-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). Determine Application Scope Depending on the applications to be virtualized, the App-V infrastructure can be set up in different ways. The first task is to define what applications you want to virtualize. Determine Location Scope Location scope refers to the physical locations (for example, enterprise-wide or a specific geographic location) where you plan to run the virtualized applications. It can also refer to the user population (for example, a single department) who will run the virtual applications. You should obtain a network map that includes the connection paths as well as available bandwidth to each location and the number of users using virtualized applications and the WAN link speed. The number of publishing servers simultaneously requesting package metadata refreshes. A single management server can respond to up to 320 publishing servers requesting publishing metadata simultaneously. Round trip response time for 320 pub servers is ~40 seconds. For <50 publishing servers requesting metadata simultaneously, the round trip response time is <5 seconds. From 50 to 320 publishing servers, the response time increases linearly (approximately 2x). The number of connection groups configured on the management server. For up to 100 connection groups, there is no significant change in the round trip response time on the publishing server. For 100 - 400 connection groups, there is a minor linear increase in the round trip response time. The number of access groups configured on the management server. For up to 40 access groups, there is a linear (approximately 3x) increase in the round trip response time on the publishing server. Publishing servers simultaneously contacting management server for publishing metadata. Number of publishing servers 0 0 0 0 0 0 1 1 1 1 1 1 50 100 200 300 315 320 LAN LAN LAN LAN LAN LAN 5 10 19 32 30 37 17 17 17 15 17 15 Publishing metadata contains connection groups Number of connection groups 10 50 100 150 300 400 1 1 1 1 1 1 100 100 100 100 100 100 LAN LAN LAN LAN LAN LAN 10 11 11 16 22 25 17 19 22 19 20 20 Publishing metadata contains access groups Number of access groups 0 0 0 0 1 10 20 40 100 100 100 100 LAN LAN LAN LAN 10 43 153 535 17 26 24 24 Network connection between the publishing server and management server 1.5 Mbps Slow link Network 0 0 1 1 50 100 1.5Mbps Cable DSL 1.5Mbps Cable DSL 4 5 1 2 Network connection between the publishing server and management server LAN / WIFI Network 0 0 1 1 100 200 Wifi Wifi 11 20 15 17 Multiple App-V clients send reporting information to the reporting server simultaneously. Round trip response time from the reporting server is 2.6 seconds for 500 clients. Round trip response time from the reporting server is 5.65 seconds for 1000 clients. Round trip response time increases linearly depending on number of clients. Requests per second processed by the reporting server. A single reporting server and a single database, can process a maximum of 139 requests per second. The average is 121 requests/second. Using two reporting servers reporting to the same Microsoft SQL Server database, the average requests/second is similar to a single reporting server = ~127, with a max of 278 requests/second. A single reporting server can process 500 concurrent/active connections. A single reporting server can process a maximum 1500 concurrent connections. Reporting Database. Lock contention on the computer running Microsoft SQL Server is the limiting factor for requests/second. Throughput and response time are independent of database size. Multiple App-V clients connect to a single publishing server simultaneously. A publishing server running dual core processors can respond to at most 5000 clients requesting a refresh simultaneously. For 5000-10000 clients, the publishing server requires a minimum quad core. For 10000-20000 clients, the publishing server should have dual quad cores for more efficient response times. A publishing server with a quad core can refresh up to 10000 packages within 3 seconds. (Supporting 10000 simultaneous clients) Number of packages in each refresh. Increasing number of packages will increase response time by ~40% (up to 1000 packages). Network between the App-V client and the publishing server. Across a slow network (1.5 Mbps bandwidth), there is a 97% increase in response time compared to LAN (up to 1000 users). App-V client sends publishing refresh request & receives response, each request containing 120 packages Number of clients 100 1000 5000 10000 120 120 120 120 Dual Core Dual Core Quad Core Quad Core LAN LAN LAN LAN 1 2 2 3 100 99 89 77 Multiple packages in each refresh Number of packages 1000 1000 500 1000 Quad Core Quad Core LAN LAN 2 3 92 91 Network between client and publishing server 1.5 Mbps Slow link network 100 500 1000 120 120 120 Quad Core Quad Core Quad Core 1.5 Mbps Intra-Continental Network 3 10 (with 0.2% failure rate) 17 (with 1% failure rate) Multiple App-V clients stream applications from a single streaming server simultaneously. If the number of clients simultaneously streaming from the same server increases, there is a linear relationship with the package download/streaming time. Size of the package being streamed. The package size has a significant impact on the streaming/download time only for larger packages with a size ~ 1GB. For package sizes ranging from 3 MB to 100 MB, the streaming time ranges from 20 seconds to 100 seconds, with 100 simultaneous clients. Network between the App-V client and the streaming server. Across a slow network (1.5 Mbps bandwidth), there is a 70-80% increase in response time compared to LAN (up to 100 users). Multiple App-V clients streaming virtual application packages from a streaming server. Number of clients. 100 200 1000 100 200 1000 3.5 MB 3.5 MB 3.5 MB 5 MB 5 MB 5 MB LAN LAN LAN LAN LAN LAN 29 39 391 35 68 461 Size of each package being streamed. Size of each package. 100 200 100 200 21 MB 21 MB 109 109 LAN LAN LAN LAN 33 83 100 160 Network connection between client and App-V streaming server. 1.5 Mbps Slow link network. 100 100 3.5 MB 5 MB 1.5 Mbps Intra-Continental Network 102 121 Schema name Name of the schema. If you want to use the “optional packages” and “use any version” features that are described in this table, you must specify the following schema in the XML file: AppConnectionGroupId
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). Context menu handler Adds menu items to the context menu. It is called before the context menu is displayed. Drag-and-drop handler Controls the action where right-click, drag and drop and modifies the context menu that appears. Drop target handler Controls the action after a data object is dragged and dropped over a drop target such as a file. Data object handler Controls the action after a file is copied to the clipboard or dragged and dropped over a drop target. It can provide additional clipboard formats to the drop target. Property sheet handler Replaces or adds pages to the property sheet dialog box of an object. Infotip handler Allows retrieving flags and infotip information for an item and displaying it inside a pop-up tooltip upon mouse hover. Column handler Allows creating and displaying custom columns in Windows Explorer Details view. It can be used to extend sorting and grouping. Preview handler Enables a preview of a file to be displayed in the Windows Explorer Preview pane. Package creation Sequencing Package Accelerator Office Deployment Kit Supported licensing Volume Licensing Supported deployments Desktop Personal VDI RDS Lync meeting Join Plug-in for Firefox and Chrome User can join Lync meetings from Firefox and Chrome Sent to OneNote Print Driver User can print to OneNote Yes OneNote Linked Notes OneNote Linked Notes Send to OneNote Internet Explorer Add-In User can send to OneNote from IE Firewall Exception for Lync and Outlook Firewall Exception for Lync and Outlook MAPI Client Native apps and add-ins can interact with virtual Outlook through MAPI SharePoint Plugin for Firefox User can use SharePoint features in Firefox Mail Control Panel Applet User gets the mail control panel applet in Outlook Yes Primary Interop Assemblies Support managed add-ins Office Document Cache Handler Allows Document Cache for Office applications Outlook Protocol Search handler User can search in outlook Yes Active X Controls: For more information on ActiveX controls, refer to [ActiveX Control API Reference](https://msdn.microsoft.com/library/office/ms440037(v=office.14).aspx). Groove.SiteClient Active X Control PortalConnect.PersonalSite Active X Control SharePoint.openDocuments Active X Control SharePoint.ExportDatabase Active X Control SharePoint.SpreadSheetLauncher Active X Control SharePoint.StssyncHander Active X Control SharePoint.DragUploadCtl Active X Control SharePoint.DragDownloadCtl Active X Control Sharpoint.OpenXMLDocuments Active X Control Sharepoint.ClipboardCtl Active X control WinProj.Activator Active X Control Name.NameCtrl Active X Control STSUPld.CopyCtl Active X Control CommunicatorMeetingJoinAx.JoinManager Active X Control LISTNET.Listnet Active X Control OneDrive Pro Browser Helper Active X Control] OneDrive Pro Icon Overlays Windows explorer shell icon overlays when users look at folders OneDrive Pro folders [Supported versions of Microsoft Office](appv-planning-for-using-appv-with-office.md#bkmk-office-vers-supp-appv) Supported versions of Office Supported deployment types (for example, desktop, personal Virtual Desktop Infrastructure (VDI), pooled VDI) Office licensing options [Planning for using App-V with coexisting versions of Office](appv-planning-for-using-appv-with-office.md#bkmk-plan-coexisting) Considerations for installing different versions of Office on the same computer Packaging All of the Office applications that you want to deploy to users must be in a single package. In App-V and later, you must use the Office Deployment Tool to create packages. You cannot use the Sequencer. If you are deploying Microsoft Visio 2013 and Microsoft Project 2013 along with Office, you must include them in the same package with Office. For more information, see [Deploying Visio 2013 and Project 2013 with Office](#bkmk-deploy-visio-project). Publishing You can publish only one Office package to each client computer. You must publish the Office package globally. You cannot publish to the user. Deploying any of the following products to a shared computer, for example, by using Remote Desktop Services: Office 365 ProPlus Visio Pro for Office 365 Project Pro for Office 365 You must enable [shared computer activation](http://technet.microsoft.com/library/dn782860.aspx). You don’t use shared computer activation if you’re deploying a volume licensed product, such as: Office Professional Plus 2013 Visio Professional 2013 Project Professional 2013 Use the ExcludeApp setting when you create the package by using the Office Deployment Tool. Enables you to exclude specific Office applications from the package when the Office Deployment Tool creates the package. For example, you can use this setting to create a package that contains only Microsoft Word. For more information, see [ExcludeApp element](https://technet.microsoft.com/library/jj219426.aspx#BKMK_ExcludeAppElement). Modify the DeploymentConfig.xml file Modify the DeploymentConfig.xml file after the package has been created. This file contains the default package settings for all users on a computer that is running the App-V Client. For more information, see [Disabling Office 2013 applications](#bkmk-disable-office-apps). Prerequisite software .Net Framework 4 Supported operating systems 64-bit version of Windows 8 or later 64-bit version of Windows 7 is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml. is the Office Deployment Tool. downloads the Office 2013 applications that you specify in the customConfig.xml file. These bits can be later converted in an Office 2013 App-V package with Volume Licensing. passes the XML configuration file required to complete the download process, in this example, customconfig.xml. After using the download command, Office applications should be found in the location specified in the configuration xml file, in this example \\Server\Office2013. Add element: N/A OfficeClientEdition (attribute of Add element): Product element: Language element: Version (attribute of Add element): SourcePath (attribute of Add element): Office 2013 ProPlusVolume O365ProPlusRetail Office 2013 with Visio 2013 ProPlusVolume VisioProVolume O365ProPlusRetail VisioProRetail Office 2013 with Visio 2013 and Project 2013 ProPlusVolume VisioProVolume ProjectProVolume O365ProPlusRetail VisioProRetail ProjectProRetail is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml. is the Office Deployment Tool. creates the Office 2013 App-V package with Volume Licensing as specified in the customConfig.xml file. passes the configuration XML file (in this case customConfig) that has been prepared for the packaging stage. specifies the location of the newly created Office App-V package. Enable Windows PowerShell scripting on the App-V clients To publish Office 2013 packages, you must run a script. Package scripts are disabled by default on App-V clients. To enable scripting, run the following Windows PowerShell command: Publish the Office 2013 package globally Extension points in the Office App-V package require installation at the computer level. When you publish at the computer level, no prerequisite actions or redistributables are needed, and the Office 2013 package globally enables its applications to work like natively installed Office, eliminating the need for administrators to customize packages. Create two different packages and deploy each one to a different group of users Create and deploy the following packages: A package that contains only Office - deploy to computers whose users need only Office. A package that contains Office, Visio, and Project - deploy to computers whose users need all three applications. If you want only one package for the whole organization, or if you have users who share computers: Follows these steps: Create a package that contains Office, Visio, and Project. Deploy the package to all users. Use [AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview) to prevent specific users from using Visio and Project. is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml. is the Office Deployment Tool. creates the Office 2016 App-V package with the type of licensing specified in the customConfig.xml file. passes the configuration XML file (in this case customConfig) that has been prepared for the packaging stage. specifies the location of the newly created Office App-V package. Complete the planning phase to prepare the computing environment for App-V deployment. [App-V Planning Checklist](appv-planning-checklist.md) Review the App-V supported configurations information. [App-V Supported Configurations](appv-supported-configurations.md) Run App-V Setup to deploy the required App-V features for your environment. Keep track of the names of the servers and associated URLs created during installation. This information will be used throughout the installation process. [How to Install the Sequencer](appv-install-the-sequencer.md) [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md) [How to Deploy the App-V Server](appv-deploy-the-appv-server.md) ReportingServerURL Specifies the location on the reporting server where client information is saved. For example, http://<reportingservername>:<reportingportnumber>. Specifies the location on the reporting server where client information is saved. For example, https://<reportingservername>:<reportingportnumber>. This is the port number that was assigned during the Reporting Server setup App-V Management Server The App-V Management server provides overall management functionality for the App-V infrastructure. Additionally, you can install more than one instance of the management server in your environment which provides the following benefits: Fault Tolerance and High Availability – Installing and configuring the App-V Management server on two separate computers can help in situations when one of the servers is unavailable or offline. You can also help increase App-V availability by installing the Management server on multiple computers. In this scenario, a network load balancer should also be considered so that server requests are balanced. Scalability – You can add additional management servers as necessary to support a high load, for example you can install multiple servers behind a load balancer. App-V Publishing Server The App-V publishing server provides functionality for virtual application hosting and streaming. The publishing server does not require a database connection and supports the following protocols: HTTP, and HTTPS You can also help increase App-V availability by installing the Publishing server on multiple computers. A network load balancer should also be considered so that server requests are balanced. App-V Reporting Server The App-V Reporting server enables authorized users to run and view existing App-V reports and ad hoc reports that can help them manage the App-V infrastructure. The Reporting server requires a connection to the App-V reporting database. You can also help increase App-V availability by installing the Reporting server on multiple computers. A network load balancer should also be considered so that server requests are balanced. App-V Client The App-V client enables packages created using App-V to run on target computers. Review the getting started information about App-V to gain a basic understanding of the product before beginning deployment planning. [Getting Started with App-V](appv-getting-started.md) Plan for App-V deployment prerequisites and prepare your computing environment. [App-V Prerequisites](appv-prerequisites.md) If you plan to use the App-V management server, plan for the required roles. [Planning for the App-V Server Deployment](appv-planning-for-appv-server-deployment.md) Plan for the App-V sequencer and client so you to create and run virtualized applications. [Planning for the App-V Sequencer and Client Deployment](appv-planning-for-sequencer-and-client-deployment.md) If applicable, review the options and steps for migrating from a previous version of App-V. [Migrating to App-V from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md) Decide whether to configure App-V clients in Shared Content Store mode. [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md) Requirements To use %AppData% folder redirection, you must: Have an App-V package that has an AppData virtual file system (VFS) folder. Enable folder redirection and redirect users’ folders to a shared folder, typically a network folder. Roam both or neither of the following: Files under %appdata%\Microsoft\AppV\Client\Catalog Registry settings under HKEY_CURRENT_USER\Software\Microsoft\AppV\Client\Packages For more detail, see [Application Publishing and Client Interaction](appv-application-publishing-and-client-interaction.md#bkmk-clt-inter-roam-reqs). Ensure that the following folders are available to each user who logs into the computer that is running the App-V client: %AppData% is configured to the desired network location (with or without [Offline Files](http://technet.microsoft.com/library/cc780552.aspx) support). %LocalAppData% is configured to the desired local folder. Unsupported scenarios Configuring %LocalAppData% as a network drive. Redirecting the Start menu to a single folder for multiple users. If roaming AppData (%AppData%) is redirected to a network share that is not available, App-V applications will fail to launch, unless the unavailable network share has been enabled for Offline Files. When the virtual environment starts The virtual file system (VFS) AppData folder is mapped to the local AppData folder (%LocalAppData%) instead of to the user’s roaming AppData folder (%AppData%). LocalAppData contains a local cache of the user’s roaming AppData folder for the package in use. The local cache is located under: The latest data from the user’s roaming AppData folder is copied to and replaces the data currently in the local cache. While the virtual environment is running, data continues to be saved to the local cache. Data is served only out of %LocalAppData% and is not moved or synchronized with %AppData% until the end user shuts down the computer. Entries to the AppData folder are made using the user context, not the system context. When the virtual environment shuts down The local cached data in AppData (roaming) is zipped up and copied to the “real” roaming AppData folder in %AppData%. A time stamp, which indicates the last known upload, is simultaneously saved as a registry key under: To provide redundancy, App-V keeps the three most recent copies of the compressed data under %AppData%. Purpose Enables end users to work with files, which have been redirected to another folder, as if the files still existed on the local drive. Description Folder redirection allows users and administrators to redirect the path of a folder to a network location. The documents in the folder are available to the user from any computer on the network. Folder redirection allows users and administrators to redirect the path of a folder to a network location. The documents in the folder are available to the user from any computer on the network. The new location can be a folder on the local computer or a folder on a shared network. Folder redirection updates the files immediately, whereas roaming data is typically synchronized when the user logs in or logs off. Usage example You can redirect the Documents folder, which is usually stored on the computer's local hard disk, to a network location. The user can access the documents in the folder from any computer on the network. More resources [Folder redirection overview](http://technet.microsoft.com/library/cc778976.aspx) IIS server HTTP HTTPS This server-protocol combination requires a mechanism to synchronize the content between the Management Server and the Streaming Server. When using HTTP or HTTPS, use an IIS server and a firewall to protect the server from exposure to the Internet. Internal File SMB This server-protocol combination requires support to synchronize the content between the Management Server and the Streaming Server. Use a client computer with file sharing or streaming capability. Internal Office 2016 [Information about how to use Outlook 2016 or 2013 and an earlier version of Outlook installed on the same computer](https://support.microsoft.com/kb/2782408) Office 2013 [Information about how to use Office 2013 suites and programs (MSI deployment) on a computer that is running another version of Office](http://support.microsoft.com/kb/2784668) Office 2010 [Information about how to use Office 2010 suites and programs on a computer that is running another version of Office](http://support.microsoft.com/kb/2121447) Office 2007 Always non-integrated. App-V does not offer any operating system integrations with a virtualized version of Office 2007. Office 2010 Integrated and non-integrated mode. Office 2013 Always integrated. Windows operating system integrations cannot be disabled. Office 2016 Always integrated. Windows operating system integrations cannot be disabled. Skype for Business (formerly Lync) meeting Join Plug-in for Firefox and Chrome User can join Skype meetings from Firefox and Chrome Sent to OneNote Print Driver User can print to OneNote OneNote Linked Notes OneNote Linked Notes Send to OneNote Internet Explorer Add-In User can send to OneNote from IE Firewall Exception for Skype for Business (formerly Lync) and Outlook Firewall Exception for Skype for Business (formerly Lync) and Outlook MAPI Client Native apps and add-ins can interact with virtual Outlook through MAPI SharePoint Plug-in for Firefox User can use SharePoint features in Firefox Mail Control Panel Applet User gets the mail control panel applet in Outlook Primary Interop Assemblies Support managed add-ins Office Document Cache Handler Allows Document Cache for Office applications Outlook Protocol Search handler User can search in outlook Active X Controls For more information on ActiveX controls, refer to [ActiveX Control API Reference](https://msdn.microsoft.com/library/vs/alm/ms440037(v=office.14).aspx). OneDrive Pro Icon Overlays Windows Explorer shell icon overlays when users look at folders OneDrive Pro folders Shell extensions Shortcuts Windows Search Windows 10 All of the prerequisite software is already installed. Windows 8.1 All of the prerequisite software is already installed. If you are running Windows 8, upgrade to Windows 8.1 before using App-V. Windows Server 2016 The following prerequisite software is already installed: Microsoft .NET Framework 4.5 Windows PowerShell 3.0 Installing Windows PowerShell 3.0 requires a restart. Windows 7 The prerequisite software is not already installed. You must install it before you can install App-V. Account for installing the App-V Server The account that you use to install the App-V Server components must have: Administrative rights on the computer on which you are installing the components. The ability to query Active Directory Domain Services. Port and firewall Specify a port where each component will be hosted. Add the associated firewall rules to allow incoming requests to the specified ports. Web Distributed Authoring and Versioning (WebDAV) WebDAV is automatically disabled for the Management Service. Supported deployment scenarios A stand-alone deployment, where all components are deployed on the same server. A distributed deployment. Unsupported deployment scenarios Installing side-by-side instances of multiple App-V Server versions on the same server. Installing the App-V server components on a computer that runs server core or domain controller. Supported version of SQL Server For supported versions, see [App-V Supported Configurations](appv-supported-configurations.md). [Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773) [Windows PowerShell 3.0](http://www.microsoft.com/download/details.aspx?id=34595) Installing Windows PowerShell 3.0 requires a restart. Download and install [KB2533623](http://support.microsoft.com/kb/2533623) Applies to Windows 7 only. [Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784) 64-bit ASP.NET registration Windows Server Web Server Role This role must be added to a server operating system that is supported for the Management server. Web Server (IIS) Management Tools Click IIS Management Scripts and Tools. Web Server Role Services Common HTTP Features: Static Content Default Document Application Development: ASP.NET .NET Extensibility ISAPI Extensions ISAPI Filters Security: Windows Authentication Request Filtering Management Tools: IIS Management Console Default installation location %PROGRAMFILES%\Microsoft Application Virtualization Server Location of the Management database SQL Server database name, SQL Server database instance name, and database name. Management console and Management database permissions A user or group that can access the Management console and database after the deployment is complete. Only these users or groups will have access to the Management console and database unless additional administrators are added by using the Management console. Management service website name Name for the Management console website. Management service port binding Unique port number for the Management service. This port cannot be used by another process on the computer. [Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773) [Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784) Default installation location %PROGRAMFILES%\Microsoft Application Virtualization Server Custom SQL Server instance name (if applicable) Format to use: INSTANCENAME This format is based on the assumption that the installation is on the local computer. If you specify the name with the format SVR\INSTANCE, the installation will fail. Custom database name (if applicable) Unique database name. Default: AppVManagement Management server location Machine account on which the Management server is deployed. Format to use: Domain\MachineAccount Management server installation administrator Account used to install the Management server. Format to use: Domain\AdministratorLoginName Microsoft SQL Server Service Agent Configure the Management database computer so that the Microsoft SQL Server Agent service is restarted automatically. For instructions, see [Configure SQL Server Agent to Restart Services Automatically](http://technet.microsoft.com/magazine/gg313742.aspx). [Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773) [Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784) 64-bit ASP.NET registration Web Server Role This role must be added to a server operating system that is supported for the Management server. Web Server (IIS) Management Tools Click IIS Management Scripts and Tools. Web Server Role Services Common HTTP Features: Static Content Default Document Application Development: ASP.NET .NET Extensibility ISAPI Extensions ISAPI Filters Security: Windows Authentication Request Filtering Management Tools: IIS Management Console Default installation location %PROGRAMFILES%\Microsoft Application Virtualization Server Management service URL URL of the App-V Management service. This is the port with which the Publishing server communicates. Management server and Publishing server are installed on the same server http://localhost:12345 Management server and Publishing server are installed on different servers http://MyAppvServer.MyDomain.com Publishing service website name Name for the Publishing website. Publishing service port binding Unique port number for the Publishing service. This port cannot be used by another process on the computer. Supported version of SQL Server For supported versions, see [App-V Supported Configurations](appv-supported-configurations.md). [Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773) [Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784) 64-bit ASP.NET registration Windows Server Web Server Role This role must be added to a server operating system that is supported for the Management server. Web Server (IIS) Management Tools Click IIS Management Scripts and Tools. Web Server Role Services To reduce the risk of unwanted or malicious data being sent to the Reporting server, you should restrict access to the Reporting Web Service per your corporate security policy. Common HTTP Features: Static Content Default Document Application Development: ASP.NET .NET Extensibility ISAPI Extensions ISAPI Filters Security: Windows Authentication Request Filtering Management Tools: IIS Management Console Default installation location %PROGRAMFILES%\Microsoft Application Virtualization Server Reporting service website name Name for the Reporting website. Reporting service port binding Unique port number for the Reporting service. This port cannot be used by another process on the computer. [Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773) [Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784) Default installation location %PROGRAMFILES%\Microsoft Application Virtualization Server Custom SQL Server instance name (if applicable) Format to use: INSTANCENAME This format is based on the assumption that the installation is on the local computer. If you specify the name with the format SVR\INSTANCE, the installation will fail. Custom database name (if applicable) Unique database name. Default: AppVReporting Reporting server location Machine account on which the Reporting server is deployed. Format to use: Domain\MachineAccount Reporting server installation administrator Account used to install the Reporting server. Format to use: Domain\AdministratorLoginName Microsoft SQL Server Service and Microsoft SQL Server Service Agent Configure these services to be associated with user accounts that have access to query AD DS. [Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773) [Windows PowerShell 3.0](http://www.microsoft.com/download/details.aspx?id=34595) Installing Windows PowerShell 3.0 requires a restart. [KB2533623](http://support.microsoft.com/kb/2533623) Applies to Windows 7 only: Download and install the KB. Host Name Package Name Start and End Times App-V Client Version Package Version Run Status Processor Architecture Package Source Shutdown State Operating System Version Percent Cached Application Name Service Pack Level Application Version Operating System Type Username Connection Group If you have an existing App-V reporting Server, create a customized scheduled task or script. Specify that the client send the data to the specified location with the desired frequency. If you do not have an existing App-V reporting Server, use the –URL parameter to send the data to a specified share. For example: The previous example will send the reporting data to \\MyShare\MyData\ location indicated by the -URL parameter. After the data has been sent, the cache is cleared. If a location other than the Reporting Server is specified, the data is sent using .xml format with no additional processing. App-V Management Admin group Used to manage the App-V management server. This group is created during the App-V Management Server installation. There is no method to create the group using the management console after you have completed the installation. Database read/write for Management Service account Provides read/write access to the management database. This account should be created during the App-V management database installation. App-V Management Service install admin account This is only required if management database is being installed separately from the service. Provides public access to schema-version table in management database. This account should be created during the App-V management database installation. App-V Reporting Service install admin account This is only required if reporting database is being installed separately from the service. Public access to schema-version table in reporting database. This account should be created during the App-V reporting database installation. Microsoft SQL Server 2014 32-bit or 64-bit Microsoft SQL Server 2012 SP2 32-bit or 64-bit Microsoft SQL Server 2008 R2 SP3 32-bit or 64-bit Microsoft SQL Server 2014 32-bit or 64-bit Microsoft SQL Server 2012 SP2 32-bit or 64-bit Microsoft SQL Server 2008 R2 SP3 32-bit or 64-bit Microsoft Windows Server 2012 R2 64-bit Microsoft Windows Server 2012 64-bit Microsoft Windows Server 2008 R2 SP1 64-bit Microsoft Windows 10 32-bit and 64-bit Microsoft Windows 8.1 32-bit and 64-bit Microsoft Windows 8 32-bit and 64-bit Microsoft Windows 7 SP1 32-bit and 64-bit Added a new CSP in Windows 10, version 1803. Added a new CSP in Windows 10, version 1803. Added a new CSP in Windows 10, version 1803. Added the following new policies for Windows 10, version 1803: Returns status on Application Guard installation and pre-requisites. Value type is integer. Supported operation is Get. Returns bitmask that indicates status of Application Guard installation and pre-requisites on the device. Value type is integer. Supported operation is Get.
+
+Bit 0 - Set to 1 when WDAG is enabled into enterprise manage mode
+Bit 1 - Set to 1 when the client machine is Hyper-V capable
+Bit 2 - Set to 1 when the client machine has a valid OS license and SKU
+Bit 3 - Set to 1 when WDAG installed on the client machine
+Bit 4 - Set to 1 when required Network Isolation Policies are configured
+Bit 5 - Set to 1 when the client machine meets minimum hardware requirements
+
+ Initiates remote installation of Application Guard feature. Supported operations are Get and Execute. Important: Notes:
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-auto-batch-updating.md b/windows/application-management/app-v/appv-auto-batch-updating.md
index 09911137f3..1d96b18fb8 100644
--- a/windows/application-management/app-v/appv-auto-batch-updating.md
+++ b/windows/application-management/app-v/appv-auto-batch-updating.md
@@ -6,45 +6,37 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 06/26/2017
+ms.date: 04/18/2018
---
-
# Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)
-**Applies to**
-- Windows 10, version 1703
+>Applies to: Windows 10, version 1703
-Updating multiple apps at the same time follows the same process as [automatically sequencing multiple apps at the same time](appv-auto-batch-sequencing.md). However for updating, you'll pass your previously created app package files to the App-V Sequencer cmdlet for updating.
+Updating multiple apps at the same time follows a similar process to the one used for [automatically sequencing multiple apps at the same time](appv-auto-batch-sequencing.md). However, when updating, you'll also have to pass your previously created app package files to the App-V Sequencer cmdlet.
Starting with Windows 10, version 1703, running the New-BatchAppVSequencerPackages cmdlet or the App-V Sequencer interface captures and stores all of your customizations as an App-V project template. If you want to make changes to this package later, your customizations are automatically loaded from this template file.
>[!NOTE]
->If you're trying to sequence multiple apps at the same time, see the [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-sequencing.md) topic.
+>If you're trying to sequence multiple apps at the same time, see [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-sequencing.md).
+
+## Update multiple apps with a PowerShell cmdlet
-### Update multiple apps by using a PowerShell cmdlet
Updating multiple apps at the same time requires that you create a **ConfigFile** with info related to each round of updating. This file is then used by the cmdlet to start the VM at a "clean" checkpoint, to copy the installer from the Host device to the VM, and then to start the App-V Sequencer to monitor your specified app installations.
-**To create your ConfigFile for use by the PowerShell cmdlet**
+### Create your ConfigFile for use by the PowerShell cmdlet
1. Determine the apps that need to be included in your app package, and then open a text editor, such as Notepad.
2. Add the following XML info for each app:
- - **<AppName>.** The name of the app you're adding to the package.
-
- - **<InstallerFolder>.** The file path to the folder with the app installer.
-
- - **<Installer>.** The file name for the app executable. This will typically be an .exe or .msi file.
-
- - **<InstallerOptions>.** The command-line options required for the app installation.
-
- - **<Package>.** The file path to the location of your App-V packages. These packages were created when you sequenced your apps.
-
- - **<TimeoutInMinutes>.** The maximum amount of time, in minutes, that the cmdlet should wait for updating to complete. You can enter a different value for each app, based on the size and complexity of the app itself.
-
- - **<Cmdlet>.** Determines whether the sequencer uses the cmdlet or the App-V Sequencer interface. **True** tells the sequencer to use cmdlet-based updating, while **False** tells the sequencer to use the App-V Sequencer interface. You can use both the cmdlet and the interface together in the same ConfigFile, for different apps.
-
- - **<Enabled>.** Indicates whether the app should be sequenced. **True** includes the app, while **False** ignores it. You can include as many apps as you want in the batch file, but optionally enable only a few of them.
+ - ```
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md b/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md
index 9632883b04..23a9fe37c6 100644
--- a/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md
+++ b/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md
@@ -74,4 +74,4 @@ Using Group Policy, you can turn on the **Enable automatic cleanup of unused app
**Have a suggestion for App-V?**
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-auto-provision-a-vm.md b/windows/application-management/app-v/appv-auto-provision-a-vm.md
index 29943d7b0b..73c3fb6cdf 100644
--- a/windows/application-management/app-v/appv-auto-provision-a-vm.md
+++ b/windows/application-management/app-v/appv-auto-provision-a-vm.md
@@ -6,88 +6,89 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
-
# Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)
-**Applies to**
-- Windows 10, version 1703
+>Applies to: Windows 10, version 1703
Previous versions of the App-V Sequencer have required you to manually create your sequencing environment. Windows 10, version 1703 introduces two new PowerShell cmdlets, New-AppVSequencerVM and Connect-AppvSequencerVM, which automatically create your sequencing environment for you, including provisioning your virtual machine.
## Automatic VM provisioning of the sequencing environment
-You have 2 options for provisioning an VM for auto-sequencing:
-- Using a Virtual Hard Disk (VHD)
- -OR-
+You have two options for provisioning an VM for auto-sequencing:
-- Updating an existing VM
+1. Using a Virtual Hard Disk (VHD)
+2. Updating an existing VM
- >[!NOTE]
- >We have reduced the number of environmental checks performed by the App-V Sequencer, narrowing down the list of apps that need to be disabled or turned off for a clean sequencing experience. We've also suppressed antivirus and other similar app warnings.
+You can only choose one option.
+
+>[!NOTE]
+>We have reduced the number of environmental checks performed by the App-V Sequencer, narrowing down the list of apps that need to be disabled or turned off for a clean sequencing experience. We've also suppressed antivirus and other similar app warnings.
+
+### Provision a new VM with a VHD file
-### Provision a new VM by using a VHD file
Provisioning your new VM includes creating a VHD file, setting up a user account, turning on remote PowerShell scripting, and installing the App-V Sequencer.
#### Create a VHD file
+
For this process to work, you must have a base operating system available as a VHD image file, we recommend using the [Convert-WindowsImage.ps1](https://gallery.technet.microsoft.com/scriptcenter/Convert-WindowsImageps1-0fe23a8f) command-line tool.
-**To create a VHD file by using the Convert-WindowsImage command-line tool**
-1. Open PowerShell as an admin and run the Convert-WindowsImage tool, using the following commands:
+#### Create a VHD file with the Convert-WindowsImage command-line tool
+
+1. Open PowerShell as an admin and run the **Convert-WindowsImage** tool, using the following commands:
```ps1
Convert-WindowsImage -SourcePath "
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-capacity-planning.md b/windows/application-management/app-v/appv-capacity-planning.md
index f37904bd63..4eb8944558 100644
--- a/windows/application-management/app-v/appv-capacity-planning.md
+++ b/windows/application-management/app-v/appv-capacity-planning.md
@@ -6,948 +6,190 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
-
# App-V Capacity Planning
-**Applies to**
-- Windows Server 2016
+>Applies to: Windows Server 2016
The following recommendations can be used as a baseline to help determine capacity planning information that is appropriate to your organization’s App-V infrastructure.
->**Important**
-Use the information in this section only as a general guide for planning your App-V deployment. Your system capacity requirements will depend on the specific details of your hardware and application environment. Additionally, the performance numbers displayed in this document are examples and your results may vary.
+>[!IMPORTANT]
+>Use the information in this section only as a general guide for planning your App-V deployment. Your system capacity requirements will depend on the specific details of your hardware and application environment. Additionally, the performance numbers displayed in this document are examples and your results may vary.
-
+## Determine the project scope
-## Determine the Project Scope
+Before you design the App-V infrastructure, determining which applications will be available virtually, and also identify the target users and their locations. This information will determine what type of App-V infrastructure your project should implement. Your should base your decisions about your project's scope on your organization's specific needs.
+|Task|More information|
+|----|----------------|
+|Determine application scope|The App-V infrastructure can be set up in different ways depending on which applications you want to virtualize. This means your first task is to define which applications you want to virtualize.|
+|Determine location scope|"Location scope" refers to the physical locations where you plan to run the virtualized applications (for example, enterprise-wide or a specific geographic location). It can also refer to the user population that will run the virtual applications (for example, a single department). You should obtain a network map that includes the connection paths, the available bandwidth for each location, the number of users using virtualized applications, and the WAN link speed.|
-Before you design the App-V infrastructure, determine the project’s scope. The scope consists of determining which applications will be available virtually and to also identify the target users, and their locations. This information will help determine what type of App-V infrastructure should be implemented. Decisions about the scope of the project must be based on the specific needs of your organization.
+## Determine which App-V infrastructure is required
-
-
+You can also manage your App-V environment using an electronic software distribution (ESD) solution such as Microsoft Systems Center Configuration Manager. For more information see [How to deploy App-V packages using electronic software distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md).
-## Determine Which App-V Infrastructure is Required
+* **Standalone model**—The standalone model allows virtual applications to be Windows Installer-enabled for distribution without streaming. App-V in Standalone mode only needs the sequencer and the client; no additional components are required. Applications are prepared for virtualization using a process called sequencing. For more information, see [Planning for the App-V Sequencer and Client deployment](appv-planning-for-sequencer-and-client-deployment.md). The standalone model is recommended for the following scenarios:
-You can also manage your App-V environment using an Electronic Software Distribution (ESD) solution such as Microsoft Systems Center Configuration Manager. For more information see [How to deploy App-V Packages Using Electronic Software Distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md).
+ * When there are disconnected remote users who can't connect to the App-V infrastructure.
+ * When you're running a software management system, such as System Center 2012 Configuration Manager.
+ * When network bandwidth limitations inhibit electronic software distribution.
+* **Full infrastructure model**—The full infrastructure model provides for software distribution, management, and reporting capabilities; it also includes the streaming of applications across the network. The App-V full infrastructure model consists of one or more App-V management servers that can be used to publish applications to all clients. Publishing places the virtual application icons and shortcuts on the target computer. It can also stream applications to local users. For more information about how to install the management server, see [Planning for App-V Server deployment](appv-planning-for-appv-server-deployment.md). The full infrastructure model is recommended for the following scenarios:
-- **Standalone Model** - The standalone model allows virtual applications to be Windows Installer-enabled for distribution without streaming. App-V in Standalone Mode consists of the sequencer and the client; no additional components are required. Applications are prepared for virtualization using a process called sequencing. For more information see, [Planning for the App-V Sequencer and Client Deployment](appv-planning-for-sequencer-and-client-deployment.md). The stand-alone model is recommended for the following scenarios:
+ * When you want to use the Management Server to publish the application to target computers.
+ * For rapid provisioning of applications to target computers.
+ * When you want to use App-V reporting.
- - With disconnected remote users who cannot connect to the App-V infrastructure.
+>[!IMPORTANT]
+>The App-V full infrastructure model requires Microsoft SQL Server to store configuration data. For more information, see [App-V supported configurations](appv-supported-configurations.md).
- - When you are running a software management system, such as System Center 2012 Configuration Manager.
+## End-to-end server sizing guidance
- - When network bandwidth limitations inhibit electronic software distribution.
+The following section describes end-to-end App-V sizing and planning. For more specific information, refer to the subsequent sections.
-- **Full Infrastructure Model** - The full infrastructure model provides for software distribution, management, and reporting capabilities; it also includes the streaming of applications across the network. The App-V Full Infrastructure Model consists of one or more App-V management servers. The Management Server can be used to publish applications to all clients. The publishing process places the virtual application icons and shortcuts on the target computer. It can also stream applications to local users. For more information about installing the management server see, [Planning for App-V Server Deployment](appv-planning-for-appv-server-deployment.md). The full infrastructure model is recommended for the following scenarios:
+>[!NOTE]
+>Round trip response time on the client is the time taken by the computer running the App-V client to receive a successful notification from the publishing server. Round trip response time on the publishing server is the time taken by the computer running the publishing server to receive a successful package metadata update from the management server.
- >**Important**
- The App-V full infrastructure model requires Microsoft SQL Server to store configuration data. For more information see [App-V Supported Configurations](appv-supported-configurations.md).
+* 20,000 clients can target a single publishing server to obtain the package refreshes in an acceptable round trip time (<3 seconds).
+* A single management server can support up to 50 publishing servers for package metadata refreshes in an acceptable round trip time (<5 seconds).
-
+## App-V Management Server capacity planning recommendations
- - When you want to use the Management Server to publish the application to target computers.
+The App-V publishing servers require the management server for package refresh requests and package refresh responses. The management server then sends the information to the management database to retrieve information. For more information about App-V management server supported configurations, see [App-V supported configurations](appv-supported-configurations.md).
- - For rapid provisioning of applications to target computers.
+>[!NOTE]
+>The default refresh time on the App-V publishing server is ten minutes.
- - When you want to use App-V reporting.
+When multiple simultaneous publishing servers contact a single management server for package metadata refreshes, the following three factors will influence the publishing server's round-trip response time:
-## End-to-end Server Sizing Guidance
+1. The number of publishing servers making simultaneous requests.
+2. The number of connection groups configured on the management server.
+3. The number of access groups configured on the management server.
+The following table describes each factor that impacts round-trip time in more detail.
-The following section provides information about end-to-end App-V sizing and planning. For more specific information, refer to the subsequent sections.
+>[!NOTE]
+>Round trip response time is the time taken by the computer running the App-V publishing server to receive a successful package metadata update from the management server.
-**Note**
-Round trip response time on the client is the time taken by the computer running the App-V client to receive a successful notification from the publishing server. Round trip response time on the publishing server is the time taken by the computer running the publishing server to receive a successful package metadata update from the management server.
+|Factors impacting round-trip response time|Description|
+|------------------------------------------|-----------|
+|The number of publishing servers simultaneously requesting package metadata refreshes.|A single management server can respond to up to 320 publishing servers simultaneously requesting publishing metadata. For example, in a case with 30 publishing servers simultaneously requesting publishing metadata, the round-trip response time is about 40 seconds, while for less than 50 servers it's less than 5 seconds. From 50 to 320 publishing servers, response team increases linearly (approximately 2×).|
+|The number of connection groups configured on the management server.|For up to 100 connection groups, there is no significant change in the round-trip response time on the publishing server. For 100–400 connection groups, there is a minor linear increase in the round-trip response time.|
+|The number of access groups configured on the management server.|For up to 40 access groups, there is a linear (approximately 3×) increase in the round-trip response time on the publishing server.|
-
+The following table displays sample values for each of the previous factors. In each variation, 120 packages are refreshed from the App-V management server.
