing the $logMode value to **1** and try again.<BR>$logMode value 1 logs to both console and file.
<TR><TD>3</TD>
<TD>Error when logging to console and file. $logMode = 1.
<TD>Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location.
<TR><TD>4</TD>
<TD>Error when logging to file. $logMode = 2.
<TD>Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location.
<TR><TD>5</TD>
<TD>Error when logging to console and file. $logMode = unknown.
<TD>Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location.
<TR><TD>6</TD>
<TD>The commercialID parameter is set to unknown. <BR>Modify the runConfig.bat file to set the CommercialID value.
<TD>The value for parameter in the runconfig.bat file should match the Commercial ID key for your workspace.
<BR>See [Generate your Commercial ID key](https://technet.microsoft.com/itpro/windows/deploy/upgrade-readiness-get-started#generate-your-commercial-id-key) for instructions on generating a Commercial ID key for your workspace.
<TR><TD>8</TD>
<TD>Failure to create registry key path: <div style='font-size:7.0pt'>**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**</div>
<TD>The Commercial Id property is set at the following registry key path: <div style='font-size:7.0pt'>**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**</div>
<BR>Verify that the context under which the script in running has access to the registry key.
<TR><TD>9</TD>
<TD>The script failed to write Commercial Id to registry.
<BR>Error creating or updating registry key: **CommercialId** at <div style='font-size:7.0pt'>**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**</div>
<TD>Verify that the context under which the script in running has access to the registry key.
<TR><TD>10</TD>
<TD>Error when writing **CommercialDataOptIn** to the registry at <div style='font-size:7.0pt'>**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**</div>
<TD>Verify that the deployment script is running in a context that has access to the registry key.
<TR><TD>11</TD>
<TD>Function **SetupCommercialId** failed with an unexpected exception.
<TD>The **SetupCommercialId** function updates the Commercial Id at the registry key path: <div style='font-size:7.0pt'>**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**</div> <BR>Verify that the configuration script has access to this location.
<TR><TD>12</TD>
<TD>Cant connect to Microsoft - Vortex. Check your network/proxy settings.
<TD>**Http Get** on the end points did not return a success exit code.<BR>
For Windows 10, connectivity is verified by connecting to https://v10.vortex-win.data.microsoft.com/health/keepalive.<BR>
For previous operating systems, connectivity is verified by connecting to https://vortex-win.data.microsoft.com/health/keepalive.
<BR>If there is an error verifying connectivity, this will prevent the collected data from being sent to Upgrade Readiness. To resolve this issue, verify that the required endpoints are correctly whitelisted. For more information, see [Enable data sharing](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-get-started#enable-data-sharing).
<TR><TD>13</TD>
<TD>Cant connect to Microsoft - setting.
<TD>An error occurred connecting to https://settings.data.microsoft.com/qos. This error will prevent the collected data from being sent to Upgrade Readiness. To resolve this issue, verify that the required endpoints are correctly whitelisted. For more information, see [Enable data sharing](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-get-started#enable-data-sharing).
<TR><TD>14</TD>
<TD>Cant connect to Microsoft - compatexchange.
<TD>An error occurred connecting to https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc . This error will prevent the collected data from being sent to Upgrade Readiness. To resolve this issue, verify that the required endpoints are correctly whitelisted. For more information, see [Enable data sharing](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-get-started#enable-data-sharing).
<TR><TD>15</TD>
<TD>Function CheckVortexConnectivity failed with an unexpected exception.
<TD>This error will prevent the collected data from being sent to Upgrade Readiness. To resolve this issue, verify that the required endpoints are correctly whitelisted. For more information, see [Enable data sharing](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-get-started#enable-data-sharing). Check the logs for the exception message and the HResult.
<TR><TD>16</TD>
<TD>The computer requires a reboot before running the script.
<TD>A reboot is required to complete the installation of the compatibility update and related KBs. Reboot the computer before running the Upgrade Readiness deployment script.
<TR><TD>17</TD>
<TD>Function **CheckRebootRequired** failed with an unexpected exception.
<TD>A reboot is required to complete installation of the compatibility update and related KBs. Check the logs for the exception message and the HResult.
<TR><TD>18</TD>
<TD>Appraiser KBs not installed or **appraiser.dll** not found.
<TD>Either the Appraiser KBs are not installed, or the **appraiser.dll** file was not found. For more information, see appraiser telemetry events and fields information in the [Data collection](https://technet.microsoft.com/itpro/windows/deploy/upgrade-readiness-get-started#data-collection-and-privacy) and privacy topic.
<TR><TD>19</TD>
<TD>Function **CheckAppraiserKB**, which checks the compatibility update KBs, failed with unexpected exception.
<TD>Check the logs for the Exception message and HResult. The script will not run further if this error is not fixed.
<TR><TD>20</TD>
<TD>An error occurred when creating or updating the registry key **RequestAllAppraiserVersions** at <div style='font-size:7.0pt'>**HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Appraiser**</div>
<TD>The registry key is required for data collection to work correctly. Verify that the script is running in a context that has access to the registry key.
<TR><TD>21</TD>
<TD>Function **SetRequestAllAppraiserVersions** failed with an unexpected exception.
<TD>Check the logs for the exception message and HResult.
<TR><TD>22</TD>
<TD>**RunAppraiser** failed with unexpected exception.
<TD>Check the logs for the exception message and HResult. Check the **%windir%\System32*8 directory for the file **CompatTelRunner.exe**. If the file does not exist, reinstall the required compatibility updates which include this file, and check your organization's Group Policy to verify it does not remove this file.
<TR><TD>23</TD>
<TD>Error finding system variable **%WINDIR%**.
<TD>Verify that this environment variable is configured on the computer.
<TR><TD>24</TD>
<TD>The script failed when writing **IEDataOptIn** to the registry. An error occurred when creating registry key **IEOptInLevel** at <div style='font-size:7.0pt'>**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**</div>
<TD>This is a required registry key for IE data collection to work correctly. Verify that the deployment script in running in a context that has access to the registry key. Check the logs for the exception message and HResult.
<TR><TD>25</TD>
<TD>The function **SetIEDataOptIn** failed with unexpected exception.
<TD>Check the logs for the exception message and HResult.
<TR><TD>26</TD>
<TD>The operating system is Server or LTSB SKU.
<TD> The script does not support Server or LTSB SKUs.
<TR><TD>27</TD>
<TD>The script is not running under **System** account.
<TD>The Upgrade Readiness configuration script must be run as **System**.
<TR><TD>28</TD>
<TD>Could not create log file at the specified **logPath**.
<TD> Make sure the deployment script has access to the location specified in the **logPath** parameter.
<TR><TD>29</TD>
<TD>Connectivity check failed for proxy authentication.
<TD>Install the cumulative updates on the computer and enable the **DisableEnterpriseAuthProxy** authentication proxy setting.
<BR>The **DisableEnterpriseAuthProxy** setting is enabled by default for Windows 7.
<BR>For Windows 8.1 computers, set the **DisableEnterpriseAuthProxy** setting to **0** (not disabled).
<BR>For more information on authentication proxy support, see [this blog post](https://go.microsoft.com/fwlink/?linkid=838688).
<TR><TD>30</TD>
<TD>Connectivity check failed. Registry key property **DisableEnterpriseAuthProxy** is not enabled.
<TD>The **DisableEnterpriseAuthProxy** setting is enabled by default for Windows 7.
<BR>For Windows 8.1 computers, set the **DisableEnterpriseAuthProxy** setting to **0** (not disabled).
<BR>For more information on authentication proxy support, see [this blog post](https://go.microsoft.com/fwlink/?linkid=838688).
<TR><TD>31</TD>
<TD>There is more than one instance of the Upgrade Readiness data collector running at the same time on this computer.
<TD>Use the Windows Task Manager to check if **CompatTelRunner.exe** is running, and wait until it has completed to rerun the script. The Upgrade Readiness task is scheduled to run daily at 3 a.m.
<TR><TD>32</TD>
<TD>Appraiser version on the machine is outdated.
<TD>The configuration script detected a version of the compatibility update module that is older than the minimum required to correctly collect the data required by Upgrade Readiness solution. Use the latest version of the [compatibility update](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-get-started#deploy-the-compatibility-update-and-related-kbs) for Windows 7 SP1/Windows 8.1.
<TR><TD>33</TD>
<TD>**CompatTelRunner.exe** exited with an exit code
<TD>**CompatTelRunner.exe** runs the appraise task on the machine. If it fails, it will provide a specific exit code. The script will return exit code 33 when **CompatTelRunner.exe** itself exits with an exit code. Please check the logs for more details.
<TR><TD>34</TD>
<TD>Function **CheckProxySettings** failed with an unexpected exception.
<TD>Check the logs for the exception message and HResult.
<TR><TD>35</TD>
<TD>Function **CheckAuthProxy** failed with an unexpected exception.
<TD>Check the logs for the exception message and HResult.
<TR><TD>36</TD>
<TD>Function **CheckAppraiserEndPointsConnectivity** failed with an unexpected exception.
<TD>Check the logs for the exception message and HResult.
<TR><TD>37</TD>
<TD>**Diagnose_internal.cmd** failed with an unexpected exception.
<TD>Check the logs for the exception message and HResult.
<TR><TD>38</TD>
<TD>Function **Get-SqmID** failed with an unexpected exception.
<TD>Check the logs for the exception message and HResult.
<TR><TD>39</TD>
<TD>For Windows 10: AllowTelemetry property is not set to 1 or higher at registry key path <div style='font-size:7.0pt'>**HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection**</div>
or <div style='font-size:7.0pt'>**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**</div>
<TD>For Windows 10 machines, the **AllowTelemetry** property should be set to 1 or greater to enable data collection. The script will throw an error if this is not true. For more information, see [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization).
<TR><TD>40</TD>
<TD>Function **CheckTelemetryOptIn** failed with an unexpected exception.
<TD>Check the logs for the exception message and HResult.
<TR><TD>41</TD>
<TD>The script failed to impersonate the currently logged on user.
<TD>The script mimics the UTC client to collect upgrade readiness data. When auth proxy is set, the UTC client impersonates the logged on user. The script also tries to mimic this, but the process failed.
<TR><TD>42</TD>
<TD>Function **StartImpersonatingLoggedOnUser** failed with an unexpected exception.
<TD>Check the logs for the exception message and HResult.
<TR><TD>43</TD>
<TD>Function **EndImpersonatingLoggedOnUser** failed with an unexpected exception.
<TD>Check the logs for the exception message and HResult.
<TR><TD>44</TD>
<TD>Function **Diagtrack.dll** version is old and so Auth Proxy will not work.
<TD>Update the computer using Windows Update or WSUS.
<TR><TD>45</TD>
<TD>**Diagtrack.dll** not found.
<TD>Update the computer using Windows Update or WSUS.
<TR><TD>46</TD>
<TD>**DisableEnterpriseAuthProxy** property should be set to 1 for ClientProxy=Telemetry to work.
<TD>The ClientProxy=Telemetry scenario requires the **DisableEnterpriseAuthProxy** registry key to be set to 1 at registry path: **HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection**.
<TR><TD>47</TD>
<TD>**TelemetryProxyServer** property is not present in the Windows registry at **HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection**.
<TD>ClientProxy selected is Telemetry. The **TelemetryProxyServer** key is not present at Windows registry path: **HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection**.
<TR><TD>48</TD>
<TD>The **CommercialID** referenced in RunConfig.bat must be a GUID.
<TD>The **CommercialID** that is entered in RunConfig.bat must be a GUID. Copy the commercial ID from your workspace. To find the commercialID on the OMS portal, view Upgrade Readiness > Settings. You will find the commercial ID on the settings page.