-- 20,000 clients can target a single publishing server to obtain the package refreshes in an acceptable round trip time. (<3 seconds)
+|Scenario|Variation|Number of connection groups|Number of access groups|Number of publishing servers|Network connection type|Round-trip response time (seconds)|Management server CPU utilization|
+|---|---|---|---|---|---|---|---|
+|Publishing servers contact management server for publishing metadata at same time|Number of publishing servers.|0
-
-
-
-Task
-More Information
-
-
-
-
-
-
0
0
0
0
0|1
1
1
1
1
1|50
100
200
300
315
320|LAN|5
10
19
32
30
37|17
17
17
15
17
15|
+|Publishing metadata contains connection groups|Number of connection groups|10
20
100
150
300
400|1
1
1
1
1
1|100
100
100
100
100
100|LAN|10
11
11
16
22
25|17
19
22
19
20
20|
+|Publishing metadata contains access groups|Number of access groups|0
0
0
0|1
10
20
40|100
100
100
100|LAN|10
43
153
535|17
26
24
24|
-- A single management server can support up to 50 publishing servers for package metadata refreshes in an acceptable round trip time. (<5 seconds)
+The CPU utilization of the computer running the management server is around 25% irrespective of the number of publishing servers targeting it. The Microsoft SQL Server database transactions/sec, batch requests/sec and user connections are identical irrespective of the number of publishing servers. For example, transactions/sec is approximately 30, batch requests approximately 200, and user connects approximately six.
-## App-V Management Server Capacity Planning Recommendations
+Using a geographically distributed deployment, where the management server and publishing servers utilize a slow link network between them, the round-trip response time on the publishing servers is within acceptable time limits (<5 seconds), even for 100 simultaneous requests on a single management server.
-
-The App-V publishing servers require the management server for package refresh requests and package refresh responses. The management server then sends the information to the management database to retrieve information. For more information about App-V management server supported configurations see [App-V Supported Configurations](appv-supported-configurations.md).
-
-**Note**
-The default refresh time on the App-V publishing server is ten minutes.
-
-
-
-When multiple simultaneous publishing servers contact a single management server for package metadata refreshes, the following three factors influence the round trip response time on the publishing server:
-
-1. Number of publishing servers making simultaneous requests.
-
-2. Number of connection groups configured on the management server.
-
-3. Number of access groups configured on the management server.
-
-The following table displays more information about each factor that impacts round trip time.
-
-**Note**
-Round trip response time is the time taken by the computer running the App-V publishing server to receive a successful package metadata update from the management server.
-
-
-
-
-
-
-
-
-The following table displays sample values for each of the previous factors. In each variation, 120 packages are refreshed from the App-Vmanagement server.
-
-
-
-
-
-Factors impacting round trip response time
-More Information
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-The CPU utilization of the computer running the management server is around 25% irrespective of the number of publishing servers targeting it. The Microsoft SQL Server database transactions/sec, batch requests/sec and user connections are identical irrespective of the number of publishing servers. For example: Transactions/sec is ~30, batch requests ~200, and user connects ~6.
-
-Using a geographically distributed deployment, where the management server & publishing servers utilize a slow link network between them, the round trip response time on the publishing servers is within acceptable time limits (<5 seconds), even for 100 simultaneous requests on a single management server.
-
-
-
-
-
-Scenario
-Variation
-Number of connection groups
-Number of access groups
-Number of publishing servers
-Network connection type publishing server / management server
-Round trip response time on the publishing server (in seconds)
-CPU utilization on management server
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Scenario|Variation|Number of connection groups|Number of access groups|Number of publishing servers|Network connection type|Round-trip response time (seconds)|Management server CPU utilization (in %)|
+|---|---|---|---|---|---|---|---|
+|Network connection between the publishing server and management server|1.5 Mbps Slow link Network|0
-
-
-
-Scenario
-Variation
-Number of connection groups
-Number of access groups
-Number of publishing servers
-Network connection type publishing server / management server
-Round trip response time on the publishing server (in seconds)
-CPU utilization on management server
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
0|1
1|50
100|1.5 Mbps Cable DSL|4
5|1
2|
+|Network connection between the publishing server and management server|LAN/WiFi Network|0
0|1
1|100
200|WiFi|11
20|15
17|
Whether the management server and publishing servers are connected over a slow link network, or a high speed network, the management server can handle approximately 15,000 package refresh requests in 30 minutes.
-## App-V Reporting Server Capacity Planning Recommendations
+## App-V Reporting Server capacity planning recommendations
+App-V clients send reporting data to the reporting server. The reporting server then records the information in the Microsoft SQL Server database and returns a successful notification back to the computer running App-V client. For more information about the App-V Reporting Server's supported configurations see [App-V supported configurations](appv-supported-configurations.md).
-App-V clients send reporting data to the reporting server. The reporting server then records the information in the Microsoft SQL Server database and returns a successful notification back to the computer running App-V client. For more information about App-V Reporting Server supported configurations see [App-V Supported Configurations](appv-supported-configurations.md).
+>[!NOTE]
+>Round-trip response time is the time taken by the computer running the App-V client to send the reporting information to the reporting server and receive a successful notification from the reporting server.
-**Note**
-Round trip response time is the time taken by the computer running the App-V client to send the reporting information to the reporting server and receive a successful notification from the reporting server.
+|Scenario|Summary|
+|---|---|
+|Multiple App-V clients send reporting information to the reporting server simultaneously.|Round-trip response time from the reporting server is 2.6 seconds for 500 clients. Round-trip response time from the reporting server is 5.65 seconds for 1000 clients. Round-trip response time increases linearly depending on number of clients.|
+|Requests per second processed by the reporting server.|A single reporting server and a single database, can process a maximum of 139 requests per second. The average is 121 requests/second. Using two reporting servers reporting to the same Microsoft SQL Server database, the average requests/second, like a single reporting server, is about 127, with a max of 278 requests/second. A single reporting server can process 500 concurrent/active connections. A single reporting server can process a maximum 1,500 concurrent connections.|
+|Reporting database.|Lock contention on the computer running Microsoft SQL Server is the limiting factor for requests/second. Throughput and response time are independent of database size.|
-
-
-
-
-
-
-
-**Calculating random delay**:
+### Calculating random delay
The random delay specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between **0** and **ReportingRandomDelay** and will wait the specified duration before sending data.
-Random delay = 4 \* number of clients / average requests per second.
+*Random delay = 4 × number of clients/average requests per second*.
-Example: For 500 clients, with 120 requests per second, the Random delay is, 4 \* 500 / 120 = ~17 minutes.
+Example: Random delay for 500 clients with 120 requests per second is *4 × 500/120 = about 17 minutes*.
-## App-V Publishing Server Capacity Planning Recommendations
+## App-V publishing server capacity planning recommendations
+Computers running the App-V client connect to the App-V publishing server to send a publishing refresh request and receive a response. Round trip response time is measured on the computer running the App-V client, while processor time is measured on the publishing server. For more information about App-V Publishing Server supported configurations, see [App-V supported configurations](appv-supported-configurations.md).
-Computers running the App-V client connect to the App-V publishing server to send a publishing refresh request and to receive a response. Round trip response time is measured on the computer running the App-V client. Processor time is measured on the publishing server. For more information about App-V Publishing Server supported configurations see [App-V Supported Configurations](appv-supported-configurations.md).
+>[!IMPORTANT]
+>The following list displays the main factors to consider when setting up the App-V publishing server:
+ * The number of clients connecting simultaneously to a single publishing server.
+ * The number of packages in each refresh.
+ * The available network bandwidth in your environment between the client and the App-V publishing server.
-**Important**
-The following list displays the main factors to consider when setting up the App-V publishing server:
+|Scenario|Summary|
+|---|---|
+|Multiple App-V clients connect to a single publishing server simultaneously.|A publishing server running dual core processors can respond to at most 5000 clients requesting a refresh simultaneously. For 5,000–10,000 clients, the publishing server requires a minimum quad core. For 10,000–20,000 clients, the publishing server should have dual quad cores for more efficient response times. A publishing server with a quad core can refresh up to 10,000 packages within three seconds. (Supports 10,000 simultaneous clients.)|
+|Number of packages in each refresh.|Increasing number of packages will increase response time by about 40% (up to 1,000 packages).|
+|Network between the App-V client and the publishing server.|Across a slow network (1.5 Mbps bandwidth), there is a 97% increase in response time compared to LAN (up to 1,000 users).|
-- The number of clients connecting simultaneously to a single publishing server.
+>[!NOTE]
+>The publishing server CPU usage is always high during the time interval when it must process simultaneous requests (>90% in most cases). The publishing server can handle about 1,500 client requests in one second.
-- The number of packages in each refresh.
-
-- The available network bandwidth in your environment between the client and the App-V publishing server.
-
-
-
-
-
-
-
-Scenario
-Summary
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-**Note**
-The publishing server CPU usage is always high during the time interval when it has to process simultaneous requests (>90% in most cases). The publishing server can handle ~1500 client requests in 1 second.
-
-
-
-
-
-
-
-Scenario
-Summary
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-## App-V Streaming Capacity Planning Recommendations
+|Scenario|Variation|Number of App-V clients|Number of packages|Processor configuration on publishing server|Network connection type|App-V client round-trip time (in seconds)|Publishing server CPU utilization (in %)|
+|---|---|---|---|---|---|---|---|
+|App-V client sends publishing refresh request and receives response, each request containing 120 packages|Number of clients|100
-
-
-
-Scenario
-Variation
-Number of App-V clients
-Number of packages
-Processor configuration on the publishing server
-Network connection type publishing server / App-V client
-Round trip time on the App-V client (in seconds)
-CPU utilization on publishing server (in %)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
1,000
5,000
10,000|120
120
120
120|Dual Core
Dual Core
Quad Core
Quad Core|LAN|1
2
2
3|100
99
89
77|
+|Multiple packages in each refresh.|Number of packages|1,000
1,000|500
1,000|Quad Core|LAN|2
3|92
91|
+|Network between client and publishing server.|1.5 Mbps Slow link network|100
500
1,000|120
120
120|Quad Core|1.5 Mbps intra-continental network|3
10 (0.2% failure rate)
7 (1% failure rate)||
+## App-V streaming capacity planning recommendations
Computers running the App-V client stream the virtual application package from the streaming server. Round trip response time is measured on the computer running the App-V client, and is the time taken to stream the entire package.
-**Important**
-The following list identifies the main factors to consider when setting up the App-V streaming server:
+>[!IMPORTANT]
+>The following list identifies the main factors to consider when setting up the App-V streaming server:
+ * The number of clients streaming application packages simultaneously from a single streaming server.
+ * The size of the package being streamed.
+ * The available network bandwidth in your environment between the client and the streaming server.
-- The number of clients streaming application packages simultaneously from a single streaming server.
-
-- The size of the package being streamed.
-
-- The available network bandwidth in your environment between the client and the streaming server.
-
-
-
-
-
-
-
+|Scenario|Summary|
+|---|---|
+|Multiple App-V clients stream applications from a single streaming server simultaneously.|If the number of clients simultaneously streaming from the same server increases, there is a linear relationship with the package download/streaming time.|
+|Size of the package being streamed.|The package size has a significant impact on the streaming/download time only for larger packages with a size of about 1 GB. For package sizes ranging from 3 MB to 100 MB, the streaming time ranges from 20 seconds to 100 seconds, with 100 simultaneous clients.|
+|Network between the App-V client and the streaming server.|Across a slow network (1.5 Mbps bandwidth), there is a 70–80% increase in response time compared to LAN (up to 100 users).|
The following table displays sample values for each of the factors in the previous list:
-
-
-
-
-Scenario
-Summary
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Scenario|Variation|Number of App-V clients|Size of each package|Network connection type|Round-trip time on the App-V client (in seconds)|
+|---|---|---|---|---|---|
+|Multiple App-V clients streaming virtual application packages from a streaming server.|Number of clients.|100
-
-
-
-Scenario
-Variation
-Number of App-V clients
-Size of each package
-Network connection type streaming server / App-V client
-Round trip time on the App-V client (in seconds)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
200
1,000
100
200
1,000|3.5 MB
3.5 MB
3.5 MB
5 MB
5 MB
5 MB|LAN|29
39
391
35
68
461|
+|Size of each package being streamed.|Size of each package.|100
200
100
200|21 MB
21 MB
109 MB
109 MB|LAN|33
83
100
160|
+|Network connection between client and App-V streaming server.|1.5 Mbps Slow link network.|100
100|3.5 MB
5 MB|1.5 Mbps intra-continental network|102
121|
Each App-V streaming server should be able to handle a minimum of 200 clients concurrently streaming virtualized applications.
-**Note**
-The actual time to it will take to stream is determined primarily by the number of clients streaming simultaneously, number of packages, package size, the server’s network activity, and network conditions.
+>[!NOTE]
+>The actual time to it will take to stream is determined primarily by the number of clients streaming simultaneously, number of packages, package size, the server’s network activity, and network conditions.
-
-
-For example, an average user can stream a 100 MB package in less than 2 minutes, when 100 simultaneous clients are streaming from the server. However, a package of size 1 GB could take up to 30 minutes. In most real world environments streaming demand is not uniformly distributed, you will need to understand the approximate peak streaming requirements present in your environment in order to properly size the number of required streaming servers.
+For example, an average user can stream a 100 MB package in less than 2 minutes, when 100 simultaneous clients are streaming from the server. However, a package of size 1 GB could take up to 30 minutes. In most real-world environments, streaming demand is not uniformly distributed, you will need to understand the approximate peak streaming requirements present in your environment to properly size the number of required streaming servers.
The number of clients a streaming server can support can be significantly increased and the peak streaming requirements reduced if you pre-cache your applications. You can also increase the number of clients a streaming server can support by using on-demand streaming delivery and stream optimized packages.
-## Combining App-V Server Roles
+## Combining App-V server roles
+Discounting scaling and fault-tolerance requirements, the minimum number of servers that a location with Active Directory connectivity needs to function is one. This server will host the management server, management server service, and Microsoft SQL Server roles. This means that you can arrange server roles in any combination you like, as they don't conflict with one another.
-Discounting scaling and fault-tolerance requirements, the minimum number of servers needed for a location with connectivity to Active Directory is one. This server will host the management server, management server service, and Microsoft SQL Server roles. Server roles, therefore, can be arranged in any desired combination since they do not conflict with one another.
+Ignoring scaling requirements, the minimum number of servers that a fault-tolerant implementation needs to function is four. The management server and Microsoft SQL Server roles support placement in fault-tolerant configurations. The management server service can be combined with any of the roles, but remains a single point of failure.
-Ignoring scaling requirements, the minimum number of servers necessary to provide a fault-tolerant implementation is four. The management server, and Microsoft SQL Server roles support being placed in fault-tolerant configurations. The management server service can be combined with any of the roles, but remains a single point of failure.
-
-Although there are a number of fault-tolerance strategies and technologies available, not all are applicable to a given service. Additionally, if App-V roles are combined, certain fault-tolerance options may no longer apply due to incompatibilities.
+Although there are many fault-tolerance strategies and technologies you can use, not all are applicable to a given service. Additionally, if App-V roles are combined, the resulting incompatabilities could cause certain fault-tolerance options to stop working.
## Have a suggestion for App-V?
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
-
-[App-V Supported Configurations](appv-supported-configurations.md)
-
-[Planning for High Availability with App-V](appv-planning-for-high-availability-with-appv.md)
-
-[Planning to Deploy App-V](appv-planning-to-deploy-appv.md)
-
-
-
-
-
-
-
-
-
+* [App-V supported configurations](appv-supported-configurations.md)
+* [Planning for high availability with App-V](appv-planning-for-high-availability-with-appv.md)
+* [Planning to deploy App-V](appv-planning-to-deploy-appv.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-client-configuration-settings.md b/windows/application-management/app-v/appv-client-configuration-settings.md
index 5608dafd61..8ecf438180 100644
--- a/windows/application-management/app-v/appv-client-configuration-settings.md
+++ b/windows/application-management/app-v/appv-client-configuration-settings.md
@@ -6,99 +6,97 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
# About Client Configuration Settings
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
-The Microsoft Application Virtualization (App-V) client stores its configuration in the registry. You can gather some useful information about the client if you understand the format of data in the registry. You can also configure many client actions by changing registry entries. This topic lists the App-V Client configuration settings and explains their uses. You can use Windows PowerShell to modify the client configuration settings. For more information about using Windows PowerShell and App-V see [Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md).
+The Microsoft Application Virtualization (App-V) client stores its configuration in the registry. Understanding how the register's format for data works can help you better understand the client, as you can configure many client actions by changing registry entries. This topic lists the App-V client configuration settings and explains their uses. You can use Windows PowerShell to modify the client configuration settings. For more information about using Windows PowerShell and App-V see [Administering App-V by using Windows PowerShell](appv-administering-appv-with-powershell.md).
-You can use Group Policy to configure App-V client settings by using the Group Policy Management Console under **Computer Configuration** > **Administrative Templates** > **System** > **App-V**.
+You can use Group Policy to configure App-V client settings by navigating to the **Group Policy managment console** at **Computer Configuration** > **Administrative Templates** > **System** > **App-V**.
## App-V Client Configuration Settings: Windows PowerShell
The following table provides information about App-V client configuration settings that can be configured through Windows PowerShell cmdlets:
-| Windows PowerShell cmdlet or cmdlets,
**Option**
Type | Description | Disabled Policy State Keys and Values |
+| Windows PowerShell cmdlet or cmdlets,
**Option**
Type | Description | Disabled policy state keys and values |
|------------|------------|------------|------------|
| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-PackageInstallationRoot**
String | Specifies directory where all new applications and updates will be installed. | Policy value not written (same as Not Configured) |
| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-PackageSourceRoot**
String | Overrides source location for downloading package content. | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-AllowHighCostLaunch**
True (enabled); False (Disabled state) | This setting controls whether virtualized applications are launched on Windows 10 machines connected via a metered network connection (For example, 4G). | 0 |
-| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-ReestablishmentRetries**
Integer (0-99) | Specifies the number of times to retry a dropped session. | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-ReestablishmentInterval**
Integer (0-3600) | Specifies the number of seconds between attempts to reestablish a dropped session. | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-AllowHighCostLaunch**
True (enabled); False (Disabled state) | This setting controls whether virtualized applications are launched on Windows 10 machines connected by a metered network connection (for example, 4G). | 0 |
+| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-ReestablishmentRetries**
Integer (0–99) | Specifies the number of times to retry a dropped session. | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-ReestablishmentInterval**
Integer (0–3600) | Specifies the number of seconds between attempts to reestablish a dropped session. | Policy value not written (same as Not Configured) |
| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-LocationProvider**
String | Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface. | Policy value not written (same as Not Configured) |
| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-CertFilterForClientSsl**
String | Specifies the path to a valid certificate in the certificate store. | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-VerifyCertificateRevocationList**
True(enabled); False(Disabled state) | Verifies Server certificate revocation status before steaming using HTTPS. | 0 |
-| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-SharedContentStoreMode**
True(enabled); False(Disabled state) | Specifies that streamed package contents will be not be saved to the local hard disk. | 0 |
+| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-VerifyCertificateRevocationList**
True (enabled); False (Disabled state) | Verifies Server certificate revocation status before streaming with HTTPS. | 0 |
+| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-SharedContentStoreMode**
True (enabled); False (Disabled state) | Specifies that streamed package contents will be not be saved to the local hard disk. | 0 |
| Set-AppvPublishingServer
**-Name**
String | Displays the name of publishing server. | Policy value not written (same as Not Configured) |
| Set-AppvPublishingServer
**-URL**
String | Displays the URL of publishing server. | Policy value not written (same as Not Configured) |
-| Set-AppvPublishingServer
**-GlobalRefreshEnabled**
True(enabled); False(Disabled state) | Enables global publishing refresh (Boolean) | False |
-| Set-AppvPublishingServer
**-GlobalRefreshOnLogon**
True(enabled); False(Disabled state) | Triggers a global publishing refresh on logon. ( Boolean) | False |
-| Set-AppvPublishingServer
**-GlobalRefreshInterval**
Integer (0-744) | Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0. | 0 |
-| Set-AppvPublishingServer
**-GlobalRefreshIntervalUnit**
0 for hour, 1 for day | Specifies the interval unit (Hour 0-23, Day 0-31). | 1 |
-| Set-AppvPublishingServer
**-UserRefreshEnabled**
True(enabled); False(Disabled state) | Enables user publishing refresh (Boolean) | False |
-| Set-AppvPublishingServer
**-UserRefreshOnLogon**
True(enabled); False(Disabled state) | Triggers a user publishing refresh onlogon. ( Boolean)Word count (with spaces): 60 | False |
-| Set-AppvPublishingServer
**-UserRefreshInterval**
Word count (with spaces): 85Integer (0-744 Hours) | Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0. | 0 |
-| Set-AppvPublishingServer
**-UserRefreshIntervalUnit**
0 for hour, 1 for day | Specifies the interval unit (Hour 0-23, Day 0-31). | 1 |
-| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-MigrationMode**
True(enabled state); False (disabled state) | Migration mode allows the App-V client to modify shortcuts and FTA’s for packages created using a previous version of App-V. | |
-| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-EnablePackageScripts**
True(enabled); False(Disabled state) | Enables scripts defined in the package manifest of configuration files that should run. | |
-| Set-AppvClientConfiguration
**-RoamingFileExclusions**
String | Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /ROAMINGFILEEXCLUSIONS='desktop;my pictures' | |
-| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-RoamingRegistryExclusions**
String | Specifies the registry paths that do not roam with a user profile. Example usage: /ROAMINGREGISTRYEXCLUSIONS=software\\classes;software\\clients | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-IntegrationRootUser**
String | Specifies the location to create symbolic links associated with the current version of a per-user published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %localappdata%\\Microsoft\\AppV\\Client\\Integration. | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-IntegrationRootGlobal**
String | Specifies the location to create symbolic links associated with the current version of a globally published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %allusersprofile%\\Microsoft\\AppV\\Client\\Integration | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-VirtualizableExtensions**
String | A comma -delineated list of file name extensions that can be used to determine if a locally installed application can be run in the virtual environment. When shortcuts, FTAs, and other extension points are created during publishing, App-V will compare the file name extension to the list if the application that is associated with the extension point is locally installed. If the extension is located, the **RunVirtual** command line parameter will be added, and the application will run virtually. For more information about the **RunVirtual** parameter, see [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](appv-running-locally-installed-applications-inside-a-virtual-environment.md). | Policy value not written |
-| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-ReportingEnabled**
True (enabled); False (Disabled state) | Enables the client to return information to a reporting server. | False |
+| Set-AppvPublishingServer
**-GlobalRefreshEnabled**
True (enabled); False (Disabled state) | Enables global publishing refresh (Boolean) | False |
+| Set-AppvPublishingServer
**-GlobalRefreshOnLogon**
True (enabled); False (Disabled state) | Triggers a global publishing refresh on sign in. (Boolean) | False |
+| Set-AppvPublishingServer
**-GlobalRefreshInterval**
Integer (0–744) | Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, specify 0. | 0 |
+| Set-AppvPublishingServer
**-GlobalRefreshIntervalUnit**
0 for hour, 1 for day | Specifies the interval unit (Hour 0–23, Day 0–31). | 1 |
+| Set-AppvPublishingServer
**-UserRefreshEnabled**
True (enabled); False (Disabled state) | Enables user publishing refresh (Boolean) | False |
+| Set-AppvPublishingServer
**-UserRefreshOnLogon**
True (enabled); False (Disabled state) | Triggers a user publishing refresh on sign in. (Boolean) Word count (with spaces): 60 | False |
+| Set-AppvPublishingServer
**-UserRefreshInterval**
Word count (with spaces): 85
Integer (0–744 Hours) | Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0. | 0 |
+| Set-AppvPublishingServer
**-UserRefreshIntervalUnit**
0 for hour, 1 for day | Specifies the interval unit (Hour 0–23, Day 0–31). | 1 |
+| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-MigrationMode**
True (enabled state); False (Disabled state) | Migration mode allows the App-V client to modify shortcuts and FTA’s for packages created by a previous version of App-V. | |
+| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-EnablePackageScripts**
True (enabled); False (Disabled state) | Enables scripts defined in the package manifest of configuration files that should run. | |
+| Set-AppvClientConfiguration
**-RoamingFileExclusions**
String | Specifies the file paths relative to %userprofile% that do not roam with a user's profile. For example, ```/ROAMINGFILEEXCLUSIONS='desktop;my pictures'``` | |
+| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-RoamingRegistryExclusions**
String | Specifies the registry paths that do not roam with a user profile. For example, ```/ROAMINGREGISTRYEXCLUSIONS=software\\classes;software\\clients``` | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-IntegrationRootUser**
String | Specifies the location to create symbolic links associated with the current version of a per-user published package. All virtual application extensions, such as shortcuts and file type associations, will point to this path. If you don't specify a path, symbolic links will not be used when you publish the package. For example, ```%localappdata%\\Microsoft\\AppV\\Client\\Integration```. | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-IntegrationRootGlobal**
String | Specifies the location to create symbolic links associated with the current version of a globally published package. All virtual application extensions, such as shortcuts and file type associations, will point to this path. If you don't specify a path, symbolic links will not be used when you publish the package. For example, ```%allusersprofile%\\Microsoft\\AppV\\Client\\Integration```. | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-VirtualizableExtensions**
String | A comma-delineated list of file name extensions that can be used to determine if a locally installed application can be run in the virtual environment. When shortcuts, FTAs, and other extension points are created during publishing, App-V will compare the file name extension to the list if the application associated with the extension point is locally installed. If the extension is located, the **RunVirtual** command-line parameter will be added, and the application will run virtually. For more information about the **RunVirtual** parameter, see [Running a locally installed application inside a virtual environment with virtualized applications](appv-running-locally-installed-applications-inside-a-virtual-environment.md). | Policy value not written |
+| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-ReportingEnabled**
True (enabled); False (Disabled state) | Returns information to a reporting server. | False |
| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-ReportingServerURL**
String | Specifies the location on the reporting server where client information is saved. | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-ReportingDataCacheLimit**
Integer \[0-1024\] | Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over. Set between 0 and 1024. | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-ReportingDataCacheLimit**
Integer \[0–1024\] | Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over. Set between 0 and 1024. | Policy value not written (same as Not Configured) |
| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-ReportingDataBlockSize**
Integer \[1024 - Unlimited\] | Specifies the maximum size in bytes to transmit to the server for reporting upload requests. This can help avoid permanent transmission failures when the log has reached a significant size. Set between 1024 and unlimited. | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-ReportingStartTime**
Integer (0 – 23) | Specifies the time to initiate the client to send data to the reporting server. You must specify a valid integer between 0-23 corresponding to the hour of the day. By default the **ReportingStartTime** will start on the current day at 10 P.M.or 22.
**Note** You should configure this setting to a time when computers running the App-V client are least likely to be offline. | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-ReportingStartTime**
Integer (0–23) | Specifies the time to initiate the client to send data to the reporting server. You must specify a valid integer between 0–23 corresponding to the hour of the day. By default the **ReportingStartTime** will start on the current day at 10 P.M.or 22.
**Note** You should configure this setting to a time when computers running the App-V client are least likely to be offline. | Policy value not written (same as Not Configured) |
| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-ReportingInterval**
Integer | Specifies the retry interval that the client will use to resend data to the reporting server. | Policy value not written (same as Not Configured) |
| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-ReportingRandomDelay**
Integer \[0 - ReportingRandomDelay\] | Specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between 0 and **ReportingRandomDelay** and will wait the specified duration before sending data. This can help to prevent collisions on the server. | Policy value not written (same as Not Configured) |
| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-EnableDynamicVirtualization
**1 (Enabled), 0 (Disabled) | Enables supported Shell Extensions, Browser Helper Objects, and Active X controls to be virtualized and run with virtual applications. | |
| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-EnablePublishingRefreshUI**
1 (Enabled), 0 (Disabled) | Enables the publishing refresh progress bar for the computer running the App-V Client. | |
| Sync-AppvPublishingServer
**-HidePublishingRefreshUI**
1 (Enabled), 0 (Disabled) | Hides the publishing refresh progress bar. | |
-| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-ProcessesUsingVirtualComponents**
String | Specifies a list of process paths (that may contain wildcards), which are candidates for using dynamic virtualization (supported shell extensions, browser helper objects, and ActiveX controls). Only processes whose full path matches one of these items can use dynamic virtualization. | Empty string. |
+| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-ProcessesUsingVirtualComponents**
String | Specifies a list of process paths (that may contain wildcards) that are candidates for using dynamic virtualization (such as supported shell extensions, browser helper objects, and ActiveX controls). Only processes whose full path matches one of these items can use dynamic virtualization. | Empty string. |
-## App-V Client Configuration Settings: Registry Keys
+## App-V client configuration settings: registry keys
The following table provides information about App-V client configuration settings that can be configured through the registry:
-| **Setting name**
Type | Registry Key Value | Disabled Policy State Keys and Values |
+| **Setting name**
Type | Registry key value | Disabled policy state keys and values |
|---------------------------|---------------------|---------------------------------------|
| **PackageInstallationRoot**
String | Streaming\\PackageInstallationRoot | Policy value not written (same as Not Configured) |
| **PackageSourceRoot**
String | Streaming\\PackageSourceRoot | Policy value not written (same as Not Configured) |
-| **AllowHighCostLaunch**
True (enabled); False (Disabled state) | Streaming\\AllowHighCostLaunch | 0 |
-| **ReestablishmentRetries**
Integer (0-99) | Streaming\\ReestablishmentRetries | Policy value not written (same as Not Configured) |
-| **ReestablishmentInterval**
Integer (0-3600) | Streaming\\ReestablishmentInterval | Policy value not written (same as Not Configured) |
+| **AllowHighCostLaunch**
True (Enabled); False (Disabled state) | Streaming\\AllowHighCostLaunch | 0 |
+| **ReestablishmentRetries**
Integer (0–99) | Streaming\\ReestablishmentRetries | Policy value not written (same as Not Configured) |
+| **ReestablishmentInterval**
Integer (0–3600) | Streaming\\ReestablishmentInterval | Policy value not written (same as Not Configured) |
| **LocationProvider**
String | Streaming\\LocationProvider | Policy value not written (same as Not Configured) |
| **CertFilterForClientSsl**
String | Streaming\\CertFilterForClientSsl | Policy value not written (same as Not Configured) |
-| **VerifyCertificateRevocationList**
True(enabled); False(Disabled state) | Streaming\\VerifyCertificateRevocationList | 0 |
-| **SharedContentStoreMode**
True(enabled); False(Disabled state) | Streaming\\SharedContentStoreMode | 0 |
+| **VerifyCertificateRevocationList**
True (Enabled); False (Disabled state) | Streaming\\VerifyCertificateRevocationList | 0 |
+| **SharedContentStoreMode**
True (Enabled); False (Disabled state) | Streaming\\SharedContentStoreMode | 0 |
| **Name**
String | Publishing\\Servers{serverId}\\FriendlyName | Policy value not written (same as Not Configured) |
| **URL**
String | Publishing\\Servers{serverId}\\URL | Policy value not written (same as Not Configured) |
-| **GlobalRefreshEnabled**
True(enabled); False(Disabled state) | Publishing\\Servers{serverId}\\GlobalEnabled | False |
-| **GlobalRefreshOnLogon**
True(enabled); False(Disabled state) | Publishing\\Servers{serverId}\\GlobalLogonRefresh | False |
-| **GlobalRefreshInterval**
Integer (0-744) | Publishing\\Servers{serverId}\\GlobalPeriodicRefreshInterval | 0 |
+| **GlobalRefreshEnabled**
True (Enabled); False (Disabled state) | Publishing\\Servers{serverId}\\GlobalEnabled | False |
+| **GlobalRefreshOnLogon**
True (Enabled); False (Disabled state) | Publishing\\Servers{serverId}\\GlobalLogonRefresh | False |
+| **GlobalRefreshInterval**
Integer (0–744) | Publishing\\Servers{serverId}\\GlobalPeriodicRefreshInterval | 0 |
| **GlobalRefreshIntervalUnit**
0 for hour, 1 for day | Publishing\\Servers{serverId}\\GlobalPeriodicRefreshIntervalUnit | 1 |
-| **UserRefreshEnabled**
True(enabled); False(Disabled state) | Publishing\\Servers{serverId}\\UserEnabled | False |
-| **UserRefreshOnLogon**
True(enabled); False(Disabled state) | Publishing\\Servers{serverId}\\UserLogonRefresh | False |
-| **UserRefreshInterval**
Word count (with spaces): 85Integer (0-744 Hours) | Publishing\\Servers{serverId}\\UserPeriodicRefreshInterval | 0 |
+| **UserRefreshEnabled**
True (Enabled); False (Disabled state) | Publishing\\Servers{serverId}\\UserEnabled | False |
+| **UserRefreshOnLogon**
True (Enabled); False (Disabled state) | Publishing\\Servers{serverId}\\UserLogonRefresh | False |
+| **UserRefreshInterval**
Word count (with spaces): 85; Integer (0–744 Hours) | Publishing\\Servers{serverId}\\UserPeriodicRefreshInterval | 0 |
| **UserRefreshIntervalUnit**
0 for hour, 1 for day | Publishing\\Servers{serverId}\\UserPeriodicRefreshIntervalUnit | 1 |
-| **MigrationMode**
True(enabled state); False (disabled state) | Coexistence\\MigrationMode | |
-| **EnablePackageScripts**
True(enabled); False(Disabled state) | \\Scripting\\EnablePackageScripts | |
+| **MigrationMode**
True(Enabled state); False (Disabled state) | Coexistence\\MigrationMode | |
+| **EnablePackageScripts**
True (Enabled); False (Disabled state) | \\Scripting\\EnablePackageScripts | |
| **RoamingFileExclusions**
String | | |
| **RoamingRegistryExclusions**
String | Integration\\RoamingReglstryExclusions | Policy value not written (same as Not Configured) |
| **IntegrationRootUser**
String | Integration\\IntegrationRootUser | Policy value not written (same as Not Configured) |
| **IntegrationRootGlobal**
String | Integration\\IntegrationRootGlobal | Policy value not written (same as Not Configured) |
| **VirtualizableExtensions**
String | Integration\\VirtualizableExtensions | Policy value not written |
-| **ReportingEnabled**
True (enabled); False (Disabled state) | Reporting\\EnableReporting | False |
+| **ReportingEnabled**
True (Enabled); False (Disabled state) | Reporting\\EnableReporting | False |
| **ReportingServerURL**
String | Reporting\\ReportingServer | Policy value not written (same as Not Configured) |
-| **ReportingDataCacheLimit**
Integer \[0-1024\] | Reporting\\DataCacheLimit | Policy value not written (same as Not Configured) |
-| **ReportingDataBlockSize**
Integer \[1024 - Unlimited\] | Reporting\\DataBlockSize | Policy value not written (same as Not Configured) |
-| **ReportingStartTime**
Integer (0 – 23) | Reporting\\ StartTime | Policy value not written (same as Not Configured) |
+| **ReportingDataCacheLimit**
Integer \[0–1024\] | Reporting\\DataCacheLimit | Policy value not written (same as Not Configured) |
+| **ReportingDataBlockSize**
Integer \[1024–Unlimited\] | Reporting\\DataBlockSize | Policy value not written (same as Not Configured) |
+| **ReportingStartTime**
Integer (0–23) | Reporting\\ StartTime | Policy value not written (same as Not Configured) |
| **ReportingInterval**
Integer | Reporting\\RetryInterval | Policy value not written (same as Not Configured) |
| **ReportingRandomDelay**
Integer \[0 - ReportingRandomDelay\] | Reporting\\RandomDelay | Policy value not written (same as Not Configured) |
| **EnableDynamicVirtualization
**1 (Enabled), 0 (Disabled) | HKEY\_LOCAL\_MACHINE\\Software\\Microsoft\\AppV\\Client\\Virtualization | |
@@ -108,9 +106,8 @@ The following table provides information about App-V client configuration settin
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
-[Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)
-
+* [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md b/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md
index a36a845027..58b23dd73f 100644
--- a/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md
@@ -60,7 +60,7 @@ Use the following procedure to configure access to virtualized packages.
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md b/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md
index 8fca1c8678..06b310e729 100644
--- a/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md
+++ b/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md
@@ -57,7 +57,7 @@ For more information, see [How to Manage App-V Packages Running on a Stand-Alone
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md b/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md
index 8d682c7235..dca7131dbf 100644
--- a/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md
+++ b/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md
@@ -59,7 +59,7 @@ For the following procedures the management server was installed on a computer n
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-connect-to-the-management-console.md b/windows/application-management/app-v/appv-connect-to-the-management-console.md
index b4c4203b8f..4da1633e90 100644
--- a/windows/application-management/app-v/appv-connect-to-the-management-console.md
+++ b/windows/application-management/app-v/appv-connect-to-the-management-console.md
@@ -18,13 +18,13 @@ Use the following procedure to connect to the App-V Management Console.
**To connect to the App-V Management Console**
-1. Open Internet Explorer browser and type the address for the App-V Management server. For example, **http://\<_management server name_\>:\<_management service port number_\>/console.html**.
+1. Open Internet Explorer browser and type the address for the App-V Management server. For example, **https://\<_management server name_\>:\<_management service port number_\>/console.html**.
2. To view different sections of the console, click the desired section in the navigation pane.
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-connection-group-file.md b/windows/application-management/app-v/appv-connection-group-file.md
index 89b2c9530c..2c0d1e7208 100644
--- a/windows/application-management/app-v/appv-connection-group-file.md
+++ b/windows/application-management/app-v/appv-connection-group-file.md
@@ -83,7 +83,7 @@ The following table describes the parameters in the XML file that define the con
xmlns="http://schemas.microsoft.com/appv/2014/virtualapplicationconnectiongroup"xmlns="https://schemas.microsoft.com/appv/2014/virtualapplicationconnectiongroup"
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-connection-group-virtual-environment.md b/windows/application-management/app-v/appv-connection-group-virtual-environment.md
index 6bd7e8257a..6ba91b41f8 100644
--- a/windows/application-management/app-v/appv-connection-group-virtual-environment.md
+++ b/windows/application-management/app-v/appv-connection-group-virtual-environment.md
@@ -95,7 +95,7 @@ In the example above, when a virtualized application tries to find a specific fi
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md b/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
index c7589228fa..83cff76b90 100644
--- a/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
+++ b/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
@@ -58,7 +58,7 @@ When you convert packages from App-V 4.6 to App-V for Windows 10, the App-V for
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md b/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
index 418919b1b2..5a13170e82 100644
--- a/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
+++ b/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
@@ -79,7 +79,7 @@ You can create user-entitled connection groups that contain both user-published
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-create-a-connection-group.md b/windows/application-management/app-v/appv-create-a-connection-group.md
index 321421cdcd..144900c14b 100644
--- a/windows/application-management/app-v/appv-create-a-connection-group.md
+++ b/windows/application-management/app-v/appv-create-a-connection-group.md
@@ -42,7 +42,7 @@ When you place packages in a connection group, their package root paths are merg
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md b/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md
index afc4033cc9..3aea6099e5 100644
--- a/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md
@@ -34,7 +34,7 @@ Use the following procedure to create a Dynamic User Configuration file by using
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
index 8c79e0bc1a..5d001bf498 100644
--- a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
+++ b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
@@ -43,7 +43,7 @@ App-V package accelerators automatically sequence large, complex applications. A
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator.md b/windows/application-management/app-v/appv-create-a-package-accelerator.md
index b6b8930c2d..b62f27281a 100644
--- a/windows/application-management/app-v/appv-create-a-package-accelerator.md
+++ b/windows/application-management/app-v/appv-create-a-package-accelerator.md
@@ -70,7 +70,7 @@ Use the following procedure to create a package accelerator.
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md b/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
index eb25257a00..d816a91315 100644
--- a/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
+++ b/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
@@ -72,7 +72,7 @@ Use the following procedure to create a virtual application package with the App
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-create-and-use-a-project-template.md b/windows/application-management/app-v/appv-create-and-use-a-project-template.md
index 26367d8ffd..383572f210 100644
--- a/windows/application-management/app-v/appv-create-and-use-a-project-template.md
+++ b/windows/application-management/app-v/appv-create-and-use-a-project-template.md
@@ -62,4 +62,4 @@ After creating the template, you can apply it to all of your new virtual app pac
- [Manually sequence a new app using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-sequence-a-new-application.md)
**Have a suggestion for App-V?**
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
index d076323495..92958f3b25 100644
--- a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
+++ b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
@@ -6,140 +6,87 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
-
# Creating and Managing App-V Virtualized Applications
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
After you have properly deployed the Microsoft Application Virtualization (App-V) sequencer, you can use it to monitor and record the installation and setup process for an application to be run as a virtualized application.
-**Note**
-For more information about configuring the App-V sequencer, sequencing best practices, and an example of creating and updating a virtual application, see the [Microsoft Application Virtualization 5.0 Sequencing Guide](http://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx).
+For more information about configuring the App-V sequencer, sequencing best practices, and an example of creating and updating a virtual application, see the [Microsoft Application Virtualization 5.0 Sequencing Guide](
-
+|Handler|Description|
+|---|---|
+|Context menu handler|Adds menu items to the context menu. It's called before the context menu is displayed.|
+|Drag-and-drop handler|Controls the action where right-click, drag and drop, and modifies the context menu that appears.|
+|Drop target handler|Controls the action after a data object is dragged and dropped over a drop target such as a file.|
+|Data object handler|Controls the action after a file is copied to the clipboard or dragged and dropped over a drop target. It can provide additional clipboard formats to the drop target.|
+|Property sheet handler|Replaces or adds pages to the property sheet dialog box of an object.|
+|Infotip handler|Allows retrieving flags and infotip information for an item and displaying it inside a pop-up tooltip upon mouse hover.|
+|Column handler|Allows creating and displaying custom columns in **Windows Explorer Details view**. It can be used to extend sorting and grouping.|
+|Preview handler|Enables a preview of a file to be displayed in the Windows Explorer Preview pane.|
## Copy on Write (CoW) file extension support
@@ -147,50 +94,46 @@ Copy on write (CoW) file extensions allow App-V to dynamically write to specific
The following table displays the file types that can exist in a virtual package under the VFS directory, but cannot be updated on the computer running the App-V client. All other files and directories can be modified.
-| File Type | | | | | |
-|------------ |------------- |------------- |------------ |------------ |------------ |
-| .acm | .asa | .asp | .aspx | .ax | .bat |
-| .cer | .chm | .clb | .cmd | .cnt | .cnv |
-| .com | .cpl | .cpx | .crt | .dll | .drv |
-| .esc | .exe | .fon | .grp | .hlp | .hta |
-| .ime | .inf | .ins | .isp | .its | .js |
-| .jse | .lnk | .msc | .msi | .msp | .mst |
-| .mui | .nls | .ocx | .pal | .pcd | .pif |
-| .reg | .scf | .scr | .sct | .shb | .shs |
-| .sys | .tlb | .tsp | .url | .vb | .vbe |
-| .vbs | .vsmacros | .ws | .wsf | .wsh | |
-
+| File Type||||||
+|---|---|---|---|---|---|
+| .acm | .asa | .asp | .aspx | .ax | .bat |
+| .cer | .chm | .clb | .cmd | .cnt | .cnv |
+| .com | .cpl | .cpx | .crt | .dll | .drv |
+| .esc | .exe | .fon | .grp | .hlp | .hta |
+| .ime | .inf | .ins | .isp | .its | .js |
+| .jse | .lnk | .msc | .msi | .msp | .mst |
+| .mui | .nls | .ocx | .pal | .pcd | .pif |
+| .reg | .scf | .scr | .sct | .shb | .shs |
+| .sys | .tlb | .tsp | .url | .vb | .vbe |
+| .vbs | .vsmacros | .ws | .wsf | .wsh | |
## Modifying an existing virtual application package
-
You can use the sequencer to modify an existing package. The computer on which you do this should match the chip architecture of the computer you used to create the application. For example, if you initially sequenced a package using a computer running a 64-bit operating system, you should modify the package using a computer running a 64-bit operating system.
-[How to Modify an Existing Virtual Application Package](appv-modify-an-existing-virtual-application-package.md)
+For more information, see [How to Modify an Existing Virtual Application Package](appv-modify-an-existing-virtual-application-package.md).
## Creating a project template
+
An App-V project template (.appvt) file is a project template that can be used to save commonly applied, customized settings. You can then more easily use these settings for future sequencings. App-V project templates differ from App-V Application Accelerators because App-V Application Accelerators are application-specific, and App-V project templates can be applied to multiple applications. Additionally, you cannot use a project template when you use a Package Accelerator to create a virtual application package. The following general settings are saved with an App-V project template:
A template can specify and store multiple settings as follows:
-- **Advanced Monitoring Options**. Enables Microsoft Update to run during monitoring. Saves allow local interaction option settings
+- **Advanced Monitoring Options**. Enables Microsoft Update to run during monitoring. Saves allow local interaction option settings
+- **General Options**. Enables the use of **Windows Installer**, **Append Package Version to Filename**.
+- **Exclusion Items.** Contains the Exclusion pattern list.
-- **General Options**. Enables the use of **Windows Installer**, **Append Package Version to Filename**.
-
-- **Exclusion Items.** Contains the Exclusion pattern list.
-
-In Windows 10, version 1703, running the new-appvsequencerpackage or the update-appvsequencepackage cmdlets automatically captures and stores all of your customizations as an App-V project template. If you want to make changes to this package later, your customizations are automatically loaded from this template file.
+In Windows 10, version 1703, running the **new-appvsequencerpackage** or **update-appvsequencepackage** cmdlets automatically captures and stores all of your customizations as an App-V project template. If you want to make changes to this package later, your customizations are automatically loaded from this template file.
>[!IMPORTANT]
->If you have an auto-saved template and you attempt to load another template through the _TemplateFilePath_ parameter, the customization value from the parameter will override the auto-saved template.
-
-[How to Create and Use a Project Template](appv-create-and-use-a-project-template.md)
+>If you attempt to load another template through the *_TemplateFilePath_* parameter while already having an auto-saved template, the customization value from the parameter will override the auto-saved template.
+For more information, see [How to Create and Use a Project Template](appv-create-and-use-a-project-template.md).
## Creating a package accelerator
-**Note**
-Package accelerators created using a previous version of App-V must be recreated using App-V.
+>[!NOTE]
+>Package accelerators created using a previous version of App-V must be recreated using App-V.
You can use App-V package accelerators to automatically generate a new virtual application packages. After you have successfully created a package accelerator, you can reuse and share the package accelerator.
@@ -198,21 +141,21 @@ In some situations, to create the package accelerator, you might have to install
After you have successfully created a Package Accelerator, you can reuse and share the Package Accelerator. Creating App-V Package Accelerators is an advanced task. Package Accelerators can contain password and user-specific information. Therefore you must save Package Accelerators and the associated installation media in a secure location, and you should digitally sign the Package Accelerator after you create it so that the publisher can be verified when the App-V Package Accelerator is applied.
-[How to Create a Package Accelerator](appv-create-a-package-accelerator.md)
+For more information, see the following articles:
-[How to Create a Virtual Application Package Using an App-V Package Accelerator](appv-create-a-virtual-application-package-package-accelerator.md)
+- [How to Create a Package Accelerator](appv-create-a-package-accelerator.md)
+- [How to Create a Virtual Application Package Using an App-V Package Accelerator](appv-create-a-virtual-application-package-package-accelerator.md)
## Sequencer error reporting
-
The App-V Sequencer can detect common sequencing issues during sequencing. The **Installation Report** page at the end of the sequencing wizard displays diagnostic messages categorized into **Errors**, **Warnings**, and **Info** depending on the severity of the issue.
You can also find additional information about sequencing errors using the Windows Event Viewer.
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
-
-
-
-Handler
-Description
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
-- [Operations for App-V](appv-operations.md)
+- [Operations for App-V](appv-operations.md)
diff --git a/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md b/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md
index 77ec4edbc2..9a7fd827bf 100644
--- a/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md
@@ -33,7 +33,7 @@ Use the following procedure to customize the virtual application extensions for
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-delete-a-connection-group.md b/windows/application-management/app-v/appv-delete-a-connection-group.md
index 176253c332..b6e27aece2 100644
--- a/windows/application-management/app-v/appv-delete-a-connection-group.md
+++ b/windows/application-management/app-v/appv-delete-a-connection-group.md
@@ -25,7 +25,7 @@ Use the following procedure to delete an existing App-V connection group.
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md b/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md
index b96b43a1ad..0a3464836a 100644
--- a/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md
@@ -25,7 +25,7 @@ Use the following procedure to delete an App-V package.
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md b/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md
index eb3c088281..e719ae1710 100644
--- a/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md
+++ b/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md
@@ -6,51 +6,49 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
+# How to deploy the App-V databases by using SQL scripts
-
-# How to Deploy the App-V Databases by Using SQL Scripts
-
-**Applies to**
-- Windows Server 2016
+>Applies to: Windows Server 2016
Use the following instructions to use SQL scripts, rather than the Windows Installer, to:
-- Install the App-V databases
+* Install the App-V databases
+* Upgrade the App-V databases to a later version
-- Upgrade the App-V databases to a later version
-
->**Note**
-> If you have already deployed an App-V 5.0 SP3 database or later, the SQL scripts are not required to upgrade to App-V for Windows.
+>[!NOTE]
+>If you have already deployed an App-V 5.0 SP3 database or later, the SQL scripts are not required to upgrade to App-V for Windows.
## How to install the App-V databases by using SQL scripts
-1. Before you install the database scripts, review and keep a copy of the App-V license terms. By running the database scripts, you are agreeing to the license terms. If you do not accept them, you should not use this software.
+1. Before you install the database scripts, review and keep a copy of the App-V license terms. By running the database scripts, you are agreeing to the license terms. If you do not accept them, you should not use this software.
-2. Copy the **appv\_server\_setup.exe** from the App-V release media to a temporary location.
+2. Copy **appv\_server\_setup.exe** from the App-V release media to a temporary location.
-3. From a command prompt, run **appv\_server\_setup.exe** and specify a temporary location for extracting the database scripts.
+3. From a command prompt, run **appv\_server\_setup.exe** and specify a temporary location for extracting the database scripts.
- Example: appv\_server\_setup.exe /layout c:\\_
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
-- [Deploying the App-V Server](appv-deploying-the-appv-server.md)
-- [How to Deploy the App-V Server](appv-deploy-the-appv-server.md)
+* [Deploying the App-V Server](appv-deploying-the-appv-server.md)
+* [How to deploy the App-V Server](appv-deploy-the-appv-server.md)
diff --git a/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
index 0710d7ff57..439a1617b9 100644
--- a/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
@@ -38,7 +38,7 @@ Use one of the following methods to publish packages to App-V client computers w
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md b/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md
index 1c7db8783f..7dbb8d0e48 100644
--- a/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md
+++ b/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md
@@ -6,335 +6,413 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
+# How to deploy the App-V server using a script
+>Applies to: Windows Server 2016
-# How to Deploy the App-V Server Using a Script
+In order to complete the **appv_server_setup.exe** server setup successfully using the command line, you must specify and combine multiple parameters.
-**Applies to**
-- Windows Server 2016
-
-In order to complete the **appv\_server\_setup.exe** Server setup successfully using the command line, you must specify and combine multiple parameters.
-
-**To install the App-V server using a script**
+## To install the App-V server using a script
Use the following lists and tables for more information about installing the App-V server using the command line.
-> **Note** The information in the following lists and tables can also be accessed using the command line by typing the following command: **appv\_server\_setup.exe /?**.
+The information in the following lists and tables can also be accessed through the command line by entering the following command: ```appv\_server\_setup.exe /?```.
-## How to use common parameters
+## How to use common parameters to install the Management server and Management database on a local machine
-## To install the Management server and Management database on a local machine
+The following examples will show you how to install the Management server and database on a local machine.
-**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+### Parameters for a default instance of Microsoft SQL Server for a new installation on a local machine
-- /MANAGEMENT_SERVER
-- /MANAGEMENT_ADMINACCOUNT
-- /MANAGEMENT_WEBSITE_NAME
-- /MANAGEMENT_WEBSITE_PORT
-- /DB_PREDEPLOY_MANAGEMENT
-- /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
-- /MANAGEMENT_DB_NAME
+To use the default instance of Microsoft SQL Server, use the following parameters:
-**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use the following parameters:
+* */MANAGEMENT_SERVER*
+* */MANAGEMENT_ADMINACCOUNT*
+* */MANAGEMENT_WEBSITE_NAME*
+* */MANAGEMENT_WEBSITE_PORT*
+* */DB_PREDEPLOY_MANAGEMENT*
+* */MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT*
+* */MANAGEMENT_DB_NAME*
-- /MANAGEMENT_SERVER
-- /MANAGEMENT_ADMINACCOUNT
-- /MANAGEMENT_WEBSITE_NAME
-- /MANAGEMENT_WEBSITE_PORT
-- /DB_PREDEPLOY_MANAGEMENT
-- /MANAGEMENT_DB_CUSTOM_SQLINSTANCE
-- /MANAGEMENT_DB_NAME
+### Parameters for a custom instance of Microsoft SQL Server for a new installation on a local machine
-### Example for using a custom instance of Microsoft SQL Server:
+To use a custom instance of Microsoft SQL Server, use the following parameters:
-/appv_server_setup.exe /QUIET
-/MANAGEMENT_SERVER
-/MANAGEMENT_ADMINACCOUNT="Domain\AdminGroup"
-/MANAGEMENT_WEBSITE_NAME="Microsoft AppV Management Service"
-/MANAGEMENT_WEBSITE_PORT="8080"
-/DB_PREDEPLOY_MANAGEMENT
-/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
+* */MANAGEMENT_SERVER*
+* */MANAGEMENT_ADMINACCOUNT*
+* */MANAGEMENT_WEBSITE_NAME*
+* */MANAGEMENT_WEBSITE_PORT*
+* */DB_PREDEPLOY_MANAGEMENT*
+* */MANAGEMENT_DB_CUSTOM_SQLINSTANCE*
+* */MANAGEMENT_DB_NAME*
+
+### Example parameters for using a custom instance of Microsoft SQL Server for a new installation on a local machine
+
+```SQL
+/appv_server_setup.exe /QUIET
+/MANAGEMENT_SERVER
+/MANAGEMENT_ADMINACCOUNT="Domain\AdminGroup"
+/MANAGEMENT_WEBSITE_NAME="Microsoft AppV Management Service"
+/MANAGEMENT_WEBSITE_PORT="8080"
+/DB_PREDEPLOY_MANAGEMENT
+/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
/MANAGEMENT_DB_NAME="AppVManagement"
+```
-## To install the Management server using an existing Management database on a local machine
+## How to use common parameters to install the Management server using an existing Management database on a local machine
-**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+The following examples will show you how to install the Management server on a local machine with an existing Management database.
-- /MANAGEMENT_SERVER
-- /MANAGEMENT_ADMINACCOUNT
-- /MANAGEMENT_WEBSITE_NAME
-- /MANAGEMENT_WEBSITE_PORT
-- /EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL
-- /EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
-- /EXISTING_MANAGEMENT_DB_NAME
+### Default instance of Microsoft SQL Server for installation with an existing Management database on a local machine
-**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+To use the default instance of Microsoft SQL Server, use the following parameters:
-- /MANAGEMENT_SERVER
-- /MANAGEMENT_ADMINACCOUNT
-- /MANAGEMENT_WEBSITE_NAME
-- /MANAGEMENT_WEBSITE_PORT
-- /EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL
-- /EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE
-- /EXISTING_MANAGEMENT_DB_NAME
+* */MANAGEMENT_SERVER*
+* */MANAGEMENT_ADMINACCOUNT*
+* */MANAGEMENT_WEBSITE_NAME*
+* */MANAGEMENT_WEBSITE_PORT*
+* */EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL*
+* */EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT*
+* */EXISTING_MANAGEMENT_DB_NAME*
-### Example for using a custom instance of Microsoft SQL Server:
+### Custom instance of Microsoft SQL Server for installation with an existing Management database on a local machine
-/appv_server_setup.exe /QUIET
-/MANAGEMENT_SERVER
-/MANAGEMENT_ADMINACCOUNT="Domain\AdminGroup"
-/MANAGEMENT_WEBSITE_NAME="Microsoft AppV Management Service"
-/MANAGEMENT_WEBSITE_PORT="8080"
-/EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL
-/EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE ="SqlInstanceName"
+To use a custom instance of Microsoft SQL Server, use these parameters:
+
+* */MANAGEMENT_SERVER*
+* */MANAGEMENT_ADMINACCOUNT*
+* */MANAGEMENT_WEBSITE_NAME*
+* */MANAGEMENT_WEBSITE_PORT*
+* */EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL*
+* */EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE*
+* */EXISTING_MANAGEMENT_DB_NAME*
+
+### Example parameters for using a custom instance of Microsoft SQL Server for installation with an existing Management database on a local machine
+
+```SQL
+/appv_server_setup.exe /QUIET
+/MANAGEMENT_SERVER
+/MANAGEMENT_ADMINACCOUNT="Domain\AdminGroup"
+/MANAGEMENT_WEBSITE_NAME="Microsoft AppV Management Service"
+/MANAGEMENT_WEBSITE_PORT="8080"
+/EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL
+/EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE ="SqlInstanceName"
/EXISTING_MANAGEMENT_DB_NAME ="AppVManagement"
+```
-## To install the Management server using an existing Management database on a remote machine
+## How to install the Management server with an existing Management database on a remote machine
-**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+### Default instance of Microsoft SQL Server with an existing Management database on a remote machine
-- /MANAGEMENT_SERVER
-- /MANAGEMENT_ADMINACCOUNT
-- /MANAGEMENT_WEBSITE_NAME
-- /MANAGEMENT_WEBSITE_PORT
-- /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME
-- /EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
-- /EXISTING_MANAGEMENT_DB_NAME
+To use the default instance of Microsoft SQL Server, use the following parameters:
-**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+* */MANAGEMENT_SERVER*
+* */MANAGEMENT_ADMINACCOUNT*
+* */MANAGEMENT_WEBSITE_NAME*
+* */MANAGEMENT_WEBSITE_PORT*
+* */EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME*
+* */EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT*
+* */EXISTING_MANAGEMENT_DB_NAME*
-- /MANAGEMENT_SERVER
-- /MANAGEMENT_ADMINACCOUNT
-- /MANAGEMENT_WEBSITE_NAME
-- /MANAGEMENT_WEBSITE_PORT
-- /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME
-- /EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE
-- /EXISTING_MANAGEMENT_DB_NAME
+### Custom instance of Microsoft SQL Server with an existing Management database on a remote machine
-### Example for using a custom instance of Microsoft SQL Server:
+To use a custom instance of Microsoft SQL Server, use these parameters:
-/appv_server_setup.exe /QUIET
-/MANAGEMENT_SERVER
-/MANAGEMENT_ADMINACCOUNT="Domain\AdminGroup"
-/MANAGEMENT_WEBSITE_NAME="Microsoft AppV Management Service"
-/MANAGEMENT_WEBSITE_PORT="8080"
-/EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME="SqlServermachine.domainName"
-/EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE ="SqlInstanceName"
+* */MANAGEMENT_SERVER*
+* */MANAGEMENT_ADMINACCOUNT*
+* */MANAGEMENT_WEBSITE_NAME*
+* */MANAGEMENT_WEBSITE_PORT*
+* */EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME*
+* */EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE*
+* */EXISTING_MANAGEMENT_DB_NAME*
+
+### Example for using a custom instance of Microsoft SQL Server with an existing Management database on a remote machine
+
+```SQL
+/appv_server_setup.exe /QUIET
+/MANAGEMENT_SERVER
+/MANAGEMENT_ADMINACCOUNT="Domain\AdminGroup"
+/MANAGEMENT_WEBSITE_NAME="Microsoft AppV Management Service"
+/MANAGEMENT_WEBSITE_PORT="8080"
+/EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME="SqlServermachine.domainName"
+/EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE ="SqlInstanceName"
/EXISTING_MANAGEMENT_DB_NAME ="AppVManagement"
+```
-## To install the Management database and the Management Server on the same computer
+## Installing the Management database and the Management Server on the same computer
-**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+The following examples will show you how to install the Management server and database on the same computer.
-- /DB_PREDEPLOY_MANAGEMENT
-- /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
-- /MANAGEMENT_DB_NAME
-- /MANAGEMENT_SERVER_MACHINE_USE_LOCAL
-- /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT
+### Default instance of Microsoft SQL Server for installation on the same computer
-**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+To use the default instance of Microsoft SQL Server, use these parameters:
-- /DB_PREDEPLOY_MANAGEMENT
-- /MANAGEMENT_DB_CUSTOM_SQLINSTANCE
-- /MANAGEMENT_DB_NAME
-- /MANAGEMENT_SERVER_MACHINE_USE_LOCAL
-- /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT
+* */DB_PREDEPLOY_MANAGEMENT*
+* */MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT*
+* */MANAGEMENT_DB_NAME*
+* */MANAGEMENT_SERVER_MACHINE_USE_LOCAL*
+* */MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT*
-### Example for using a custom instance of Microsoft SQL Server:
+### Custom instance of Microsoft SQL Server for installation on the same computer
-/appv_server_setup.exe /QUIET
-/DB_PREDEPLOY_MANAGEMENT
-/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
-/MANAGEMENT_DB_NAME="AppVManagement"
-/MANAGEMENT_SERVER_MACHINE_USE_LOCAL
+To use a custom instance of Microsoft SQL Server, use these parameters:
+
+* */DB_PREDEPLOY_MANAGEMENT*
+* */MANAGEMENT_DB_CUSTOM_SQLINSTANCE*
+* */MANAGEMENT_DB_NAME*
+* */MANAGEMENT_SERVER_MACHINE_USE_LOCAL*
+* */MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT*
+
+### Example for using a custom instance of Microsoft SQL Server for installation on the same computer
+
+```SQL
+/appv_server_setup.exe /QUIET
+/DB_PREDEPLOY_MANAGEMENT
+/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
+/MANAGEMENT_DB_NAME="AppVManagement"
+/MANAGEMENT_SERVER_MACHINE_USE_LOCAL
/MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT="Domain\InstallAdminAccount"
+```
-## To install the Management database on a different computer than the Management server
+## Installing the Management database on a different computer than the Management server
-**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+The following examples will show you how to install the Management database and server on different computers.
-- /DB_PREDEPLOY_MANAGEMENT
-- /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
-- /MANAGEMENT_DB_NAME
-- /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT
-- /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT
+### Default instance of Microsoft SQL Server for installing the Management database on a different computer than the Management server
-**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+To use the default instance of Microsoft SQL Server, use the following parameters:
-- /DB_PREDEPLOY_MANAGEMENT
-- /MANAGEMENT_DB_CUSTOM_SQLINSTANCE
-- /MANAGEMENT_DB_NAME
-- /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT
-- /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT
+* */DB_PREDEPLOY_MANAGEMENT*
+* */MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT*
+* */MANAGEMENT_DB_NAME*
+* */MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT*
+* */MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT*
-### Example for using a custom instance of Microsoft SQL Server:
+### Custom instance of Microsoft SQL Server for installing the Management database on a different computer than the Management server
-/appv_server_setup.exe /QUIET
-/DB_PREDEPLOY_MANAGEMENT
-/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
-/MANAGEMENT_DB_NAME="AppVManagement"
-/MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT="Domain\MachineAccount"
+To use a custom instance of Microsoft SQL Server, use these parameters:
+
+* */DB_PREDEPLOY_MANAGEMENT*
+* */MANAGEMENT_DB_CUSTOM_SQLINSTANCE*
+* */MANAGEMENT_DB_NAME*
+* */MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT*
+* */MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT*
+
+### Example for using a custom instance of Microsoft SQL Server for installing the Management database on a different computer than the Management server
+
+```SQL
+/appv_server_setup.exe /QUIET
+/DB_PREDEPLOY_MANAGEMENT
+/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
+/MANAGEMENT_DB_NAME="AppVManagement"
+/MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT="Domain\MachineAccount"
/MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT="Domain\InstallAdminAccount"
+```
-## To install the Publishing server
+## Installing the Publishing server
-**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+The following examples will show you how to install the Publishing server.
-- /PUBLISHING_SERVER
-- /PUBLISHING_MGT_SERVER
-- /PUBLISHING_WEBSITE_NAME
-- /PUBLISHING_WEBSITE_PORT
+### Default instance of Microsoft SQL Server for installing the Publishing server
-### Example
+To use the default instance of Microsoft SQL Server, use the following parameters:
-/appv_server_setup.exe /QUIET
-/PUBLISHING_SERVER
-/PUBLISHING_MGT_SERVER="http://ManagementServerName:ManagementPort"
-/PUBLISHING_WEBSITE_NAME="Microsoft AppV Publishing Service"
+* */PUBLISHING_SERVER*
+* */PUBLISHING_MGT_SERVER*
+* */PUBLISHING_WEBSITE_NAME*
+* */PUBLISHING_WEBSITE_PORT*
+
+### Example for installing the Publishing server
+
+```SQL
+/appv_server_setup.exe /QUIET
+/PUBLISHING_SERVER
+/PUBLISHING_MGT_SERVER="http://ManagementServerName:ManagementPort"
+/PUBLISHING_WEBSITE_NAME="Microsoft AppV Publishing Service"
/PUBLISHING_WEBSITE_PORT="8081"
+```
-## To install the Reporting server and Reporting database on a local machine
+## Installing the Reporting server and Reporting database on a local machine
-**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+The following examples will show you how to install the Reporting server and database on a local machine.
-- /REPORTING _SERVER
-- /REPORTING _WEBSITE_NAME
-- /REPORTING _WEBSITE_PORT
-- /DB_PREDEPLOY_REPORTING
-- /REPORTING _DB_SQLINSTANCE_USE_DEFAULT
-- /REPORTING _DB_NAME
+### Default instance of Microsoft SQL Server for installing the Reporting server and Reporting database on a local machine
-**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+To use the default instance of Microsoft SQL Server, use the following parameters:
-- /REPORTING _SERVER
-- /REPORTING _ADMINACCOUNT
-- /REPORTING _WEBSITE_NAME
-- /REPORTING _WEBSITE_PORT
-- /DB_PREDEPLOY_REPORTING
-- /REPORTING _DB_CUSTOM_SQLINSTANCE
-- /REPORTING _DB_NAME
+* */REPORTING_SERVER*
+* */REPORTING_WEBSITE_NAME*
+* */REPORTING_WEBSITE_PORT*
+* */DB_PREDEPLOY_REPORTING*
+* */REPORTING_DB_SQLINSTANCE_USE_DEFAULT*
+* */REPORTING_DB_NAME*
-### Example for using a custom instance of Microsoft SQL Server:
+### Custom instance of Microsoft SQL Server for installing the Reporting server and Reporting database on a local machine
-/appv_server_setup.exe /QUIET
-/REPORTING_SERVER
-/REPORTING_WEBSITE_NAME="Microsoft AppV Reporting Service"
-/REPORTING_WEBSITE_PORT="8082"
-/DB_PREDEPLOY_REPORTING
-/REPORTING_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
+To use a custom instance of Microsoft SQL Server, use these parameters:
+
+* */REPORTING_SERVER*
+* */REPORTING_ADMINACCOUNT*
+* */REPORTING_WEBSITE_NAME*
+* */REPORTING_WEBSITE_PORT*
+* */DB_PREDEPLOY_REPORTING*
+* */REPORTING_DB_CUSTOM_SQLINSTANCE*
+* */REPORTING_DB_NAME*
+
+### Example for using a custom instance of Microsoft SQL Server for installing the Reporting server and Reporting database on a local machine
+
+```SQL
+/appv_server_setup.exe /QUIET
+/REPORTING_SERVER
+/REPORTING_WEBSITE_NAME="Microsoft AppV Reporting Service"
+/REPORTING_WEBSITE_PORT="8082"
+/DB_PREDEPLOY_REPORTING
+/REPORTING_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
/REPORTING_DB_NAME="AppVReporting"
+```
-## To install the Reporting server using an existing Reporting database on a local machine
+## Installing the Reporting server using an existing Reporting database on a local machine
-**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+The following examples will show you how to install the reporting machine on a local machine with an existing Reporting database.
-- /REPORTING _SERVER
-- /REPORTING _WEBSITE_NAME
-- /REPORTING _WEBSITE_PORT
-- /EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL
-- /EXISTING_REPORTING_DB_SQLINSTANCE_USE_DEFAULT
-- /EXISTING_REPORTING_DB_NAME
+### Default instance of Microsoft SQL Server for installing the Reporting server using an existing Reporting database on a local machine
-**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+To use the default instance of Microsoft SQL Server, use the following parameters:
-- /REPORTING _SERVER
-- /REPORTING _ADMINACCOUNT
-- /REPORTING _WEBSITE_NAME
-- /REPORTING _WEBSITE_PORT
-- /EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL
-- /EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE
-- /EXISTING_REPORTING _DB_NAME
+* */REPORTING_SERVER*
+* */REPORTING_WEBSITE_NAME*
+* */REPORTING_WEBSITE_PORT*
+* */EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL*
+* */EXISTING_REPORTING_DB_SQLINSTANCE_USE_DEFAULT*
+* */EXISTING_REPORTING_DB_NAME*
-### Example for using a custom instance of Microsoft SQL Server:
+### Custom instance of Microsoft SQL Server for installing the Reporting server using an existing Reporting database on a local machine
-/appv_server_setup.exe /QUIET
-/REPORTING_SERVER
-/REPORTING_WEBSITE_NAME="Microsoft AppV Reporting Service"
-/REPORTING_WEBSITE_PORT="8082"
-/EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL
-/EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
+To use a custom instance of Microsoft SQL Server, use these parameters:
+
+* */REPORTING_SERVER*
+* */REPORTING_ADMINACCOUNT*
+* */REPORTING_WEBSITE_NAME*
+* */REPORTING_WEBSITE_PORT*
+* */EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL*
+* */EXISTING_REPORTING_DB_CUSTOM_SQLINSTANCE*
+* */EXISTING_REPORTING_DB_NAME*
+
+### Example for using a custom instance of Microsoft SQL Server for installing the Reporting server using an existing Reporting database on a local machine
+
+```SQL
+/appv_server_setup.exe /QUIET
+/REPORTING_SERVER
+/REPORTING_WEBSITE_NAME="Microsoft AppV Reporting Service"
+/REPORTING_WEBSITE_PORT="8082"
+/EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL
+/EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
/EXITING_REPORTING_DB_NAME="AppVReporting"
+```
-## To install the Reporting server using an existing Reporting database on a remote machine
+## Installing the Reporting server using an existing Reporting database on a remote machine
-**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+The following examples will show you how to install the Reporting server and on a remote machine with an existing database.
-- /REPORTING _SERVER
-- /REPORTING _WEBSITE_NAME
-- /REPORTING _WEBSITE_PORT
-- /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME
-- /EXISTING_REPORTING _DB_SQLINSTANCE_USE_DEFAULT
-- /EXISTING_REPORTING _DB_NAME
-
-**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+### Default instance of Microsoft SQL Server for installing the Reporting server using an existing Reporting database on a remote machine
-- /REPORTING _SERVER
-- /REPORTING _ADMINACCOUNT
-- /REPORTING _WEBSITE_NAME
-- /REPORTING _WEBSITE_PORT
-- /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME
-- /EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE
-- /EXISTING_REPORTING _DB_NAME
+To use the default instance of Microsoft SQL Server, use the following parameters:
-### Example for using a custom instance of Microsoft SQL Server:
+* */REPORTING_SERVER*
+* */REPORTING_WEBSITE_NAME*
+* */REPORTING_WEBSITE_PORT*
+* */EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME*
+* */EXISTING_REPORTING_DB_SQLINSTANCE_USE_DEFAULT*
+* */EXISTING_REPORTING_DB_NAME*
-/appv_server_setup.exe /QUIET
-/REPORTING_SERVER
-/REPORTING_WEBSITE_NAME="Microsoft AppV Reporting Service"
-/REPORTING_WEBSITE_PORT="8082"
-/EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME="SqlServerMachine.DomainName"
-/EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
+### Custom instance of Microsoft SQL Server for installing the Reporting server using an existing Reporting database on a remote machine
+
+To use a custom instance of Microsoft SQL Server, use these parameters:
+
+* */REPORTING_SERVER*
+* */REPORTING_ADMINACCOUNT*
+* */REPORTING_WEBSITE_NAME*
+* */REPORTING_WEBSITE_PORT*
+* */EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME*
+* */EXISTING_REPORTING_DB_CUSTOM_SQLINSTANCE*
+* */EXISTING_REPORTING_DB_NAME*
+
+### Example using a custom instance of Microsoft SQL Server for installing the Reporting server using an existing Reporting database on a remote machine
+
+```SQL
+/appv_server_setup.exe /QUIET
+/REPORTING_SERVER
+/REPORTING_WEBSITE_NAME="Microsoft AppV Reporting Service"
+/REPORTING_WEBSITE_PORT="8082"
+/EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME="SqlServerMachine.DomainName"
+/EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
/EXITING_REPORTING_DB_NAME="AppVReporting"
+```
-## To install the Reporting database on the same computer as the Reporting server
+## Installing the Reporting database on the same computer as the Reporting server
-**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+The following examples will show you how to install the Reporting database and server on the same computer.
-- /DB_PREDEPLOY_REPORTING
-- /REPORTING_DB_SQLINSTANCE_USE_DEFAULT
-- /REPORTING_DB_NAME
-- /REPORTING_SERVER_MACHINE_USE_LOCAL
-- /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT
+### Default instance of Microsoft SQL Server for installing the Reporting database on the same computer as the Reporting server
-**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+To use the default instance of Microsoft SQL Server, use the following parameters:
-- /DB_PREDEPLOY_REPORTING
-- /REPORTING _DB_CUSTOM_SQLINSTANCE
-- /REPORTING _DB_NAME
-- /REPORTING_SERVER_MACHINE_USE_LOCAL
-- /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT
+* */DB_PREDEPLOY_REPORTING*
+* */REPORTING_DB_SQLINSTANCE_USE_DEFAULT*
+* */REPORTING_DB_NAME*
+* */REPORTING_SERVER_MACHINE_USE_LOCAL*
+* */REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT*
-### Example for using a custom instance of Microsoft SQL Server:
+### Custom instance of Microsoft SQL Server for installing the Reporting database on the same computer as the Reporting server
-/appv_server_setup.exe /QUIET
-/DB_PREDEPLOY_REPORTING
-/REPORTING_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
-/REPORTING_DB_NAME="AppVReporting"
-/REPORTING_SERVER_MACHINE_USE_LOCAL
+To use a custom instance of Microsoft SQL Server, use these parameters:
+
+* */DB_PREDEPLOY_REPORTING*
+* */REPORTING_DB_CUSTOM_SQLINSTANCE*
+* */REPORTING_DB_NAME*
+* */REPORTING_SERVER_MACHINE_USE_LOCAL*
+* */REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT*
+
+### Example for using a custom instance of Microsoft SQL Server for installing the Reporting database on the same computer as the Reporting server
+
+```SQL
+/appv_server_setup.exe /QUIET
+/DB_PREDEPLOY_REPORTING
+/REPORTING_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
+/REPORTING_DB_NAME="AppVReporting"
+/REPORTING_SERVER_MACHINE_USE_LOCAL
/REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT="Domain\InstallAdminAccount"
+```
-## To install the Reporting database on a different computer than the Reporting server
+## Installing the Reporting database on a different computer than the Reporting server
-**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+The following examples will show you how to install the Reporting database and server on different computers.
-- /DB_PREDEPLOY_REPORTING
-- /REPORTING _DB_SQLINSTANCE_USE_DEFAULT
-- /REPORTING _DB_NAME
-- /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT
-- /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT
+### Default instance of Microsoft SQL Server for installing the Reporting database on a different computer than the Reporting server
-**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+To use the default instance of Microsoft SQL Server, use the following parameters:
-- /DB_PREDEPLOY_REPORTING
-- /REPORTING _DB_CUSTOM_SQLINSTANCE
-- /REPORTING _DB_NAME
-- /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT
-- /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT
+* */DB_PREDEPLOY_REPORTING*
+* */REPORTING_DB_SQLINSTANCE_USE_DEFAULT*
+* */REPORTING_DB_NAME*
+* */REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT*
+* */REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT*
-### Example for using a custom instance of Microsoft SQL Server:
+### Custom instance of Microsoft SQL Server for installing the Reporting database on a different computer than the Reporting server
+To use a custom instance of Microsoft SQL Server, use these parameters:
+
+* */DB_PREDEPLOY_REPORTING*
+* */REPORTING_DB_CUSTOM_SQLINSTANCE*
+* */REPORTING_DB_NAME*
+* */REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT*
+* */REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT*
+
+### Example for using a custom instance of Microsoft SQL Server for installing the Reporting database on a different computer than the Reporting server
+
+```SQL
Using a custom instance of Microsoft SQL Server example:
/appv_server_setup.exe /QUIET
/DB_PREDEPLOY_REPORTING
@@ -342,105 +420,104 @@ Using a custom instance of Microsoft SQL Server example:
/REPORTING_DB_NAME="AppVReporting"
/REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT="Domain\MachineAccount"
/REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT="Domain\InstallAdminAccount"
+```
## Parameter definitions
-- [General parameters](#parameter-definitions-for-general-parameters)
-- [Management Server installation parameters](#parameter-definitions-for-management-server-installation-parameters)
-- [Management Server Database parameters](#parameter-definitions-for-the-management-server-database)
-- [Publishing Server installation parameters](#parameter-definitions-for-publishing-server-installation-parameters)
-- [Reporting Server parameters](#parameter-definitions-for-reporting-server)
-- [Parameters for using an existing Reporting Server database](#parameters-for-using-an-existing-reporting-server-database)
-- [Reporting Server database installation parameters](#parameter-definitions-for-reporting-server-database-installation)
-- [Parameters for using an existing Management Server database](#parameters-for-using-an-existing-management-server-database)
+* [General parameters](#parameter-definitions-for-general-parameters)
+* [Management Server installation parameters](#parameter-definitions-for-management-server-installation-parameters)
+* [Management Server Database parameters](#parameter-definitions-for-the-management-server-database)
+* [Publishing Server installation parameters](#parameter-definitions-for-publishing-server-installation-parameters)
+* [Reporting Server parameters](#parameter-definitions-for-reporting-server)
+* [Parameters for using an existing Reporting Server database](#parameters-for-using-an-existing-reporting-server-database)
+* [Reporting Server database installation parameters](#parameter-definitions-for-reporting-server-database-installation)
+* [Parameters for using an existing Management Server database](#parameters-for-using-an-existing-management-server-database)
### Parameter definitions for general parameters
| Parameter | Description |
|-----------|-------------|
-| /QUIET | Specifies silent install. |
-| /UNINSTALL | Specifies an uninstall. |
-| /LAYOUT | Specifies layout action. This extracts the MSIs and script files to a folder without actually installing the product. No value is expected. |
-| /LAYOUTDIR | Specifies the layout directory. Takes a string. For example, /LAYOUTDIR="C:\Application Virtualization Server" |
-| /INSTALLDIR | Specifies the installation directory. Takes a string. E.g. /INSTALLDIR="C:\Program Files\Application Virtualization\Server" |
-| /MUOPTIN | Enables Microsoft Update. No value is expected |
-| /ACCEPTEULA | Accepts the license agreement. This is required for an unattended installation. Example usage: **/ACCEPTEULA** or **/ACCEPTEULA=1**. |
+| */QUIET* | Specifies silent install. |
+| */UNINSTALL* | Specifies an uninstall. |
+| */LAYOUT* | Specifies layout action. This extracts the MSIs and script files to a folder without installing the actual product. No value is expected. |
+| */LAYOUTDIR* | Specifies the layout directory with a string. For example, ```/LAYOUTDIR="C:\Application Virtualization Server"```. |
+| */INSTALLDIR* | Specifies the installation directory with a string. For example, ```/INSTALLDIR="C:\Program Files\Application Virtualization\Server"```. |
+| */MUOPTIN* | Enables Microsoft Update. No value is expected. |
+| */ACCEPTEULA* | Accepts the license agreement. This is required for an unattended installation. For example, ```/ACCEPTEULA``` or ```/ACCEPTEULA=1```. |
### Parameter definitions for Management Server installation parameters
| Parameter | Description |
|-----------|-------------|
-| /MANAGEMENT_SERVER | Specifies that the management server will be installed. No value is expected |
-| /MANAGEMENT_ADMINACCOUNT | Specifies the account that will be allowed to Administrator access to the management server This account can be an individual user account or a group. Example usage: **/MANAGEMENT_ADMINACCOUNT="mydomain\admin"**. If **/MANAGEMENT_SERVER** is not specified, this will be ignored. Specifies the account that will be allowed to Administrator access to the management server. This can be a user account or a group. For example, **/MANAGEMENT_ADMINACCOUNT="mydomain\admin"**. |
-| /MANAGEMENT_WEBSITE_NAME | Specifies name of the website that will be created for the management service. For example, /MANAGEMENT_WEBSITE_NAME="Microsoft App-V Management Service" |
-| /MANAGEMENT_WEBSITE_PORT | Specifies the port number that will be used by the management service will use. For example, /MANAGEMENT_WEBSITE_PORT=82. |
+| */MANAGEMENT_SERVER* | Specifies that the management server will be installed. No value is expected. |
+| */MANAGEMENT_ADMINACCOUNT* | Specifies the account that will be allowed administrator access to the management server. This account can be an individual user account or a group. For example, ```/MANAGEMENT_ADMINACCOUNT="mydomain\admin"```. If **/MANAGEMENT_SERVER** isn't specified, this parameter will be ignored.|
+| */MANAGEMENT_WEBSITE_NAME* | Specifies name of the website that will be created for the management service. For example, ```/MANAGEMENT_WEBSITE_NAME="Microsoft App-V Management Service"``` |
+| */MANAGEMENT_WEBSITE_PORT* | Specifies the port number that will be used by the management service will use. For example, ```/MANAGEMENT_WEBSITE_PORT=82```. |
### Parameter definitions for the Management Server Database
| Parameter | Description |
|-----------|-------------|
-| /DB\_PREDEPLOY\_MANAGEMENT | Specifies that the management database will be installed. You must have sufficient database permissions to complete this installation. No value is expected |
-| /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT | Indicates that the default SQL instance should be used. No value is expected. |
-| /MANAGEMENT_DB_CUSTOM_SQLINSTANCE | Specifies the name of the custom SQL instance that should be used to create a new database. Example usage: **/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="MYSQLSERVER"**. If /DB_PREDEPLOY_MANAGEMENT is not specified, this will be ignored. |
-| /MANAGEMENT_DB_NAME | Specifies the name of the new management database that should be created. Example usage: **/MANAGEMENT_DB_NAME="AppVMgmtDB"**. If /DB_PREDEPLOY_MANAGEMENT is not specified, this will be ignored. |
-| /MANAGEMENT_SERVER_MACHINE_USE_LOCAL | Indicates if the management server that will be accessing the database is installed on the local server. Switch parameter so no value is expected. |
-| /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT | Specifies the machine account of the remote machine that the management server will be installed on. Example usage: **/MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT="domain\computername"** |
-| /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT | Indicates the Administrator account that will be used to install the management server. Example usage: **/MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT ="domain\alias"** |
+| */DB\_PREDEPLOY\_MANAGEMENT* | Specifies that the management database will be installed. You must have sufficient database permissions to complete this installation. No value is expected. |
+| */MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT* | Indicates that the default SQL instance should be used. No value is expected. |
+| */MANAGEMENT_DB_CUSTOM_SQLINSTANCE* | Specifies the name of the custom SQL instance that should be used to create a new database. For example, ```/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="MYSQLSERVER"```. If **/DB_PREDEPLOY_MANAGEMENT** isn't specified, this parameter will be ignored. |
+| */MANAGEMENT_DB_NAME* | Specifies the name of the new management database that should be created. For example, ```/MANAGEMENT_DB_NAME="AppVMgmtDB"```. If **/DB_PREDEPLOY_MANAGEMENT** isn't specified, this will be ignored. |
+| */MANAGEMENT_SERVER_MACHINE_USE_LOCAL* | Indicates if the management server that will be accessing the database is installed on the local server. This is a switch parameter, so no value is expected. |
+| */MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT* | Specifies the machine account of the remote machine that the management server will be installed on. For example, ```/MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT="domain\computername"```. |
+| */MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT* | Indicates the Administrator account that will be used to install the management server. For example, ```/MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT ="domain\alias"```. |
### Parameter definitions for Publishing Server installation parameters
| Parameter | Description |
|-----------|-------------|
-| /PUBLISHING_SERVER | Specifies that the Publishing Server will be installed. No value is expected |
-| /PUBLISHING_MGT_SERVER | Specifies the URL to Management Service the Publishing server will connect to. Example usage: **http://<management server name>:<Management server port number>**. If /PUBLISHING_SERVER is not used, this parameter will be ignored |
-| /PUBLISHING_WEBSITE_NAME | Specifies name of the website that will be created for the publishing service. For example, /PUBLISHING_WEBSITE_NAME="Microsoft App-V Publishing Service" |
-| /PUBLISHING_WEBSITE_PORT | Specifies the port number used by the publishing service. For example, /PUBLISHING_WEBSITE_PORT=83 |
+| */PUBLISHING_SERVER* | Specifies that the publishing server will be installed. No value is expected. |
+| */PUBLISHING_MGT_SERVER* | Specifies the URL to Management Service the Publishing server will connect to. For example, ```http://
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
-[Deploying the App-V Server](appv-deploying-the-appv-server.md)
+* [Deploying the App-V Server](appv-deploying-the-appv-server.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-deploy-the-appv-server.md b/windows/application-management/app-v/appv-deploy-the-appv-server.md
index 70121311f4..4ffe1ba432 100644
--- a/windows/application-management/app-v/appv-deploy-the-appv-server.md
+++ b/windows/application-management/app-v/appv-deploy-the-appv-server.md
@@ -6,120 +6,92 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
# How to Deploy the App-V Server (new installation)
-**Applies to**
-- Windows Server 2016
+>Applies to: Windows Server 2016
->**Important**
If you're already using App-V 5.x, you don't need to re-deploy the App-V server components as they haven't changed since App-V 5.0 was released.