</TABLE>
</div>
The deployment script displays the following exit codes to let ddfyou know if it was successful, or if an error was encountered.
<div font-size='7pt;'>
<table border='1' cellspacing='0' cellpadding='0'>
<tr>
<td BGCOLOR="#a0e4fa" width=5>Exit code and meaning</td>
<td BGCOLOR="#a0e4fa">Suggested fix</td>
</tr>
<tr><td>0 - Success</td>
<td>N/A</td>
</tr>
<tr>
<td>1 - Unexpected error occurred while executiEng the script.</td>
<td> The files in the deployment script are likely corrupted. Download the [latest script](https://go.microsoft.com/fwlink/?LinkID=822966) from the download center and try again.</td>
</tr>
<tr>
<td>2 - Error when logging to console. $logMode = 0.<BR>(console only)</td>
<td>Try changing the $logMode value to **1** and try again.<BR>$logMode value 1 logs to both console and file.</td>
</tr>
<tr>
<td>3 - Error when logging to console and file. $logMode = 1.</td>
<td>Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location.</td>
</tr>
<tr>
<td>4 - Error when logging to file. $logMode = 2.</td>
<td>Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location.</td>
</tr>
<tr>
<td>5 - Error when logging to console and file. $logMode = unknown.</td>
<td>Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location.</td>
</tr>
<tr>
<td>6 - The commercialID parameter is set to unknown. <BR>Modify the runConfig.bat file to set the CommercialID value.</td>
<td>The value for parameter in the runconfig.bat file should match the Commercial ID key for your workspace.
<BR>See [Generate your Commercial ID key](https://technet.microsoft.com/itpro/windows/deploy/upgrade-readiness-get-started#generate-your-commercial-id-key) for instructions on generating a Commercial ID key for your workspace.</td>
</tr>
<tr>
<td>8 - Failure to create registry key path: <font size='1'>**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**</font></td>
<td>The Commercial Id property is set at the following registry key path: <font size='1'>**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**</font>
<BR>Verify that the context under which the script in running has access to the registry key.</td>
</tr>
<tr>
<td>9 - The script failed to write Commercial Id to registry.
<BR>Error creating or updating registry key: **CommercialId** at <font size='1'>**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**</font>
</td>
<td>Verify that the context under which the script in running has access to the registry key.</td>
</tr>
<tr>
<td>10 - Error when writing **CommercialDataOptIn** to the registry at <font size='1'>**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**</font></td>
<td>Verify that the deployment script is running in a context that has access to the registry key.</td>
</tr>
<tr>
<td>11 - Function **SetupCommercialId** failed with an unexpected exception.</td>
<td>The **SetupCommercialId** function updates the Commercial Id at the registry key path: <font size='1'>**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**</font> <BR>Verify that the configuration script has access to this location.</td>
</tr>
<tr>
<td>12 - Cant connect to Microsoft - Vortex. Check your network/proxy settings.</td>
<td>**Http Get** on the end points did not return a success exit code.<BR>
For Windows 10, connectivity is verified by connecting to https://v10.vortex-win.data.microsoft.com/health/keepalive.<BR>
For previous operating systems, connectivity is verified by connecting to https://vortex-win.data.microsoft.com/health/keepalive.
<BR>If there is an error verifying connectivity, this will prevent the collected data from being sent to Upgrade Readiness. To resolve this issue, verify that the required endpoints are correctly whitelisted. For more information, see [Enable data sharing](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-get-started#enable-data-sharing).</td>
</tr>
<tr>
<td>13 - Cant connect to Microsoft - setting. </td>
<td>An error occurred connecting to https://settings.data.microsoft.com/qos. This error will prevent the collected data from being sent to Upgrade Readiness. To resolve this issue, verify that the required endpoints are correctly whitelisted. For more information, see [Enable data sharing](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-get-started#enable-data-sharing).</td>
</tr>
<tr>
<td>14 - Cant connect to Microsoft - compatexchange.</td>
<td>An error occurred connecting to https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc . This error will prevent the collected data from being sent to Upgrade Readiness. To resolve this issue, verify that the required endpoints are correctly whitelisted. For more information, see [Enable data sharing](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-get-started#enable-data-sharing).</td>
</tr>
<tr>
<td>15 - Function CheckVortexConnectivity failed with an unexpected exception.</td>
<td>This error will prevent the collected data from being sent to Upgrade Readiness. To resolve this issue, verify that the required endpoints are correctly whitelisted. For more information, see [Enable data sharing](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-get-started#enable-data-sharing). Check the logs for the exception message and the HResult.</td>
</tr>
<tr>
<td>16 - The computer requires a reboot before running the script.</td>
<td>A reboot is required to complete the installation of the compatibility update and related KBs. Reboot the computer before running the Upgrade Readiness deployment script.</td>
</tr>
<tr>
<td>17 - Function **CheckRebootRequired** failed with an unexpected exception.</td>
<td>A reboot is required to complete installation of the compatibility update and related KBs. Check the logs for the exception message and the HResult.</td>
</tr>
<tr>
<td>18 - Appraiser KBs not installed or **appraiser.dll** not found.</td>
<td>Either the Appraiser KBs are not installed, or the **appraiser.dll** file was not found. For more information, see appraiser telemetry events and fields information in the [Data collection](https://technet.microsoft.com/itpro/windows/deploy/upgrade-readiness-get-started#data-collection-and-privacy) and privacy topic.</td>
</tr>
<tr>
<td>19 - Function **CheckAppraiserKB**, which checks the compatibility update KBs, failed with unexpected exception.</td>
<td>Check the logs for the Exception message and HResult. The script will not run further if this error is not fixed.</td>
</tr>
<tr>
<td>20 - An error occurred when creating or updating the registry key **RequestAllAppraiserVersions** at <font size='1'>**HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Appraiser**</font> </td>
<td>The registry key is required for data collection to work correctly. Verify that the script is running in a context that has access to the registry key. </td>
</tr>
<tr>
<td>21 - Function **SetRequestAllAppraiserVersions** failed with an unexpected exception.</td>
<td>Check the logs for the exception message and HResult.</td>
</tr>
<tr>
<td>22 - **RunAppraiser** failed with unexpected exception.</td>
<td>Check the logs for the exception message and HResult. Check the **%windir%\System32*8 directory for the file **CompatTelRunner.exe**. If the file does not exist, reinstall the required compatibility updates which include this file, and check your organization's Group Policy to verify it does not remove this file.</td>
</tr>
<tr>
<td>23 - Error finding system variable **%WINDIR%**.</td>
<td>Verify that this environment variable is configured on the computer.</td>
</tr>
<tr>
<td>24 - The script failed when writing **IEDataOptIn** to the registry. An error occurred when creating registry key **IEOptInLevel** at <font size='1'>**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**</font></td>
<td>This is a required registry key for IE data collection to work correctly. Verify that the deployment script in running in a context that has access to the registry key. Check the logs for the exception message and HResult.</td>
</tr>
<tr>
<td>25 - The function **SetIEDataOptIn** failed with unexpected exception.</td>
<td>Check the logs for the exception message and HResult.</td>
</tr>
<tr>
<td>26 - The operating system is Server or LTSB SKU.</td>
<td> The script does not support Server or LTSB SKUs.</td>
</tr>
<tr>
<td>27 - The script is not running under **System** account.</td>
<td>The Upgrade Readiness configuration script must be run as **System**. </td>
</tr>
<tr>
<td>28 - Could not create log file at the specified **logPath**.</td>
<td> Make sure the deployment script has access to the location specified in the **logPath** parameter.</td>
</tr>
<tr>
<td>29 - Connectivity check failed for proxy authentication. </td>
<td>Install the cumulative updates on the computer and enable the **DisableEnterpriseAuthProxy** authentication proxy setting.
<BR>The **DisableEnterpriseAuthProxy** setting is enabled by default for Windows 7.
<BR>For Windows 8.1 computers, set the **DisableEnterpriseAuthProxy** setting to **0** (not disabled).
<BR>For more information on authentication proxy support, see [this blog post](https://go.microsoft.com/fwlink/?linkid=838688).</td>
</tr>
<tr>
<td>30 - Connectivity check failed. Registry key property **DisableEnterpriseAuthProxy** is not enabled.</td>
<td>The **DisableEnterpriseAuthProxy** setting is enabled by default for Windows 7.
<BR>For Windows 8.1 computers, set the **DisableEnterpriseAuthProxy** setting to **0** (not disabled).
<BR>For more information on authentication proxy support, see [this blog post](https://go.microsoft.com/fwlink/?linkid=838688).</td>
</tr>
<tr>
<td>31 - There is more than one instance of the Upgrade Readiness data collector running at the same time on this computer. </td>
<td>Use the Windows Task Manager to check if **CompatTelRunner.exe** is running, and wait until it has completed to rerun the script. The Upgrade Readiness task is scheduled to run daily at 3 a.m.</td>
</tr>
<tr>
<td>32 - Appraiser version on the machine is outdated. </td>
<td>The configuration script detected a version of the compatibility update module that is older than the minimum required to correctly collect the data required by Upgrade Readiness solution. Use the latest version of the [compatibility update](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-get-started#deploy-the-compatibility-update-and-related-kbs) for Windows 7 SP1/Windows 8.1.</td>
</tr>
<tr>
<td>33 - **CompatTelRunner.exe** exited with an exit code </td>
<td>**CompatTelRunner.exe** runs the appraise task on the machine. If it fails, it will provide a specific exit code. The script will return exit code 33 when **CompatTelRunner.exe** itself exits with an exit code. Please check the logs for more details.</td>
</tr>
<tr>
<td>34 - Function **CheckProxySettings** failed with an unexpected exception. </td>
<td>Check the logs for the exception message and HResult.></td>
</tr>
<tr>
<td>35 - Function **CheckAuthProxy** failed with an unexpected exception.</td>
<td>Check the logs for the exception message and HResult.</td>
</tr>
<tr>
<td>36 - Function **CheckAppraiserEndPointsConnectivity** failed with an unexpected exception.</td>
<td>Check the logs for the exception message and HResult.</td>
</tr>
<tr>
<td>37 - **Diagnose_internal.cmd** failed with an unexpected exception.</td>
<td>Check the logs for the exception message and HResult.</td>
</tr>
<tr>
<td>38 - Function **Get-SqmID** failed with an unexpected exception. </td>
<td>Check the logs for the exception message and HResult.</td>
</tr>
<tr>
<td>39 - For Windows 10: AllowTelemetry property is not set to 1 or higher at registry key path <font size='1'>**HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection**</font>
or <font size='1'>**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**</font></td>
<td>For Windows 10 machines, the **AllowTelemetry** property should be set to 1 or greater to enable data collection. The script will throw an error if this is not true. For more information, see [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization).</td>
</tr>
<tr>
<td>40 - Function **CheckTelemetryOptIn** failed with an unexpected exception. </td>
<td>Check the logs for the exception message and HResult.</td>
</tr>
<tr>
<td>41 - The script failed to impersonate the currently logged on user. </td>
<td>The script mimics the UTC client to collect upgrade readiness data. When auth proxy is set, the UTC client impersonates the logged on user. The script also tries to mimic this, but the process failed.</td>
</tr>
<tr>
<td>42 - Function **StartImpersonatingLoggedOnUser** failed with an unexpected exception. </td>
<td>Check the logs for the exception message and HResult.</td>
</tr>
<tr>
<td>43 - Function **EndImpersonatingLoggedOnUser** failed with an unexpected exception.</td>
<td>Check the logs for the exception message and HResult.</td>
</table>