+## Before you start
-**Before you start:**
+>[!IMPORTANT]
+>If you're already using App-V 5.x, you don't need to re-deploy the App-V server components as they haven't changed since App-V 5.0 was released.
-- Ensure that you’ve installed required software. See [App-V Prerequisites](appv-prerequisites.md).
+* Ensure that you’ve installed required software. See [App-V prerequisites](appv-prerequisites.md).
+* Review the server section of [App-V security considerations](appv-security-considerations.md).
+* Specify a port where each component will be hosted.
+* Add firewall rules to allow incoming requests to access the specified ports.
+* If you use SQL scripts instead of the Windows Installer to set up the Management database or Reporting database, you must run the required SQL scripts before installing the Management Server or Reporting Server. See [How to deploy the App-V databases by using SQL scripts](appv-deploy-appv-databases-with-sql-scripts.md).
-- Review the server section of [App-V security considerations](appv-security-considerations.md).
+## Installing the App-V server
-- Specify a port where each component will be hosted.
+1. Download the App-V server components. All five App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package, which can be downloaded from either of the following locations:
-- Add firewall rules to allow incoming requests to access the specified ports.
-
-- If you use SQL scripts, instead of the Windows Installer, to set up the Management database or Reporting database, you must run the SQL scripts before installing the Management Server or Reporting Server. See [How to Deploy the App-V Databases by Using SQL Scripts](appv-deploy-appv-databases-with-sql-scripts.md).
-
-**To install the App-V server**
-
-1. Download the App-V server components. All five App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package, which can be downloaded from:
-
- - The [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/en-us/subscriptions/downloads/default.aspx#FileId=65215) You must have a MSDN subscription to download the MDOP ISO package from the MSDN subscriptions site.
-
- - The [Volume Licensing Service Center](https://www.microsoft.com/en-us/licensing/default.aspx) if you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home).
-
-2. Copy the App-V server installation files to the computer on which you want to install it.
-
-3. Start the App-V server installation by right-clicking and running **appv\_server\_setup.exe** as an administrator, and then click **Install**.
-
-4. Review and accept the license terms, and choose whether to enable Microsoft updates.
-
-5. On the **Feature Selection** page, select all of the following components.
+ * The [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/en-us/subscriptions/downloads/default.aspx#FileId=65215). You must have a MSDN subscription to download the MDOP ISO package from this site.
+ * The [Volume Licensing Service Center](https://www.microsoft.com/en-us/licensing/default.aspx) if you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home).
+2. Copy the App-V server installation files to the computer on which you want to install it.
+3. Start the App-V server installation by right-clicking and running **appv\_server\_setup.exe** as an administrator, and then click **Install**.
+4. Review and accept the license terms, and choose whether to enable Microsoft updates.
+5. On the **Feature Selection** page, select all components listed in the following table.
| Component | Description |
- | - | - |
+ |---|---|
| Management server | Provides overall management functionality for the App-V infrastructure. |
| Management database | Facilitates database predeployments for App-V management. |
| Publishing server | Provides hosting and streaming functionality for virtual applications. |
| Reporting server | Provides App-V reporting services. |
| Reporting database | Facilitates database predeployments for App-V reporting. |
-
-6. On the **Installation Location** page, accept the default location where the selected components will be installed, or change the location by typing a new path on the **Installation Location** line.
-
-7. On the initial **Create New Management Database** page, configure the **Microsoft SQL Server instance** and **Management Server database** by selecting the appropriate option below.
+6. On the **Installation Location** page, accept the default location where the selected components will be installed, or change the location by typing a new path on the **Installation Location** line.
+7. On the initial **Create New Management Database** page, configure the **Microsoft SQL Server instance** and **Management Server database** by selecting the appropriate option below.
| Method | What you need to do |
- | - | - |
- | You are using a custom Microsoft SQL Server instance. | Select **Use the custom instance**, and type the name of the instance.
Use the format **INSTANCENAME**. The assumed installation location is the local computer.
Not supported: A server name using the format **ServerName**\\**INSTANCE**.|
+ |---|---|
+ | You are using a custom Microsoft SQL Server instance. | Select **Use the custom instance**, then specify the instance name.
Use the format **INSTANCENAME**. The assumed installation location is the local computer.
Not supported: A server name using the format **ServerName**\\**INSTANCE**.|
| You are using a custom database name. | Select **Custom configuration** and type the database name.
The database name must be unique, or the installation will fail.|
+8. On the **Configure** page, accept the default value, **Use this local computer**.
-8. On the **Configure** page, accept the default value **Use this local computer**.
-
- >**Note** If you are installing the Management server and Management database side by side, some options on this page are not available. In this case, the appropriate options are selected by default and cannot be changed.
-
-9. On the initial **Create New Reporting Database** page, configure the **Microsoft SQL Server instance** and **Reporting Server database** by selecting the appropriate option below.
+ >[!NOTE]
+ >If you're installing the Management server and Management database side-by-side, the appropriate options are selected by default and cannot be changed.
+9. On the initial **Create New Reporting Database** page, configure the **Microsoft SQL Server instance** and **Reporting Server database** by selecting the appropriate option below.
| Method | What you need to do |
- | - | - |
+ |---|---|
| You are using a custom Microsoft SQL Server instance. | Select **Use the custom instance**, and type the name of the instance.
Use the format **INSTANCENAME**. The assumed installation location is the local computer.
Not supported: A server name using the format **ServerName**\\**INSTANCE**.|
| You are using a custom database name. | Select **Custom configuration** and type the database name.
The database name must be unique, or the installation will fail.|
-
-
10. On the **Configure** page, accept the default value: **Use this local computer**.
- >**Note**
- > If you are installing the Management server and Management database side by side, some options on this page are not available. In this case, the appropriate options are selected by default and cannot be changed.
-
-
+ >[!NOTE]
+ >If you're installing the Management server and Management database side-by-side, the appropriate options are selected by default and cannot be changed.
11. On the **Configure** (Management Server Configuration) page, specify the following:
| Item to configure | Description and examples |
- | - | - |
- | Type the AD group with sufficient permissions to manage the App-V environment. | Example: MyDomain\MyUser
After installation, you can add users or groups on the management console. However, global security groups and Active Directory Domain Services (AD DS) distribution groups are not supported. You must use Domain local or Universal groups to perform this action.|
- | **Website name**: Specify the custom name that will be used to run the publishing service.
| If you do not have a custom name, do not make any changes.|
- |**Port binding**: Specify a unique port number that will be used by App-V. | Example: **12345**
Ensure that the port specified is not being used by another website. |
-
+ |---|---|
+ | Specify AD group | Specify the AD group with sufficient permissions to manage the App-V environment. Example: MyDomain\MyUser
After installation, you can add users or groups on the management console. However, global security groups and Active Directory Domain Services (AD DS) distribution groups are not supported. You must use Domain local or Universal groups to perform this action.|
+ |Website name | Specify the custom name that will be used to run the publishing service.
If you do not have a custom name, you don't have to change it.|
+ |Port binding | Specify a unique port number that will be used by App-V. Example: **12345**
Ensure that the port specified is not being used by another website. |
12. On the **Configure Publishing Server Configuration** page, specify the following:
| Item to configure | Description and examples |
- | - | - |
- | Specify the URL for the management service. | Example: http://localhost:12345 |
- | **Website name**: Specify the custom name that will be used to run the publishing service.| If you do not have a custom name, do not make any changes. |
- | **Port binding**: Specify a unique port number that will be used by App-V. | Example: 54321
Ensure that the port specified is not being used by another website. |
-
+ |---|---|
+ | Specify the management service URL | Example: http://localhost:12345 |
+ | Website name | Specify the custom website name that will be used to run the publishing service.
If you do not have a custom name, do not make any changes. |
+ | Port binding | Specify a unique port number that will be used by App-V. Example: 54321
Ensure that the port specified is not being used by another website. |
13. On the **Reporting Server** page, specify the following:
| Item to configure | Description and examples |
- | - | - |
- | **Website name**: Specify the custom name that will be used to run the Reporting Service. | If you do not have a custom name, do not make any changes. |
- | **Port binding**: Specify a unique port number that will be used by App-V. | Example: 55555
Ensure that the port specified is not being used by another website. |
-
+ |---|---|
+ | Website name | Specify the custom name that will be used to run the Reporting Service.
If you do not have a custom name, do not make any changes. |
+ | Port binding | Specify a unique port number that will be used by App-V. Example: 55555
Ensure that the port specified is not being used by another website.|
14. To start the installation, click **Install** on the **Ready** page, and then click **Close** on the **Finished** page.
+15. To verify that the setup completed successfully, open a web browser, and type the following URL with the bracketed variables adjusted according to your specifications in the earlier steps:
-15. To verify that the setup completed successfully, open a web browser, and type the following URL:
+ ```http://
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+ Example: ```http://localhost:12345/console.html```. If the installation succeeded, the App-V Management console will display with no errors.
## Related topics
-- [Deploying App-V](appv-deploying-appv.md)
-
-- [How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](appv-install-the-management-and-reporting-databases-on-separate-computers.md)
-
-- [How to Install the Publishing Server on a Remote Computer](appv-install-the-publishing-server-on-a-remote-computer.md)
-
-- [How to Deploy the App-V Server Using a Script](appv-deploy-the-appv-server-with-a-script.md)
+* [Deploying App-V](appv-deploying-appv.md)
+* [How to install the management and reporting databases on separate computers from the management and reporting services](appv-install-the-management-and-reporting-databases-on-separate-computers.md)
+* [How to install the publishing server on a remote computer](appv-install-the-publishing-server-on-a-remote-computer.md)
+* [How to deploy the App-V server using a script](appv-deploy-the-appv-server-with-a-script.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-deploying-appv.md b/windows/application-management/app-v/appv-deploying-appv.md
index d6d019fcff..1d2034eb89 100644
--- a/windows/application-management/app-v/appv-deploying-appv.md
+++ b/windows/application-management/app-v/appv-deploying-appv.md
@@ -6,52 +6,41 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
# Deploying App-V for Windows 10
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
-App-V supports a number of different deployment options. Review this topic for information about the tasks that you must complete at different stages in your deployment.
+App-V supports several different deployment options. Review this topic for information about the tasks that you must complete at different stages in your deployment.
## App-V Deployment Information
+* [Deploying the App-V Sequencer and configuring the client](appv-deploying-the-appv-sequencer-and-client.md)
-- [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)
+ This section describes how to install the App-V sequencer used to virtualize applications, and how to enable the App-V client that runs on target computers to facilitate virtualized packages.
+* [Deploying the App-V server](appv-deploying-the-appv-server.md)
- This section describes how to install the App-V sequencer, which is used to virtualize applications, and how to enable the App-V client, which runs on target computers to facilitate virtualized packages.
-
-- [Deploying the App-V Server](appv-deploying-the-appv-server.md)
-
- This section provides information about installing the App-V management, publishing, database and reporting severs.
-
-- [App-V Deployment Checklist](appv-deployment-checklist.md)
+ This section provides information about installing the App-V management, publishing, database, and reporting severs.
+* [App-V deployment checklist](appv-deployment-checklist.md)
This section provides a deployment checklist that can be used to assist with installing App-V.
-- [Deploying Microsoft Office 2016 by Using App-V](appv-deploying-microsoft-office-2016-with-appv.md)
-[Deploying Microsoft Office 2013 by Using App-V](appv-deploying-microsoft-office-2013-with-appv.md)
-[Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md)
+The following sections describe how to use App-V to deliver Microsoft Office as a virtualized application to computers in your organization.
- These sections describe how to use App-V to deliver Microsoft Office as a virtualized application to computers in your organization.
+* [Deploying Microsoft Office 2016 by using App-V](appv-deploying-microsoft-office-2016-with-appv.md)
+* [Deploying Microsoft Office 2013 by using App-V](appv-deploying-microsoft-office-2013-with-appv.md)
+* [Deploying Microsoft Office 2010 by using App-V](appv-deploying-microsoft-office-2010-wth-appv.md)
-## Other Resources for Deploying App-V
+## Other App-V deployment resources
-
-- [Application Virtualization (App-V) overview](appv-for-windows.md)
-
-- [Getting Started with App-V](appv-getting-started.md)
-
-- [Planning for App-V](appv-planning-for-appv.md)
-
-- [Operations for App-V](appv-operations.md)
-
-- [Troubleshooting App-V](appv-troubleshooting.md)
-
-- [Technical Reference for App-V](appv-technical-reference.md)
+* [Application Virtualization (App-V) overview](appv-for-windows.md)
+* [Getting started with App-V](appv-getting-started.md)
+* [Planning for App-V](appv-planning-for-appv.md)
+* [Operations for App-V](appv-operations.md)
+* [Troubleshooting App-V](appv-troubleshooting.md)
+* [Technical reference for App-V](appv-technical-reference.md)
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
index 28a866aa22..5d6bd60233 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
@@ -6,291 +6,95 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
-
# Deploying Microsoft Office 2010 by Using App-V
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
You can create Office 2010 packages for Microsoft Application Virtualization (App-V) using one of the following methods:
-- Application Virtualization (App-V) Sequencer
-
-- Application Virtualization (App-V) Package Accelerator
+* Application Virtualization (App-V) Sequencer
+* Application Virtualization (App-V) Package Accelerator
## App-V support for Office 2010
-
The following table shows the App-V versions, methods of Office package creation, supported licensing, and supported deployments for Office 2010.
-
-
-
-
+|Supported item|Support level|
+|---|---|
+|Package creation|- Sequencing
-
-
-
-Supported item
-Level of support
-
-
-
-
-
-
-
-
-
-
- Package Accelerator
- Office Deployment Kit|
+|Supported licensing|Volume Licensing|
+|Supported deployments|- Desktop
- Personal VDI
- RDS|
## Creating Office 2010 App-V using the sequencer
-
-Sequencing Office 2010 is one of the main methods for creating an Office 2010 package on App-V. Microsoft has provided a detailed recipe through a Knowledge Base article. To create an Office 2010 package on App-V, refer to the following link for detailed instructions:
-
-[How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/en-us/kb/2830069)
+Sequencing Office 2010 is one of the main methods for creating an Office 2010 package on App-V. Microsoft has provided a detailed recipe through a Knowledge Base article. For detailed instructions about how to create an Office 2010 package on App-V, see [How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/en-us/kb/2830069).
## Creating Office 2010 App-V packages using package accelerators
+Office 2010 App-V packages can be created through package accelerators. Microsoft has provided package accelerators for creating Office 2010 on Windows 10, Windows 8, and Windows 7. The following pages will show you which package accelerator is best for creating Office 2010 App-V packages on your version of Windows:
-Office 2010 App-V packages can be created through package accelerators. Microsoft has provided package accelerators for creating Office 2010 on Windows 10, Windows 8 and Windows 7. To create Office 2010 packages on App-V using Package accelerators, refer to the following pages to access the appropriate package accelerator:
-
-- [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 8](https://gallery.technet.microsoft.com/App-V-50-Package-a29410db)
-
-- [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 7](https://gallery.technet.microsoft.com/App-V-50-Package-e7ef536b)
+* [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 8](https://gallery.technet.microsoft.com/App-V-50-Package-a29410db)
+* [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 7](https://gallery.technet.microsoft.com/App-V-50-Package-e7ef536b)
For detailed instructions on how to create virtual application packages using App-V package accelerators, see [How to Create a Virtual Application Package Using an App-V Package Accelerator](appv-create-a-virtual-application-package-package-accelerator.md).
## Deploying the Microsoft Office package for App-V
-
You can deploy Office 2010 packages by using any of the following App-V deployment methods:
-- System Center Configuration Manager
-
-- App-V server
-
-- Stand-alone through Windows PowerShell commands
+* System Center Configuration Manager
+* App-V server
+* Stand-alone through Windows PowerShell commands
## Office App-V package management and customization
-
Office 2010 packages can be managed like any other App-V packages through known package management mechanisms. No special instructions are needed, for example, to add, publish, unpublish, or remove Office packages.
## Microsoft Office integration with Windows
-
The following table provides a full list of supported integration points for Office 2010.
-
-
+(POPULATE THE THIRD COLUMN)
-
+|Extension Point|Description|Office 2010|
+|---|---|---|
+|Lync meeting Join Plug-in for Firefox and Chrome|User can join Lync meetings from Firefox and Chrome||
+|Sent to OneNote Print Driver|User can print to OneNote|Yes|
+|OneNote Linked Notes|OneNote Linked Notes||
+|Send to OneNote Internet Explorer Add-In|User can send to OneNote from IE||
+|Firewall Exception for Lync and Outlook|Firewall Exception for Lync and Outlook||
+|MAPI Client|Native apps and add-ins can interact with virtual Outlook through MAPI||
+|SharePoint Plugin for Firefox|User can use SharePoint features in Firefox||
+|Mail Control Panel Applet|User gets the mail control panel applet in Outlook|Yes|
+|Primary Interop Assemblies|Support managed add-ins||
+|Office Document Cache Handler|Allows Document Cache for Office applications||
+|Outlook Protocol Search handler|User can search in Outlook|Yes|
+|Active X Controls:
-
-
-
-Extension Point
-Description
-Office 2010
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Groove.SiteClient
- PortalConnect.PersonalSite
- SharePoint.openDocuments
- SharePoint.ExportDatabase
- SharePoint.SpreadSheetLauncher
- SharePoint.StssyncHander
- SharePoint.DragUploadCtl
- SharePoint.DragDownloadCtl
- Sharpoint.OpenXMLDocuments
- Sharepoint.ClipboardCtl
- WinProj.Activator
- Name.NameCtrl
- STSUPld.CopyCtl
- CommunicatorMeetingJoinAx.JoinManager
- LISTNET.Listnet
- OneDrive Pro Browser Helper|Active X Control.
For more information about ActiveX controls, see the [ActiveX Control API Reference](
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
index dbbd968cfa..7b63794730 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
@@ -6,229 +6,94 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
-
# Deploying Microsoft Office 2013 by Using App-V
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
Use the information in this article to use Application Virtualization (App-V) to deliver Microsoft Office 2013 as a virtualized application to computers in your organization. For information about using App-V to deliver Office 2010, see [Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md). To successfully deploy Office 2013 with App-V, you need to be familiar with Office 2013 and App-V.
-This topic contains the following sections:
+## What to know before you start
-- [What to know before you start](#bkmk-before-you-start)
+Before you deploy Office 2013 with App-V, review the following planning information.
-- [Creating an Office 2013 package for App-V with the Office Deployment Tool](#bkmk-create-office-pkg)
+### Supported Office versions and Office coexistence
-- [Publishing the Office package for App-V](#bkmk-pub-pkg-office)
+The following table will direct you to more information about which versions of Office App-V supports and how to run App-V with coexisting versions of Office.
-- [Customizing and managing Office App-V packages](#bkmk-custmz-manage-office-pkgs)
+|Information to review|Description|
+|---|---|
+|[Supported versions of Microsoft Office](appv-planning-for-using-appv-with-office.md#supported-versions-of-microsoft-office)|- Supported versions of Office
- Supported deployment types like desktop, personal Virtual Desktop Infrastructure (VDI), and pooled VDI
- Office licensing options.|
+|[Planning for using App-V with coexisting versions of Office](appv-planning-for-using-appv-with-office.md#before-you-implement-office-coexistence)|Considerations for installing different versions of Office on the same computer.|
-## What to know before you start
+### Packaging, publishing, and deployment requirements
+Before you deploy Office with App-V, review the following requirements.
-Before you deploy Office 2013 by using App-V, review the following planning information.
-
-### Supported Office versions and Office coexistence
-
-Use the following table to get information about supported versions of Office and about running coexisting versions of Office.
-
-
-
-
-
-
-### Packaging, publishing, and deployment requirements
-
-Before you deploy Office by using App-V, review the following requirements.
-
-
-
-
-
-Information to review
-Description
-
-
-
-
-
-
-
-
-
-
+|Task|Requirement|
+|---|---|
+|Packaging|All Office applications you wish to deploy to users must be in a single package.
-
-
-
-Task
-Requirement
-
-
-
-
-
-
-
-
-
-
-
-
In App-V and later, you must use the Office Deployment Tool to create packages. The Sequencer doesn't support package creation.
If you're deploying Microsoft Visio 2013 and Microsoft Project 2013 along with Office, you must include them in the same package with Office. For more information, see [Deploying Visio 2013 and Project 2013 with Office](#bkmk-deploy-visio-project).|
+|Publishing|You can only publish one Office package per client computer.
You must publish the Office package globally, not to the user.|
+|Deploying Office 365 ProPlus, Visio Pro for Office 365, or Project Pro for Office 365 to a shared computer using Remote Desktop Services.|You must enable [shared computer activation](https://docs.microsoft.com/en-us/DeployOffice/overview-of-shared-computer-activation-for-office-365-proplus).
You don’t need to use shared computer activation if you’re deploying a volume licensed product, such as Office Professional Plus 2013, Visio Professional 2013, or Project Professional 2013.|
### Excluding Office applications from a package
The following table describes the recommended methods for excluding specific Office applications from a package.
-
-
-
-
-
-## Creating an Office 2013 package for App-V with the Office Deployment Tool
+|Task|Details|
+|---|---|
+|Use the **ExcludeApp** setting when you create the package by using the Office Deployment Tool.|Enables you to exclude specific Office applications from the package when the Office Deployment Tool creates the package. For example, you can use this setting to create a package that contains only Microsoft Word.
-
-
-
-Task
-Details
-
-
-
-
-
-
-
-
For more information, see [ExcludeApp element](https://docs.microsoft.com/en-us/DeployOffice/configuration-options-for-the-office-2016-deployment-tool?ui=en-US&rs=en-US&ad=US#excludeapp-element).|
+|Modify the **DeploymentConfig.xml** file|Modify the **DeploymentConfig.xml** file after creating the package. This file contains the default package settings for all users on a computer running the App-V Client.
For more information, see [Disabling Office 2013 applications](#bkmk-disable-office-apps).|
+## Creating an Office 2013 package for App-V with the Office Deployment Tool
Complete the following steps to create an Office 2013 package for App-V or later.
-**Important**
-In App-V and later, you must the Office Deployment Tool to create a package. You cannot use the Sequencer to create packages.
-
-
+>[!IMPORTANT]
+>In App-V and later, you must the Office Deployment Tool to create a package. You cannot use the Sequencer to create packages.
### Review prerequisites for using the Office Deployment Tool
-The computer on which you are installing the Office Deployment Tool must have:
+Before you start, make sure that the computer on which you are installing the Office Deployment Tool has the following:
-
-
+|Prerequisite|Description|
+|---|---|
+|Prerequisite software|.NET Framework 4|
+|Supported operating systems|64-bit version of Windows 8 or later
-
-
-
-Prerequisite
-Description
-
-
-
-
-
-
-
64-bit version of Windows 7|
-
+>[!NOTE]
+>In this topic, the term “Office 2013 App-V package” refers to subscription licensing and volume licensing.
-**Note**
-In this topic, the term “Office 2013 App-V package” refers to subscription licensing and volume licensing.
+### Create Office 2013 App-V packages using Office Deployment Tool
-
-
-### Create Office 2013 App-V Packages Using Office Deployment Tool
-
-You create Office 2013 App-V packages by using the Office Deployment Tool. The following instructions explain how to create an Office 2013 App-V package with Volume Licensing or Subscription Licensing.
+You create Office 2013 App-V packages with the Office Deployment Tool. The following instructions explain how to create an Office 2013 App-V package with Volume Licensing or Subscription Licensing.
Create Office 2013 App-V packages on 64-bit Windows computers. Once created, the Office 2013 App-V package will run on 32-bit and 64-bit Windows 7, Windows 8.1, and Windows 10 computers.
### Download the Office Deployment Tool
-Office 2013 App-V Packages are created using the Office Deployment Tool, which generates an Office 2013 App-V Package. The package cannot be created or modified through the App-V sequencer. To begin package creation:
+Office 2013 App-V Packages are created using the Office Deployment Tool, which generates an Office 2013 App-V Package. The App-V sequencer can't create or modify packages. To create a package:
-1. Download the [Office 2013 Deployment Tool for Click-to-Run](http://www.microsoft.com/download/details.aspx?id=36778).
-
-2. Run the .exe file and extract its features into the desired location. To make this process easier, you can create a shared network folder where the features will be saved.
+1. Download the [Office 2013 Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=36778).
+2. Run the .exe file and extract its features into the desired location. To make this process easier, you can create a shared network folder where the features will be saved.
Example: \\\\Server\\Office2013
-
-3. Check that a setup.exe and a configuration.xml file exist and are in the location you specified.
+3. Check that a **setup.exe** and a **configuration.xml** file exist and are in the location you specified.
### Download Office 2013 applications
-After you download the Office Deployment Tool, you can use it to get the latest Office 2013 applications. After getting the Office applications, you create the Office 2013 App-V package.
+After you download the Office Deployment Tool, you can use it to get the latest Office 2013 applications. You can create the Office 2013 App-V package after getting all the Office applications.
-The XML file that is included in the Office Deployment Tool specifies the product details, such as the languages and Office applications included.
+The XML file included in the Office Deployment Tool specifies the product details, such as the languages and Office applications included.
-1. **Customize the sample XML configuration file:** Use the sample XML configuration file that you downloaded with the Office Deployment Tool to customize the Office applications:
+1. **Customize the sample XML configuration file:** Use the sample XML configuration file that you downloaded with the Office Deployment Tool to customize the Office applications:
- 1. Open the sample XML file in Notepad or your favorite text editor.
+ 1. Open the sample XML file in Notepad or your favorite text editor.
- 2. With the sample configuration.xml file open and ready for editing, you can specify products, languages, and the path to which you save the Office 2013 applications. The following is a basic example of the configuration.xml file:
+ 2. With the sample configuration.xml file open and ready for editing, you can specify products, languages, and the path to which you save the Office 2013 applications. The following is a basic example of the configuration.xml file:
- ``` syntax
+ ```XML
- The configuration XML is a sample XML file. The file includes lines that are commented out. You can “uncomment” these lines to customize additional settings with the file.
+ >[!NOTE]
+ >The configuration XML is a sample XML file. This file includes lines that are commented out. You can “uncomment” these lines to customize additional settings with the file.
- The above XML configuration file specifies that Office 2013 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office 2013, which is the location where Office applications will be saved to. Note that the Product ID of the applications will not affect the final licensing of Office. Office 2013 App-V packages with various licensing can be created from the same applications through specifying licensing in a later stage. For more information, see [Customizable attributes and elements of the XML file](#customizable-attributes-and-elements-of-the-xml-file), later in this topic.
+ The previous example of an XML configuration file specifies that Office 2013 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office 2013, which is the location where Office applications will be saved to. Note that the Product ID of the applications will not affect the final licensing of Office. Office 2013 App-V packages with various licensing can be created from the same applications by specifying licensing in a later stage. For more information, see [Customizable attributes and elements of the XML file](#customizable-attributes-and-elements-of-the-xml-file), later in this topic.
After editing the configuration.xml file to specify the desired product, languages, and also the location which the Office 2013 applications will be saved onto, you can save the configuration file, for example, as Customconfig.xml.
+2. **Download the applications into the specified location:** Use an elevated command prompt and a 64-bit operating system to download the Office 2013 applications that will later be converted into an App-V package. The following is an example command:
-2. **Download the applications into the specified location:** Use an elevated command prompt and a 64 bit operating system to download the Office 2013 applications that will later be converted into an App-V package. Below is an example command with description of details:
-
- ``` syntax
+ ```PowerShell
\\server\Office2013\setup.exe /download \\server\Office2013\Customconfig.xml
```
- In the example:
+ The following is a table that describes each element of the command:
-
-
+ |Element|Description|
+ |---|---|
+ |```\\server\Office2013```|This is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, **Customconfig.xml**.|
+ |```setup.exe```|This is the Office Deployment Tool.|
+ |```/download```|This downloads the Office 2013 applications that you specify in the **Customconfig.xml** file. These bits can be later converted in an Office 2013 App-V package with Volume Licensing.|
+ |```\\server\Office2013\Customconfig.xml```|This passes the XML configuration file required to complete the download process. In this example, the file used is **Customconfig.xml**. After using the download command, Office applications should be found in the location specified in the XML configuration file, which in this example is ```\\Server\Office2013```.|
#### Customizable attributes and elements of the XML file
-
-
- \\server\Office2013
-
- setup.exe
-
- /download
-
-
- \\server\Office2013\Customconfig.xml
-
-
-
+|Input and description|Example|
+|---|---|
+|Add element:
-
-
-
-Input and description
-Example
-
-
-
Specifies the products and languages to include in the package.
-
-
Specifies the edition of Office 2013 product to use: 32-bit or 64-bit. The operation fails if OfficeClientEdition is not set to a valid value.OfficeClientEdition="32"OfficeClientEdition="64"
-
-
Specifies the application. Project 2013 and Visio 2013 must be specified here as an added product to be included in the applications.Product ID ="O365ProPlusRetail "Product ID ="VisioProRetail"Product ID ="ProjectProRetail"Product ID ="ProPlusVolume"Product ID ="VisioProVolume"Product ID = "ProjectProVolume"
-
-
Specifies the language supported in the applications.Language ID="en-us"
-
-
Optional. Specifies a build to use for the package. Defaults to latest advertised build (as defined in v32.CAB at the Office source).15.1.2.3
-
-
-
Specifies the location in which the applications will be saved to.Sourcepath = "\\Server\Office2013”
Specifies the products and languages to include in the package.|N/A|
+|OfficeClientEdition (attribute of Add element):
Specifies the edition of Office 2013 product to use: 32-bit or 64-bit. The operation fails if **OfficeClientEdition** is not set to a valid value.|```OfficeClientEdition="32"```
```OfficeClientEdition="64"```|
+|Product element:
Specifies the application. Project 2013 and Visio 2013 must be specified here as an added product to be included in the applications.|```Product ID="O365ProPlusRetail"```
```Product ID="VisioProRetail"```
```Product ID="ProjectProRetail"```
```Product ID="ProPlusVolume"```
```Product ID="ProjectProVolume"```|
+|Language element:
Specifies the language supported in the applications.|```Language ID="en-us"```|
+|Version (attribute of Add element):
Optional. Specifies a build to use for the package. Defaults to latest advertised build (as defined in v32.CAB at the Office source).|```15.1.2.3```|
+|SourcePath (attribute of Add element):
Specifies the location where the applications will be saved to.|```Sourcepath="\Server\Office2013”```|
### Convert the Office applications into an App-V package
-After you download the Office 2013 applications through the Office Deployment Tool, use the Office Deployment Tool to convert them into an Office 2013 App-V package. Complete the steps that correspond to your licensing model.
+After you download the Office 2013 applications through the Office Deployment Tool, use the Office Deployment Tool to convert them into an Office 2013 App-V package. You'll need to make sure to have the right procedure depending on your licensing model.
-**Summary of what you’ll need to do:**
+#### What you'll need to do
-- Create the Office 2013 App-V packages on 64-bit Windows computers. However, the package will run on 32-bit and 64-bit Windows 7, Windows 8, and Windows 10 computers.
+* Create the Office 2013 App-V packages on 64-bit Windows computers. However, the package will run on 32-bit and 64-bit Windows 7, Windows 8, and Windows 10 computers.
+* Create an Office App-V package for either the Subscription Licensing package or Volume Licensing by using the Office Deployment Tool, then modify the **Customconfig.xml** configuration file.
-- Create an Office App-V package for either Subscription Licensing package or Volume Licensing by using the Office Deployment Tool, and then modify the CustomConfig.xml configuration file.
+ The following table summarizes the values you need to enter in the **Customconfig.xml** file for the licensing model you’re using. The steps in the sections that follow the table will specify the exact entries you need to make.
- The following table summarizes the values you need to enter in the CustomConfig.xml file for the licensing model you’re using. The steps in the sections that follow the table will specify the exact entries you need to make.
-
-
-
+|Product ID|Volume Licensing|Subscription Licensing|
+|---|---|---|
+|Office 2013|ProPlusVolume|O365ProPlusRetail|
+|Office 2013 with Visio 2013|ProPlusVolume
-
-
-
-Product ID
-Volume Licensing
-Subscription Licensing
-
-
-
-
-
-
-
-
VisioProVolume|O365ProPlusRetail
VisioProRetail|
+|Office 2013 with Visio 2013 and Project 2013|ProPlusVolume
VisioProVolume
ProjectProVolume|O365ProPlusRetail
VisioProRetail
ProjectProRetail|
#### How to convert the Office applications into an App-V package
-1. In Notepad, reopen the CustomConfig.xml file, and make the following changes to the file:
+1. In Notepad, reopen the CustomConfig.xml file, and make the following changes to the file:
- - **SourcePath**: Point to the Office applications downloaded earlier.
-
- - **ProductID**: Specify the type of licensing, as shown in the following examples:
- - Subscription Licensing:
- ```
-
- **Product ID** for Office was changed to `O365ProPlusRetail`.
- **Product ID** for Visio was changed to `VisioProRetail`.
-
- - Volume Licensing
- ```
-
- **Product ID** for Office was changed to `ProPlusVolume`.
- **Product ID** for Visio was changed to `VisioProVolume`.
-
- - **ExcludeApp** (optional): Lets you specify Office programs that you don’t want included in the App-V package that the Office Deployment Tool creates. For example, you can exclude Access and InfoPath.
-
- - **PACKAGEGUID** (optional): By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use PACKAGEGUID to specify a different package ID for each package, which allows you to publish multiple App-V packages, created by the Office Deployment Tool, and manage them by using the App-V Server.
+ * **SourcePath** is the source's path, which was changed to point to the Office applications that were downloaded earlier.
+ * **Product ID** for Office was changed to `ProPlusVolume`.
+ * **Product ID** for Visio was changed to `VisioProVolume`.
+ * **ExcludeApp** (optional) lets you specify Office programs that you don’t want included in the App-V package that the Office Deployment Tool creates. For example, you can exclude Access and InfoPath.
+ * **PACKAGEGUID** (optional)—By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use PACKAGEGUID to specify a different package ID for each package, which allows you to publish multiple App-V packages, created by the Office Deployment Tool, and manage them by using the App-V Server.
An example of when to use this parameter is if you create different packages for different users. For example, you can create a package with just Office 2013 for some users, and create another package with Office 2013 and Visio 2013 for another set of users.
- **Note** Even if you use unique package IDs, you can still deploy only one App-V package to a single device.
-
-2. Use the /packager command to convert the Office applications to an Office 2013 App-V package.
+ >[!NOTE]
+ >Even if you use unique package IDs, you can still deploy only one App-V package to a single device.
+2. Use the **/packager** command to convert the Office applications to an Office 2013 App-V package.
For example:
- ``` syntax
+ ```PowerShell
\\server\Office2013\setup.exe /packager \\server\Office2013\Customconfig.xml \\server\share\Office2013AppV
```
In the example:
-
-
+ |Element|Description|
+ |---|---|
+ |```\\server\Office2013```|This is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, which in this example is named **Customconfig.xml**.|
+ |```setup.exe```|This is the Office Deployment Tool.|
+ |```/packager```|This creates the Office 2013 App-V package with Volume Licensing as specified in the **Customconfig.xml** file.|
+ |```\\server\Office2013\Customconfig.xml```|This passes the configuration XML file, which in this example is named "Customconfig," that has been prepared for the packaging stage.|
+ |```\\server\share\Office2013AppV```|This specifies the location of the newly created Office App-V package.|
- After you run the **/packager** command, the following folders appear up in the directory where you specified the package should be saved:
- **App-V Packages** – contains an Office 2013 App-V package and two deployment configuration files.
-
- \\server\Office2013
-
- setup.exe
-
- /packager
-
- \\server\Office2013\Customconfig.xml
-
-
- \\server\share\Office2013AppV
- **WorkingDir**
+ After you run the **/packager** command, the following folders will appear in the directory where you specified the package should be saved:
+
+ * **App-V Packages**, which contains an Office 2013 App-V package and two deployment configuration files.
+ * **WorkingDir**
- **Note** To troubleshoot any issues, see the log files in the %temp% directory (default).
+ >[!NOTE]
+ >To troubleshoot any issues, see the log files in the %temp% directory (default).
+3. Verify that the Office 2013 App-V package works correctly:
-3. Verify that the Office 2013 App-V package works correctly:
-
- 1. Publish the Office 2013 App-V package, which you created globally, to a test computer, and verify that the Office 2013 shortcuts appear.
-
- 2. Start a few Office 2013 applications, such as Excel or Word, to ensure that your package is working as expected.
-
-## Publishing the Office package for App-V
+ 1. Publish the Office 2013 App-V package that you created globally to a test computer and verify that the Office 2013 shortcuts appear.
+ 2. Start a few Office 2013 applications, such as Excel or Word, to test that your package is working as expected.
+## Publishing the Office package for App-V
Use the following information to publish an Office package.
@@ -493,121 +242,77 @@ Use the following information to publish an Office package.
Deploy the App-V package for Office 2013 by using the same methods you use for any other package:
-- System Center Configuration Manager
-
-- App-V Server
-
-- Stand-alone through Windows PowerShell commands
+* System Center Configuration Manager
+* App-V Server
+* Stand-alone through Windows PowerShell commands
### Publishing prerequisites and requirements
-
-
-
-
+|Prerequisite or requirement|Details|
+|---|---|
+|Enable Windows PowerShell scripting on the App-V clients.|To publish Office 2013 packages, you must run a script. Package scripts are disabled by default on App-V clients. To enable scripting, run the following Windows PowerShell command:
-
-
-
-Prerequisite or requirement
-Details
-
-
-Set-AppvClientConfiguration –EnablePackageScripts 1
-
-
-
```Set-AppvClientConfiguration –EnablePackageScripts 1```|
+|Publish the Office 2013 package globally.|Extension points in the Office App-V package require installation at the computer level.