6
windows/deployment/upgrade/upgrade-readiness-get-started.md
View File

@ -32,8 +32,8 @@ When you are ready to begin using Upgrade Readiness, perform the following steps
To enable system, application, and driver data to be shared with Microsoft, you must configure user computers to send data. For information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see the following topics:
- [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization)
- [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)
- [Configure Windows telemetry in your organization](/windows/configuration/configure-windows-telemetry-in-your-organization)
- [Manage connections from Windows operating system components to Microsoft services](/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services)
- [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)
## Add Upgrade Readiness to Operations Management Suite
@ -113,7 +113,7 @@ If you are planning to enable IE Site Discovery, you will need to install a few
| **Site discovery** | **KB** |
|----------------------|-----------------------------------------------------------------------------|
| [Review site discovery](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-additional-insights#site-discovery) | [KB3080149](http://www.catalog.update.microsoft.com/Search.aspx?q=3080149)<br>Updates the Diagnostic and Telemetry tracking service to existing devices. This update is only necessary on Windows 7 and Windows 8.1 devices. <br>For more information about this KB, see <https://support.microsoft.com/kb/3150513><br><br>Install the latest [Windows Monthly Rollup](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=security%20monthly%20quality%20rollup). This functionality has been included in Internet Explorer 11 starting with the July 2016 Cumulative Update. |
| [Review site discovery](upgrade-readiness-additional-insights.md#site-discovery) | [KB3080149](http://www.catalog.update.microsoft.com/Search.aspx?q=3080149)<br>Updates the Diagnostic and Telemetry tracking service to existing devices. This update is only necessary on Windows 7 and Windows 8.1 devices. <br>For more information about this KB, see <https://support.microsoft.com/kb/3150513><br><br>Install the latest [Windows Monthly Rollup](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=security%20monthly%20quality%20rollup). This functionality has been included in Internet Explorer 11 starting with the July 2016 Cumulative Update. |
### Deploy the Upgrade Readiness deployment script

2
windows/deployment/upgrade/upgrade-readiness-release-notes.md
View File

@ -1,5 +1,5 @@
---
title: Upgrade Readiness release notes (Windows 10)
description: Provides tips and limitations about Upgrade Readiness.
redirect_url: https://technet.microsoft.com/itpro/windows/deploy/upgrade-readiness-requirements#important-information-about-this-release
redirect_url: https://docs.microsoft.com/windows/deployment/upgrade/upgrade-readiness-requirements#important-information-about-this-release
---

4
windows/deployment/upgrade/upgrade-readiness-requirements.md
View File

@ -30,7 +30,7 @@ See [Windows 10 Specifications](http://www.microsoft.com/en-US/windows/windows-1
Keeping Windows 10 up to date involves deploying a feature update, and Upgrade Readiness tools help you prepare and plan for these Windows updates.
The latest cumulative updates must be installed on Windows 10 computers to make sure that the required compatibility KBs are installed. You can find the latest cumulative update on the [Microsoft Update Catalog](https://catalog.update.microsoft.com).
Windows 10 LTSB is not supported by Upgrade Readiness. The LTSB (long term servicing branch) of Windows 10 is not intended for general deployment, and does not receive feature updates, therefore it is not compatible with Upgrade Readiness. See [Windows as a service overview](https://technet.microsoft.com/en-us/itpro/windows/manage/waas-overview#long-term-servicing-branch) to understand more about LTSB.
Windows 10 LTSB is not supported by Upgrade Readiness. The LTSB (long term servicing branch) of Windows 10 is not intended for general deployment, and does not receive feature updates, therefore it is not compatible with Upgrade Readiness. See [Windows as a service overview](../update/waas-overview.md#long-term-servicing-branch) to understand more about LTSB.
## Operations Management Suite
@ -50,7 +50,7 @@ Upgrade Readiness can be integrated with your installation of Configuration Mana
After youve signed in to Operations Management Suite and added the Upgrade Readiness solution to your workspace, youll need to complete the following tasks to allow user computer data to be shared with and assessed by Upgrade Readiness.
See [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965) for more information about what user computer data Upgrade Readiness collects and assesses. See [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization) for more information about how Microsoft uses Windows telemetry data.
See [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965) for more information about what user computer data Upgrade Readiness collects and assesses. See [Configure Windows telemetry in your organization](/windows/configuration/configure-windows-telemetry-in-your-organization) for more information about how Microsoft uses Windows telemetry data.
**Whitelist telemetry endpoints.** To enable telemetry data to be sent to Microsoft, youll need to whitelist the following Microsoft telemetry endpoints on your proxy server or firewall. You may need to get approval from your security group to do this.

70
windows/deployment/upgrade/upgrade-readiness-resolve-issues.md
View File

@ -9,7 +9,16 @@ author: greg-lindsay
This section of the Upgrade Readiness workflow reports application and driver inventory and shows you which applications have known issues, which applications have no known issues, and which drivers have issues. We identify applications and drivers that need attention and suggest fixes when we know about them.
You can change an applications upgrade decision and a drivers upgrade decision from the blades in this section. To change an applications or a drivers importance level, select **User changes**. Select the item you want to change and then select the appropriate option from the **Select upgrade decision** list.
## In this section
The blades in the **Step 2: Resolve issues** section are:
- [Review applications with known issues](#review-applications-with-known-issues)
- [Review applications with no known issues](#review-applications-with-no-known-issues)
- [Review known driver issues](#review-known-driver-issues)
- [Prioritize app and driver testing](#prioritize-app-and-driver-testing)
>You can change an applications upgrade decision and a drivers upgrade decision from the blades in this section. To change an applications or a drivers importance level, select **User changes**. Select the item you want to change and then select the appropriate option from the **Select upgrade decision** list.
Upgrade decisions include:
@ -19,13 +28,6 @@ Upgrade decisions include:
| Review in progress | When you start to investigate an application or a driver to determine upgrade readiness, change its upgrade decision to **Review in progress**.<br><br>Until youve determined that applications and drivers will migrate successfully or youve resolved blocking issues, leave the upgrade decision status as **Review in progress**. <br><br> | Once youve fixed any issues and validated that the application or driver will migrate successfully, change the upgrade decision to **Ready to upgrade**. <br> |
| Ready to upgrade | Mark applications and drivers **Ready to upgrade** once youve resolved all blocking issues and youre confident that they will upgrade successfully, or if youve decided to upgrade them as-is. | Applications with no known issues and with low installation rates are marked **Ready to upgrade** by default.<br><br>In Step 1, you might have marked some of your apps as **Ignore**. These should be marked as **Ready to upgrade**. Apps with low installation rates are marked as **Ready to upgrade** by default. Be sure to review any low install count applications for any business critical or important applications that are not yet upgrade-ready, despite their low installation rates. <br> |
| Wont upgrade | By default, no applications or drivers are marked **Wont upgrade** because only you can make that determination. <br><br>Use **Wont upgrade** for applications and drivers that you do not work on your target operating system, or that you are unable to upgrade.<br> | If, during your investigation into an application or driver, you determine that they should not or cannot be upgraded, mark them **Wont upgrade**. <br><br> |
The blades in the **Resolve issues** section are:
- Review applications with known issues
- Review applications with no known issues
- Review drivers with known issues
As you review applications with known issues, you can also see ISV support statements or applications using [Ready for Windows](https://www.readyforwindows.com/).
## Review applications with known issues
@ -150,3 +152,55 @@ To change a drivers upgrade decision:
4. Click **Save** when finished.
## Prioritize app and driver testing
Planning and executing an OS upgrade project can be overwhelming. When you are tasked with evaluating thousands of applications and drivers to ensure a successful upgrade, it can be difficult to decide where to start. The Upgrade Readiness solution provides valuable assistance for you, helping to determine the most important apps and drivers to unblock and enabling you yo create a proposed action plan.
### Proposed action plan
The Upgrade Readiness proposed action plan is an optimally ordered list of apps and drivers that are in need of review. By testing apps and drivers in the order suggested by the proposed action plan, you are able to increase your number of “Ready to upgrade” computers in an efficient manner. The action plan can be a very powerful tool during upgrade planning but its most helpful when its used correctly. This topic explains the proposed action plan, describes how to use it, and calls out a few misconceptions and invalid use cases that you should avoid.
The proposed action plan represents the order thath Microsoft recommends you rationalize the upgrade-readiness of your apps and drivers. By validating apps and drivers in the order proposed, you can ensure that you are testing efficiently.
Each item in the proposed action plan represents either an application or a driver that you have not yet marked “Ready to upgrade.”
>Since “Low install count” apps are automatically marked “Ready to upgrade”, you will not see any of these apps in the proposed action plan.
Each item in the plan has the following attributes:
| Attribute | Description | Example value |
|-----------------------|------------------------------------------|----------------|
| ItemRank | The location of this item in the context of the proposed action plan. For example, the item with ItemRank 7 is the 7th item in the Plan. It is crucial that the Plan is viewed in order by increasing ItemRank. Sorting the Plan in any other way invalidates the insights that the Plan provides. | 7 |
| ItemType | Whether this item is an app or driver -- possible values are: "App" and "Driver." | App |
| ItemName | The name of the app or driver that is in need of review. | Microsoft Visual C++ 2005 Redistributable (x64) |
| ItemVendor | The vendor of the app or driver. | Microsoft Corporation |
| ItemVersion | The version of the app or driver. | 12.1.0.1 |
| ItemLanguage | If this item is an application, then this field will be the language of the app. If the item is a driver, then this will say "N/A." | English |
| ItemHardwareId | If this item is a driver, then this field will be the hardware id of the driver. If the item is an app, then this will say "N/A." | N/A |
| Upgrade Decision | The upgrade decision you have provided for this app or driver. If you have not defined an upgrade decision, then you will see the default value of “Not reviewed.” | Review in progress |
| ComputersUnblocked | Assuming you have already marked all previous items in the proposed action plan “Ready to upgrade”, this represents the number of additional computers that will become “Ready to upgrade” by testing this app or driver and giving it an upgrade decision of “Ready to upgrade”. For example, if ComputersUnblocked is 200, then resolving any issues associated with the app/driver in question will make 200 new computers “Ready to upgrade.” | 200 |
| CumulativeUnblocked | The total number of computers that will become “Ready to upgrade” if you validate and mark this and all prior items in the proposed action plan “Ready to upgrade”. For example, if ItemRank is 7, and CumulativeUnblocked is 950, then fixing items 1 thru 7 in the proposed action plan will cause 950 of your computers to become “Ready to upgrade.” | 950 |
| CumulativeUnblockedPct | The percentage of your machines that will become “Ready to upgrade” if you make this and all prior items in the proposed action plan “Ready to upgrade.” | 0.24 |
See the following example action plan items (click the image for a full-size view):
<A HREF="../images/UR-lift-report.jpg">![Proposed action plan](../images/UR-lift-report.jpg)</A>
<BR>
In this example, the 3rd item is an application: **Microsoft Bing Sports**, a modern app, version **4.20.951.0**, published by Microsoft. By validating this app and making its UpgradeDecision “Ready to upgrade”, you can potentially make **1014** computers “Ready to upgrade” but only after you have already validated items 1 and 2 in the list. By marking items 1, 2, and 3 “Ready to upgrade”, 14779 of your computers will become upgrade-ready. This represents 10.96% of the machines in this workspace.
#### Using the proposed action plan
There are several valid use cases for the proposed action plan. But its always important to remember that the information presented in the Plan is only accurate when sorted by increasing Item Rank! Here are three potential cases in which you could use the proposed action plan:
1. Quickly determine how many apps and drivers youll need to validate in order to make x% of your computers upgrade-ready. To determine this, simply find the first item in the Plan with a CumulativeUnblockedPct greater than or equal to your desired percentage of upgrade-ready computers. The corresponding ItemRank represents the smallest number of apps and drivers that you can validate in order to reach your upgrade readiness goal. The prior items in the proposed action plan itself represent the most efficient route to reaching your goal.
2. Use the proposed action plan to prepare a small portion of your machines for a pilot of your target Operating System. Lets say you want to test a new Operating System by upgrading a few hundred computers. You can use the proposed action plan to determine how many apps and drivers you will need to validate before you can be confident that your pilot will be successful.
3. If your project deadline is approaching and you only have time to validate a few more apps and drivers, you can use the proposed action plan to determine which apps and drivers you should focus on to maximize the number of computers that you can confidently upgrade.
#### Misconceptions and things to avoid
The most common misconceptions about the proposed action plan involve the assumption that each item in the plan is independent of those around it. The apps and drivers in the plan must be considered in the correct order to draw valid conclusions. For example, if you choose to validate items 1, 3, 4, and 5 and mark each of them “Ready to upgrade,” the proposed action plan cannot tell you how many computers will become upgrade-ready as a result of your testing. Even the non-cumulative “ComputersUnblocked” count is dependent upon all prior issues having already been resolved.
If an item with ItemRank = 7 has a ComputersUnblocked value of 50, do not assume that 50 of your computers will become upgrade-ready if you test this item. However, if you validate items 1 through 6 in the plan, you can make an additional 50 computers upgrade-ready by validating the 7th item in the plan.