When you publish at the computer level, no prerequisite actions or redistributables are needed, and the Office 2013 package globally enables its applications to work like natively installed Office, eliminating the need for administrators to customize packages.|
### How to publish an Office package
-Run the following command to publish an Office package globally:
+Run the following command to publish an Office package globally, wtih the bracketed value replaced by the path to the App-V package:
-- `Add-AppvClientPackage
-
+|Goal|Method|
+|---|---|
+|Create two different packages and deploy each one to a different group of users|Create and deploy the following packages:
-
-
-
-Goal
-Method
-
-
-
-
-
-
-
-
A package that contains only Office—deploy to computers whose users need only Office.
A package that contains Office, Visio, and Project—deploy to computers whose users need all three applications.|
+|Create just one package for the whole organization, or for users who share computers|Follow these steps:
1. Create a package that contains Office, Visio, and Project.
2. Deploy the package to all users.
3. Use [AppLocker](https://docs.microsoft.com/en-us/windows/security/threat-protection/applocker/applocker-overview) to prevent specific users from using Visio and Project.|
## Additional resources
+### Additional resources for Office 2013 App-V Packages
-**Office 2013 App-V Packages Additional Resources**
+* [Office 2013 Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=36778)
+* [Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://support.microsoft.com/en-us/kb/2772509)
-[Office 2013 Deployment Tool for Click-to-Run](http://www.microsoft.com/download/details.aspx?id=36778)
+### Additional resources for Office 2010 App-V Packages
-[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://support.microsoft.com/en-us/kb/2772509)
+* [Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://www.microsoft.com/download/details.aspx?id=38399)
+* [Known issues when you create or use an App-V 5.0 Office 2010 package](https://support.microsoft.com/en-us/kb/2828619)
+* [How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/en-us/kb/2830069)
-**Office 2010 App-V Packages**
+### Additional resources for Connection Groups
-[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://www.microsoft.com/download/details.aspx?id=38399)
+* [Managing Connection Groups](appv-managing-connection-groups.md)
+* [Connection groups on the App-V team blog](https://blogs.msdn.microsoft.com/gladiator/tag/connection-groups/)
-[Known issues when you create or use an App-V 5.0 Office 2010 package](https://support.microsoft.com/en-us/kb/2828619)
+### Additional resources for Dynamic Configuration
-[How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/en-us/kb/2830069)
-
-**Connection Groups**
-
-[Managing Connection Groups](appv-managing-connection-groups.md)
-
-[Connection groups on the App-V team blog](https://blogs.technet.microsoft.com/gladiatormsft/tag/connection-groups/)
-
-**Dynamic Configuration**
-
-[About App-V Dynamic Configuration](appv-dynamic-configuration.md)
+* [About App-V Dynamic Configuration](appv-dynamic-configuration.md)
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
index a85db55986..e43a70509e 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
@@ -6,257 +6,216 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
# Deploying Microsoft Office 2016 by Using App-V
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
-Use the information in this article to use Application Virtualization (App-V) to deliver Microsoft Office 2016 as a virtualized application to computers in your organization. For information about using App-V to deliver Office 2013, see [Deploying Microsoft Office 2013 by Using App-V](appv-deploying-microsoft-office-2013-with-appv.md). For information about using App-V to deliver Office 2010, see [Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md).
-
-This topic contains the following sections:
-
-- [What to know before you start](#what-to-know-before-you-start)
-
-- [Creating an Office 2016 package for App-V with the Office Deployment Tool](#creating-an-office-2016-package-for-app-v-with-the-office-deployment-tool)
-
-- [Publishing the Office package for App-V](#publishing-the-office-package-for-app-v)
-
-- [Customizing and managing Office App-V packages](#customizing-and-managing-office-app-v-packages)
+Use the information in this article to use Application Virtualization (App-V) to deliver Microsoft Office 2016 as a virtualized application to computers in your organization. For information about using App-V to deliver Office 2013, see [Deploying Microsoft Office 2013 by using App-V](appv-deploying-microsoft-office-2013-with-appv.md). For information about using App-V to deliver Office 2010, see [Deploying Microsoft Office 2010 by using App-V](appv-deploying-microsoft-office-2010-wth-appv.md).
## What to know before you start
-Before you deploy Office 2016 by using App-V, review the following planning information.
+Before you deploy Office 2016 with App-V, review the following planning information.
### Supported Office versions and Office coexistence
-Use the following table to get information about supported versions of Office and about running coexisting versions of Office.
+Use the following table to get information about supported versions of Office and running coexisting versions of Office.
-| **Information to review** | **Description** |
-|-------------------------------------|------------------------|
-| [Supported versions of Microsoft Office](appv-planning-for-using-appv-with-office.md#bkmk-office-vers-supp-appv) | - Supported versions of Office
- Supported deployment types (for example, desktop, personal Virtual Desktop Infrastructure (VDI), pooled VDI)
- Office licensing options |
-| [Planning for using App-V with coexisting versions of Office](appv-planning-for-using-appv-with-office.md#bkmk-plan-coexisting) | Considerations for installing different versions of Office on the same computer |
+|Information to review|Description|
+|---|---|
+|[Supported versions of Microsoft Office](appv-planning-for-using-appv-with-office.md#supported-versions-of-microsoft-office)|Supported versions of Office and deployment types (for example, desktop, personal Virtual Desktop Infrastructure (VDI), and pooled VDI), and Office licensing options.|
+|[Planning for using App-V with coexisting versions of Office](appv-planning-for-using-appv-with-office.md#before-you-implement-office-coexistence)|Considerations for installing different versions of Office on the same computer.|
### Packaging, publishing, and deployment requirements
-Before you deploy Office by using App-V, review the following requirements.
+Before you deploy Office with App-V, review the following requirements.
-
-
-| **Task** | **Requirement** |
+|Task|Requirement|
|-----------|-------------------|
-| Packaging | - All of the Office applications that you want to deploy to users must be in a single package.
- In App-V 5.0 and later, you must use the Office Deployment Tool to create packages. You cannot use the Sequencer.
- If you are deploying Microsoft Visio 2016 and Microsoft Project 2016 along with Office, you must include them in the same package with Office. For more information, see [Deploying Visio 2016 and Project 2016 with Office](#deploying-visio-2016-and-project-2016-with-office). |
-| Publishing | - You can publish only one Office package to each client computer.
- You must publish the Office package globally. You cannot publish to the user. |
-| Deploying any of the following products to a shared computer, for example, by using Remote Desktop Services:
- Office 365 ProPlus
- Visio Pro for Office 365
- Project Pro for Office 365 | You must enable [shared computer activation](https://technet.microsoft.com/library/dn782860.aspx). |
+| Packaging. | All Office applications that you deploy to users must be in a single package.
In App-V 5.0 and later, you must use the Office Deployment Tool to create packages. The Sequencer doesn't support package creation.
If you're deploying Microsoft Visio 2016 and Microsoft Project 2016 at the same time as Office, you must put them all in the same package. For more information, see [Deploying Visio 2016 and Project 2016 with Office](#deploying-visio-2016-and-project-2016-with-office). |
+| Publishing. | You can only publish one Office package per client computer.
You must publish the Office package globally, not to the user. |
+| Deploying Office 365 ProPlus, Visio Pro for Office 365, or Project Pro for Office 365 to a shared computer with Remote Desktop Services. | You must enable [shared computer activation](https://docs.microsoft.com/en-us/DeployOffice/overview-of-shared-computer-activation-for-office-365-proplus). |
### Excluding Office applications from a package
The following table describes the recommended methods for excluding specific Office applications from a package.
-| **Task** | **Details** |
+|Task|Details|
|-------------|---------------|
-| Use the **ExcludeApp** setting when you create the package by using the Office Deployment Tool. | Enables you to exclude specific Office applications from the package when the Office Deployment Tool creates the package. For example, you can use this setting to create a package that contains only Microsoft Word.
For more information, see [ExcludeApp element](https://technet.microsoft.com/library/jj219426.aspx#BKMK_ExcludeAppElement). |
-| Modify the DeploymentConfig.xml file | Modify the DeploymentConfig.xml file after the package has been created. This file contains the default package settings for all users on a computer that is running the App-V Client.
For more information, see [Disabling Office 2016 applications](#disabling-office-2016-applications). |
+| Use the **ExcludeApp** setting when you create the package by using the Office Deployment Tool. | With this setting, you can exclude specific Office applications from the package that the Office Deployment Tool creates. For example, you can use this setting to create a package that contains only Microsoft Word.
For more information, see [ExcludeApp element](https://docs.microsoft.com/en-us/DeployOffice/configuration-options-for-the-office-2016-deployment-tool?ui=en-US&rs=en-US&ad=US#excludeapp-element). |
+| Modify the DeploymentConfig.xml file | Modify the DeploymentConfig.xml file after the package has been created. This file contains the default package settings for all users on a computer that is running the App-V Client.
For more information, see [Disabling Office 2016 applications](#disabling-office-2016-applications). |
## Creating an Office 2016 package for App-V with the Office Deployment Tool
Complete the following steps to create an Office 2016 package for App-V.
->**Important** In App-V 5.0 and later, you must use the Office Deployment Tool to create a package. You cannot use the Sequencer to create packages.
+>[!IMPORTANT]
+>In App-V 5.0 and later, you must use the Office Deployment Tool to create a package. You cannot use the Sequencer to create packages.
### Review prerequisites for using the Office Deployment Tool
-The computer on which you are installing the Office Deployment Tool must have:
+The computer on which you are installing the Office Deployment Tool must have the following:
-
-
-| **Prerequisite** | **Description** |
+| Prerequisite | Description |
|----------------------|--------------------|
| Prerequisite software | .Net Framework 4 |
-| Supported operating systems | - 64-bit version of Windows 10
- 64-bit version of Windows 8 or 8.1
- 64-bit version of Windows 7 |
+| Supported operating systems | 64-bit version of Windows 10
64-bit version of Windows 8 or 8.1
64-bit version of Windows 7 |
->**Note** In this topic, the term “Office 2016 App-V package” refers to subscription licensing.
+>[!NOTE]
+>In this topic, the term “Office 2016 App-V package” refers to subscription licensing.
-### Create Office 2016 App-V Packages Using Office Deployment Tool
+### Create Office 2016 App-V packages with the Office Deployment Tool
-You create Office 2016 App-V packages by using the Office Deployment Tool. The following instructions explain how to create an Office 2016 App-V package with Subscription Licensing.
+You create Office 2016 App-V packages by using the Office Deployment Tool. The following instructions explain how to create an Office 2016 App-V package with subscription licensing.
Create Office 2016 App-V packages on 64-bit Windows computers. Once created, the Office 2016 App-V package will run on 32-bit and 64-bit Windows 7, Windows 8.1, and Windows 10 computers.
### Download the Office Deployment Tool
-Office 2016 App-V Packages are created using the Office Deployment Tool, which generates an Office 2016 App-V Package. The package cannot be created or modified through the App-V sequencer. To begin package creation:
+Office 2016 App-V packages are created using the Office Deployment Tool, which generates an Office 2016 App-V Package. The package cannot be created or modified through the App-V sequencer. To begin package creation, follow these steps:
-1. Download the [Office 2016 Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=49117).
+1. Download the [Office 2016 Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=49117).
- > **Important** You must use the Office 2016 Deployment Tool to create Office 2016 App-V Packages.
+ >[!IMPORTANT]
+ >You must use the Office 2016 Deployment Tool to create Office 2016 App-V Packages.
+2. Run the .exe file and extract its features into the desired location. To make this process easier, you can create a shared network folder where the features will be saved.
-2. Run the .exe file and extract its features into the desired location. To make this process easier, you can create a shared network folder where the features will be saved.
-
- Example: \\\\Server\\Office2016
-
-3. Check that a setup.exe and a configuration.xml file exist and are in the location you specified.
+ Example location: \\\\Server\\Office2016
+3. Check that the **setup.exe** and **configuration.xml** files exist and are in the location you specified.
### Download Office 2016 applications
After you download the Office Deployment Tool, you can use it to get the latest Office 2016 applications. After getting the Office applications, you create the Office 2016 App-V package.
-The XML file that is included in the Office Deployment Tool specifies the product details, such as the languages and Office applications included.
+The XML file included in the Office Deployment Tool specifies the product details, such as the languages and Office applications included.
-**Step 1: Customize the sample XML configuration file:** Use the sample XML configuration file that you downloaded with the Office Deployment Tool to customize the Office applications:
+1. **Customize the sample XML configuration file:** Use the sample XML configuration file that you downloaded with the Office Deployment Tool to customize the Office applications:
+ 1. Open the sample XML file in Notepad or your favorite text editor.
+ 2. With the sample **configuration.xml** file open and ready for editing, you can specify products, languages, and the path to which you save the Office 2016 applications. The following is a basic example of the **configuration.xml** file:
-1. Open the sample XML file in Notepad or your favorite text editor.
-
-2. With the sample configuration.xml file open and ready for editing, you can specify products, languages, and the path to which you save the Office 2016 applications. The following is a basic example of the configuration.xml file:
-
- ```
-
**OfficeClientEdition**="64" |
-| Product element | Specifies the application. Project 2016 and Visio 2016 must be specified here as an added product to be included in the applications.
For more information about the product IDs, see [Product IDs that are supported by the Office Deployment Tool for Click-to-Run](https://support.microsoft.com/kb/2842297). | `Product ID ="O365ProPlusRetail"`
`Product ID ="VisioProRetail"`
`Product ID ="ProjectProRetail"` |
-| Language element | Specifies the language supported in the applications | `Language ID="en-us"` |
-| Version (attribute of Add element) | Optional. Specifies a build to use for the package
Defaults to latest advertised build (as defined in v32.CAB at the Office source). | `16.1.2.3` |
-| SourcePath (attribute of Add element) | Specifies the location in which the applications will be saved to. | `Sourcepath = "\\Server\Office2016"` |
-| Channel (part of Add element) | Optional. Defines which channel to use for updating Office after it is installed.
The default is **Deferred** for Office 365 ProPlus and **Current** for Visio Pro for Office 365 and Project Online Desktop Client.
For more information about update channels, see [Overview of update channels for Office 365 ProPlus](https://technet.microsoft.com/library/mt455210.aspx). | `Channel="Current"`
`Channel="Deferred"`
`Channel="FirstReleaseDeferred"`
`Channel="FirstReleaseCurrent"` |
+ | Input | Description | Example |
+ |--------------|----------------------------|----------------|
+ | Add element | Specifies which products and languages the package will include. | N/A |
+ | **OfficeClientEdition** (attribute of **Add** element) | Specifies whether Office 2016 32-bit or 64-bit edition will be used. **OfficeClientEdition** must be set to a valid value for the operation to succeed. | `OfficeClientEdition="32"`
`OfficeClientEdition="64"` |
+ | Product element | Specifies the application. Project 2016 and Visio 2016 must be specified here as added products to include them in the applications.
For more information about Product IDs, see [Product IDs that are supported by the Office Deployment Tool for Click-to-Run](https://support.microsoft.com/kb/2842297). | `Product ID ="O365ProPlusRetail"`
`Product ID ="VisioProRetail"`
`Product ID ="ProjectProRetail"` |
+ | Language element | Specifies which language the applications support. | `Language ID="en-us"` |
+ | Version (attribute of **Add** element) | Optional. Specifies which build the package will use.
Defaults to latest advertised build (as defined in v32.CAB at the Office source). | `16.1.2.3` |
+ | SourcePath (attribute of **Add** element) | Specifies the location the applications will be saved to. | `Sourcepath = "\\Server\Office2016"` |
+ | Channel (part of **Add** element) | Optional. Defines which channel will be used to update Office after installation.
The default is **Deferred** for Office 365 ProPlus and **Current** for Visio Pro for Office 365 and Project Online Desktop Client.
For more information about update channels, see [Overview of update channels for Office 365 ProPlus](https://docs.microsoft.com/en-us/DeployOffice/overview-of-update-channels-for-office-365-proplus). | `Channel="Current"`
`Channel="Deferred"`
`Channel="FirstReleaseDeferred"`
`Channel="FirstReleaseCurrent"` |
-After editing the configuration.xml file to specify the desired product, languages, and also the location which the Office 2016 applications will be saved onto, you can save the configuration file, for example, as Customconfig.xml.
+After editing the **configuration.xml** file to specify the desired product, languages, and the location where the Office 2016 applications will be saved to, you can save the configuration file under a name of your choice, such as "Customconfig.xml."
+2. **Download the applications into the specified location:** Use an elevated command prompt and a 64-bit operating system to download the Office 2016 applications that will later be converted into an App-V package. The following is an example command:
-**Step 2: Download the applications into the specified location:** Use an elevated command prompt and a 64 bit operating system to download the Office 2016 applications that will later be converted into an App-V package. Below is an example command with description of details:
+ `\\server\Office2016\setup.exe /download \\server\Office2016\Customconfig.xml`
-`\\server\Office2016\setup.exe /download \\server\Office2016\Customconfig.xml`
+ The following table describes the example command's elements:
-In the example:
-
-| Element | Description |
-|-------------------------------|--------------------------------------|
-| **\\\\server\\Office2016** | is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml. |
-| **Setup.exe** | is the Office Deployment Tool. |
-| **/download** | downloads the Office 2016 applications that you specify in the customConfig.xml file. |
-| **\\\\server\\Office2016\\Customconfig.xml** | passes the XML configuration file required to complete the download process, in this example, customconfig.xml. After using the download command, Office applications should be found in the location specified in the configuration xml file, in this example \\\\Server\\Office2016. |
+ | Element | Description |
+ |-------------------------------|--------------------------------------|
+ | ```\\server\Office2016``` | This is the network share location that contains the Office Deployment Tool and the custom **Configuration.xml** file, which in this example is **Customconfig.xml**. |
+ | ``Setup.exe`` | This is the Office Deployment Tool. |
+ | ```/download``` | Downloads the Office 2016 applications that you specify in the **Customconfig.xml** file. |
+ | ```\\server\Office2016\Customconfig.xml```| This passes the XML configuration file required to complete the download process. In this example, the file used is **Customconfig.xml**. After using the download command, Office applications should be found in the location specified in the configuration file, which in this example is ```\\Server\Office2016```. |
### Convert the Office applications into an App-V package
After you download the Office 2016 applications through the Office Deployment Tool, use the Office Deployment Tool to convert them into an Office 2016 App-V package. Complete the steps that correspond to your licensing model.
-**Summary of what you’ll need to do:**
+#### What you’ll need to do
-- Create the Office 2016 App-V packages on 64-bit Windows computers. However, the package will run on 32-bit and 64-bit Windows 7, Windows 8 or 8.1, and Windows 10 computers.
+* Create the Office 2016 App-V packages on 64-bit Windows computers. However, the package will run on 32-bit and 64-bit Windows 7, Windows 8 or 8.1, and Windows 10 computers.
+* Create an Office App-V package for either Subscription Licensing package by using the Office Deployment Tool, and then modify the **Customconfig.xml** configuration file.
-- Create an Office App-V package for either Subscription Licensing package by using the Office Deployment Tool, and then modify the CustomConfig.xml configuration file.
+ The following table summarizes the values you need to enter in the **Customconfig.xml** file. The steps in the sections that follow the table will specify the exact entries you need to make.
- The following table summarizes the values you need to enter in the CustomConfig.xml file. The steps in the sections that follow the table will specify the exact entries you need to make.
+>[!NOTE]
+>You can use the Office Deployment Tool to create App-V packages for Office 365 ProPlus. Creating packages for the volume-licensed versions of Office Professional Plus or Office Standard is not supported.
->**Note** You can use the Office Deployment Tool to create App-V packages for Office 365 ProPlus. Creating packages for the volume-licensed versions of Office Professional Plus or Office Standard is not supported.
-
-| **Product ID** | **Subscription Licensing** |
-|--------------------------------------------------|-------------------------------------------------------------|
-| **Office 2016** | O365ProPlusRetail |
-| **Office 2016 with Visio 2016** | O365ProPlusRetail
VisioProRetail |
-| **Office 2016 with Visio 2016 and Project 2016** | O365ProPlusRetail
VisioProRetail
ProjectProRetail |
+| Product ID | Subscription licensing |
+|---|---|
+| Office 2016| O365ProPlusRetail |
+| Office 2016 with Visio 2016 | O365ProPlusRetail
VisioProRetail |
+| Office 2016 with Visio 2016 and Project 2016 | O365ProPlusRetail
VisioProRetail
ProjectProRetail |
#### How to convert the Office applications into an App-V package
+
1. In Notepad, reopen the CustomConfig.xml file, and make the following changes to the file:
- - **SourcePath**: Point to the Office applications downloaded earlier.
+ * **SourcePath**: Change to the location where you saved the Office applications you downloaded during setup.
+ * **ProductID**: Specify the type of licensing, as shown in the following example:
- - **ProductID**: Specify the type of licensing, as shown in the following example:
-
- - Subscription Licensing:
+ * Subscription Licensing:
+ ```XML
+
- **Product ID** for Office was changed to `O365ProPlusRetail`.
- **Product ID** for Visio was changed to `VisioProRetail`.
-
- - **ExcludeApp** (optional): Lets you specify Office programs that you don’t want included in the App-V package that the Office Deployment Tool creates. For example, you can exclude Access.
-
- - **PACKAGEGUID** (optional): By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use PACKAGEGUID to specify a different package ID for each package, which allows you to publish multiple App-V packages, created by the Office Deployment Tool, and manage them by using the App-V Server.
+ * **SourcePath** was changed to point to the Office applications that were downloaded earlier.
+ * **Product ID** for Office was changed to `O365ProPlusRetail`.
+ * **Product ID** for Visio was changed to `VisioProRetail`.
+ * **ExcludeApp** (optional): Lets you specify Office programs that you don’t want included in the App-V package created by the Office Deployment Tool. For example, you can exclude Access.
+ * **PACKAGEGUID** (optional): By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use **PACKAGEGUID** to specify a different package ID for each package, which allows you to publish multiple App-V packages created by the Office Deployment Tool, and then manage your published packages with the App-V Server.
An example of when to use this parameter is if you create different packages for different users. For example, you can create a package with just Office 2016 for some users, and create another package with Office 2016 and Visio 2016 for another set of users.
- >**Note** Even if you use unique package IDs, you can still deploy only one App-V package to a single device.
+ >[!NOTE]
+ >Even if you use unique package IDs, you can still deploy only one App-V package to a single device.
+2. Use the /packager command to convert the Office applications to an Office 2016 App-V package.
-2. Use the /packager command to convert the Office applications to an Office 2016 App-V package.
+ The following is an example packager command:
- For example:
-
- ``` syntax
+ ```syntax
\\server\Office2016\setup.exe /packager \\server\Office2016\Customconfig.xml \\server\share\Office2016AppV
```
- In the example:
+ The following table describes each element used in the example command:
-
-
+ | Element | Description |
+ |-------------------------------|--------------------------------------|
+ |```\\server\Office2016```|This is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, which in this example is Customconfig.xml.|
+ |```Setup.exe```|This is the Office Deployment Tool.|
+ |```/packager```|This command creates the Office 2016 App-V package with the license type specified in the Customconfig.xml file.|
+ |```\\server\Office2016\Customconfig.xml```|This passes the configuration XML file that has been prepared for the packaging stage. In this example, the file is Customconfig.xml.|
+ |```\\server\share\Office2016AppV```|This specifies the location of the newly created Office App-V package.|
- After you run the **/packager** command, the following folders appear up in the directory where you specified the package should be saved:
-
- \\server\Office2016
-
- Setup.exe
-
- /packager
-
- \\server\Office2016\Customconfig.xml
-
-
- \\server\share\Office2016AppV
+ After you run the **/packager** command, the following folders appear up in the directory where you specified the package should be saved:
- - **App-V Packages** – contains an Office 2016 App-V package and two deployment configuration files.
- - **WorkingDir**
-
- **Note** To troubleshoot any issues, see the log files in the %temp% directory (default).
+ * **App-V Packages**—contains an Office 2016 App-V package and two deployment configuration files.
+ * **WorkingDir**
+ >[!NOTE]
+ >To troubleshoot any issues, see the log files in the %temp% directory (default).
3. Verify that the Office 2016 App-V package works correctly:
- 1. Publish the Office 2016 App-V package, which you created globally, to a test computer, and verify that the Office 2016 shortcuts appear.
-
+ 1. Publish the Office 2016 App-V package that you created globally to a test computer and verify that the Office 2016 shortcuts appear.
2. Start a few Office 2016 applications, such as Excel or Word, to ensure that your package is working as expected.
## Publishing the Office package for App-V
@@ -265,94 +224,78 @@ Use the following information to publish an Office package.
### Methods for publishing Office App-V packages
-Deploy the App-V package for Office 2016 by using the same methods you use for any other package:
+Deploy the App-V package for Office 2016 by using the same methods as the other packages that you've already deployed:
-- System Center Configuration Manager
-
-- App-V Server
-
-- Stand-alone through Windows PowerShell commands
+* System Center Configuration Manager
+* App-V Server
+* Stand-alone through Windows PowerShell commands
### Publishing prerequisites and requirements
-| **Prerequisite or requirement** | **Details** |
+| Prerequisite or requirement | Details |
|---------------------------------------|--------------------|
-| Enable Windows PowerShell scripting on the App-V clients | To publish Office 2016 packages, you must run a script.
Package scripts are disabled by default on App-V clients. To enable scripting, run the following Windows PowerShell command:
`Set-AppvClientConfiguration -EnablePackageScripts 1` |
-| Publish the Office 2016 package globally | Extension points in the Office App-V package require installation at the computer level.
When you publish at the computer level, no prerequisite actions or redistributables are needed, and the Office 2016 package globally enables its applications to work like natively installed Office, eliminating the need for administrators to customize packages. |
+| Enable Windows PowerShell scripting on the App-V clients. | To publish Office 2016 packages, you must run a script. However, package scripts are disabled by default on App-V clients. To enable scripting, run the following Windows PowerShell command:
`Set-AppvClientConfiguration -EnablePackageScripts 1` |
+| Publish the Office 2016 package globally. | Extension points in the Office App-V package require installation at the computer level.
When you publish at the computer level, no prerequisite actions or redistributables are needed. The Office 2016 package globally enables its applications to work like natively installed Office, eliminating the need for administrators to customize packages. |
### How to publish an Office package
Run the following command to publish an Office package globally:
-- `Add-AppvClientPackage
If you are not deploying Office, you can create a package that contains Visio and/or Project, as long as you follow the packaging, publishing, and deployment requirements described in this topic. |
-| How can I deploy Visio 2016 and Project 2016 to specific users? | Use one of the following methods:
**To create two different packages and deploy each one to a different group of users**:
Create and deploy the following packages:
- A package that contains only Office - deploy to computers whose users need only Office.
- A package that contains Office, Visio, and Project - deploy to computers whose users need all three applications.
**To create only one package for the whole organization, or create a package intended for users who share computers**:
Follow these steps:
1. Create a package that contains Office, Visio, and Project.
2. Deploy the package to all users.
3. Use [AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview) to prevent specific users from using Visio and Project. |
+| How can I deploy Visio 2016 and Project 2016 to specific users? | Use one of the following methods:
**To create two different packages and deploy each one to a different group of users**:
Create and deploy the following packages:
- A package that contains only Office—deploy to computers whose users need only Office.
- A package that contains Office, Visio, and Project—deploy to computers whose users need all three applications.
**To create only one package for the whole organization, or to create a package intended for users who share computers**:
1. Create a package that contains Office, Visio, and Project.
2. Deploy the package to all users.
3. Use [AppLocker](https://docs.microsoft.com/en-us/windows/security/threat-protection/applocker/applocker-overview) to prevent specific users from using Visio and Project. |
## Related topics
-- [Deploying App-V for Windows 10](appv-deploying-appv.md)
-- [Deploying Microsoft Office 2013 by Using App-V](appv-deploying-microsoft-office-2013-with-appv.md)
-- [Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md)
-- [Office 2016 Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=49117)
+* [Deploying App-V for Windows 10](appv-deploying-appv.md)
+* [Deploying Microsoft Office 2013 by using App-V](appv-deploying-microsoft-office-2013-with-appv.md)
+* [Deploying Microsoft Office 2010 by using App-V](appv-deploying-microsoft-office-2010-wth-appv.md)
+* [Office 2016 Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=49117)
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md
index 946c1b15fd..79da7a2972 100644
--- a/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md
@@ -36,7 +36,7 @@ Explains how to configure the App-V client to enable only administrators to publ
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Other resources for using an ESD and App-V
diff --git a/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md b/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
index 68e3cdbb61..58d77d2a5a 100644
--- a/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
+++ b/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
@@ -6,29 +6,26 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
+# Deploying the App-V Sequencer and configuring the client
+>Applies to: Windows 10, version 1607
-# Deploying the App-V Sequencer and Configuring the Client
-
-**Applies to**
-- Windows 10, version 1607
-
-The App-V Sequencer and client enable administrators to virtualize and run virtualized applications.
+The App-V Sequencer and client let administrators to virtualize and run virtual applications.
## Enable the client
-The App-V client is the component that runs a virtualized application on a target computer. The client enables users to interact with icons and to double-click file types, so that they can start a virtualized application. The client can also obtain the virtual application content from the management server.
+The App-V client is the component that runs a virtualized application on a target computer. The client lets users interact with icons and file types, starting virtualized applications. The client can also get the virtual application content from the management server.
-> [!NOTE]
-> In Windows 10, version 1607, App-V is included with the operating system. You only need to enable it.
+>[!NOTE]
+>In Windows 10, version 1607, App-V is included with the operating system. You only need to enable it.
[Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md)
-## Client Configuration Settings
+## Client configuration settings
-The App-V client stores its configuration in the registry. You can gather some useful information about the client if you understand the format of data in the registry. For information about client settings that you can configure through Windows PowerShell or through the registry, see [About Client Configuration Settings](appv-client-configuration-settings.md).
+The App-V client stores its configuration in the registry. Understanding the format used in the data registry can help you learn useful information about the client. For information about client settings that you can configure through Windows PowerShell or through the registry, see [About client configuration settings](appv-client-configuration-settings.md).
## Configure the client by using the ADMX template and Group Policy
@@ -36,28 +33,26 @@ You can use Group Policy to configure the client settings for the App-V client a
To manage the ADMX template, perform the following steps on the computer that you will use to manage Group Policy. This is typically the Domain Controller.
-1. Save the **.admx** file to the following directory: **Windows \\ PolicyDefinitions**
-
-2. Save the **.adml** file to the following directory: **Windows \\ PolicyDefinitions \\
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-deploying-the-appv-server.md b/windows/application-management/app-v/appv-deploying-the-appv-server.md
index 1112538222..2b88ff503b 100644
--- a/windows/application-management/app-v/appv-deploying-the-appv-server.md
+++ b/windows/application-management/app-v/appv-deploying-the-appv-server.md
@@ -6,83 +6,79 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
# Deploying the App-V server
-**Applies to**
-- Windows Server 2016
+>Applies to: Windows Server 2016
->**Note**
If you plan to use the App-V server components in your deployment, note that they reference App-V 5.x. This is because the App-V server components have not changed in App-V for Windows 10.
+You can install the Application Virtualization (App-V) server components using different deployment configurations, which are described in this topic. Before you install the server features, review the server section of [App-V security considerations](appv-security-considerations.md).
-You can install the Application Virtualization (App-V) server components using different deployment configurations, which are described in this topic. Before you install the server features, review the server section of [App-V Security Considerations](appv-security-considerations.md).
+>[!NOTE]
+>If you plan to use the App-V server components in your deployment, note that the version number is still listed as App-V 5.x, as the App-V server components have not changed in App-V for Windows 10.
-For information about deploying App-V for Windows 10, see [What's new in App-V](appv-about-appv.md).
+To learn more about deploying App-V for Windows 10, read [What's new in App-V](appv-about-appv.md).
->**Important**
Before you install and configure the App-V servers, you must specify a port where each component will be hosted. You must also add the associated firewall rules to allow incoming requests to access the specified ports. The installer does not modify firewall settings.
+>[!IMPORTANT]
+>Before installing and configuring the App-V servers, you must specify the port or ports where each component will be hosted. You must also add the associated firewall rules to allow incoming requests to access the specified ports, as the installer does not modify firewall settings.
## Download and install App-V server components
->**Note**
-If you're already using App-V 5.x, you don't need to re-deploy the App-V server components as they haven't changed since App-V 5.0 was released.
+>[!NOTE]
+>If you're already using App-V 5.x, you don't need to re-deploy the App-V server components, as they haven't changed since App-V 5.0 was released.
-App-V offers the following five server components, each of which serves a specific purpose in an App-V environment.
+App-V offers the following five server components, each of which serves a specific purpose in an App-V environment.
-- **Management server.** Use the App-V management server and console to manage your App-V infrastructure. See [Administering App-V with the management console](appv-administering-virtual-applications-with-the-management-console.md) for more information about the management server.
+* **Management server.** Use the App-V management server and console to manage your App-V infrastructure. See [Administering App-V with the management console](appv-administering-virtual-applications-with-the-management-console.md) for more information about the management server.
- >**Note**
If you are using App-V with your electronic software distribution solution, you don’t need to use the management server and console. However, you may want to take advantage of the reporting and streaming capabilities in App-V.
-
-- **Management database.** Use the App-V management database to facilitate database pre-deployments for App-V management. See [How to Deploy the App-V Server](appv-deploy-the-appv-server.md) for more information about the management database.
-
-- **Publishing server.** Use the App-V publishing server to host and stream virtual applications. The publishing server supports the HTTP and HTTPS protocols and does not require a database connection. See [How to install the App-V publishing server](appv-install-the-publishing-server-on-a-remote-computer.md) for more information about configuring the publishing server.
+ >[!NOTE]
+ >If you are using App-V with your electronic software distribution solution, you don’t need to use the management server and console. However, you may want to take advantage of the reporting and streaming capabilities in App-V.
+* **Management database.** Use the App-V management database to facilitate database pre-deployments for App-V management. For more information about the management database, see [How to deploy the App-V server](appv-deploy-the-appv-server.md).
+* **Publishing server.** Use the App-V publishing server to host and stream virtual applications. The publishing server supports the HTTP and HTTPS protocols and does not require a database connection. To learn how to configure the publishing server, see [How to install the App-V publishing server](appv-install-the-publishing-server-on-a-remote-computer.md).
+* **Reporting server.** Use the App-V reporting server to generate reports that help you manage your App-V infrastructure. The reporting server requires a connection to the reporting database. To learn more about App-V's reporting capabilities, see [About App-V reporting](appv-reporting.md).
+* **Reporting database.** Use the App-V reporting database to facilitate database pre-deployments for App-V reporting. To learn more about the reporting database, see [How to deploy the App-V server](appv-deploy-the-appv-server.md).
-- **Reporting server.** Use the App-V reporting server to generate reports that help you manage your App-V infrastructure. The reporting server requires a connection to the reporting database. See [About App-V reporting](appv-reporting.md) for more information about the reporting capabilities in App-V.
+All five App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package, which can be downloaded from either of the following locations:
-- **Reporting database.** Use the App-V reporting database to facilitate database pre-deployments for App-V reporting. See [How to Deploy the App-V Server](appv-deploy-the-appv-server.md) for more information about the reporting database.
+* The [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/en-us/subscriptions/downloads/default.aspx#FileId=65215). You must have a MSDN subscription to download the MDOP ISO package from this site.
+* The [Volume Licensing Service Center](https://www.microsoft.com/en-us/licensing/default.aspx) if you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home).
-All five App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package, which can be downloaded from:
+In large organizations, you might want to install more than one instance of the server components to get the following benefits.
-- The [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/en-us/subscriptions/downloads/default.aspx#FileId=65215) You must have a MSDN subscription to download the MDOP ISO package from the MSDN subscriptions site.
-
-- The [Volume Licensing Service Center](https://www.microsoft.com/en-us/licensing/default.aspx) if you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home).
-
-In large organizations, you might want to install more than one instance of the server components to get:
-
-- Fault tolerance for situations when one of the servers is unavailable.
-
-- High availability to balance server requests. We recommend using a network load balancer to achieve this.
-
-- Scalability to support a high load. For example, you can install additional servers behind a network load balancer.
+* Fault tolerance for situations when one of the servers is unavailable.
+* High availability to balance server requests. A network load balancer can also help you acheive this.
+* Scalability to support high loads. For example, you can install additional servers behind a network load balancer.
## App-V standalone deployment
-The App-V standalone deployment provides a good topology for a small deployment or a test environment. When you use this type of implementation, all server components are installed on a single computer. The services and associated databases will compete for the resources on the computer that runs the App-V components. Therefore, you should not use this strategy for larger deployments.
-- [How to Deploy the App-V Server](appv-deploy-the-appv-server.md)
+The App-V standalone deployment's topology is good for small deployments or test environments. In this implementation type, all server components are installed on a single computer. The services and associated databases will compete for the resources on the computer that runs the App-V components. However, because services and associated databases will compete for the computer's resources, it's not a good idea to use the standalone deployment for larger deployments.
-- [How to Deploy the App-V Server Using a Script](appv-deploy-the-appv-server-with-a-script.md)
+The following articles will give you more information about how to set up an App-V standalone deployment.
-## App-V Server distributed deployment
-The distributed deployment topology can support a large App-V client base and it allows you to more easily manage and scale your environment. When you use this type of deployment, the App-V server components are deployed across multiple computers, based on the structure and requirements of the organization.
+* [How to deploy the App-V server](appv-deploy-the-appv-server.md)
+* [How to deploy the App-V server using a script](appv-deploy-the-appv-server-with-a-script.md)
-- [How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](appv-install-the-management-and-reporting-databases-on-separate-computers.md)
+## App-V server distributed deployment
-- [How to install the Management Server on a Standalone Computer and Connect it to the Database](appv-install-the-management-server-on-a-standalone-computer.md)
+The distributed deployment topology can support a large App-V client base, allowing you to more easily manage and scale your environment. When you use this type of deployment the App-V server components are deployed across multiple computers, based on your organization's structure and requirements.
-- [How to Deploy the App-V Server Using a Script](appv-deploy-the-appv-server-with-a-script.md)
-
-- [How to Install the Publishing Server on a Remote Computer](appv-install-the-publishing-server-on-a-remote-computer.md)
-
-- [How to install the Management Server on a Standalone Computer and Connect it to the Database](appv-install-the-management-server-on-a-standalone-computer.md)
+* [How to install the management and reporting databases on separate computers from the management and reporting services](appv-install-the-management-and-reporting-databases-on-separate-computers.md)
+* [How to install the management server on a standalone computer and connect it to the database](appv-install-the-management-server-on-a-standalone-computer.md)
+* [How to deploy the App-V server using a script](appv-deploy-the-appv-server-with-a-script.md)
+* [How to install the publishing server on a remote computer](appv-install-the-publishing-server-on-a-remote-computer.md)
+* [How to install the management server on a standalone computer and connect it to the database](appv-install-the-management-server-on-a-standalone-computer.md)
## Using an Enterprise Software Distribution (ESD) solution and App-V
-You can also deploy packages by using an ESD. The full capabilities for integration will vary depending on the ESD that you use.
->**Note**
The App-V reporting server and reporting database can still be deployed alongside the ESD to collect the reporting data from the App-V clients. However, the other three server components should not be deployed, because they will conflict with the ESD functionality.
+You can also deploy packages with an ESD. Its full integration capabilities will vary depending on which ESD you use.
-[Deploying App-V Packages by Using Electronic Software Distribution (ESD)](appv-deploying-packages-with-electronic-software-distribution-solutions.md)
+>[!NOTE]
+>The App-V reporting server and reporting database can still be deployed alongside the ESD to collect the reporting data from the App-V clients. However, the other three server components should not be deployed, because they will conflict with the ESD functionality.
+
+* [Deploying App-V packages by Using Electronic Software Distribution (ESD)](appv-deploying-packages-with-electronic-software-distribution-solutions.md)
## App-V Server logs
+
You can use App-V server log information to help troubleshoot the server installation and operational events while using App-V. The server-related log information can be reviewed with the **Event Viewer**. The following line displays the specific path for Server-related events:
**Event Viewer \\ Applications and Services Logs \\ Microsoft \\ App V**
@@ -92,22 +88,23 @@ Associated setup logs are saved in the following directory:
**%temp%**
## App-V reporting
+
App-V reporting allows App-V clients to collect data and then send it back to be stored in a central repository. You can use this information to get a better view of the virtual application usage within your organization. The following list displays some of the types of information the App-V client collects:
-- Information about the computer that runs the App-V client.
+* Information about the computer running the App-V client.
+* Information about virtualized packages on a specific computer running the App-V client.
+* Information about package open and shutdown for a specific user.
-- Information about virtualized packages on a specific computer that runs the App-V client.
+The reporting information will be maintained until it is successfully sent to the reporting server database. After the data is in the database, you can use Microsoft SQL Server Reporting Services (SSRS) to generate any necessary reports.
-- Information about package open and shutdown for a specific user.
+If you want to retrieve report information, you must use Microsoft SQL SSRS, which is available with Microsoft SQL. SSRS must be deployed separately to generate the associated reports, as it isn't automatically installed during App-V server installation.