4
windows/deployment/upgrade/use-upgrade-analytics-to-manage-windows-upgrades.md
View File

@ -1,4 +0,0 @@
---
title: Use Upgrade Analytics to manage Windows upgrades (Windows 10)
redirect_url: use-upgrade-readiness-to-manage-windows-upgrades
---

22
windows/deployment/upgrade/windows-10-edition-upgrades.md
View File

@ -41,13 +41,16 @@ X = unsupported <BR>
- To upgrade mobile editions of Windows 10 using MDM, you'll need to enter the product key for the upgraded edition in the **UpgradeEditionWithLicense** policy setting of the **WindowsLicensing** CSP. For more info, see [WindowsLicensing CSP](https://go.microsoft.com/fwlink/p/?LinkID=690907).
## Upgrade using a provisioning package
The Windows Imaging and Configuration Designer (ICD) tool is included in the Windows Assessment and Deployment Kit (ADK) for Windows 10. [Install the ADK.](https://go.microsoft.com/fwlink/p/?LinkId=526740)
Use Windows Configuration Designer to create a provisioning package to upgrade a desktop edition or mobile edition of Windows 10. To get started, [install Windows Configuration Designer from the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22).
- To use Windows ICD to create a provisioning package for upgrading desktop editions of Windows 10, go to **Runtime settings &gt; EditionUpgrade &gt; UpgradeEditionWithProductKey** in the **Available customizations** panel in Windows ICD and enter the product key for the upgraded edition.
- To create a provisioning package for upgrading desktop editions of Windows 10, go to **Runtime settings &gt; EditionUpgrade &gt; UpgradeEditionWithProductKey** in the **Available customizations** panel in Windows ICD and enter the product key for the upgraded edition.
- To use Windows ICD to create a provisioning package for upgrading mobile editions of Windows 10, go to **Runtime settings &gt; EditionUpgrade &gt; UpgradeEditionWithLicense** in the **Available customizations** panel in Windows ICD and enter the product key for the upgraded edition.
- To create a provisioning package for upgrading mobile editions of Windows 10, go to **Runtime settings &gt; EditionUpgrade &gt; UpgradeEditionWithLicense** in the **Available customizations** panel in Windows ICD and enter the product key for the upgraded edition.
For more info about Windows Configuration Designer, see these topics:
- [Create a provisioining package for Windows 10](https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-create-package)
- [Apply a provisioning package](https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-apply-package)
For more info on creating and applying a provisioning package using Windows ICD, see [Build and apply a provisioning package](https://go.microsoft.com/fwlink/p/?LinkID=533700).
## Upgrade using a command-line tool
You can run the changepk.exe command-line tool to upgrade devices to a supported edition of Windows 10:
@ -80,13 +83,4 @@ If you do not have a product key, you can upgrade your edition of Windows 10 th
**Note**<br>If you are a Windows 10 Home N or Windows 10 Home KN user and have trouble finding your applicable upgrade in the Windows Store, click [here](ms-windows-store://windowsupgrade/).
 
 
 
 

2
windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md
View File

@ -16,10 +16,8 @@ localizationpriority: high
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012 R2
- Windows Server 2012
- Windows Server 2008 R2
**Looking for retail activation?**
- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)

2
windows/deployment/windows-10-poc-sc-config-mgr.md
View File

@ -52,8 +52,8 @@ Topics and procedures in this guide are summarized in the following table. An es
<TR><TD>[Create a task sequence](#create-a-task-sequence)<TD>Create a Configuration Manager task sequence with MDT integration using the MDT wizard<TD>15 minutes
<TR><TD>[Finalize the operating system configuration](#finalize-the-operating-system-configuration)<TD>Enable monitoring, configure rules, and distribute content.<TD>30 minutes
<TR><TD>[Deploy Windows 10 using PXE and Configuration Manager](#deploy-windows-10-using-pxe-and-configuration-manager)<TD>Deploy Windows 10 using Configuration Manager deployment packages and task sequences.<TD>60 minutes
<TR><TD>[Refresh a client with Windows 10 using Configuration Manager](#refresh-a-client-with-windows-10-using-configuration-manager)<TD>Use a task sequence to refresh a client with Windows 10 using Configuration Manager and MDT<TD>90 minutes
<TR><TD>[Replace a client with Windows 10 using Configuration Manager](#replace-a-client-with-windows-10-using-configuration-manager)<TD>Replace a client computer with Windows 10 using Configuration Manager.<TD>90 minutes
<TR><TD>[Refresh a client with Windows 10 using Configuration Manager](#refresh-a-client-with-windows-10-using-configuration-manager)<TD>Use a task sequence to refresh a client with Windows 10 using Configuration Manager and MDT<TD>90 minutes
</TABLE>

1
windows/device-security/device-guard/deploy-device-guard-deploy-code-integrity-policies.md
View File

@ -20,6 +20,7 @@ This section includes the following topics:
- [Deploy code integrity policies: policy rules and file rules](deploy-code-integrity-policies-policy-rules-and-file-rules.md)
- [Deploy code integrity policies: steps](deploy-code-integrity-policies-steps.md)
- [Deploy catalog files to support code integrity policies](deploy-catalog-files-to-support-code-integrity-policies.md)
- [Deploy Managed Installer for Device Guard](deploy-managed-installer-for-device-guard.md)
To increase the protection for devices that meet certain hardware requirements, you can use virtualization-based security (VBS) with your code integrity policies.
- For requirements, see [Hardware, firmware, and software requirements for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-device-guard) in "Requirements and deployment planning guidelines for Device Guard."

37
windows/keep-secure/docfx.json Normal file
View File

@ -0,0 +1,37 @@
{
"build": {
"content": [
{
"files": [
"**/*.md"
],
"exclude": [
"**/obj/**",
"**/includes/**",
"README.md",
"LICENSE",
"LICENSE-CODE",
"ThirdPartyNotices"
]
}
],
"resource": [
{
"files": [
"**/*.png",
"**/*.jpg"
],
"exclude": [
"**/obj/**",
"**/includes/**"
]
}
],
"overwrite": [],
"externalReference": [],
"globalMetadata": {},
"fileMetadata": {},
"template": [],
"dest": "keep-secure"
}
}

37
windows/manage/docfx.json Normal file
View File

@ -0,0 +1,37 @@
{
"build": {
"content": [
{
"files": [
"**/*.md"
],
"exclude": [
"**/obj/**",
"**/includes/**",
"README.md",
"LICENSE",
"LICENSE-CODE",
"ThirdPartyNotices"
]
}
],
"resource": [
{
"files": [
"**/*.png",
"**/*.jpg"
],
"exclude": [
"**/obj/**",
"**/includes/**"
]
}
],
"overwrite": [],
"externalReference": [],
"globalMetadata": {},
"fileMetadata": {},
"template": [],
"dest": "windows-manage"
}
}

37
windows/plan/docfx.json Normal file
View File

@ -0,0 +1,37 @@
{
"build": {
"content": [
{
"files": [
"**/*.md"
],
"exclude": [
"**/obj/**",
"**/includes/**",
"README.md",
"LICENSE",
"LICENSE-CODE",
"ThirdPartyNotices"
]
}
],
"resource": [
{
"files": [
"**/*.png",
"**/*.jpg"
],
"exclude": [
"**/obj/**",
"**/includes/**"
]
}
],
"overwrite": [],
"externalReference": [],
"globalMetadata": {},
"fileMetadata": {},
"template": [],
"dest": "windows-plan"
}
}

1
windows/threat-protection/change-history-for-threat-protection.md
View File

@ -14,6 +14,7 @@ This topic lists new and updated topics in the [Threat protection](index.md) doc
## March 2017
|New or changed topic |Description |
|---------------------|------------|
|[Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Azure Intune](windows-information-protection\create-vpn-and-wip-policy-using-intune.md)|Updated based on Windows 10, version 1703.|
|[How to collect Windows Information Protection (WIP) audit event logs](windows-information-protection\collect-wip-audit-event-logs.md) |New |
|[Mandatory tasks and settings required to turn on Windows Information Protection (WIP)](windows-information-protection\mandatory-settings-for-wip.md) |Updated based on Windows 10, version 1703. |
|[Create a Windows Information Protection (WIP) policy using Microsoft Intune](windows-information-protection\create-wip-policy-using-intune.md) |Updated based on Windows 10, version 1703. |

2
windows/threat-protection/overview-of-threat-mitigations-in-windows-10.md
View File