-The reporting information will be maintained until it is successfully sent to the reporting server database. After the data is in the database, you can use Microsoft SQL Server Reporting Services to generate any necessary reports.
+For more information, see [About App-V reporting](appv-reporting.md) and [How to enable reporting on the App-V client by using Windows PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md).
-If you want to retrieve report information, you must use Microsoft SQL Server Reporting Services (SSRS) which is available with Microsoft SQL. SSRS is not installed when you install the App-V reporting server and it must be deployed separately to generate the associated reports.
+## Other App-V server resources
-For more information, see [About App-V Reporting](appv-reporting.md) and [How to Enable Reporting on the App-V Client by Using Windows PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md).
-
-## Other resources for the App-V server
-- [Deploying App-V](appv-deploying-appv.md)
+* [Deploying App-V](appv-deploying-appv.md)
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
+
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-deployment-checklist.md b/windows/application-management/app-v/appv-deployment-checklist.md
index 2382fb9bf3..e979c7f02f 100644
--- a/windows/application-management/app-v/appv-deployment-checklist.md
+++ b/windows/application-management/app-v/appv-deployment-checklist.md
@@ -6,74 +6,27 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
-
# App-V Deployment Checklist
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
-This checklist can be used to help you during an App-V deployment.
+This checklist outlines the recommended steps and items to consider when deploying App-V features. Use it to organize your priorites while you deploy App-V. You can copy this checklist into a spreadsheet program and customize it for your use.
->**Note**
-This checklist outlines the recommended steps and items to consider when deploying App-V features. We recommend that you copy this checklist into a spreadsheet program and customize it for your use.
+|Status|Task|References|Notes|
+|---|---|---|---|
+||Prepare the computing environment for App-V deployment during your planning phase.|[App-V planning checklist](appv-planning-checklist.md)||
+||Review App-V's supported configurations.|[App-V supported configurations](appv-supported-configurations.md)||
+||Run App-V Setup to deploy the required App-V features for your environment.|[How to install the sequencer](appv-install-the-sequencer.md)
[Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md)
[How to deploy the App-V server](appv-deploy-the-appv-server.md)||
-
-
+>[!NOTE]
+>Keep track of server names and associated URLs you create during installation. You'll need this information throughout the installation process.
## Have a suggestion for App-V?
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
-
-
-
-
- Task
-References
-Notes
-
-
-
-
-
-
-
-
-
-
-
-
-
-
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
-[Deploying App-V](appv-deploying-appv.md)
+* [Deploying App-V](appv-deploying-appv.md)
diff --git a/windows/application-management/app-v/appv-dynamic-configuration.md b/windows/application-management/app-v/appv-dynamic-configuration.md
index 765d08ffa9..5cc4247912 100644
--- a/windows/application-management/app-v/appv-dynamic-configuration.md
+++ b/windows/application-management/app-v/appv-dynamic-configuration.md
@@ -735,7 +735,7 @@ To create the file manually, the information above in previous sections can be c
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
index 4201fc2dd5..3ae3740c77 100644
--- a/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
@@ -29,4 +29,4 @@ Starting in App-V 5.0 SP3, you can configure the App-V client so that only admin
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md b/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md
index 40e2ad2093..c21abca90a 100644
--- a/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md
+++ b/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md
@@ -41,7 +41,7 @@ Use the following procedure to configure the App-V for reporting.
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md b/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
index 99775a8445..ff0ad45667 100644
--- a/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
+++ b/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
@@ -6,49 +6,37 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
# Enable the App-V in-box client
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
-The App-V client is the component that runs virtualized applications on user devices. The client enables users to interact with icons and file names to start virtualized applications. The client can also get virtual application content from the management server.
+The App-V client is the component that runs virtualized applications on user devices. Once you enable the client, users can interact with icons and file names to start virtualized applications. The client can also get virtual application content from the management server.
-With Windows 10, version 1607, the App-V client is installed automatically. You need to enable the client to allow user devices to access and run virtual applications. You can enable the client with the Group Policy editor or with Windows PowerShell.
+With Windows 10, version 1607, the App-V client is installed automatically. However, you'll still need to enable the client yourself to allow user devices to access and run virtual applications. You can set up the client with the Group Policy editor or with Windows PowerShell.
-**To enable the App-V client with Group Policy:**
+Here's how to enable the App-V client with Group Policy:
-1. Open the device’s **Group Policy Editor**.
+1. Open the device’s **Group Policy Editor**.
+2. Navigate to **Computer Configuration** > **Administrative Templates** > **System** > **App-V**.
+3. Run **Enables App-V Client**, then select **Enabled**.
+4. Restart the device.
-2. Navigate to **Computer Configuration** > **Administrative Templates** > **System** > **App-V**.
+Here's how to enable the App-V client with Windows PowerShell:
-3. Run **Enables App-V Client** and then select **Enabled** on the screen that appears.
+1. Open Windows PowerShell.
+2. Enter **Enable-Appv**, then select the Enter key.
+3. Restart the device.
+4. To verify that the App-V client is working, enter **Get-AppvStatus**, then select the Enter key.
-4. Restart the device.
+Check out these articles for more information about how to configure the App-V client:
-**To enable the App-V client with Windows PowerShell:**
-
-1. Open Windows PowerShell.
-
-2. Type `Enable-Appv` and press ENTER.
-
-3. Restart the device.
-
-4. To verify that the App-V client is enabled on the device, type `Get-AppvStatus` and press ENTER.
-
-
-For information about configuring the App-V client, see:
-
-- [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)
-
-- [How to Modify Client Configuration by Using Windows PowerShell](appv-modify-client-configuration-with-powershell.md)
-
-- [Using the client management console](appv-using-the-client-management-console.md)
-
-- [How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server](appv-configure-the-client-to-receive-updates-from-the-publishing-server.md)
+* [Deploying the App-V Sequencer and configuring the client](appv-deploying-the-appv-sequencer-and-client.md)
+* [How to modify client configuration by using Windows PowerShell](appv-modify-client-configuration-with-powershell.md)
+* [Using the client management console](appv-using-the-client-management-console.md)
+* [How to configure the client to receive package and connection group updates From the Publishing server](appv-configure-the-client-to-receive-updates-from-the-publishing-server.md)
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-evaluating-appv.md b/windows/application-management/app-v/appv-evaluating-appv.md
index 655ab01b0e..d055f0c12d 100644
--- a/windows/application-management/app-v/appv-evaluating-appv.md
+++ b/windows/application-management/app-v/appv-evaluating-appv.md
@@ -47,7 +47,7 @@ Use the following links for more information about creating and managing virtual
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-for-windows.md b/windows/application-management/app-v/appv-for-windows.md
index 9b59235639..857938e467 100644
--- a/windows/application-management/app-v/appv-for-windows.md
+++ b/windows/application-management/app-v/appv-for-windows.md
@@ -66,4 +66,4 @@ The topics in this section provide information and step-by-step procedures to he
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/application-management/app-v/appv-getting-started.md b/windows/application-management/app-v/appv-getting-started.md
index 447b1277d6..1003f2f5a6 100644
--- a/windows/application-management/app-v/appv-getting-started.md
+++ b/windows/application-management/app-v/appv-getting-started.md
@@ -6,73 +6,52 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 03/28/2018
+ms.date: 04/18/2018
---
+# Getting started with App-V for Windows 10
+>Applies to: Windows 10, version 1607
-# Getting Started with App-V for Windows 10
+Microsoft Application Virtualization (App-V) for Windows 10 delivers Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service in real time and on an as-needed basis. Users launch virtual applications from familiar access points and interact with them as if they were installed locally.
-**Applies to**
-- Windows 10
-
-Microsoft Application Virtualization (App-V) for Windows 10 enables organizations to deliver Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service – in real time and on as as-needed basis. Users launch virtual applications from familiar access points and interact with them as if they were installed locally.
-
-With the release of Windows 10, version 1607, App-V is included with the [Windows 10 for Enterprise edition](https://www.microsoft.com/en-us/WindowsForBusiness/windows-for-enterprise). If you are new to Windows 10 and App-V, review which versions of Windows are supported and have the necessary software preinstalled in the [App-V for Windows 10 Prerequisites](appv-prerequisites.md).
+With the release of Windows 10, version 1607, App-V is included with the [Windows 10 for Enterprise edition](https://www.microsoft.com/en-us/WindowsForBusiness/windows-for-enterprise). If you're new to Windows 10 and App-V, you’ll need to download, activate, and install server- and client-side components to start delivering virtual applications to users. To learn what you need to know before getting started with App-V, see the [Application Virtualization (App-V) overview](appv-for-windows.md).
If you’re already using App-V, performing an in-place upgrade to Windows 10 on user devices automatically installs the App-V client and migrates users’ App-V applications and settings. For more information about how to configure an existing App-V installation after upgrading user devices to Windows 10, see [Upgrading to App-V for Windows 10 from an existing installation](appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md).
->**Important**
-You can upgrade your existing App-V installation to App-V for Windows from App-V versions 5.0 SP2 and higher only. If you are using an earlier version of App-V, you’ll need to upgrade from that version to App-V 5.0 SP2 before you upgrade.
+>[!IMPORTANT]
+>You can upgrade your existing App-V installation to App-V for Windows from App-V versions 5.0 SP2 and higher only. If you are using an earlier version of App-V, you’ll need to upgrade your existing App-V installation to App-V 5.0 SP2 before upgrading to App-V for Windows.
-For information about previous versions of App-V, see [MDOP Information Experience](https://technet.microsoft.com/itpro/mdop/index).
+To learn more about previous versions of App-V, see [MDOP information experience](https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/index).
## Getting started with App-V for Windows 10 (new installations)
-To start using App-V to deliver virtual applications to users, you’ll need to download, enable, and install server- and client-side components. The following table provides information about the App-V for Windows 10 components and where to find them.
+To start using App-V to deliver virtual applications to users, you’ll need to download, enable, and install server- and client-side components. The following table describes the App-V for Windows 10 components, what they do, and where to find them.
| Component | What it does | Where to find it |
|------------|--|------|
-| App-V server components | App-V offers five server components that work together to allow you to host and publish virtual applications, generate usage reports, and manage your App-V environment. For information about the server components, see [Deploying the App-V Server](appv-deploying-the-appv-server.md).
**Note** If you're already using App-V 5.x, you don't need to re-deploy the App-V server components as they haven't changed since App-V 5.0 was released. | The App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package, which can be downloaded from:
- The [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/en-us/subscriptions/downloads/default.aspx#FileId=65215). You must have a MSDN subscription to download the MDOP ISO package from the MSDN subscriptions site.
- The [Volume Licensing Service Center](https://www.microsoft.com/en-us/licensing/default.aspx) if you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home).
See [Deploying the App-V Server](appv-deploying-the-appv-server.md) for more information about installing and using the server components.
-| App-V client and App-V Remote Desktop Services (RDS) client | The App-V client is the component that runs virtualized applications on user devices. The client enables users to interact with icons and file names to start virtualized applications. | The App-V client is automatically installed with Windows 10, version 1607.
For information about enabling the client, see [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md). |
-| App-V sequencer | Use the App-V sequencer to convert Win32 applications into virtual packages for deployment to user devices. Devices must be running the App-V client to allow users to interact with virtual applications. | Installed with the [Windows Assessment and Deployment kit (ADK) for Windows 10, version 1607](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). |
+| App-V server components | App-V offers five server components that work together to allow you to host and publish virtual applications, generate usage reports, and manage your App-V environment. For more details, see [Deploying the App-V Server](appv-deploying-the-appv-server.md).
If you're already using App-V 5.x, you don't need to redeploy the App-V server components, as they haven't changed since App-V 5.0's release. | The App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package that can be downloaded from the following locations:
If you have a Microsoft Developer Network (MSDN) subscription, use the [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/en-us/subscriptions/downloads/default.aspx#FileId=65215) to download the MDOP ISO package.
If you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home), download it from the [Volume Licensing Service Center](https://www.microsoft.com/en-us/licensing/default.aspx).
See [Deploying the App-V Server](appv-deploying-the-appv-server.md) for more information about installing and using the server components.|
+| App-V client and App-V Remote Desktop Services (RDS) client | The App-V client is the component that runs virtualized applications on user devices, allowing users to interact with icons and file names to start virtualized applications. | The App-V client is automatically installed with Windows 10, version 1607.
To learn how to enable the client, see [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md). |
+| App-V sequencer | Use the App-V sequencer to convert Win32 applications into virtual packages for deployment to user devices. Devices must run the App-V client to allow users to interact with virtual applications. | Installed with the [Windows Assessment and Deployment kit (ADK) for Windows 10, version 1607](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). |
For more information about these components, see [High Level Architecture for App-V](appv-high-level-architecture.md).
-If you are new to this product, we recommend that you read the documentation thoroughly. Before you deploy it to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For information about Microsoft training opportunities, see the [Microsoft Training Overview](https://www.microsoft.com/en-us/learning/default.aspx).
+If you're new to App-V, it's a good idea to read the documentation thoroughly. Before deploying App-V in a production environment, you can ensure installation goes smoothly by validating your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. To get started, see the [Microsoft Training Overview](https://www.microsoft.com/en-us/learning/default.aspx).
## Getting started with App-V
+[What's new in App-V](appv-about-appv.md) provides a high-level overview of App-V and how it can be used in your organization.
-- [What's new in App-V](appv-about-appv.md)
+[Evaluating App-V](appv-evaluating-appv.md) provides information about how you can best evaluate App-V for use in your organization.
- Provides a high-level overview of App-V and how it can be used in your organization.
+[High Level Architecture for App-V](appv-high-level-architecture.md) provides a description of the App-V features and how they work together.
-- [Evaluating App-V](appv-evaluating-appv.md)
-
- Provides information about how you can best evaluate App-V for use in your organization.
-
-- [High Level Architecture for App-V](appv-high-level-architecture.md)
-
- Provides a description of the App-V features and how they work together.
-
-## Other resources for this product
-
-
-- [Application Virtualization (App-V) overview](appv-for-windows.md)
-
-- [Planning for App-V](appv-planning-for-appv.md)
-
-- [Deploying App-V](appv-deploying-appv.md)
-
-- [Operations for App-V](appv-operations.md)
-
-- [Troubleshooting App-V](appv-troubleshooting.md)
-
-- [Technical Reference for App-V](appv-technical-reference.md)
-
-## Have a suggestion for App-V?
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+## Other resources for this product
+* [Application Virtualization (App-V) overview](appv-for-windows.md)
+* [Planning for App-V](appv-planning-for-appv.md)
+* [Deploying App-V](appv-deploying-appv.md)
+* [Operations for App-V](appv-operations.md)
+* [Troubleshooting App-V](appv-troubleshooting.md)
+* [Technical reference for App-V](appv-technical-reference.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-high-level-architecture.md b/windows/application-management/app-v/appv-high-level-architecture.md
index 53dae3fb94..3b799fe1ab 100644
--- a/windows/application-management/app-v/appv-high-level-architecture.md
+++ b/windows/application-management/app-v/appv-high-level-architecture.md
@@ -1,85 +1,33 @@
---
-title: High Level Architecture for App-V (Windows 10)
-description: High Level Architecture for App-V
+title: High-level architecture for App-V (Windows 10)
+description: High-level Architecture for App-V.
author: MaggiePucciEvans
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
+# High-level architecture for App-V
+>Applies to: Windows 10, version 1607
-# High Level Architecture for App-V
-
-**Applies to**
-- Windows 10, version 1607
-
-Use the following information to help you simplify you Microsoft Application Virtualization (App-V) deployment.
-
-## Architecture Overview
+Use the following information to simplify your Microsoft Application Virtualization (App-V) deployment.
+## Architecture overview
A typical App-V implementation consists of the following elements.
-
-
+|Element|Description|
+|---|---|
+|App-V Management server|The App-V Management server provides overall management functionality for the App-V infrastructure. Additionally, you can install more than one instance of the management server in your environment which provides the following benefits:
-
-
-
-Element
-More information
-
-
-
-
-
-
-
-
-
-
-
-
-
**Fault tolerance and high availability**—installing and configuring the App-V Management server on two separate computers can help in situations when one of the servers is unavailable or offline. You can also help increase App-V availability by installing the Management server on multiple computers. In this scenario, consider using a network load balancer to keep server requests balanced.
**Scalability**—you can add additional management servers as necessary to support a high load. For example, you can install multiple servers behind a load balancer.|
+|App-V Publishing Server|The App-V publishing server provides functionality for virtual application hosting and streaming. The publishing server does not require a database connection and supports HTTP and HTTPS protocols.
You can also help increase App-V availability by installing the Publishing server on multiple computers. You should also consider having a network load balancer to keep server requests balanced.|
+|App-V Reporting Server|The App-V Reporting server lets authorized users run and view existing App-V reports and ad hoc reports for managing App-V infrastructure. The Reporting server requires a connection to the App-V reporting database. You can also help increase App-V availability by installing the Reporting server on multiple computers. You should also consider having a network load balancer to keep server requests balanced.|
+|App-V Client|The App-V client enables packages created using App-V to run on target computers.|
-
-**Note**
-If you are using App-V with Electronic Software Distribution (ESD) you are not required to use the App-V Management server. However, you can still utilize the reporting and streaming functionality of App-V.
-
-## Have a suggestion for App-V?
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+>[!NOTE]
+>If you are using App-V with electronic software distribution (ESD), you aren't required to use the App-V Management server. However, you can still use App-V's reporting and streaming functionality.
## Related topics
-
-[Getting Started with App-V](appv-getting-started.md)
-
-
-
-
-
-
-
-
-
+- [Getting Started with App-V](appv-getting-started.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md b/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
index b2d945ee06..efc8ef2948 100644
--- a/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
+++ b/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
@@ -139,7 +139,7 @@ Before attempting this procedure, you should read and understand the information
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md b/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md
index eb3ed96877..3097201087 100644
--- a/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md
+++ b/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md
@@ -1,100 +1,77 @@
---
-title: How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services (Windows 10)
-description: How to install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services
+title: How to Install the Management and Reporting Databases on separate computers from the Management and Reporting Services (Windows 10)
+description: How to install the Management and Reporting Databases on separate computers from the Management and Reporting Services.
author: MaggiePucciEvans
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
+# How to Install the Management and Reporting Databases on separate computers from the Management and Reporting Services
-
-# How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services
-
-**Applies to**
-- Windows Server 2016
+>Applies to: Windows Server 2016
Use the following procedure to install the database server and management server on different computers. The computer you plan to install the database server on must be running a supported version of Microsoft SQL or the installation will fail.
->**Note**
-After you complete the deployment, the **Microsoft SQL Server name**, **instance name** and **database name** will be required by the administrator installing the service to be able to connect to these databases.
+>[!NOTE]
+>After you complete the deployment, the administrator installing the service will need the Microsoft SQL Server name, instance name and the database name to connect to these databases.
-**To install the management database and the management server on separate computers**
+## Installing the management database and the management server on separate computers
-1. Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**.
+1. Copy the App-V server installation files to the computer you want to install it on. To start the App-V server installation, run **appv\_server\_setup.exe** as an administrator, then select **Install**.
+2. On the **Getting started** page, review and accept the license terms, then select **Next**.
+3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**, then select **Next**.
+4. On the **Feature selection** page, select the components you want to install by first selecting the **Management Server Database** checkbox, then selecting **Next**.
+5. On the **Installation location** page, accept the default location and select **Next**.
+6. On the initial **Create new management server database** page, accept the default selections if appropriate, then select **Next**.
+ * If you are using a custom SQL Server instance, select **Use a custom instance** and enter the name of the instance.
+ * If you are using a custom database name, select **Custom configuration** and enter the database name.
+7. On the next **Create new management server database** page, select **Use a remote computer**, then enter the remote machine account using the following format: ```Domain\MachineAccount```.
-2. On the **Getting Started** page, review and accept the license terms, and click **Next**.
+ >[!NOTE]
+ >If you plan to deploy the management server on the same computer you must select **Use this local computer**. Specify the user name for the management server **Install Administrator** using the following format: ```Domain\AdministratorLoginName```. After that, select **Next**.
+8. To start the installation, select **Install**.
-3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**.
+## Installing the reporting database and the reporting server on separate computers
-4. On the **Feature Selection** page, select the components you want to install by selecting the **Management Server Database** checkbox and click **Next**.
+1. Copy the App-V server installation files to the computer you want to install it on. To start the App-V server installation, run **appv\_server\_setup.exe** as an administrator, then select **Install**.
+2. On the **Getting started** page, review and accept the license terms, then select **Next**.
+3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft Update, select **Use Microsoft Update when I check for updates (recommended)**. To disable Microsoft Update, select **I don’t want to use Microsoft Update**. After that, select **Next**.
+4. On the **Feature selection** page, select the components you want to install by first selecting the **Reporting Server Database** checkbox, then selecting **Next**.
+5. On the **Installation Location** page, accept the default location and select **Next**.
+6. On the initial **Create new management server database** page, accept the default selections if appropriate, then select **Next**.
+ * If you're using a custom SQL Server instance, select **Use a custom instance** and enter the instance name.
+ * If you're using a custom database name, select **Custom configuration** and enter the database name.
+7. On the next **Create new management server database** page, select **Use a remote computer**, and enter the remote machine account using the following format: ```Domain\MachineAccount```.
-5. On the **Installation Location** page, accept the default location and click **Next**.
+ >[!NOTE]
+ >If you plan to deploy the reporting server on the same computer you must select **Use this local computer**. Specify the user name for the reporting server **Install Administrator** using the following format: Domain\\AdministratorLoginName. After that, select **Next**.
+8. To start the installation, select **Install**.
-6. On the initial **Create New Management Server Database page**, accept the default selections if appropriate, and click **Next**.
+## Installing the management and reporting databases using App-V database scripts
- If you are using a custom SQL Server instance, then select **Use a custom instance** and type the name of the instance.
+1. Copy the App-V server installation files to the computer on which you want to install it on.
+2. To extract the App-V database scripts, open a command prompt and specify the location where the installation files are saved and run the following command:
- If you are using a custom database name, then select **Custom configuration** and type the database name.
+ ```SQL
+ appv\_server\_setup.exe /LAYOUT /LAYOUTDIR=”InstallationExtractionLocation”
+ ```
+
+3. After the extraction has been completed, to access the App-V database scripts and instructions readme file:
-7. On the next **Create New Management Server Database** page, select **Use a remote computer**, and type the remote machine account using the following format: **Domain\\MachineAccount**.
+ * The App-V Management Database scripts and instructions readme are located in the following folder: **InstallationExtractionLocation** \\ **Database Scripts** \\ **Management Database**.
+ * The App-V Reporting Database scripts and instructions readme are located in the following folder: **InstallationExtractionLocation** \\ **Database Scripts** \\ **Reporting Database**.
+4. For each database, copy the scripts to a share and modify them following the instructions in the readme file.
- >**Note**
- If you plan to deploy the management server on the same computer you must select **Use this local computer**. Specify the user name for the management server **Install Administrator** using the following format: Domain\\AdministratorLoginName. Click **Next**.
+ >[!NOTE]
+ >For more information about modifying the required SIDs contained in the scripts see, [How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell](appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md).
+5. Run the scripts on the computer running Microsoft SQL Server.
-8. To start the installation, click **Install**.
+## Have a suggestion for App-V?
-**To install the reporting database and the reporting server on separate computers**
-
-1. Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**.
-
-2. On the **Getting Started** page, review and accept the license terms, and click **Next**.
-
-3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**.
-
-4. On the **Feature Selection** page, select the components you want to install by selecting the **Reporting Server Database** checkbox and click **Next**.
-
-5. On the **Installation Location** page, accept the default location and click **Next**.
-
-6. On the initial **Create New Reporting Server Database** page, accept the default selections if appropriate, and click **Next**.
-
- If you are using a custom SQL Server instance, then select **Use a custom instance** and type the name of the instance.
-
- If you are using a custom database name, then select **Custom configuration** and type the database name.
-
-7. On the next **Create New Reporting Server Database** page, select **Use a remote computer**, and type the remote machine account using the following format: Domain\\MachineAccount.
-
- **Note**
- If you plan to deploy the reporting server on the same computer you must select **Use this local computer**. Specify the user name for the reporting server **Install Administrator** using the following format: Domain\\AdministratorLoginName. Click **Next**.
-
-8. To start the installation, click **Install**.
-
-**To install the management and reporting databases using App-V database scripts**
-
-1. Copy the App-V server installation files to the computer on which you want to install it on.
-
-2. To extract the App-V database scripts, open a command prompt and specify the location where the installation files are saved and run the following command:
-
- **appv\_server\_setup.exe** **/LAYOUT** **/LAYOUTDIR=”InstallationExtractionLocation”**
-
-3. After the extraction has been completed, to access the App-V database scripts and instructions readme file:
-
- - The App-V Management Database scripts and instructions readme are located in the following folder: **InstallationExtractionLocation** \\ **Database Scripts** \\ **Management Database**.
-
- - The App-V Reporting Database scripts and instructions readme are located in the following folder: **InstallationExtractionLocation** \\ **Database Scripts** \\ **Reporting Database**.
-
-4. For each database, copy the scripts to a share and modify them following the instructions in the readme file.
-
- **Note**
- For more information about modifying the required SIDs contained in the scripts see, [How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell](appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md).
-
-5. Run the scripts on the computer running Microsoft SQL Server.
-
-## Have a suggestion for App-V?
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
-[Deploying App-V](appv-deploying-appv.md)
+* [Deploying App-V](appv-deploying-appv.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md b/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md
index fa923602c4..2da4a3b2f6 100644
--- a/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md
+++ b/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md
@@ -6,56 +6,34 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
-
# How to install the Management Server on a Standalone Computer and Connect it to the Database
-**Applies to**
-- Windows Server 2016
+>Applies to: Windows Server 2016
-Use the following procedure to install the management server on a standalone computer and connect it to the database.
+To install the management server on a standalone computer and connect it to the database, follow these steps.
-**To install the management server on a standalone computer and connect it to the database**
+1. Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation, run **appv\_server\_setup.exe** as an administrator, then select **Install**.
+2. On the **Getting Started** page, review and accept the license terms, then select **Next**.
+3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft Udpate, select **Use Microsoft Update when I check for updates (recommended)**. To disable Microsoft Update, select **I don’t want to use Microsoft Update**, then select **Next**.
+4. On the **Feature Selection** page, select the **Management Server** checkbox, then select **Next**.
+5. On the **Installation Location** page, accept the default location, then select **Next**.
+6. On the **Configure Existing Management Database** page, select **Use a remote SQL Server**, then enter the computer running Microsoft SQL's machine name, such as ```SqlServerMachine```.
-1. Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**.
+ >[!NOTE]
+ >If the Microsoft SQL Server is deployed on the same server, select **Use local SQL Server**. For the SQL Server Instance, select **Use the default instance**. If you are using a custom Microsoft SQL Server instance, you must select **Use a custom instance**, then enter the instance's name. Specify the **SQL Server Database name** that this management server will use, such as ```AppvManagement```.
+7. On the **Configure management server configuration** page, specify the following items:
+ * The AD group or account that will connect to the management console for administrative purposes for example **MyDomain\\MyUser** or **MyDomain\\AdminGroup**. The account or AD group you specify will be enabled to manage the server through the management console. You can add additional users or groups using the management console after installation
+ * The **Website Name** you want to use for the management service. Accept the default if you do not have a custom name.
+ * For the **Port Binding**, specify a unique port number, such as **12345**.
+8. Select **Install**.
+9. To confirm that the setup has completed successfully, open a web browser and enter the following URL: https://managementserver:portnumber/Console. If the installation was successful, you should see the **Management Console** appear without any error messages or warnings displayed.
-2. On the **Getting Started** page, review and accept the license terms, and click **Next**.
+## Have a suggestion for App-V?
-3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**.
-
-4. On the **Feature Selection** page, select the **Management Server** checkbox and click **Next**.
-
-5. On the **Installation Location** page, accept the default location and click **Next**.
-
-6. On the **Configure Existing Management Database** page, select **Use a remote SQL Server**, and type the machine name of the computer running Microsoft SQL SQL, for example **SqlServerMachine**.
-
- >**Note**
- If the Microsoft SQL Server is deployed on the same server, select **Use local SQL Server**. For the SQL Server Instance, select **Use the default instance**. If you are using a custom Microsoft SQL Server instance, you must select **Use a custom instance** and then type the name of the instance. Specify the **SQL Server Database name** that this management server will use, for example **AppvManagement**.
-
-7. On the **Configure Management Server Configuration** page, specify the AD group or account that will connect to the management console for administrative purposes for example **MyDomain\\MyUser** or **MyDomain\\AdminGroup**. The account or AD group you specify will be enabled to manage the server through the management console. You can add additional users or groups using the management console after installation
-
- Specify the **Website Name** that you want to use for the management service. Accept the default if you do not have a custom name. For the **Port Binding**, specify a unique port number to be used, for example **12345**.
-
-8. Click **Install**.
-
-9. To confirm that the setup has completed successfully, open a web browser, and type the following URL: http://managementserver:portnumber/Console. If the installation was successful, you should see the **Management Console** appear without any error messages or warnings being displayed.
-
-## Have a suggestion for App-V?
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
-
-[Deploying App-V](appv-deploying-appv.md)
-
-
-
-
-
-
-
-
-
+* [Deploying App-V](appv-deploying-appv.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md b/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md
index 5a9a64344a..a67700ab9a 100644
--- a/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md
+++ b/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md
@@ -6,50 +6,35 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
+# How to install the publishing server on a remote computer
-
-# How to Install the Publishing Server on a Remote Computer
-
-**Applies to**
-- Windows Server 2016
+>Applies to: Windows Server 2016
Use the following procedure to install the publishing server on a separate computer. Before you perform the following procedure, ensure the database and management server are available.
-**To install the publishing server on a separate computer**
+## Installing the publishing server on a separate computer
-1. Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**.
+1. Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation, run **appv\_server\_setup.exe** as an administrator, then select **Install**.
+2. On the **Getting started** page, review and accept the license terms, then select **Next**.
+3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended)**. To disable Microsoft Update, select **I don’t want to use Microsoft Update**. Click **Next**.
+4. On the **Feature selection** page, select the **Publishing Server** checkbox, then select **Next**.
+5. On the **Installation location** page, accept the default location, then select **Next**.
+6. On the **Configure publishing server configuration** page, specify the following items:
-2. On the **Getting Started** page, review and accept the license terms, and click **Next**.
+ * The URL for the management service that the publishing server will connect to. For example, **http://ManagementServerName:12345**.
+ * Specify the website name that you want to use for the publishing service. If you don't have a custom name, then use the default name.
+ * For the **Port binding**, specify a unique port number that will be used by App-V. For example, **54321**.
+7. On the **Ready to install** page, select **Install**.
+8. After the installation is complete, the publishing server must be registered with the management server. In the App-V management console, use the following steps to register the server:
-3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**.
+ 1. Open the App-V management server console.
+ 2. In the left pane, select **Servers**, then select **Register New Server**.
+ 3. Enter the server name and a description (if required), then select **Add**.
+9. To verify that the publishing server is running correctly, you should import a package to the management server, entitle that package to an AD group, then publish it. Using an internet browser, open the following URL: **https://publishingserver:pubport**. If the server is running correctly, information like the following example should appear.
-4. On the **Feature Selection** page, select the **Publishing Server** checkbox and click **Next**.
-
-5. On the **Installation Location** page, accept the default location and click **Next**.
-
-6. On the **Configure Publishing Server Configuration** page, specify the following items:
-
- - The URL for the management service that the publishing server will connect to. For example, **http://ManagementServerName:12345**.
-
- - Specify the website name that you want to use for the publishing service. Accept the default if you do not have a custom name.
-
- - For the **Port Binding**, specify a unique port number that will be used by App-V, for example **54321**.
-
-7. On the **Ready to Install** page, click **Install**.
-
-8. After the installation is complete, the publishing server must be registered with the management server. In the App-V management console, use the following steps to register the server:
-
- 1. Open the App-V management server console.
-
- 2. In the left pane, select **Servers**, and then select **Register New Server**.
-
- 3. Type the name of this server and a description (if required) and click **Add**.
-
-9. To verify that the publishing server is running correctly, you should import a package to the management server, entitle the package to an AD group, and publish the package. Using an internet browser, open the following URL: **http://publishingserver:pubport**. If the server is running correctly information similar to the following will be displayed:
-
- ```syntax
+ ```SQL
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
-
-[Deploying App-V](appv-deploying-appv.md)
-
-
-
-
-
-
-
-
-
+* [Deploying App-V](appv-deploying-appv.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md b/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md
index 99f591c3af..edf22cbc3d 100644
--- a/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md
+++ b/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md
@@ -1,58 +1,45 @@
---
-title: How to install the Reporting Server on a Standalone Computer and Connect it to the Database (Windows 10)
+title: How to install the Reporting Server on a standalone computer and connect it to the database (Windows 10)
description: How to install the App-V Reporting Server on a Standalone Computer and Connect it to the Database
author: MaggiePucciEvans
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
+# How to install the reporting server on a standalone computer and connect it to the database
-
-# How to install the Reporting Server on a Standalone Computer and Connect it to the Database
-
-**Applies to**
-- Windows Server 2016
+>Applies to: Windows Server 2016
Use the following procedure to install the reporting server on a standalone computer and connect it to the database.
-> **Important** Before performing the following procedure you should read and understand [About App-V Reporting](appv-reporting.md).
+>[!IMPORTANT]
+>Before performing the following procedure you should read and understand [About App-V reporting](appv-reporting.md).
-**To install the reporting server on a standalone computer and connect it to the database**
+## Install the reporting server on a standalone computer and connect it to the database
-1. Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**.
+1. Copy the App-V server installation files to the computer you plan to install it on. To start the App-V server installation, run **appv\_server\_setup.exe** as an administrator, then select **Install**.
+2. On the **Getting started** page, review and accept the license terms, then select **Next**.
+3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft Update, select **Use Microsoft Update when I check for updates (recommended)**. To disable Microsoft Update, select **I don’t want to use Microsoft Update**. Select **Next**.
+4. On the **Feature selection** page, select the **Reporting Server** checkbox, then select **Next**.
+5. On the **Installation location** page, accept the default location and select **Next**.
+6. On the **Configure existing reporting database** page, select **Use a remote SQL Server**, then enter the machine name of the computer running Microsoft SQL Server. For example, you can name your computer **SqlServerMachine**.
-2. On the **Getting Started** page, review and accept the license terms, and click **Next**.
+ >[!NOTE]
+ >If the Microsoft SQL Server is deployed on the same server, select **Use local SQL Server**. For the SQL Server instance, select **Use the default instance**. If you're using a custom Microsoft SQL Server instance, select **Use a custom instance**, then enter the name of your custom instance. Specify the **SQL Server Database name** that this reporting server will use; for example, you can name the server **AppvReporting**.
+7. On the **Configure reporting server configuration** page.
-3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**.
-
-4. On the **Feature Selection** page, select the **Reporting Server** checkbox and click **Next**.
-
-5. On the **Installation Location** page, accept the default location and click **Next**.
-
-6. On the **Configure Existing Reporting Database** page, select **Use a remote SQL Server**, and type the machine name of the computer running Microsoft SQL Server, for example **SqlServerMachine**.
-
- **Note**
- If the Microsoft SQL Server is deployed on the same server, select **Use local SQL Server**. For the SQL Server Instance, select **Use the default instance**. If you are using a custom Microsoft SQL Server instance, you must select **Use a custom instance** and then type the name of the instance. Specify the **SQL Server Database name** that this reporting server will use, for example **AppvReporting**.
-
-7. On the **Configure Reporting Server Configuration** page.
-
- - Specify the Website Name that you want to use for the Reporting Service. Leave the default unchanged if you do not have a custom name.
-
- - For the **Port binding**, specify a unique port number that will be used by App-V, for example **55555**. You should also ensure that the port specified is not being used by another website.
-
-8. Click **Install**.
+ * Specify the website name you want to use for the reporting service. Leave the default unchanged if you do not have a custom name.
+ * For the **Port binding**, specify a unique, five-digit port number for App-V to use, such as **55555**. Make sure that the specified port isn't being used by another website.
+8. Select **Install**.
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
-
-[About App-V Reporting](appv-reporting.md)
-
-[Deploying App-V](appv-deploying-appv.md)
-
-[How to Enable Reporting on the App-V Client by Using Windows PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md)
+* [About App-V reporting](appv-reporting.md)
+* [Deploying App-V](appv-deploying-appv.md)
+* [How to enable reporting on the App-V client by using Windows PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-install-the-sequencer.md b/windows/application-management/app-v/appv-install-the-sequencer.md
index c07313e6e7..c799df5bae 100644
--- a/windows/application-management/app-v/appv-install-the-sequencer.md
+++ b/windows/application-management/app-v/appv-install-the-sequencer.md
@@ -6,48 +6,43 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
-
# Install the App-V Sequencer
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
Use the App-V Sequencer to convert Win32 applications into virtual packages for deployment to user devices. Those devices must be running the App-V client to allow users to interact with virtual applications.
The App-V Sequencer is included in the Windows 10 Assessment and Deployment Kit (Windows ADK).
-> [!NOTE]
-> The computer that will run the sequencer must not have the App-V client enabled on it. As a best practice, choose a computer with the same hardware and software configurations as the computers that will run the virtual applications. The sequencing process is resource intensive, so make sure that the computer that runs the Sequencer has plenty of memory, a fast processor, and a fast hard drive.
+>[!NOTE]
+>The computer that will run the sequencer must not have the App-V client enabled. As a best practice, choose a computer with the same hardware and software configurations as the computers that will run the virtual applications. The sequencing process is resource-intensive, so make sure the computer that will run the Sequencer has plenty of memory, a fast processor, and a fast hard drive.
-To install the App-V Sequencer:
+## How to install the App-V Sequencer
-1. Go to [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit).
-
-2. Click or press the **Get Windows ADK for Windows 10** button on the page to start the ADK installer. Make sure that **Microsoft Application Virtualization (App-V) Sequencer** is selected during the installation.
+1. Go to [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit).
+2. Select the **Get Windows ADK for Windows 10** button on the page to start the ADK installer. Make sure that **Microsoft Application Virtualization (App-V) Sequencer** is selected during the installation.
+3. To open the Sequencer, go to the **Start** menu and select **Microsoft Application Virtualization (App-V) Sequencer**.
-3. To open the Sequencer, from the **Start** menu, select **Microsoft Application Virtualization (App-V) Sequencer** .
-
-See [Creating and managing virtual applications](appv-creating-and-managing-virtualized-applications.md) and the [Application Virtualization Sequencing Guide](http://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V%205.0%20Sequencing%20Guide.docx) for information about creating virtual applications with the Sequencer.
+See [Creating and managing virtual applications](appv-creating-and-managing-virtualized-applications.md) and the [Application Virtualization Sequencing Guide](https://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V%205.0%20Sequencing%20Guide.docx) for information about creating virtual applications with the Sequencer.
## Command-line options for installing the sequencer
You can also use the command line to install the App-V sequencer. The following list displays information about options for installing the sequencer using the command line and **appv\_sequencer\_setup.exe**:
-| **Command** | **Description** |
+| Command | Description |
|-------------------|------------------|
-| /INSTALLDIR | Specifies the installation directory. |
-| /Log | Specifies where the installation log will be saved, the default location is **%Temp%**. For example, **C:\\Logs\\ log.log**. |
-| /q | Specifies a quiet or silent installation. |
-| /Uninstall | Specifies the removal of the sequencer. |
-| /ACCEPTEULA | Accepts the license agreement. This is required for an unattended installation. Example usage: **/ACCEPTEULA** or **/ACCEPTEULA=1**. |
-| /LAYOUT | Specifies the associated layout action. It also extracts the Windows Installer (.msi) and script files to a folder without installing App-V. No value is expected. |
-| /LAYOUTDIR | Specifies the layout directory. Requires a string value. Example usage:**/LAYOUTDIR=”C:\\Application Virtualization Client”**. |
-| /? Or /h or /help | Displays associated help. |
+| **/INSTALLDIR** | Specifies the installation directory. |
+| **/Log** | Specifies where the installation log will be saved. The default location is **%Temp%**. For example, **C:\\Logs\\log.log**. |
+| **/q** | Specifies a quiet or silent installation. |
+| **/Uninstall** | Specifies the removal of the sequencer. |
+| **/ACCEPTEULA** | Accepts the license agreement. This is required for an unattended installation. For example, **/ACCEPTEULA** or **/ACCEPTEULA=1**. |
+| **/LAYOUT** | Specifies the associated layout action. It also extracts the Windows Installer (.msi) and script files to a folder without installing App-V. No value is expected. |
+| **/LAYOUTDIR** | Specifies the layout directory. Requires a string value. For example, **/LAYOUTDIR=”C:\\Application Virtualization Client”**. |
+| **/?** or **/h** or **/help** | Displays associated help. |
## To troubleshoot the App-V sequencer installation
@@ -55,8 +50,8 @@ For more information regarding the sequencer installation, you can view the erro
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
-- [Planning to Deploy App-V](appv-planning-to-deploy-appv.md)
+* [Planning to deploy App-V](appv-planning-to-deploy-appv.md)
diff --git a/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md b/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
index a42284d262..2a510d8f89 100644
--- a/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
+++ b/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
@@ -160,7 +160,7 @@ Starting in App-V 5.0 SP3, cmdlet help is available in two formats:
-- **On TechNet as web pages**: See the App-V node under [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](http://technet.microsoft.com/library/dn520245.aspx).