@ -56,7 +56,7 @@ Windows 10 mitigations that you can configure are listed in the following two ta
| **Windows Defender SmartScreen**<br> helps prevent<br>malicious applications<br>from being downloaded | Windows Defender SmartScreen can check the reputation of a downloaded application by using a service that Microsoft maintains. The first time a user runs an app that originates from the Internet (even if the user copied it from another PC), SmartScreen checks to see if the app lacks a reputation or is known to be malicious, and responds accordingly.<br><br>**More information**: [Windows Defender SmartScreen](#windows-defender-smartscreen), later in this topic |
| **Credential Guard**<br> helps keep attackers<br>from gaining access through<br>Pass-the-Hash or<br>Pass-the-Ticket attacks | Credential Guard uses virtualization-based security to isolate secrets, such as NTLM password hashes and Kerberos Ticket Granting Tickets, so that only privileged system software can access them.<br>Credential Guard is included in Windows 10 Enterprise and Windows Server 2016.<br><br>**More information**: [Protect derived domain credentials with Credential Guard](/windows/access-protection/credential-guard/credential-guard) |
| **Enterprise certificate pinning**<br> helps prevent <br>man-in-the-middle attacks<br>that leverage PKI | Enterprise certificate pinning enables you to protect your internal domain names from chaining to unwanted certificates or to fraudulently issued certificates. With enterprise certificate pinning, you can “pin” (associate) an X.509 certificate and its public key to its Certification Authority, either root or leaf. <br><br>**More information**: [Enterprise Certificate Pinning](/windows/access-protection/enterprise-certificate-pinning) |
| **Device Guard**<br> helps keep a device<br>from running malware or<br>other untrusted apps | Device Guard includes a Code Integrity policy that you create; a whitelist of trusted apps—the only apps allowed to run in your organization. Device Guard also includes a powerful system mitigation called hypervisor-protected code integrity (HVCI), which leverages virtualization-based security (VBS) to protect Windows kernel-mode code integrity validation process. HVCI has specific hardware requirements, and works with Code Integrity policies to help stop attacks even if they gain access to the kernel.<br>Device Guard is included in Windows 10 Enterprise and Windows Server 2016.<br><br>**More information**: [Introduction to Device Guard](/windows/access-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies. |
| **Device Guard**<br> helps keep a device<br>from running malware or<br>other untrusted apps | Device Guard includes a Code Integrity policy that you create; a whitelist of trusted apps—the only apps allowed to run in your organization. Device Guard also includes a powerful system mitigation called hypervisor-protected code integrity (HVCI), which leverages virtualization-based security (VBS) to protect Windows kernel-mode code integrity validation process. HVCI has specific hardware requirements, and works with Code Integrity policies to help stop attacks even if they gain access to the kernel.<br>Device Guard is included in Windows 10 Enterprise and Windows Server 2016.<br><br>**More information**: [Introduction to Device Guard](/windows/device-security/device-guard/introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies) |
| **Windows Defender Antivirus**,<br>which helps keep devices<br>free of viruses and other<br>malware | Windows 10 includes Windows Defender Antivirus, a robust inbox antimalware solution. Windows Defender Antivirus has been significantly improved since it was introduced in Windows 8.<br><br>**More information**: [Windows Defender Antivirus](#windows-defender-antivirus), later in this topic |
| **Blocking of untrusted fonts**<br> helps prevent fonts<br>from being used in<br>elevation-of-privilege attacks | Block Untrusted Fonts is a setting that allows you to prevent users from loading fonts that are "untrusted" onto your network, which can mitigate elevation-of-privilege attacks associated with the parsing of font files. However, as of Windows 10, version 1703, this mitigation is less important, because font parsing is isolated in an [AppContainer sandbox](https://msdn.microsoft.com/library/windows/desktop/mt595898(v=vs.85).aspx) (for a list describing this and other kernel pool protections, see [Kernel pool protections](#kernel-pool-protections), later in this topic).<br><br>**More information**: [Block untrusted fonts in an enterprise](/windows/threat-protection/block-untrusted-fonts-in-enterprise) |
| **Memory protections**<br> help prevent malware<br>from using memory manipulation<br>techniques such as buffer<br>overruns | These mitigations, listed in [Table 2](#table-2), help to protect against memory-based attacks, where malware or other code manipulates memory to gain control of a system (for example, malware that attempts to use buffer overruns to inject malicious executable code into memory. Note:<br>A subset of apps will not be able to run if some of these mitigations are set to their most restrictive settings. Testing can help you maximize protection while still allowing these apps to run.<br><br>**More information**: [Table 2](#table-2), later in this topic |

2
windows/threat-protection/windows-information-protection/app-behavior-with-wip.md
View File

@ -14,7 +14,7 @@ localizationpriority: high
**Applies to:**
- Windows 10, version 1607 and later
- Windows 10 Mobile
- Windows 10 Mobile, version 1607 and later
Windows Information Protection (WIP) classifies apps into two categories: enlightened and unenlightened. Enlighted apps can differentiate between corporate and personal data, correctly determining which to protect based on internal policies. Corporate data is encrypted on the managed device and attempts to copy/paste or share this information with non-corporate apps or people will fail. Unenlightened apps, when marked as corporate-managed, consider all data corporate and encrypt everything by default.

4
windows/threat-protection/windows-information-protection/collect-wip-audit-event-logs.md
View File

@ -13,8 +13,8 @@ localizationpriority: high
**Applies to:**
- Windows 10 and later
- Windows 10 Mobile and later
- Windows 10, version 1607 and later
- Windows 10 Mobile, version 1607 and later
Windows Information Protection (WIP) creates audit events in the following situations:

4
windows/threat-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
View File

@ -13,8 +13,8 @@ localizationpriority: high
# Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate
**Applies to:**
- Windows 10, version 1703
- Windows 10 Mobile, version 1703
- Windows 10, version 1607 and later
- Windows 10 Mobile, version 1607 and later
If you dont already have an EFS DRA certificate, youll need to create and extract one from your system before you can use Windows Information Protection (WIP), formerly known as enterprise data protection (EDP), in your organization. For the purposes of this section, well use the file name EFSDRA; however, this name can be replaced with anything that makes sense to you.

110
windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md
View File

@ -1,6 +1,6 @@
---
title: Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune (Windows 10)
description: After you've created and deployed your Windows Information Protection (WIP) policy, you can use Microsoft Intune to create and deploy your Virtual Private Network (VPN) policy, linking it to your WIP policy.
title: Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Azure Intune (Windows 10)
description: After you've created and deployed your Windows Information Protection (WIP) policy, you can use Microsoft Intune to associate and deploy your Virtual Private Network (VPN) policy, linking it to your WIP policy.
ms.assetid: d0eaba4f-6d7d-4ae4-8044-64680a40cf6b
keywords: WIP, Enterprise Data Protection
ms.prod: w10
@ -11,103 +11,63 @@ author: eross-msft
localizationpriority: high
---
# Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune
# Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Azure Intune
**Applies to:**
- Windows 10, version 1607
- Windows 10 Mobile
- Windows 10, version 1607 and later
- Windows 10 Mobile, version 1607 and later (except Microsoft Azure Rights Management, which is only available on the desktop)
After you've created and deployed your Windows Information Protection (WIP) policy, you can use Microsoft Intune to create and deploy your Virtual Private Network (VPN) policy, linking it to your WIP policy.
After you've created and deployed your Windows Information Protection (WIP) policy, you can use Microsoft Azure Intune to associate and deploy your Virtual Private Network (VPN) policy, linking it to your WIP policy.
## Associate your WIP policy to your VPN policy by using Microsoft Azure Intune
Follow these steps to associate your WIP policy with your organization's existing VPN policy.
## Create your VPN policy using Microsoft Intune
Follow these steps to create the VPN policy you want to use with WIP.
**To associate your policies**
**To create your VPN policy**
1. Create your VPN profile. For info about how to do this, see [How to configure VPN settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune-azure/configure-devices/how-to-configure-vpn-settings) and [How to create custom VPN profiles in Microsoft Intune](https://docs.microsoft.com/en-us/intune-azure/configure-devices/create-custom-vpn-profiles#create-a-custom-configuration).
1. Open the Intune administration console, and go to the **Policy** node, and then click **Add Policy**.
2. Open the Microsoft Azure Intune mobile application management console, click **Device configuration**, and then click **Create Profile**.
2. Go to **Windows**, click the **VPN Profile (Windows 10 Desktop and Mobile and later)**, click **Create and Deploy a Custom Policy**, and then click **Create Policy**.
![Microsoft Azure Intune, Create a new policy using the the Azure portal](images/wip-azure-vpn-device-policy.png)
![Microsoft Intune, Create a new policy using the New Policy screen](images/intune-vpn-createpolicy.png)
3. In the **Create Profile** blade, type a name for your profile, such as *Contoso_VPN_Win10*, into the **Name** box, add an optional description for your policy into the **Description** box, select **Windows 10 and later** from the **Platform** dropdown box, select **Custom** from the **Profile type** dropdown box, and then click **Configure**.
3. Type *Contoso_VPN_Win10* into the **Name** box, along with an optional description for your policy into the **Description** box.
![Microsoft Azure Intune, Create a new policy using the Create Profile blade](images/wip-azure-vpn-configure-policy.png)
![Microsoft Intune: Fill in the required Name and optional Description for your policy](images/intune-vpn-titledescription.png)
4. In the **Custom OMA-URI Settings** blade, click **Add**.
4. In the **VPN Settings** area, type the following info:
5. In the **Add Row** blade, type:
- **VPN connection name.** This name is also what appears to your employees, so it's important that it be clear and understandable.
- **Name.** Type a name for your setting, such as *EDPModeID*.
- **Description.** Type an optional description for your setting.
- **OMA-URI.** Type _./Vendor/MSFT/VPNv2/&lt;VPNProfileName&gt;/EDPModeId_ into the box.
- **Connection type.** Pick the connection type that matches your infrastructure. The options are **Pulse Secure**, **F5 Edge Client**, **Dell SonicWALL Mobile Connect**, or **Check Point Capsule VPN**.
- **Data type.** Select **String** from the dropdown box
- **Value.** Type your fully-qualified domain that should be used by the OMA-URI setting. For example, _corp.contoso.com_.
- **VPN server description.** A descriptive name for this connection. Only you will see it, but it should be unique and readable.
![Microsoft Azure Intune, Add your OMA-URI settings](images/wip-azure-vpn-custom-omauri.png)
- **Server IP address or FQDN.** The server's IP address or fully-qualified domain name (FQDN).
6. Click **OK** to save your setting info in the **Add Row** blade, and then click **OK** in the **Custom OMA-URI Settings** blade to save the setting with your policy.
![Microsoft Intune: Fill in the VPN Settings area](images/intune-vpn-vpnsettings.png)
7. Click **Create** to create the policy, including your OMA_URI info.
5. In the **Authentication** area, choose the authentication method that matches your VPN infrastructure, either **Username and Password** or **Certificates**.<p>
It's your choice whether you check the box to **Remember the user credentials at each logon**.
![Microsoft Intune, Choose the Authentication Method for your VPN system](images/intune-vpn-authentication.png)
6. You can leave the rest of the default or blank settings, and then click **Save Policy**.
## Deploy your VPN policy using Microsoft Intune
## Deploy your VPN policy using Microsoft Azure Intune
After youve created your VPN policy, you'll need to deploy it to the same group you deployed your Windows Information Protection (WIP) policy.
**To deploy your VPN policy**
**To deploy your Custom VPN policy**
1. On the **Configuration policies** page, locate your newly-created policy, click to select it, and then click the **Manage Deployment** button.
1. On the **App policy** blade, click your newly-created policy, click **User groups** from the menu that appears, and then click **Add user group**.
2. In the left pane of the **Manage Deployment** box, click the employees or groups that should get the policy, and then click **Add**.<p>
The added people move to the **Selected Groups** list on the right-hand pane.
A list of user groups, made up of all of the security groups in your Azure Active Directory, appear in the **Add user group** blade.
![Microsoft Intune: Pick the group of employees that should get the policy](images/intune-deploy-vpn.png)
2. Choose the group you want your policy to apply to, and then click **Select** to deploy the policy.
3. After you've picked all of the employees and groups that should get the policy, click **OK**.<p>
The policy is deployed to the selected users' devices.
The policy is deployed to the selected users' devices.
## Link your WIP and VPN policies and deploy the custom configuration policy
The final step to making your VPN configuration work with WIP, is to link your two policies together. To do this, you must first create a custom configuration policy, setting it to use your **EDPModeID** setting, and then deploying the policy to the same group you deployed your WIP and VPN policies
**To link your VPN policy**
1. Open the Intune administration console, and go to the **Policy** node, and then click **Add Policy**.
2. Go to **Windows**, click the **Custom Configuration (Windows 10 Desktop and Mobile and later)**, click **Create and Deploy a Custom Policy**, and then click **Create Policy**.
![Microsoft Intune, Create a new policy from the New Policy screen](images/intune-vpn-customconfig.png)
3. Type a name (required) and an optional description for your policy into the **Name** and **Description** boxes.
![Microsoft Intune: Fill in the required Name and optional Description for your policy](images/intune-vpn-wipmodeid.png)
4. In the **OMA-URI Settings** area, click **Add** to add your **EDPModeID** info.
5. In the **OMA-URI Settings** area, type the following info:
- **Setting name.** Type **EDPModeID** as the name.
- **Data type.** Pick the **String** data type.
- **OMA-URI.** Type `./Vendor/MSFT/VPNv2/<VPNProfileName>/EDPModeId`, replacing &lt;*VPNProfileName*&gt; with the name you gave to your VPN policy. For example, `./Vendor/MSFT/VPNv2/W10-Checkpoint-VPN1/EDPModeId`.
- **Value.** Your fully-qualified domain that should be used by the OMA-URI setting.
![Microsoft Intune: Fill in the OMA-URI Settings for the EMPModeID setting](images/intune-vpn-omaurisettings.png)
6. Click **OK** to save your new OMA-URI setting, and then click **Save Policy.**
**To deploy your linked policy**
1. On the **Configuration policies** page, locate your newly-created policy, click to select it, and then click the **Manage Deployment** button.
2. In the left pane of the **Manage Deployment** box, click the employees or groups that should get the policy, and then click **Add**. The added people move to the **Selected Groups** list on the right-hand pane.
![Microsoft Intune, Manage Deployment box used to deploy your linked VPN policy](images/intune-groupselection_vpnlink.png)
3. After you've picked all of the employees and groups that should get the policy, click **OK**. The policy is deployed to the selected users' devices.
![Microsoft Intune: Pick your user groups that should get the policy when it's deployed](images/wip-azure-add-user-groups.png)
>[!NOTE]
>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).

6
windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md
View File

@ -412,12 +412,12 @@ There are no default locations included with WIP, you must add each of your netw
<tr>
<td>Proxy servers</td>
<td>proxy.contoso.com:80;proxy2.contoso.com:443</td>
<td>Specify the proxy servers your devices will go through to reach your cloud resources. Using this server type indicates that the cloud resources youre connecting to are enterprise resources.<br><br>This list shouldnt include any servers listed in the Internal proxy servers list, which are used for non-WIP-protected traffic.<br><br>If you have multiple resources, you must separate them using the ";" delimiter.</td>
<td>Specify the proxy servers your devices will go through to reach your cloud resources. Using this server type indicates that the cloud resources youre connecting to are enterprise resources.<br><br>This list shouldnt include any servers listed in your Internal proxy servers list. Internal proxy servers must be used only for WIP-protected (enterprise) traffic.<br><br>If you have multiple resources, you must separate them using the ";" delimiter.</td>
</tr>
<tr>
<td>Internal proxy servers</td>
<td>contoso.internalproxy1.com;contoso.internalproxy2.com</td>
<td>Specify the proxy servers your devices will go through to reach your cloud resources. Using this server type indicates that the cloud resources youre connecting to are enterprise resources.<br><br>This list shouldnt include any servers listed in the Proxy servers list, which are used for WIP-protected traffic.<br><br>If you have multiple resources, you must separate them using the ";" delimiter.</td>
<td>Specify the internal proxy servers your devices will go through to reach your cloud resources. Using this server type indicates that the cloud resources youre connecting to are enterprise resources.<br><br>This list shouldnt include any servers listed in your Proxy servers list. Proxy servers must be used only for non-WIP-protected (non-enterprise) traffic.<br><br>If you have multiple resources, you must separate them using the ";" delimiter.</td>
</tr>
<tr>
<td>IPv4 ranges</td>
@ -506,7 +506,7 @@ Optionally, if you dont want everyone in your organization to be able to shar
## Related topics
- [Deploy your Windows Information Protection (WIP) policy](deploy-wip-policy-using-intune.md)
- [Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Azure Intune](create-vpn-and-wip-policy-using-intune.md)
- [Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Azure Intune](create-vpn-and-wip-policy-using-intune.md)
- [General guidance and best practices for Windows Information Protection (WIP)](guidance-and-best-practices-wip.md)
- [Azure RMS Documentation Update for May 2016](https://blogs.technet.microsoft.com/enterprisemobility/2016/05/31/azure-rms-documentation-update-for-may-2016/)
- [What is Azure Rights Management?]( https://docs.microsoft.com/en-us/information-protection/understand-explore/what-is-azure-rms)

16
windows/threat-protection/windows-information-protection/create-wip-policy-using-sccm.md
View File