+- **On TechNet as web pages**: See the App-V node under [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](https://technet.microsoft.com/library/dn520245.aspx).
## Displaying the help for a Windows PowerShell cmdlet
@@ -174,4 +174,4 @@ To display help for a specific Windows PowerShell cmdlet:
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/application-management/app-v/appv-maintaining-appv.md b/windows/application-management/app-v/appv-maintaining-appv.md
index faf98d1a83..3db885c191 100644
--- a/windows/application-management/app-v/appv-maintaining-appv.md
+++ b/windows/application-management/app-v/appv-maintaining-appv.md
@@ -33,7 +33,7 @@ Additionally, ISV’s who want to explicitly virtualize or not virtualize calls
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Other resources for maintaining App-V
diff --git a/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md b/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
index 97eee09c9b..e3c9eca586 100644
--- a/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
+++ b/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
@@ -273,7 +273,7 @@ For more information about pending tasks, see [Upgrading an in-use App-V package
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md b/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
index d355206820..a82855cb2a 100644
--- a/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
+++ b/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
@@ -128,7 +128,7 @@ This topic explains the following procedures:
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-managing-connection-groups.md b/windows/application-management/app-v/appv-managing-connection-groups.md
index 7822555b01..3f69438c95 100644
--- a/windows/application-management/app-v/appv-managing-connection-groups.md
+++ b/windows/application-management/app-v/appv-managing-connection-groups.md
@@ -67,7 +67,7 @@ In some previous versions of App-V, connection groups were referred to as Dynami
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Other resources for App-V connection groups
diff --git a/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md b/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
index f08ad71d32..e74aecb295 100644
--- a/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
+++ b/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
@@ -250,7 +250,7 @@ There is no direct method to upgrade to a full App-V infrastructure. Use the inf
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Other resources for performing App-V migration tasks
diff --git a/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md b/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
index 0d54d46c3d..c3c5a98cac 100644
--- a/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
+++ b/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
@@ -147,7 +147,7 @@ This topic explains how to:
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md b/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
index 2390fd040c..febf5efcda 100644
--- a/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
+++ b/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
@@ -30,7 +30,7 @@ Use the following procedure to configure the App-V client configuration.
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md b/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
index 51ac36eeca..fc39d7dc05 100644
--- a/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
+++ b/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
@@ -28,7 +28,7 @@ Follow these steps to create a new management server console:
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-operations.md b/windows/application-management/app-v/appv-operations.md
index ff65d8049c..23b04fbff1 100644
--- a/windows/application-management/app-v/appv-operations.md
+++ b/windows/application-management/app-v/appv-operations.md
@@ -6,73 +6,47 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
-
# Operations for App-V
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
This section of the Microsoft Application Virtualization (App-V) Administrator’s Guide includes information about the various types of App-V administration and operating tasks that are typically performed by an administrator. This section also includes step-by-step procedures to help you successfully perform those tasks.
## Operations Information
-
-- [Creating and Managing App-V Virtualized Applications](appv-creating-and-managing-virtualized-applications.md)
+- [Creating and Managing App-V Virtualized Applications](appv-creating-and-managing-virtualized-applications.md)
Describes how to create, modify, and convert virtualized packages.
-
-- [Administering App-V Virtual Applications by Using the Management Console](appv-administering-virtual-applications-with-the-management-console.md)
+- [Administering App-V Virtual Applications by Using the Management Console](appv-administering-virtual-applications-with-the-management-console.md)
Describes how to use the App-V Management console to perform tasks such as sequencing an application, changing a package, using a project template, and using a package accelerator.
-
-- [Managing Connection Groups](appv-managing-connection-groups.md)
+- [Managing Connection Groups](appv-managing-connection-groups.md)
Describes how connection groups enable virtualized applications to communicate with each other in the virtual environment; explains how to create, publish, and delete them; and describes how connection groups can help you better manage your virtualized applications.
-
-- [Deploying App-V Packages by Using Electronic Software Distribution (ESD)](appv-deploying-packages-with-electronic-software-distribution-solutions.md)
+- [Deploying App-V Packages by Using Electronic Software Distribution (ESD)](appv-deploying-packages-with-electronic-software-distribution-solutions.md)
Describes how to deploy App-V packages by using an ESD.
-
-- [Using the App-V Client Management Console](appv-using-the-client-management-console.md)
+- [Using the App-V Client Management Console](appv-using-the-client-management-console.md)
Describes how perform client configuration tasks using the client management console.
-
-- [Migrating to App-V from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md)
+- [Migrating to App-V from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md)
Provides instructions for migrating to App-V from a previous version.
-
-- [Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md)
+- [Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md)
Describes the set of Windows PowerShell cmdlets available for administrators performing various App-V server tasks.
+## Additional information
+
+- [Application Virtualization (App-V) overview](appv-for-windows.md)
+- [Getting Started with App-V](appv-getting-started.md)
+- [Planning for App-V](appv-planning-for-appv.md)
+- [Deploying App-V](appv-deploying-appv.md)
+- [Troubleshooting App-V](appv-troubleshooting.md)
+- [Technical Reference for App-V](appv-technical-reference.md)
+
## Have a suggestion for App-V?
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
-
-## Other Resources for App-V Operations
-
-
-- [Application Virtualization (App-V) overview](appv-for-windows.md)
-
-- [Getting Started with App-V](appv-getting-started.md)
-
-- [Planning for App-V](appv-planning-for-appv.md)
-
-- [Deploying App-V](appv-deploying-appv.md)
-
-- [Troubleshooting App-V](appv-troubleshooting.md)
-
-- [Technical Reference for App-V](appv-technical-reference.md)
-
-
-
-
-
-
-
-
-
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-performance-guidance.md b/windows/application-management/app-v/appv-performance-guidance.md
index 5fe043b48f..faf22cca11 100644
--- a/windows/application-management/app-v/appv-performance-guidance.md
+++ b/windows/application-management/app-v/appv-performance-guidance.md
@@ -271,7 +271,7 @@ For more information, see:
- [Get Started with UE-V](/windows/configuration/ue-v/uev-getting-started)
-In essence all that is required is to enable the UE-V service and download the following Microsoft authored App-V settings template from the [Microsoft User Experience Virtualization (UE-V) template gallery](http://gallery.technet.microsoft.com/Authored-UE-V-Settings-bb442a33). Register the template. For more information about UE-V templates, see [User Experience Virtualization (UE-V) for Windows 10 overview](/windows/configuration/ue-v/uev-for-windows).
+In essence all that is required is to enable the UE-V service and download the following Microsoft authored App-V settings template from the [Microsoft User Experience Virtualization (UE-V) template gallery](https://gallery.technet.microsoft.com/Authored-UE-V-Settings-bb442a33). Register the template. For more information about UE-V templates, see [User Experience Virtualization (UE-V) for Windows 10 overview](/windows/configuration/ue-v/uev-for-windows).
**Note**
Without performing an additional configuration step, User Environment Virtualization (UE-V) will not be able to synchronize the Start menu shortcuts (.lnk files) on the target computer. The .lnk file type is excluded by default.
@@ -444,41 +444,41 @@ In a non-persistent environment, it is unlikely these pended operations will be
The following section contains lists with information about Microsoft documentation and downloads that may be useful when optimizing your environment for performance.
-
+
**.NET NGEN Blog (Highly Recommended)**
-- [How to speed up NGEN optimization](http://blogs.msdn.com/b/dotnet/archive/2013/08/06/wondering-why-mscorsvw-exe-has-high-cpu-usage-you-can-speed-it-up.aspx)
+- [How to speed up NGEN optimization](https://blogs.msdn.com/b/dotnet/archive/2013/08/06/wondering-why-mscorsvw-exe-has-high-cpu-usage-you-can-speed-it-up.aspx)
**Windows Server and Server Roles**
Server Performance Tuning Guidelines for
-- [Microsoft Windows Server 2012 R2](http://msdn.microsoft.com/library/windows/hardware/dn529133.aspx)
+- [Microsoft Windows Server 2012 R2](https://msdn.microsoft.com/library/windows/hardware/dn529133.aspx)
-- [Microsoft Windows Server 2012](http://download.microsoft.com/download/0/0/B/00BE76AF-D340-4759-8ECD-C80BC53B6231/performance-tuning-guidelines-windows-server-2012.docx)
+- [Microsoft Windows Server 2012](https://download.microsoft.com/download/0/0/B/00BE76AF-D340-4759-8ECD-C80BC53B6231/performance-tuning-guidelines-windows-server-2012.docx)
-- [Microsoft Windows Server 2008 R2](http://download.microsoft.com/download/6/B/2/6B2EBD3A-302E-4553-AC00-9885BBF31E21/Perf-tun-srv-R2.docx)
+- [Microsoft Windows Server 2008 R2](https://download.microsoft.com/download/6/B/2/6B2EBD3A-302E-4553-AC00-9885BBF31E21/Perf-tun-srv-R2.docx)
**Server Roles**
-- [Remote Desktop Virtualization Host](http://msdn.microsoft.com/library/windows/hardware/dn567643.aspx)
+- [Remote Desktop Virtualization Host](https://msdn.microsoft.com/library/windows/hardware/dn567643.aspx)
-- [Remote Desktop Session Host](http://msdn.microsoft.com/library/windows/hardware/dn567648.aspx)
+- [Remote Desktop Session Host](https://msdn.microsoft.com/library/windows/hardware/dn567648.aspx)
-- [IIS Relevance: App-V Management, Publishing, Reporting Web Services](http://msdn.microsoft.com/library/windows/hardware/dn567678.aspx)
+- [IIS Relevance: App-V Management, Publishing, Reporting Web Services](https://msdn.microsoft.com/library/windows/hardware/dn567678.aspx)
-- [File Server (SMB) Relevance: If used for App-V Content Storage and Delivery in SCS Mode](http://technet.microsoft.com/library/jj134210.aspx)
+- [File Server (SMB) Relevance: If used for App-V Content Storage and Delivery in SCS Mode](https://technet.microsoft.com/library/jj134210.aspx)
**Windows Client (Guest OS) Performance Tuning Guidance**
-- [Microsoft Windows 7](http://download.microsoft.com/download/E/5/7/E5783D68-160B-4366-8387-114FC3E45EB4/Performance Tuning Guidelines for Windows 7 Desktop Virtualization v1.9.docx)
+- [Microsoft Windows 7](https://download.microsoft.com/download/E/5/7/E5783D68-160B-4366-8387-114FC3E45EB4/Performance Tuning Guidelines for Windows 7 Desktop Virtualization v1.9.docx)
-- [Optimization Script: (Provided by Microsoft Support)](http://blogs.technet.com/b/jeff_stokes/archive/2012/10/15/the-microsoft-premier-field-engineer-pfe-view-on-virtual-desktop-vdi-density.aspx)
+- [Optimization Script: (Provided by Microsoft Support)](https://blogs.technet.com/b/jeff_stokes/archive/2012/10/15/the-microsoft-premier-field-engineer-pfe-view-on-virtual-desktop-vdi-density.aspx)
-- [Microsoft Windows 8](http://download.microsoft.com/download/6/0/1/601D7797-A063-4FA7-A2E5-74519B57C2B4/Windows_8_VDI_Image_Client_Tuning_Guide.pdf)
+- [Microsoft Windows 8](https://download.microsoft.com/download/6/0/1/601D7797-A063-4FA7-A2E5-74519B57C2B4/Windows_8_VDI_Image_Client_Tuning_Guide.pdf)
-- [Optimization Script: (Provided by Microsoft Support)](http://blogs.technet.com/b/jeff_stokes/archive/2013/04/09/hot-off-the-presses-get-it-now-the-windows-8-vdi-optimization-script-courtesy-of-pfe.aspx)
+- [Optimization Script: (Provided by Microsoft Support)](https://blogs.technet.com/b/jeff_stokes/archive/2013/04/09/hot-off-the-presses-get-it-now-the-windows-8-vdi-optimization-script-courtesy-of-pfe.aspx)
## Sequencing Steps to Optimize Packages for Publishing Performance
@@ -735,7 +735,7 @@ The following terms are used when describing concepts and actions related to App
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-planning-checklist.md b/windows/application-management/app-v/appv-planning-checklist.md
index e83f075640..9525003f91 100644
--- a/windows/application-management/app-v/appv-planning-checklist.md
+++ b/windows/application-management/app-v/appv-planning-checklist.md
@@ -6,78 +6,29 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
-
# App-V Planning Checklist
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
This checklist can be used to help you plan for preparing your organization for an App-V deployment.
-> [!NOTE]
-> This checklist outlines the recommended steps and a high-level list of items to consider when planning for an App-V deployment. It is recommended that you copy this checklist and customize it for your use.
+>[!NOTE]
+>This checklist outlines the recommended steps and a high-level list of items to consider when planning an App-V deployment. It's a good idea to copy this checklist and customize it for your use.
-
-
+|Status|Task|References|Notes|
+|---|---|---|---|
+||Review the getting started information about App-V to gain a basic understanding of the product before beginning deployment planning.|[Getting started with App-V](appv-getting-started.md)||
+||Plan for App-V deployment prerequisites and prepare your computing environment.|[App-V prerequisites](appv-prerequisites.md)||
+||If you plan to use the App-V management server, plan for the required roles.|[Planning for the App-V server deployment](appv-planning-for-appv-server-deployment.md)||
+||Plan for the App-V sequencer and client to create and run virtualized applications.|[Planning for the App-V Sequencer and client deployment](appv-planning-for-sequencer-and-client-deployment.md)||
+||If applicable, review the options and steps for migrating from a previous version of App-V.|[Migrating to App-V from a previous version](appv-migrating-to-appv-from-a-previous-version.md)||
+||Decide whether to configure App-V clients in Shared Content Store mode.|[Deploying the App-V Sequencer and configuring the client](appv-deploying-the-appv-sequencer-and-client.md)||
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
-
-
-
-
- Task
-References
-Notes
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
diff --git a/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md b/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
index 965c94670f..28f695046f 100644
--- a/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
+++ b/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
@@ -6,145 +6,56 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
# Planning to Use Folder Redirection with App-V
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
Microsoft Application Virtualization (App-V) supports the use of folder redirection, a feature that enables users and administrators to redirect the path of a folder to a new location.
-This topic contains the following sections:
+## What is folder redirection?
-- [Requirements for using folder redirection](#bkmk-folder-redir-reqs)
+Folder redirection lets end users work with files that have been redirected to another folder as if the files still exist on the local drive.
-- [How to configure folder redirection for use with App-V](#bkmk-folder-redir-cfg)
+* Users and administrators can redirect the path of a folder to a network location. The documents in the specified folder will be available to users from any computer in the network.
+ * For example, you can redirect the Documents folder from your computer's local hard disk to a network location. The user can then access the folder's documents from any computer on the network.
+* The new location can be a folder on either the local computer or a shared network.
+* Folder redirection immediately updates the files, while roaming data is typically synchronized when the user logs in or out of a session.
-- [How folder redirection works with App-V](#bkmk-folder-redir-works)
+## Requirements for using folder redirection with App-V
-- [Overview of folder redirection](#bkmk-folder-redir-overview)
+To use %AppData% folder redirection, you must:
-## Requirements and unsupported scenarios for using folder redirection
+* Have an App-V package that has an AppData virtual file system (VFS) folder.
+* Enable folder redirection and redirect users’ folders to a shared folder, typically a network folder.
+* Roam both or neither of the following:
+ * Files under %appdata%\Microsoft\AppV\Client\Catalog
+ * Registry settings under HKEY_CURRENT_USER\Software\Microsoft\AppV\Client\Packages
+For more information, see [Application publishing and client interaction](appv-application-publishing-and-client-interaction.md#bkmk-clt-inter-roam-reqs).
-
-
+## Unsupported scenarios for App-V folder redirection
-
+The following scenatios aren't supported by App-V:
-## How to configure folder redirection for use with App-V
+* Configuring %LocalAppData% as a network drive.
+* Redirecting the Start menu to a single folder for multiple users.
+* If roaming AppData (%AppData%) is redirected to a network share that is not available, App-V applications will fail to launch, unless the unavailable network share has been enabled for Offline Files.
+## How to configure folder redirection for use with App-V
-Folder redirection can be applied to different folders, such as Desktop, My Documents, My Pictures, etc. However, the only folder that impacts the use of App-V applications is the user’s roaming AppData folder (%AppData%). You can apply folder redirection to any other supported folders without impacting App-V.
-
-## How folder redirection works with App-V
+Folder redirection can be applied to different folders, such as Desktop, My Documents, My Pictures, and so on. However, the only folder that impacts the use of App-V applications is the user’s roaming AppData folder (%AppData%). You can apply folder redirection to any other supported folders without impacting App-V.
+## How folder redirection works with App-V
The following table describes how folder redirection works when %AppData% is redirected to a network and when you have met the requirements listed earlier in this article.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-## Overview of folder redirection
-
-
-
-
-
-
-Virtual environment state
-Action that occurs
-
-
-
-
-%LocalAppData%\Microsoft\AppV\Client\VFS\PackageGUID\AppData
-
-
-HKCU\Software\Microsoft\AppV\Client\Packages\<PACKAGE_GUID>\AppDataTime
-
+|Virtual environment state|Action that occurs|
+|---|---|
+|When the virtual environment starts.|The virtual file system (VFS) AppData folder is mapped to the local AppData folder (%LocalAppData%) instead of to the user’s roaming AppData folder (%AppData%).
-
-
-
-
-
-
-
-
-
-
- LocalAppData contains a local cache of the user’s roaming AppData folder for the package in use. The local cache is located under ```%LocalAppData%\Microsoft\AppV\Client\VFS\PackageGUID\AppData```
- The latest data from the user’s roaming AppData folder is copied to and replaces the data currently in the local cache.
- While the virtual environment is running, data continues to be saved to the local cache. Data is served only out of %LocalAppData% and is not moved or synchronized with %AppData% until the end user shuts down the computer.
- Entries to the AppData folder are made using the user context, not the system context.|
+|When the virtual environment shuts down.|The local cached data in AppData (roaming) is zipped up and copied to the “real” roaming AppData folder in %AppData%. A time stamp that indicates the last known upload is simultaneously saved as a registry key under ```HKCU\Software\Microsoft\AppV\Client\Packages\
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
diff --git a/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md b/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
index 2080ab4880..eb5dc60914 100644
--- a/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
+++ b/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
@@ -6,102 +6,54 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
+# Planning for the App-V server deployment
-
-# Planning for the App-V Server Deployment
-
-**Applies to**
-- Windows Server 2016
+>Applies to: Windows Server 2016
The Microsoft Application Virtualization (App-V) server infrastructure consists of a set of specialized features that can be installed on one or more server computers, based on the requirements of the enterprise.
-## Planning for App-V Server Deployment
-
+## About the App-V server
The App-V server consists of the following features:
-- Management Server – provides overall management functionality for the App-V infrastructure.
+* Management Server—provides overall management functionality for the App-V infrastructure.
+* Management Database—facilitates database predeployments for App-V management.
+* Publishing Server—provides hosting and streaming functionality for virtual applications.
+* Reporting Server—provides App-V reporting services.
+* Reporting Database—facilitates database predeployments for App-V reporting.
-- Management Database – facilitates database predeployments for App-V management.
+The following list describes recommended App-V server infrastructure installation methods:
-- Publishing Server – provides hosting and streaming functionality for virtual applications.
+* Install the App-V server. For more information, see [How to deploy the App-V Server](appv-deploy-the-appv-server.md).
+* Install the database, reporting, and management features on separate computers. For more information, see [How to install the Management and Reporting databases on separate computers from the Management and Reporting services](appv-install-the-management-and-reporting-databases-on-separate-computers.md).
+* Use Electronic Software Distribution (ESD). For more information, see [How to deploy App-V packages using Electronic Software Distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md).
+* Install all server features on a single computer.
-- Reporting Server – provides App-V reporting services.
+## App-V server interaction
-- Reporting Database – facilitates database predeployments for App-V reporting.
+This section describes how the various App-V server roles interact with each other.
-The following list displays the recommended methods for installing the App-V server infrastructure:
+The App-V Management Server contains the repository of packages and their assigned configurations. For Publishing Servers that are registered with the Management Server, the associated metadata is provided to the Publishing servers for use when publishing refresh requests are received from computers running the App-V Client. App-V publishing servers managed by a single management server can serve different clients with different website names and port bindings. Additionally, all Publishing Servers managed by the same Management Server are replicas of each other.
-- Install the App-V server. For more information, see [How to Deploy the App-V Server](appv-deploy-the-appv-server.md).
+>[!NOTE]
+>The Management Server does not perform load balancing. The associated metadata is passed to the publishing server for use when processing client requests.
-- Install the database, reporting, and management features on separate computers. For more information, see [How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](appv-install-the-management-and-reporting-databases-on-separate-computers.md).
+## Server-related protocols and external features
-- Use Electronic Software Distribution (ESD). For more information, see [How to deploy App-V Packages Using Electronic Software Distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md).
-
-- Install all server features on a single computer.
-
-## App-V Server Interaction
-
-
-This section contains information about how the various App-V server roles interact with each other.
-
-The App-V Management Server contains the repository of packages and their assigned configurations. For Publishing Servers that are registered with the Management Server, the associated metadata is provided to the Publishing servers for use when publishing refresh requests are received from computers running the App-V Client. App-V publishing servers managed by a single management server can be serving different clients and can have different website names and port bindings. Additionally, all Publishing Servers managed by the same Management Server are replicas of each other.
-
-**Note**
-The Management Server does not perform any load balancing. The associated metadata is simply passed to the publishing server for use when processing client requests.
-
-
-
-## Server-Related Protocols and External Features
-
-
-The following displays information about server-related protocols used by the App-V servers. The table also includes the reporting mechanism for each server type.
-
-
-
+The following table lists server-related protocols used by the App-V servers, and also describes the reporting mechanism for each server type.
+|Server type|Protocols|External features needed|Reporting|
+|---|---|---|---|
+|IIS server|HTTP
-
-
-
-Server Type
-Protocols
-External Features Needed
-Reporting
-
-
-
-
-
-
-
-
-
HTTPS|This server-protocol combination requires a mechanism to synchronize content between the Management Server and the Streaming Server. When using HTTP or HTTPS, use an IIS server and a firewall to protect the server from exposure to the Internet.|Internal|
+|File|SMB|This server-protocol combination requires support to synchronize the content between the Management Server and the Streaming Server. Use a client computer that's capable of file sharing or streaming.|Internal|
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
-[Planning to Deploy App-V](appv-planning-to-deploy-appv.md)
-
-[Deploying the App-V Server](appv-deploying-the-appv-server.md)
+* [Planning to deploy App-V](appv-planning-to-deploy-appv.md)
+* [Deploying the App-V server](appv-deploying-the-appv-server.md)
diff --git a/windows/application-management/app-v/appv-planning-for-appv.md b/windows/application-management/app-v/appv-planning-for-appv.md
index c6410c847f..6a3f8107da 100644
--- a/windows/application-management/app-v/appv-planning-for-appv.md
+++ b/windows/application-management/app-v/appv-planning-for-appv.md
@@ -6,45 +6,27 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
-
# Planning for App-V
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
-Use this information to plan how to deploy App-V so that it does not disrupt your users or the network.
+Use the following information to plan to deploy App-V without disrupting your existing network or user experience.
## Planning information
-- [Preparing Your Environment for App-V](appv-preparing-your-environment.md)
+[Preparing your environment for App-V](appv-preparing-your-environment.md) describes the computing environment requirements and installation prerequisites that should be planned for before beginning App-V setup.
- This section describes the computing environment requirements and installation prerequisites that should be planned for before beginning App-V setup.
+[Planning to deploy App-V](appv-planning-to-deploy-appv.md) describes the minimum hardware and software requirements and other planning information for the App-V sequencer and App-V server components.
-- [Planning to Deploy App-V](appv-planning-to-deploy-appv.md)
+[App-V planning checklist](appv-planning-checklist.md) is a planning checklist that can assist you with App-V deployment planning.
- This section describes the minimum hardware and software requirements and other planning information for the App-V sequencer and App-V server components.
+## Other App-V planning resources
-- [App-V Planning Checklist](appv-planning-checklist.md)
-
- Planning checklist that can be used to assist in App-V deployment planning.
-
-## Have a suggestion for App-V?
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
-
-## Other resources for App-V planning
-
-- [Application Virtualization (App-V) overview](appv-for-windows.md)
-
-- [Getting started with App-V](appv-getting-started.md)
-
-- [Deploying App-V](appv-deploying-appv.md)
-
-- [Operations for App-V](appv-operations.md)
-
-- [Troubleshooting App-V](appv-troubleshooting.md)
-
-- [Technical reference for App-V](appv-technical-reference.md)
+* [Application Virtualization (App-V) overview](appv-for-windows.md)
+* [Getting started with App-V](appv-getting-started.md)
+* [Deploying App-V](appv-deploying-appv.md)
+* [Operations for App-V](appv-operations.md)
+* [Troubleshooting App-V](appv-troubleshooting.md)
+* [Technical reference for App-V](appv-technical-reference.md)
diff --git a/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md b/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
index 7b1341c67d..32232234da 100644
--- a/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
+++ b/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
@@ -6,133 +6,100 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
+# Planning for high availability with App-V Server
+>Applies to: Windows 10, version 1607
-# Planning for High Availability with App-V Server
+Microsoft Application Virtualization (App-V) system configurations can take advantage of options that maintain a high available service level.
-**Applies to**
-- Windows 10, version 1607
+The following sections will he following sections to help you understand the options to deploy App-V in a highly available configuration.
-Microsoft Application Virtualization (App-V) system configurations can take advantage of options that maintain a high level of available service.
+## Support for Microsoft SQL Server clustering
-Use the information in the following sections to help you understand the options to deploy App-V in a highly available configuration.
+You can run the App-V Management and Reporting databases on computers running Microsoft SQL Server clusters. However, you must install the databases using scripts.
-- [Support for Microsoft SQL Server clustering](#bkmk-sqlcluster)
+For deployment instructions, see [How to deploy the App-V databases by using SQL scripts](appv-deploy-appv-databases-with-sql-scripts.md).
-- [Support for IIS Network Load Balancing](#bkmk-iisloadbal)
+## Support for IIS network load balancing
-- [Support for clustered file servers when running (SCS) mode](#bkmk-clusterscsmode)
+You can use Internet Information Services' (IIS) network load balancing (NLB) to configure a highly available environment for computers running the App-V Management, Publishing, and Reporting services that are deployed through IIS.
-- [Support for Microsoft SQL Server Mirroring](#bkmk-sqlmirroring)
+Review the following articles to learn more about configuring IIS and NLB for computers running Windows Server operating systems:
-- [Support for Microsoft SQL Server Always On](#bkmk-sqlalwayson)
+* [Achieving High Availability and Scalability - ARR and NLB](https://www.iis.net/learn/extensions/configuring-application-request-routing-arr/achieving-high-availability-and-scalability-arr-and-nlb) describes how to configure IIS 7.0.
-## Support for Microsoft SQL Server clustering
+* [Network load balancing overview](
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
-[Planning to Deploy App-V](appv-planning-to-deploy-appv.md)
+* [Planning to deploy App-V](appv-planning-to-deploy-appv.md)
diff --git a/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md b/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
index 44f198b58d..bcc0dd487f 100644
--- a/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
+++ b/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
@@ -6,38 +6,31 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
# Planning for the App-V Sequencer and Client Deployment
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
-Before you can use App-V, you must install the App-V Sequencer, enable the App-V client, and optionally the App-V shared content store. The following sections address planning for these installations.
+Before you can use App-V, you must install the App-V Sequencer and enable the App-V client. You can also the App-V shared content store, although it isn't required. The following sections will tell you how to set these up.
## Planning for App-V Sequencer deployment
-
App-V uses a process called sequencing to create virtualized applications and application packages. Sequencing requires the use of a computer that runs the App-V Sequencer.
-> [!NOTE]
+> [!NOTE]
> For information about the new functionality of App-V sequencer, see [What's new in App-V](appv-about-appv.md).
+The computer running the App-V sequencer must meet the minimum system requirements. For a list of these requirements, see [App-V supported configurations](appv-supported-configurations.md).
-The computer that runs the App-V sequencer must meet the minimum system requirements. For a list of these requirements, see [App-V Supported Configurations](appv-supported-configurations.md).
+Ideally, you should install the sequencer on a computer running as a virtual machine. This lets you revert the computer that's running the sequencer to a “clean” state before sequencing another application. When installing the sequencer using a virtual machine, you should do the following things:
-Ideally, you should install the sequencer on a computer running as a virtual machine. This enables you to more easily revert the computer running the sequencer to a “clean” state before sequencing another application. When you install the sequencer using a virtual machine, you should perform the following steps:
-
-1. Install all associated sequencer prerequisites.
-
-2. Install the sequencer.
-
-3. Take a “snapshot” of the environment.
-
-> [!IMPORTANT]
->You should have your corporate security team review and approve the sequencing process plan. For security reasons, you should keep the sequencer operations in a lab that is separate from the production environment. The separation arrangement can be as simple or as comprehensive as necessary, based on your business requirements. The sequencing computers must be able to connect to the corporate network to copy finished packages to the production servers. However, because the sequencing computers are typically operated without antivirus protection, they must not be on the corporate network unprotected. For example, you might be able to operate behind a firewall or on an isolated network segment. You might also be able to use virtual machines that are configured to share an isolated virtual network. Follow your corporate security policies to safely address these concerns.
+1. Install all associated sequencer prerequisites.
+2. Install the sequencer.
+3. Take a “snapshot” of the environment.
+>[!IMPORTANT]
+>Your corporate security team should review and approve the sequencing process plan before implementing it. For security reasons, it's a good idea to keep sequencer operations in a lab separate from the production environment. The sequencing computers must be capapble of connecting to the corporate network to copy finished packages to the production servers. However, because the sequencing computers are typically operated without antivirus protection, they shouldn't remail on the corporate network unprotected. You can protect your sequencing computers by operating them on an isolated network, behind a firewall, or by using virtual machines on an isolated virtual network. Make sure your solution follows your company's corporate security policies.
## Planning for App-V client deployment
@@ -45,28 +38,24 @@ In Windows 10, version 1607, the App-V client is included with the operating sys
## Planning for the App-V Shared Content Store (SCS)
-The App-V Shared Content Store mode allows the computer running the App-V client to run virtualized applications and none of the package contents is saved on the computer running the App-V client. Virtual applications are streamed to target computers only when requested by the client.
+The App-V Shared Content Store mode allows computers running the App-V client to run virtualized applications without saving any package contents to the App-V client computer. Virtual applications are streamed to target computers only when requested by the client.
-The following list displays some of the benefits of using the App-V Shared Content Store:
+The following list displays some of the benefits of using App-V SCS:
-- Reduced app-to-app and multi-user application conflicts and hence a reduced need for regression testing
-
-- Accelerated application deployment by reduction of deployment risk
-
-- Simplified profile management
+* Reduced app-to-app and multi-user application conflicts reduces the need for regression testing
+* Reduced deployment risk accelerates application deployment
+* Simplified profile management
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
-## Other resources for the App-V deployment
+## Other App-V deployment resources
-- [Planning to Deploy App-V](appv-planning-to-deploy-appv.md)
+* [Planning to deploy App-V](appv-planning-to-deploy-appv.md)
## Related topics
-- [How to Install the Sequencer](appv-install-the-sequencer.md)
-
-- [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md)
-
-- [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)
+* [How to install the sequencer](appv-install-the-sequencer.md)
+* [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md)
+* [Deploying the App-V Sequencer and configuring the client](appv-deploying-the-appv-sequencer-and-client.md)
diff --git a/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md b/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
index ec4b6f331f..378e61401d 100644
--- a/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
+++ b/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
@@ -1,266 +1,138 @@
---
-title: Planning for Using App-V with Office (Windows 10)
+title: Planning for Deploying App-V with Office (Windows 10)
description: Planning for Using App-V with Office
author: MaggiePucciEvans
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
+# Planning for deploying App-V with Office
+>Applies to: Windows 10, version 1607
-# Planning for Using App-V with Office
+Use the following information to plan how to deploy Office within Microsoft Application Virtualization (App-V).
-**Applies to**
-- Windows 10, version 1607
+## App-V language pack support
-Use the following information to plan how to deploy Office by using Microsoft Application Virtualization (App-V). This article includes:
-
-- [App-V support for Language Packs](#bkmk-lang-pack)
-
-- [Supported versions of Microsoft Office](#bkmk-office-vers-supp-appv)
-
-- [Planning for using App-V with coexisting versions of Office](#bkmk-plan-coexisting)
-
-- [How Office integrates with Windows when you deploy use App-V to deploy Office](#bkmk-office-integration-win)
-
-## App-V support for Language Packs
-
-You can use the App-V Sequencer to create plug-in packages for Language Packs, Language Interface Packs, Proofing Tools and ScreenTip Languages. You can then include the plug-in packages in a Connection Group, along with the Office package that you create by using the Office Deployment Toolkit. The Office applications and the plug-in Language Packs interact seamlessly in the same connection group, just like any other packages that are grouped together in a connection group.
-
->[!NOTE]
->Microsoft Visio and Microsoft Project do not provide support for the Thai Language Pack.
-
-## Supported versions of Microsoft Office
-See [Microsoft Office Product IDs that App-V supports](https://support.microsoft.com/en-us/help/2842297/product-ids-that-are-supported-by-the-office-deployment-tool-for-click) for a list of supported Office products.
+You can use the App-V Sequencer to create plug-in packages for language packs, language interface packs, proofing tools, and ScreenTip languages. You can then include the plug-in packages in a connection group, along with the Office package that you create by using the Office Deployment Toolkit. The Office applications and the plug-in language packs will interact seamlessly in the same connection group.
>[!NOTE]
->You must use the Office Deployment Tool to create App-V packages for Office 365 ProPlus. Creating packages for the volume-licensed versions of Office Professional Plus or Office Standard is not supported. You cannot use the App-V Sequencer.
+>Microsoft Visio and Microsoft Project do not support the Thai Language Pack.
->Support for the [Office 2013 version of Office 365 ended in Februrary 2017](https://support.microsoft.com/kb/3199744)
+## Supported versions of Microsoft Office
-## Planning for using App-V with coexisting versions of Office
+For a list of supported Office products, see [Microsoft Office Product IDs that App-V supports](https://support.microsoft.com/en-us/help/2842297/product-ids-that-are-supported-by-the-office-deployment-tool-for-click).
-You can install more than one version of Microsoft Office side by side on the same computer by using “Microsoft Office coexistence.” You can implement Office coexistence with combinations of all major versions of Office and with installation methods, as applicable, by using the Windows Installer-based (MSI) version of Office, Click-to-Run, and App-V. However, using Office coexistence is not recommended by Microsoft.
+>[!NOTE]
+>You must use the Office Deployment Tool instead of the App-V Sequencer to create App-V packages for Office 365 ProPlus. App-V does not support package creation for volume-licensed versions of Office Professional Plus or Office Standard. Support for the [Office 2013 version of Office 365 ended in Februrary 2017](https://support.microsoft.com/kb/3199744).
-Microsoft’s recommended best practice is to avoid Office coexistence completely to prevent compatibility issues. However, when you are migrating to a newer version of Office, issues occasionally arise that can’t be resolved immediately, so you can temporarily implement coexistence to help facilitate a faster migration to the latest product version. Using Office coexistence on a long-term basis is never recommended, and your organization should have a plan to fully transition in the immediate future.
+## Using App-V with coexisting versions of Office
+
+You can simultaneously install more than one version of Microsoft Office on the same computer with a feature called “Microsoft Office coexistence.” You can implement Office coexistence with combinations of all major versions of Office and with installation methods, as applicable, by using the Windows Installer-based (MSI) version of Office, Click-to-Run, and App-V. However, Microsoft doesn't recommend using Office coexistence.
+
+Microsoft’s recommended best practice is to avoid Office coexistence completely to prevent compatibility issues. However, in cases where issues arise during migration that you can't immediately resolve, Office coexistence can allow for faster migration to the latest Office version. Since this solution is only meant to be temporary, your organization must set up a plan to fully transition to the newer version of Office in the meantime.
### Before you implement Office coexistence
-Before implementing Office coexistence, review the following Office documentation. Choose the article that corresponds to the newest version of Office for which you plan to implement coexistence.
+Before implementing Office coexistence, review the information in the following table that corresponds to the newest version of Office that you will use in coexistence. The documentation linked here will guide you in implementing coexistence for Windows Installer-based (MSI) and Click-to-Run installations of Office.
-
-
+|Office version|Relevant how-to guides|
+|---|---|
+|Office 2016|[How to use Outlook 2016 or 2013 and an earlier version of Outlook installed on the same computer](https://support.microsoft.com/kb/2782408)|
+|Office 2013|[How to use Office 2013 suites and programs (MSI deployment) on a computer running another version of Office](https://support.microsoft.com/kb/2784668)|
+|Office 2010|How to use Office 2010 suites and programs on a computer running another version of Office](https://support.microsoft.com/kb/2121447)|
-
-The Office documentation provides extensive guidance on coexistence for Windows Installer-based (MSI) and Click-to-Run installations of Office. This App-V topic on coexistence supplements the Office guidance with information that is more specific to App-V deployments.
+Once you've reviewed the relevant guide, this topic will supplement what you've learned with information about Office coexistence that's more specific to App-V deployments.
### Supported Office coexistence scenarios
-The following tables summarize the supported coexistence scenarios. They are organized according to the version and deployment method you’re starting with and the version and deployment method you are migrating to. Be sure to fully test all coexistence solutions before deploying them to a production audience.
+The following tables summarize supported coexistence scenarios. They are organized according to the version and deployment method you’re starting with and the version and deployment method you are migrating to. Be sure to fully test all coexistence solutions before deploying them to a production audience.
->[!NOTE]
+>[!NOTE]
>Microsoft does not support the use of multiple versions of Office in Windows Server environments that have the Remote Desktop Session Host role service enabled. To run Office coexistence scenarios, you must disable this role service.
-
+### Windows integrations and Office coexistence
-### Windows integrations & Office coexistence
+Windows Installer-based and Click-to-Run Office installation methods integrate with certain points of the underlying Windows OS, but coexistence can cause these integrations to conflict. App-V can sequence certain version of Office to exclude integrations that could be potential problem spots, isolating them from the OS and preventing compatibility or user experience issues.
-The Windows Installer-based and Click-to-Run Office installation methods integrate with certain points of the underlying Windows operating system. When you use coexistence, common operating system integrations between two Office versions can conflict, causing compatibility and user experience issues. With App-V, you can sequence certain versions of Office to exclude integrations, thereby “isolating” them from the operating system.
+The following table describes the integration level of each version of Office, and which mode App-V can use to sequence them.
-
-
-
-
-Office version
-Link to guidance
-
-
-
-
-
-
-
-
-
+|Office version|The modes App-V can sequence this version of Office with|
+|---|---|
+|Office 2007|Always non-integrated. App-V does not offer any operating system integrations with a virtualized version of Office 2007.|
+|Office 2010|Integrated and non-integrated mode.|
+|Office 2013|Always integrated. Windows operating system integrations cannot be disabled.|
+|Office 2016|Always integrated. Windows operating system integrations cannot be disabled.|
-Microsoft recommends that you deploy Office coexistence with only one integrated Office instance. For example, if you’re using App-V to deploy Office 2010 and Office 2013, you should sequence Office 2010 in non-integrated mode. For more information about sequencing Office in non-integration (isolated) mode, see [How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](http://support.microsoft.com/kb/2830069).
+Microsoft recommends deploying Office coexistence with only one integrated Office instance. For example, if you’re using App-V to deploy Office 2010 and Office 2013, you should sequence Office 2010 in non-integrated mode. For more information about sequencing Office in non-integration (isolated) mode, see [How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/kb/2830069).
### Known limitations of Office coexistence scenarios
-The following sections describe some issues that you might encounter when using App-V to implement coexistence with Office.
+The following sections describe issues you might encounter when using App-V to implement coexistence with Office.
### Limitations common to Windows Installer-based/Click-to-Run and App-V Office coexistence scenarios
-The following limitations can occur when you install the following versions of Office on the same computer:
+Limitations can occur when you install the following versions of Office on the same computer:
-- Office 2010 by using the Windows Installer-based version
+* Office 2010 with the Windows Installer-based version
+* Office 2013 or Office 2016 with App-V
-- Office 2013 or Office 2016 by using App-V
-
-After you publish Office 2013 or Office 2016 by using App-V side by side with an earlier version of the Windows Installer-based Office 2010, it might also cause the Windows Installer to start. This is because the Windows Installer-based or Click-to-Run version of Office 2010 is trying to automatically register itself to the computer.
+Publishing Office 2013 or Office 2016 with App-V at the same time as an earlier version of the Windows Installer-based Office 2010 might cause the Windows Installer to start. This is because either the Windows Installer-based or Click-to-Run version of Office 2010 is trying to automatically register itself to the computer.
To bypass the auto-registration operation for native Word 2010, follow these steps:
-1. Exit Word 2010.
+1. Exit Word 2010.
+2. Start the Registry Editor by doing the following:
-2. Start the Registry Editor by doing the following:
+ * In Windows 7k, select **Start**, type **regedit** in the Start Search box, then select the Enter key.
- - In Windows 7: Click **Start**, type **regedit** in the Start Search box, and then press Enter.