@ -14,9 +14,9 @@ localizationpriority: high
# Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager
**Applies to:**
- Windows 10, version 1607
- Windows 10 Mobile
- System Center Configuration Manager
- Windows 10, version 1607 and later
- Windows 10 Mobile, version 1607 and later
- System Center Configuration Manager
System Center Configuration Manager helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your protected apps, your WIP-protection mode, and how to find enterprise data on the network.
@ -387,7 +387,7 @@ There are no default locations included with WIP, you must add each of your netw
<tr>
<td>Enterprise Cloud Resources</td>
<td><strong>With proxy:</strong> contoso.sharepoint.com,contoso.internalproxy1.com|<br>contoso.visualstudio.com,contoso.internalproxy2.com<p><strong>Without proxy:</strong> contoso.sharepoint.com|contoso.visualstudio.com</td>
<td>Specify the cloud resources to be treated as corporate and protected by WIP.<p>For each cloud resource, you may also optionally specify a proxy server from your Enterprise Internal Proxy Servers list to route traffic for this cloud resource. Be aware that all traffic routed through your Enterprise Internal Proxy Servers is considered enterprise.<p>If you have multiple resources, you must separate them using the "|" delimiter. If you dont use proxy servers, you must also include the "," delimiter just before the "|". For example: <code>URL &lt;,proxy&gt;|URL &lt;,proxy&gt;</code>.<p><strong>Important</strong><br>In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows cant tell whether its attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the <code>/&#42;AppCompat&#42;/</code> string to the setting. For example: <code>URL &lt;,proxy&gt;|URL &lt;,proxy&gt;|/&#42;AppCompat&#42;/</code>.</td>
<td>Specify the cloud resources to be treated as corporate and protected by WIP.<p>For each cloud resource, you may also optionally specify a proxy server from your Internal proxy servers list to route traffic for this cloud resource. Be aware that all traffic routed through your Internal proxy servers is considered enterprise.<p>If you have multiple resources, you must separate them using the "|" delimiter. If you dont use proxy servers, you must also include the "," delimiter just before the "|". For example: <code>URL &lt;,proxy&gt;|URL &lt;,proxy&gt;</code>.<p><strong>Important</strong><br>In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows cant tell whether its attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the <code>/&#42;AppCompat&#42;/</code> string to the setting. For example: <code>URL &lt;,proxy&gt;|URL &lt;,proxy&gt;|/&#42;AppCompat&#42;/</code>.</td>
</tr>
<tr>
<td>Enterprise Network Domain Names (Required)</td>
@ -395,14 +395,14 @@ There are no default locations included with WIP, you must add each of your netw
<td>Specify the DNS suffixes used in your environment. All traffic to the fully-qualified domains appearing in this list will be protected.<p>This setting works with the IP ranges settings to detect whether a network endpoint is enterprise or personal on private networks.<p>If you have multiple resources, you must separate them using the "," delimiter.</td>
</tr>
<tr>
<td>Enterprise Proxy Servers</td>
<td>Proxy servers</td>
<td>proxy.contoso.com:80;proxy2.contoso.com:443</td>
<td>Specify your externally-facing proxy server addresses, along with the port through which traffic is allowed and protected with WIP.<p>This list shouldnt include any servers listed in the Enterprise Internal Proxy Servers list, which are used for WIP-protected traffic.<p>This setting is also required if you use a proxy in your network. If you don't have a proxy server, you might find that enterprise resources are unavailable when a client is behind a proxy, such as when youre visiting another company and not on that companys guest network.<p>If you have multiple resources, you must separate them using the ";" delimiter.</td>
<td>Specify the proxy servers your devices will go through to reach your cloud resources. Using this server type indicates that the cloud resources youre connecting to are enterprise resources.<br><br>This list shouldnt include any servers listed in your Internal proxy servers list. Internal proxy servers must be used only for WIP-protected (enterprise) traffic.<br><br>If you have multiple resources, you must separate them using the ";" delimiter.</td>
</tr>
<tr>
<td>Enterprise Internal Proxy Servers</td>
<td>Internal proxy servers</td>
<td>contoso.internalproxy1.com;contoso.internalproxy2.com</td>
<td>Specify the proxy servers your devices will go through to reach your cloud resources.<p>Using this server type indicates that the cloud resources youre connecting to are enterprise resources.<p>This list shouldnt include any servers listed in the Enterprise Proxy Servers list, which are used for non-WIP-protected traffic.<p>If you have multiple resources, you must separate them using the ";" delimiter.</td>
<td>Specify the internal proxy servers your devices will go through to reach your cloud resources. Using this server type indicates that the cloud resources youre connecting to are enterprise resources.<br><br>This list shouldnt include any servers listed in your Proxy servers list. Proxy servers must be used only for non-WIP-protected (non-enterprise) traffic.<br><br>If you have multiple resources, you must separate them using the ";" delimiter.</td>
</tr>
<tr>
<td>Enterprise IPv4 Range (Required)</td>

2
windows/threat-protection/windows-information-protection/deploy-wip-policy-using-intune.md
View File

@ -38,6 +38,6 @@ After youve created your Windows Information Protection (WIP) policy, you'll
## Related topics
- [Create a Windows Information Protection (WIP) policy using Microsoft Azure Intune](create-wip-policy-using-intune.md)
- [Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Azure Intune](create-vpn-and-wip-policy-using-intune.md)
- [Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Azure Intune](create-vpn-and-wip-policy-using-intune.md)
- [General guidance and best practices for Windows Information Protection (WIP)](guidance-and-best-practices-wip.md)

4
windows/threat-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
View File

@ -15,8 +15,8 @@ localizationpriority: high
**Applies to:**
- Windows 10, version 1607 and later
- Windows 10 Mobile
- Windows 10, version 1607 and later
- Windows 10 Mobile, version 1607 and later
Learn the difference between enlightened and unenlightened apps, and then review the list of enlightened apps provided by Microsoft along with the text you will need to use to add them to your allowed apps list.

4
windows/threat-protection/windows-information-protection/guidance-and-best-practices-wip.md
View File

@ -14,8 +14,8 @@ localizationpriority: high
# General guidance and best practices for Windows Information Protection (WIP)
**Applies to:**
- Windows 10, version 1607 and later
- Windows 10 Mobile
- Windows 10, version 1607 and later
- Windows 10 Mobile, version 1607 and later
This section includes info about the enlightened Microsoft apps, including how to add them to your allowed apps list in Microsoft Intune. It also includes some testing scenarios that we recommend running through with Windows Information Protection (WIP).

4
windows/threat-protection/windows-information-protection/mandatory-settings-for-wip.md
View File

@ -13,8 +13,8 @@ localizationpriority: high
# Mandatory tasks and settings required to turn on Windows Information Protection (WIP)
**Applies to:**
- Windows 10, version 1703
- Windows 10 Mobile, version 1703
- Windows 10, version 1607 and later
- Windows 10 Mobile, version 1607 and later
This list provides all of the tasks and settings that are required for the operating system to turn on Windows Information Protection (WIP), formerly known as enterprise data protection (EDP), in your enterprise.

4
windows/threat-protection/windows-information-protection/overview-create-wip-policy.md
View File

@ -13,8 +13,8 @@ localizationpriority: high
# Create a Windows Information Protection (WIP) policy
**Applies to:**
- Windows 10, version 1607 and later
- Windows 10 Mobile
- Windows 10, version 1607 and later
- Windows 10 Mobile, version 1607 and later
Microsoft Intune and System Center Configuration Manager helps you create and deploy your enterprise data protection (WIP) policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network.

4
windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip.md
View File

@ -14,8 +14,8 @@ localizationpriority: high
# Protect your enterprise data using Windows Information Protection (WIP)
**Applies to:**
- Windows 10, version 1703
- Windows 10 Mobile, version 1703
- Windows 10, version 1607 and later
- Windows 10 Mobile, version 1607 and later
>Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare).

4
windows/threat-protection/windows-information-protection/recommended-network-definitions-for-wip.md
View File

@ -14,8 +14,8 @@ localizationpriority: high
**Applies to:**
- Windows 10, version 1607 and later
- Windows 10 Mobile
- Windows 10, version 1607 and later
- Windows 10 Mobile, version 1607 and later
>Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare).

4
windows/threat-protection/windows-information-protection/testing-scenarios-for-wip.md
View File

@ -14,8 +14,8 @@ localizationpriority: high
# Testing scenarios for Windows Information Protection (WIP)
**Applies to:**
- Windows 10, version 1607 and later
- Windows 10 Mobile
- Windows 10, version 1607 and later
- Windows 10 Mobile, version 1607 and later
We've come up with a list of suggested testing scenarios that you can use to test Windows Information Protection (WIP) in your company.

4
windows/threat-protection/windows-information-protection/using-owa-with-wip.md
View File

@ -13,8 +13,8 @@ localizationpriority: high
# Using Outlook on the web with Windows Information Protection (WIP)
**Applies to:**
- Windows 10, version 1607 and later
- Windows 10 Mobile
- Windows 10, version 1607 and later
- Windows 10 Mobile, version 1607 and later
>Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare).

4
windows/threat-protection/windows-information-protection/wip-app-enterprise-context.md
View File

@ -13,8 +13,8 @@ localizationpriority: high
# Determine the Enterprise Context of an app running in Windows Information Protection (WIP)
**Applies to:**
- Windows 10, version 1607 and later
- Windows 10 Mobile
- Windows 10, version 1607 and later
- Windows 10 Mobile, version 1607 and later
>Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare).

37
windows/update/docfx.json Normal file
View File

@ -0,0 +1,37 @@
{
"build": {
"content": [
{
"files": [
"**/*.md"
],
"exclude": [
"**/obj/**",
"**/includes/**",
"README.md",
"LICENSE",
"LICENSE-CODE",
"ThirdPartyNotices"
]
}
],
"resource": [
{
"files": [
"**/*.png",
"**/*.jpg"
],
"exclude": [
"**/obj/**",
"**/includes/**"
]
}
],
"overwrite": [],
"externalReference": [],
"globalMetadata": {},
"fileMetadata": {},
"template": [],
"dest": "windows-update"
}
}

7
windows/whats-new/whats-new-windows-10-version-1703.md
View File

@ -75,7 +75,7 @@ Cortana is Microsofts personal digital assistant, who helps busy people get t
Using Azure AD also means that you can remove an employees profile (for example, when an employee leaves your organization) while respecting Windows Information Protection (WIP) policies and ignoring enterprise content, such as emails, calendar items, and people lists that are marked as enterprise data.
For more info about Cortana at work, see (/windows/configuration/cortana-at-work/cortana-at-work-overview)
For more info about Cortana at work, see [Cortana integration in your business or enterprise](/windows/configuration/cortana-at-work/cortana-at-work-overview)
## Deployment
@ -170,6 +170,11 @@ For Windows desktops, users are able to reset a forgotten PIN through **Settings
For more details, check out [What if I forget my PIN?](/windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password#what-if-i-forget-my-pin).
### Windows Information Protection (WIP) and Azure Active Directory (Azure AD)
Microsoft Azure Intune helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your allowed apps, your WIP-protection level, and how to find enterprise data on the network. For more info, see [Create a Windows Information Protection (WIP) policy using Microsoft Azure Intune](/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md) and [Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Azure Intune](/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md).
You can also now collect your audit event logs by using the Reporting configuration service provider (CSP) or the Windows Event Forwarding (for Windows desktop domain-joined devices). For info, see the brand-new topic, [How to collect Windows Information Protection (WIP) audit event logs](/windows/threat-protection/windows-information-protection/collect-wip-audit-event-logs.md).
## Update
### Windows Update for Business