+ * In Windows 8.1 or Windows 10, enter **regedit**, select **Enter** on the Start page, then select the Enter key.
- - In Windows 8.1 or Windows 10, type **regedit** press Enter on the Start page and then press Enter.
-
- If you are prompted for an administrator password or for a confirmation, type the password, or click **Continue**.
-
-3. Locate and then select the following registry subkey:
+ If you're prompted for an administrator password, enter the password. If you're propmted for a confirmation, select **Continue**.
+3. Locate and then select the following registry subkey:
``` syntax
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options
```
+4. On the **Edit** menu, select **New**, then select **DWORD Value**.
+5. Type **NoReReg**, then select the Enter key.
+6. Right-click **NoReReg**, then select **Modify**.
+7. In the **Valuedata** box, enter **1**, then select **OK**.
+8. On the File menu, select **Exit** to close Registry Editor.
-4. On the **Edit** menu, click **New**, and then click **DWORD Value**.
+## How Office integrates with Windows when you use App-V to deploy Office
-5. Type **NoReReg**, and then press Enter.
-
-6. Right-click **NoReReg** and then click **Modify**.
-
-7. In the **Valuedata** box, type **1**, and then click **OK**.
-
-8. On the File menu, click **Exit** to close Registry Editor.
-
-
-
-## How Office integrates with Windows when you use App-V to deploy Office
-
-When you deploy Office 2013 or Office 2016 by using App-V, Office is fully integrated with the operating system, which provides end users with the same features and functionality as Office has when it is deployed without App-V.
+When you deploy Office 2013 or Office 2016 with App-V, Office is fully integrated with the operating system that provides end-users with the same features and functionality that Office has when deployed without App-V.
The Office 2013 or Office 2016 App-V package supports the following integration points with the Windows operating system:
-
-
-
-
-
- Mode in which App-V can sequence this version of Office
-
-
-
-
-
-
-
-
-
-
-
+|Integration point|Description|
+|---|---|
+|Skype for Business (formerly Lync) Meeting Join plug-in for Firefox and Chrome|User can join Skype meetings from Firefox and Chrome|
+|Sent to OneNote Print Driver|User can print to OneNote|
+|OneNote Linked Notes|OneNote Linked Notes|
+|Send to OneNote Internet Explorer add-in|User can send to OneNote from IE|
+|Firewall exception for Skype for Business (formerly Lync) and Outlook|Firewall exception for Skype for Business (formerly Lync) and Outlook|
+|MAPI client|Native apps and add-ins can interact with virtual Outlook through MAPI|
+|SharePoint Plug-in for Firefox|User can use SharePoint features in Firefox|
+|Mail Control Panel Applet|User gets the mail control panel applet in Outlook|
+|Primary Interop Assemblies|Support managed add-ins|
+|Office Document Cache Handler|Allows Document Cache for Office applications|
+|Outlook Protocol Search Handler|User can search in Outlook|
+|Active X Controls|For more information on ActiveX controls, refer to [ActiveX Control API Reference](
-
-
-
-Extension Point
-Description
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
-- [Deploying Microsoft Office 2016 by Using App-V](appv-deploying-microsoft-office-2016-with-appv.md)
-- [Deploying Microsoft Office 2013 by Using App-V](appv-deploying-microsoft-office-2013-with-appv.md)
-- [Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md)
+* [Deploying Microsoft Office 2016 by Using App-V](appv-deploying-microsoft-office-2016-with-appv.md)
+* [Deploying Microsoft Office 2013 by Using App-V](appv-deploying-microsoft-office-2013-with-appv.md)
+* [Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
index 5e18534d50..ee75ec9087 100644
--- a/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
@@ -6,32 +6,27 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
# Planning to Deploy App-V with an electronic software distribution system
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
-If you are using an electronic software distribution system to deploy App-V packages, review the following planning considerations. For information about using System Center Configuration Manager to deploy App-V, see [Introduction to Application Management in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682125.aspx#BKMK_Appv).
+If you are using an electronic software distribution (ESD) system to deploy App-V packages, review the following planning considerations. For information about deploying App-V with System Center Configuration Manager, see [Introduction to application management in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682125.aspx#BKMK_Appv).
Review the following component and architecture requirements options that apply when you use an ESD to deploy App-V packages:
| Deployment requirement or option | Description |
-| - | - |
+|---|---|
| The App-V Management server, Management database, and Publishing server are not required. | These functions are handled by the implemented ESD solution. |
-| You can deploy the App-V Reporting server and Reporting database side by side with the ESD. | The side-by-side deployment lets you to collect data and generate reports.
If you enable the App-V client to send report information, and you are not using the App-V Reporting server, the reporting data is stored in associated .xml files. |
+| You can deploy the App-V Reporting server and Reporting database side-by-side with the ESD. | The side-by-side deployment lets you collect data and generate reports.
If you enable the App-V client to send report information without using the App-V Reporting server, the reporting data will be stored in associated .xml files. |
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
-- [Planning to deploy App-V](appv-planning-to-deploy-appv.md)
-
-- [How to deploy App-V Packages Using Electronic Software Distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md)
-
-- [How to Enable Only Administrators to Publish Packages by Using an ESD](appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md)
-
+* [Planning to deploy App-V](appv-planning-to-deploy-appv.md)
+* [How to deploy App-V packages Using Electronic Software Distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md)
+* [How to enable only administrators to publish packages by using an ESD](appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-planning-to-deploy-appv.md b/windows/application-management/app-v/appv-planning-to-deploy-appv.md
index dab76ddfbf..7e9a2005e7 100644
--- a/windows/application-management/app-v/appv-planning-to-deploy-appv.md
+++ b/windows/application-management/app-v/appv-planning-to-deploy-appv.md
@@ -6,77 +6,51 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
-
# Planning to Deploy App-V for Windows 10
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
-There are a number of different deployment configurations and requirements to consider before you deploy App-V for Windows 10. Review this topic for information about what you'll need to formulate a deployment plan that best meets your business requirements.
+There are several different deployment configurations and requirements to consider before you deploy App-V for Windows 10. Review this topic for information about what you'll need to make a deployment plan that best meets your needs.
## App-V supported configurations
-Describes the minimum hardware and operating system requirements for each App-V components. For information about software that you must install before you install App-V, see [App-V Prerequisites](appv-prerequisites.md).
-
-[App-V Supported Configurations](appv-supported-configurations.md)
+[App-V supported configurations](appv-supported-configurations.md) describes the minimum hardware and operating system requirements for each App-V components. For information about software that you must install before you install App-V, see [App-V Prerequisites](appv-prerequisites.md).
## App-V capacity planning
-Describes the available options for scaling your App-V deployment.
-
-[App-V Capacity Planning](appv-capacity-planning.md)
+[App-V capacity planning](appv-capacity-planning.md) describes the available options for scaling your App-V deployment.
## Planning for high availability with App-V
-Describes the available options for ensuring high availability of App-V databases and services.
-
-[Planning for High Availability with App-V](appv-planning-for-high-availability-with-appv.md)
+[Planning for high availability with App-V](appv-planning-for-high-availability-with-appv.md) describes the available options for ensuring high availability of App-V databases and services.
## Planning to Deploy App-V with an Electronic Software Distribution System
-Describes the options and requirements for deploying App-V with an electronic software distribution system.
-
-[Planning to Deploy App-V with an Electronic Software Distribution System](appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md)
+[Planning to Deploy App-V with an Electronic Software Distribution System](appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md) describes the options and requirements for deploying App-V with an electronic software distribution system.
## Planning for App-V server deployment
-Describes the planning considerations for the App-V Server components and their functions.
-
-[Planning for the App-V Server Deployment](appv-planning-for-appv-server-deployment.md)
+[Planning for the App-V server deployment](appv-planning-for-appv-server-deployment.md) describes the planning considerations for the App-V Server components and their functions.
## Planning for the App-V Sequencer and Client deployment
-Describes the planning considerations for the App-V Client and for the Sequencer software, which you use to create virtual applications and application packages.
-
-[Planning for the App-V Sequencer and Client Deployment](appv-planning-for-sequencer-and-client-deployment.md)
+[Planning for the App-V Sequencer and Client deployment](appv-planning-for-sequencer-and-client-deployment.md) describes planning considerations you should make for deploying the App-V Client and the Sequencer software, which you use to create virtual applications and application packages.
## Planning for migrating from a previous version of App-V
-Describes the recommended path for migrating from previous versions of App-V, while ensuring that existing server configurations, packages and clients continue to work in your new App-V environment.
-
-[Migrating to App-V from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md)
+[Migrating to App-V from a previous version](appv-migrating-to-appv-from-a-previous-version.md) describes the recommended path for migrating from previous versions of App-V without disrupting your existing server configurations, packages, and clients.
## Planning for using App-V with Office
-Describes the requirements for using App-V with Office and explains the supported scenarios, including information about coexisting versions of Office.
-
-[Planning for Using App-V with Office](appv-planning-for-using-appv-with-office.md)
+[Planning for using App-V with Office](appv-planning-for-using-appv-with-office.md) describes the requirements for using App-V with Office and the supported scenarios, including information about coexisting versions of Office.
## Planning to use folder redirection with App-V
-Explains how folder redirection works with App-V.
-
-[Planning to Use Folder Redirection with App-V](appv-planning-folder-redirection-with-appv.md)
+[Planning to use folder redirection with App-V](appv-planning-folder-redirection-with-appv.md) explains how folder redirection works with App-V.
## Other Resources for App-V Planning
-- [Planning for App-V](appv-planning-for-appv.md)
-
-- [Performance Guidance for Application Virtualization](appv-performance-guidance.md)
-
-## Have a suggestion for App-V?
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+* [Planning for App-V](appv-planning-for-appv.md)
+* [Performance Guidance for Application Virtualization](appv-performance-guidance.md)
diff --git a/windows/application-management/app-v/appv-preparing-your-environment.md b/windows/application-management/app-v/appv-preparing-your-environment.md
index cb6cfe9f54..045ae3eac4 100644
--- a/windows/application-management/app-v/appv-preparing-your-environment.md
+++ b/windows/application-management/app-v/appv-preparing-your-environment.md
@@ -6,32 +6,22 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
+# Preparing your environment for App-V
-# Preparing Your Environment for App-V
+>Applies to: Windows 10, version 1607
-**Applies to**
-- Windows 10, version 1607
-
-There are a number of different deployment configurations and prerequisites that you must consider before you create your deployment plan for Microsoft Application Virtualization (App-V). This section includes information that can help you gather the information that you must have to formulate a deployment plan that best meets your business requirements.
+There are several different deployment configurations and prerequisites that you must consider before creating your deployment plan for Microsoft App-V. The following articles will help you gather the information you need to set up a deployment plan that best suits your business’ needs.
## App-V prerequisites
-- [App-V Prerequisites](appv-prerequisites.md)
-
- Lists the prerequisite software that you must install before installing App-V.
+[App-V prerequisites](appv-prerequisites.md) lists the prerequisite software that you must install before installing App-V.
## App-V security considerations
-- [App-V Security Considerations](appv-security-considerations.md)
+[App-V security considerations](appv-security-considerations.md) describes accounts, groups, log files, and other considerations for securing your App-V environment.
- Describes accounts, groups, log files, and other considerations for securing your App-V environment.
+## Other App-V planning resources
-## Have a suggestion for App-V?
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
-
-## Other resources for App-V planning
-
-- [Planning for App-V](appv-planning-for-appv.md)
+* [Planning for App-V](appv-planning-for-appv.md)
diff --git a/windows/application-management/app-v/appv-prerequisites.md b/windows/application-management/app-v/appv-prerequisites.md
index 1181322016..f8f7d4b0e9 100644
--- a/windows/application-management/app-v/appv-prerequisites.md
+++ b/windows/application-management/app-v/appv-prerequisites.md
@@ -6,14 +6,11 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
+# App-V for Windows 10 prerequisites
-
-# App-V for Windows 10 Prerequisites
-
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
Before installing App-V for Windows 10, ensure that you have installed all of the following required prerequisite software.
@@ -21,559 +18,145 @@ For a list of supported operating systems and hardware requirements for the App-
## Summary of software preinstalled on each operating system
-
The following table indicates the software that is already installed for different operating systems.
-
-
-
-
+|Operating system|Prerequisite description|
+|---|---|
+|Windows 10|All prerequisite software is already installed.|
+|Windows 8.1|All prerequisite software is already installed.
-
-
-
-Operating system
-Prerequisite description
-
-
-
-
-
-
-
-
-
-
-
If you're running Windows 8, upgrade to Windows 8.1 before using App-V.|
+|Windows Server 2016|The following prerequisite software is already installed:
- Microsoft .NET Framework 4.5
- Windows PowerShell 3.0
Installing Windows PowerShell requires a restart.|
+|Windows 7|No prerequisite software is installed. You must install the software before you can install App-V.|
## App-V Server prerequisite software
-
Install the required prerequisite software for the App-V server components.
### What to know before you start
-
-
+The account you use to install the App-V Server components must have:
-
+* Administrative rights on the computer on which you are installing the components.
+* The ability to query Active Directory Domain Services.
+
+You must specify a port where each component will be hosted, and add the associated firewall rules to allow incoming requests to the specified ports.
+
+Web Distributed Authoring and Versioning (WebDAV) is automatically disabled for the Management Service.
+
+The following are supported deployment scenarios for App-V:
+
+* A stand-alone deployment where all components are deployed on the same server.
+* A distributed deployment.
+
+The following deployment scenarios are not supported:
+
+* Installing side-by-side instances of multiple App-V Server versions on the same server.
+* Installing the App-V server components on a computer that runs server core or domain controller.
+
+|Item|Description|
+|---|---|
+|Account for installing the App-V Server|The account that you use to install the App-V Server components must have:
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Administrative rights on the computer on which you are installing the components.
- The ability to query Active Directory Domain Services.|
+|Port and firewall|- Specify a port where each component will be hosted.
- Add the associated firewall rules to allow incoming requests to the specified ports.|
+|Web Distributed Authoring and Versioning (WebDAV)|WebDAV is automatically disabled for the Management Service.|
+|Supported deployment scenarios|- A stand-alone deployment, where all components are deployed on the same server.
- A distributed deployment.|
+|Unsupported deployment scenarios|- Installing side-by-side instances of multiple App-V Server versions on the same server.
- Installing the App-V server components on a computer that runs server core or domain controller.|
### Management server prerequisite software
-
-
+|Prerequisites and required settings|Details|
+|---|---|
+|Supported version of SQL Server|For supported versions, see [App-V supported configurations](appv-supported-configurations.md).|
+|[Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)||
+|[Windows PowerShell 3.0](https://www.microsoft.com/download/details.aspx?id=34595)|Installing Windows PowerShell 3.0 requires a restart.|
+|Download and install [KB2533623](https://support.microsoft.com/kb/2533623)|Applies to Windows 7 only.|
+|[Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)||
+|64-bit ASP.NET registration||
+|Windows Server Web Server Role|This role must be added to a server operating system that is supported for the Management server.|
+|Web Server (IIS) Management Tools|Select **IIS Management Scripts and Tools**.|
+|Web Server Role Services|Common HTTP features:
-
-
-
-Prerequisites and required settings
-Details
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Static content
- Default document
Application development:
- ASP.NET
- .NET Extensibility
- ISAPI Extensions
- ISAPI Filters
Security:
- Windows Authentication
- Request Filtering
Management Tools:
- IIS Management Console|
+|Default installation location|%PROGRAMFILES%\Microsoft Application Virtualization Server|
+|Location of the Management database|SQL Server database name, SQL Server database instance name, and database name.|
+|Management console and Management database permissions|A user or group that can access the Management console and database after the deployment is complete. Only these users or groups can access the Management console and database unless the Management console is used to add additional administrators.|
+|Management service website name|Name for the Management console website.|
+|Management service port binding|Unique port number for the Management service. This port cannot be used by another process on the computer.|
-> [!IMPORTANT]
-> JavaScript must be enabled on the browser that opens the Web Management Console.
+>[!IMPORTANT]
+>JavaScript must be enabled on the browser that opens the Web Management Console.
### Management server database prerequisite software
-The Management database is required only if you are using the App-V Management server.
+The Management database is only required if you use the App-V Management server.
-
-
-
-
+|Prerequisites and required settings|Details|
+|---|---|
+|[Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)||
+|[Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)||
+|Default installation location|%PROGRAMFILES%\Microsoft Application Virtualization Server|
+|Custom SQL Server instance name (if applicable)|Format to use: **INSTANCENAME**
-
-
-
-Prerequisites and required settings
-Details
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
This format assumes that the installation is on the local computer.
If you specify the name with the format **SVR\INSTANCE**, the installation will fail.|
+|Custom database name (if applicable)|Unique database name.
Default: AppVManagement|
+|Management server location|Machine account on which the Management server is deployed.
Format to use: **Domain\MachineAccount**|
+|Management server installation administrator|Account used to install the Management server.
Format to use: **Domain\AdministratorLoginName**|
+|Microsoft SQL Server Service Agent|Configure the Management database computer so that the Microsoft SQL Server Agent service is restarted automatically. For instructions, see [Configure SQL Server Agent to restart services automatically](https://technet.microsoft.com/magazine/gg313742.aspx).|
### Publishing server prerequisite software
-
-
-
-
+|Prerequisites and required settings|Details|
+|---|---|
+|[Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)||
+|[Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)||
+|64-bit ASP.NET registration||
+|Web Server role|This role must be added to a server operating system that is supported for the Management server.|
+|Web Server (IIS) Management Tools|Select **IIS Management Scripts and Tools**.|
+|Web Server Role Services|Common HTTP features:
-
-
-
-Prerequisites and required settings
-Details
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Installation architecture
-Format to use for the URL
-
-
-
-
-
-
-
-
-
-
-
- Static content
- Default document
Application development:
- ASP.NET
- .NET Extensibility
- ISAPI Extensions
- ISAPI Filters
Security:
- Windows Authentication
- Request Filtering
Management Tools:
- IIS Management Console|
+|Default installation location|%PROGRAMFILES%\Microsoft Application Virtualization Server|
+|Management service URL|URL of the App-V Management service. This is the port with which the Publishing server communicates.
Management server and Publishing server are installed on the same server, use the format **https://localhost:12345**.
If the Management server and Publishing server are installed on different servers, use the format **https://MyAppvServer.MyDomain.com**.|
+|Publishing service website name|Name for the Publishing website.|
+|Publishing service port binding|Unique port number for the Publishing service. This port cannot be used by another process on the computer.|
### Reporting server prerequisite software
-
-
-
-
+|Prerequisites and required settings|Details|
+|---|---|
+|Supported version of SQL Server|For supported versions, see [App-V supported configurations](appv-supported-configurations.md).|
+|[Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)||
+|[Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)||
+|64-bit ASP.NET registration||
+|Windows Server Web Server role|This role must be added to a server operating system that is supported for the Management server.|
+|Web Server (IIS) Management Tools|Select **IIS Management Scripts and Tools**.|
+|Web Server Role Services|To reduce the risk of unwanted or malicious data being sent to the Reporting server, you should restrict access to the Reporting Web Service per your corporate security policy.
-
-
-
-Prerequisites and required settings
-Details
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Common HTTP features:
- Static content
- Default document
Application development:
- ASP.NET
- .NET Extensibility
- ISAPI Extensions
- ISAPI Filters
Security:
- Windows Authentication
- Request Filtering
- Management Tools:
- IIS Management Console|
+|Default installation location|%PROGRAMFILES%\Microsoft Application Virtualization Server|
+|Reporting service website name|Name for the Reporting website.|
+|Reporting service port binding|Unique port number for the Reporting service. This port cannot be used by another process on the computer.|
### Reporting database prerequisite software
-The Reporting database is required only if you are using the App-V Reporting server.
-
-
-
+You only require the Reporting database if you're using the App-V Reporting server.
+|Prerequisites and required settings|Details|
+|---|---|
+|[Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)||
+|[Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)||
+|Default installation location|%PROGRAMFILES%\Microsoft Application Virtualization Server|
+|Custom SQL Server instance name (if applicable)|Format to use: **INSTANCENAME**
-
-
-
-Prerequisites and required settings
-Details
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
his format assumes that the installation is on the local computer.
If you specify the name with the format **SVR\INSTANCE**, the installation will fail.|
+|Custom database name (if applicable)|Unique database name.
Default: AppVReporting|
+|Reporting server location|The Reporting server will be deployed on this machine account.
Format to use: **Domain\MachineAccount**|
+|Reporting server installation administrator|Account used to install the Reporting server.
Format to use: **Domain\AdministratorLoginName**|
+|Microsoft SQL Server Service and Microsoft SQL Server Service Agent|Configure these services to be associated with user accounts that have access to query AD DS.|
## Sequencer prerequisite software
+What to know before installing the prerequisites:
-**What to know before installing the prerequisites:**
+* Best practice: The computer that runs the sequencer should have the same hardware and software configurations as the computers running the virtual applications.
-- Best practice: The computer that runs the Sequencer should have the same hardware and software configurations as the computers that will run the virtual applications.
+* The sequencing process is resource-intensive, so make sure that the computer running the sequencer has plenty of memory, a fast processor, and a fast hard drive. The system requirements of locally installed applications must not exceed those of the sequencer. For more information, see [App-V supported configurations](appv-supported-configurations.md).
-- The sequencing process is resource intensive, so make sure that the computer that runs the Sequencer has plenty of memory, a fast processor, and a fast hard drive. The system requirements of locally installed applications cannot exceed those of the Sequencer. For more information, see [App-V Supported Configurations](appv-supported-configurations.md).
-
-
-
-
-
-## Have a suggestion for App-V?
-
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
-
-
-
-Prerequisite
-Details
-
-
-
-
-
-
-
-
-
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+|Prerequisite|Details|
+|---|---|
+|[Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)||
+|[Windows PowerShell 3.0](https://www.microsoft.com/download/details.aspx?id=34595)|Installing Windows PowerShell 3.0 requires a restart.|
+|[KB2533623](https://support.microsoft.com/kb/2533623)|Applies to Windows 7 only: download and install the KB.|
## Related topics
-- [Planning for App-V](appv-planning-for-appv.md)
-- [App-V Supported Configurations](appv-supported-configurations.md)
-
-
-
-
-
-
-
-
-
+* [Planning for App-V](appv-planning-for-appv.md)
+* [App-V Supported Configurations](appv-supported-configurations.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-publish-a-connection-group.md b/windows/application-management/app-v/appv-publish-a-connection-group.md
index b826d5365e..739de9f0a3 100644
--- a/windows/application-management/app-v/appv-publish-a-connection-group.md
+++ b/windows/application-management/app-v/appv-publish-a-connection-group.md
@@ -25,7 +25,7 @@ After you create a connection group, you must publish it to computers that run t
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md b/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md
index bf8d8c0686..fb9ad9b19f 100644
--- a/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md
@@ -42,7 +42,7 @@ The ability to enable only administrators to publish or unpublish packages (desc
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md b/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md
index d5c5f8ec6c..c337d9ddd7 100644
--- a/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md
@@ -39,7 +39,7 @@ Use the following procedure to register or unregister a publishing server.
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md
index cbfeb16785..96cb952b96 100644
--- a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md
+++ b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md
@@ -105,7 +105,7 @@ The following are known issues and workarounds for Application Virtualization (A
## Related resources list
For information that can help with troubleshooting App-V for Windows 10, see:
-- [Application Virtualization (App-V): List of Microsoft Support Knowledge Base Articles](http://social.technet.microsoft.com/wiki/contents/articles/14272.app-v-v5-x-list-of-microsoft-support-knowledge-base-articles.aspx)
+- [Application Virtualization (App-V): List of Microsoft Support Knowledge Base Articles](https://social.technet.microsoft.com/wiki/contents/articles/14272.app-v-v5-x-list-of-microsoft-support-knowledge-base-articles.aspx)
- [The Official Microsoft App-V Team Blog](https://blogs.technet.microsoft.com/appv/)
@@ -114,7 +114,7 @@ For information that can help with troubleshooting App-V for Windows 10, see:
- [App-V TechNet Forum](https://social.technet.microsoft.com/forums/en-us/home?forum=mdopappv)
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
- [What's new in App-V for Windows 10](appv-about-appv.md)
diff --git a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md
index 9b6c2d8902..ac04ab1fb4 100644
--- a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md
+++ b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md
@@ -149,13 +149,13 @@ The App-V Sequencer cannot sequence applications with filenames matching "CO_<
## Related resources list
For information that can help with troubleshooting App-V for Windows 10, see:
-- [Application Virtualization (App-V): List of Microsoft Support Knowledge Base Articles](http://social.technet.microsoft.com/wiki/contents/articles/14272.app-v-v5-x-list-of-microsoft-support-knowledge-base-articles.aspx)
+- [Application Virtualization (App-V): List of Microsoft Support Knowledge Base Articles](https://social.technet.microsoft.com/wiki/contents/articles/14272.app-v-v5-x-list-of-microsoft-support-knowledge-base-articles.aspx)
- [The Official Microsoft App-V Team Blog](https://blogs.technet.microsoft.com/appv/)
- [Technical Reference for App-V](https://technet.microsoft.com/itpro/windows/manage/appv-technical-reference)
- [App-V TechNet Forum](https://social.technet.microsoft.com/forums/en-us/home?forum=mdopappv)
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
Help us to improve
diff --git a/windows/application-management/app-v/appv-reporting.md b/windows/application-management/app-v/appv-reporting.md
index c516639d17..afe9597029 100644
--- a/windows/application-management/app-v/appv-reporting.md
+++ b/windows/application-management/app-v/appv-reporting.md
@@ -6,288 +6,209 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/16/2018
---
+# About App-V reporting
+>Applies to: Windows 10, version 1607
-# About App-V Reporting
-
-**Applies to**
-- Windows 10, version 1607
-
-Application Virtualization (App-V) includes a built-in reporting feature that helps you collect information about computers running the App-V client as well as information about virtual application package usage. You can use this information to generate reports from a centralized database.
-
-## App-V Reporting Overview
+Application Virtualization (App-V) includes a built-in reporting feature that collects information about computers running the App-V client and virtual application package usage. You can generate reports from a centralized database with this information.
+## App-V reporting overview
The following list displays the end–to-end high-level workflow for reporting in App-V.
-1. The App-V Reporting server has the following prerequisites:
+1. The App-V Reporting server requires the following things:
- - Internet Information Service (IIS) web server role
+ * Internet Information Service (IIS) web server role
+ * Windows Authentication role (under **IIS / Security**)
+ * SQL Server installed and running with SQL Server Reporting Services (SSRS)
- - Windows Authentication role (under **IIS / Security**)
+ To confirm SQL Server Reporting Services is running, enter
-
-
-
+|Client information|Package information|Application usage|
+|---|---|---|
+|Host name|Package name|Start and end times|
+|App-V client version|Package version|Run status|
+|Processor architecture|Package source|Shutdown state|
+|Operating system version|Percent cached|Application name|
+|Service Pack level||Application version|
+|Operating system type||Username|
+|||Connection group|
The client collects and saves this data in an **.xml** format. The data cache is hidden by default and requires administrator rights to open the XML file.
### Sending data to the server
-You can configure the computer that is running the App-V client to automatically send data to the specified reporting server. To specify the server use the **Set-AppvClientConfiguration** cmdlet with the following settings:
+You can configure the computer that is running the App-V client to automatically send data to the specified reporting server. To specify the server, use the **Set-AppvClientConfiguration** cmdlet with the following settings:
-- ReportingEnabled
-
-- ReportingServerURL
-
-- ReportingStartTime
-
-- ReportingInterval
-
-- ReportingRandomDelay
+* ReportingEnabled
+* ReportingServerURL
+* ReportingStartTime
+* ReportingInterval
+* ReportingRandomDelay
After you configure the previous settings, you must create a scheduled task. The scheduled task will contact the server specified by the **ReportingServerURL** setting and will initiate the transfer. If you want to manually send data outside of the scheduled times, use the following Windows PowerShell cmdlet:
-`Send-AppVClientReport –URL http://MyReportingServer:MyPort/ -DeleteOnSuccess`
+```PowerShell
+Send-AppVClientReport –URL http://MyReportingServer:MyPort/ -DeleteOnSuccess
+```
If the reporting server has been previously configured, then the **–URL** parameter can be omitted. Alternatively, if the data should be sent to an alternate location, specify a different URL to override the configured **ReportingServerURL** for this data collection.
-The **-DeleteOnSuccess** parameter indicates that if the transfer is successful, then the data cache is cleared. If this is not specified, then the cache will not be cleared.
+The **-DeleteOnSuccess** parameter indicates that if the transfer is successful, then the data cache will be cleared. If this is not specified, then the cache will not be cleared.
### Manual Data Collection
You can also use the **Send-AppVClientReport** cmdlet to manually collect data. This solution is helpful with or without an existing reporting server. The following list displays information about collecting data with or without a reporting server.
-
-
-
-
-Client Information
-Package Information
-Application Usage
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|With a reporting server|Without a reporting server|
+|---|---|
+|f you have an existing App-V reporting server, create a customized scheduled task or script. Specify that the client sends the data to the specified location at the desired frequency.|If you do not have an existing App-V reporting Server, use the **–URL** parameter to send the data to a specified share. For example: ```Send-AppVClientReport –URL \\Myshare\MyData\ -DeleteOnSuccess```
-
-
-
-With a Reporting Server
-Without a Reporting Server
-
-
-
-Send-AppVClientReport –URL \\Myshare\MyData\ -DeleteOnSuccess
The previous example will send the reporting data to the ```\\MyShare\MyData\``` location indicated by the **-URL** parameter. After the data has been sent, the cache is cleared.|
-
+>[!NOTE]
+>If a location other than the Reporting Server is specified, the data is sent in **.xml** format with no additional processing.
-### Creating Reports
+### Creating reports
To retrieve report information and create reports using App-V you must use one of the following methods:
-- **Microsoft SQL Server Reporting Services (SSRS)** - Microsoft SQL Server Reporting Services is available with Microsoft SQL Server. SSRS is not installed when you install the App-V reporting server. It must be deployed separately to generate the associated reports.
+* Microsoft SQL Server Reporting Services (SSRS)—Microsoft SSRS is available with Microsoft SQL Server. SSRS is not installed when you install the App-V reporting server. It must be deployed separately to generate the associated reports. For more information, see the [What is SQL Server Reporting Services (SSRS)?](https://docs.microsoft.com/en-us/sql/reporting-services/create-deploy-and-manage-mobile-and-paginated-reports) article.
- Use the following link for more information about using [Microsoft SQL Server Reporting Services](https://technet.microsoft.com/en-us/library/ms159106(v=sql.130).aspx).
-
-- **Scripting** – You can generate reports by scripting directly against the App-V reporting database. For example:
+* Scripting—You can generate reports by scripting directly against the App-V reporting database. For example:
**Stored Procedure:**
**spProcessClientReport** is scheduled to run at midnight or 12:00 AM.
- To run the Microsoft SQL Server Scheduled Stored procedure, the Microsoft SQL Server Agent must be running. You should ensure that the Microsoft SQL Server Agent is set to **AutoStart**. For more information see [Autostart SQL Server Agent (SQL Server Management Studio)](https://technet.microsoft.com/library/ms178130).
+ To run the Microsoft SQL Server Scheduled Stored procedure, the Microsoft SQL Server Agent must be running. Make sure the Microsoft SQL Server Agent is set to **AutoStart**. For more information, see [Autostart SQL Server Agent (SQL Server Management Studio)](https://docs.microsoft.com/en-us/sql/ssms/agent/autostart-sql-server-agent-sql-server-management-studio).
- The stored procedure is also created when using the App-V database scripts.
+ The stored procedure is also created when when you use the App-V database scripts.
-You should also ensure that the reporting server web service’s **Maximum Concurrent Connections** is set to a value that the server will be able to manage without impacting availability. The recommended number of **Maximum Concurrent Connections** for the **Reporting Web Service** is **10,000**.
+You should also ensure that the reporting server web service’s **Maximum Concurrent Connections** is set to a value that the server can manage without affecting availability. The recommended number of **Maximum Concurrent Connections** for the **Reporting Web Service** is **10,000**.
## Have a suggestion for App-V?
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
-
-[Deploying the App-V server](appv-deploying-the-appv-server.md)
-
-[How to install the Reporting Server on a Standalone Computer and Connect it to the Database](appv-install-the-reporting-server-on-a-standalone-computer.md)
-
-
-
-
-
-
-
-
-
+* [Deploying the App-V server](appv-deploying-the-appv-server.md)
+* [How to install the reporting server on a standalone computer and connect it to the database](appv-install-the-reporting-server-on-a-standalone-computer.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md b/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md
index c404cdd892..16285b7ef5 100644
--- a/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md
+++ b/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md
@@ -155,7 +155,7 @@ This method lets you launch any command within the context of an App-V package,
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-security-considerations.md b/windows/application-management/app-v/appv-security-considerations.md
index b29f528873..c5286a0658 100644
--- a/windows/application-management/app-v/appv-security-considerations.md
+++ b/windows/application-management/app-v/appv-security-considerations.md
@@ -6,143 +6,66 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/16/2018
---
+# App-V security considerations
-
-# App-V Security Considerations
-
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
This topic contains a brief overview of the accounts and groups, log files, and other security-related considerations for Microsoft Application Virtualization (App-V).
-**Important**
-App-V is not a security product and does not provide any guarantees for a secure environment.
+>[!IMPORTANT]
+>App-V is not a security product and does not provide any guarantees for a secure environment.
-
+## The PackageStoreAccessControl (PSAC) feature has been deprecated
-## PackageStoreAccessControl (PSAC) feature has been deprecated
-
-
-Effective as of June, 2014, the PackageStoreAccessControl (PSAC) feature that was introduced in Microsoft Application Virtualization (App-V) 5.0 Service Pack 2 (SP2) has been deprecated in both single-user and multi-user environments.
+Effective as of June, 2014, the PackageStoreAccessControl (PSAC) feature introduced in Microsoft Application Virtualization (App-V) 5.0 Service Pack 2 (SP2) has been deprecated in both single-user and multi-user environments.
## General security considerations
+**Understand the security risks.** The most serious risk to App-V is from unauthorized users hijacking an App-V client's functionality, giving the hacker the ability to reconfigure key data on App-V clients. By comparison, short-term loss of App-V functionality from a denial-of-service attack would not be as catastrophic.
-**Understand the security risks.** The most serious risk to App-V is that its functionality could be hijacked by an unauthorized user who could then reconfigure key data on App-V clients. The loss of App-V functionality for a short period of time due to a denial-of-service attack would not generally have a catastrophic impact.
+**Physically secure your computers**. A security strategy that doesn't consider physical security is incomplete. Anyone with physical access to an App-V server could potentially attack the entire client base, so potential physical attacks or thefts should be prevented at all cost. App-V servers should be stored in a physically secure server room with controlled access. Lock the computer with the operating system or a secured screen saver to keep computers secure when the administrators are away.
-**Physically secure your computers**. Security is incomplete without physical security. Anyone with physical access to an App-V server could potentially attack the entire client base. Any potential physical attacks must be considered high risk and mitigated appropriately. App-V servers should be stored in a physically secure server room with controlled access. Secure these computers when administrators are not physically present by having the operating system lock the computer, or by using a secured screen saver.
+**Apply the most recent security updates to all computers**. To stay informed about the latest updates for operating systems, Microsoft SQL Server, and App-V, see the [Microsoft Security TechCenter](https://technet.microsoft.com/en-us/security/bb291012). (THIS LINK NEEDS TO BE UPDATED)
-**Apply the most recent security updates to all computers**. To stay informed about the latest updates for operating systems, Microsoft SQL Server, and App-V, see the [Microsoft Security TechCenter](https://technet.microsoft.com/en-us/security/bb291012).
-
-**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all App-V and App-V administrator accounts. Never use blank passwords. For more information about password concepts, see [Password Policy](https://technet.microsoft.com/library/hh994572.aspx).
+**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all App-V and App-V administrator accounts. Never use blank passwords. For more information about password concepts, see [Password Policy](https://docs.microsoft.com/en-us/sql/relational-databases/security/password-policy) and [Strong Passwords](https://docs.microsoft.com/en-us/sql/relational-databases/security/strong-passwords). (THIS LINK NEEDS TO BE UPDATED)
## Accounts and groups in App-V
+A best practice for user account management is to create domain global groups and add user accounts to them. After that, add the domain global accounts to the necessary App-V local groups on the App-V servers.
-A best practice for user account management is to create domain global groups and add user accounts to them. Then, add the domain global accounts to the necessary App-V local groups on the App-V servers.
+>[!NOTE]
+>App-V client computer accounts that need to connect to the publishing server must be part of the publishing server’s **Users** local group. By default, all computers in the domain are part of the **Authorized Users** group, which is part of the **Users** local group.
-**Note**
-App-V client computer accounts that need to connect to the publishing server must be part of the publishing server’s **Users** local group. By default, all computers in the domain are part of the **Authorized Users** group, which is part of the **Users** local group.
+### App-V server security
-
+No groups are created automatically during App-V setup. You should create the following Active Directory Domain Services global groups to manage App-V server operations.
-### App-V server security
-
-No groups are created automatically during App-V Setup. You should create the following Active Directory Domain Services global groups to manage App-V server operations.
-
-
-
-
-
+|Group name|Details|Important notes|
+|---|---|---|
+|App-V Management Admin group|Used to manage the App-V management server. This group is created during the App-V Management Server installation.|The management console can't create a new group after installation is complete.|
+|Database read/write for Management Service account|Provides read/write access to the management database. This account should be created during App-V management database installation.||
+|App-V Management Service install admin account|Provides public access to schema-version table in management database. This account should be created during App-V management database installation.|This is only required if the management database is being installed separately from the service.|
+|App-V Reporting Service install admin account|Public access to schema-version table in reporting database. This account should be created during the App-V reporting database installation.|This is only required if reporting database is being installed separately from the service.|
Consider the following additional information:
-- Access to the package shares - If a share exists on the same computer as the management Server, the **Network** service requires read access to the share. In addition, each App-V client computer must have read access to the package share.
+* Access to the package shares: If a share exists on the same computer as the management Server, the **Network** service requires read access to the share. In addition, each App-V client computer must have read access to the package share.
+ >[!NOTE]
+ >In previous versions of App-V, package share was referred to as content share.
+* Registering publishing servers with Management Server: A publishing server must be registered with the Management server. For example, it must be added to the database, so that the Publishing server machine accounts are able to call into the Management service API.
- **Note**
- In previous versions of App-V, package share was referred to as content share.
-
-
-
-- Registering publishing servers with Management Server - A publishing server must be registered with the Management server. For example, it must be added to the database, so that the Publishing server machine accounts are able to call into the Management service API.
-
-### App-V package security
+### App-V package security
The following will help you plan how to ensure that virtualized packages are secure.
-- If an application installer applies an access control list (ACL) to a file or directory, then that ACL is not persisted in the package. When the package is deployed, if the file or directory is modified by a user it will either inherit the ACL in the **%userprofile%** or inherit the ACL of the target computer’s directory. The former case occurs if the file or directory does not exist in a virtual file system location; the latter case occurs if the file or directory exists in a virtual file system location, for example **%windir%**.
+* If an application installer applies an access control list (ACL) to a file or directory, then that ACL is not persisted in the package. If thje file or directory is modified by a user when the package is deployed, the modified file or directory will either inherit the ACL in the **%userprofile%** or inherit the ACL of the target computer’s directory. The former occurs if the file or directory does not exist in a virtual file system location; the latter occurs if the file or directory exists in a virtual file system location, such as **%windir%**.
-## App-V log files
+## App-V log files
-
-During App-V Setup, setup log files are created in the **%temp%** folder of the installing user.
-
-## Have a suggestion for App-V?
-
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
-
-
-
-Group name
-Details
-
-
-
-
-
-
-
-
-
-
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+During App-V setup, setup log files are created in the **%temp%** folder of the installing user.
## Related topics
-
-[Preparing Your Environment for App-V](appv-preparing-your-environment.md)
-
-
-
-
-
-
-
-
-
+[Preparing Your Environment for App-V](appv-preparing-your-environment.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-sequence-a-new-application.md b/windows/application-management/app-v/appv-sequence-a-new-application.md
index 0fcb1d5719..ba31867ad8 100644
--- a/windows/application-management/app-v/appv-sequence-a-new-application.md
+++ b/windows/application-management/app-v/appv-sequence-a-new-application.md
@@ -6,220 +6,211 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/16/2018
---
-
-
# Manually sequence a new app using the Microsoft Application Virtualization Sequencer (App-V Sequencer)
-**Applies to**
-- Windows 10, version 1607 and later
+>Applies to: Windows 10, version 1607 and later
In Windows 10, version 1607, the App-V Sequencer is included with the Windows ADK. For more info on how to install the App-V Sequencer, see [Install the App-V Sequencer](appv-install-the-sequencer.md).
-**To review or do before you start sequencing**
+## Before you start sequencing
-1. Determine the type of virtualized application package you want to create:
+1. Determine the type of virtualized application package you want to create:
| Application type | Description |
- | - | - |
+ |---|---|
| Standard | Creates a package that contains an application or a suite of applications. This is the preferred option for most application types. |
| Add-on or plug-in | Creates a package that extends the functionality of a standard application, for example, a plug-in for Microsoft Excel. Additionally, you can use plug-ins for natively installed applications, or for another package that is linked by using connection groups. |
- | Middleware | Creates a package that is required by a standard application, for example, Java. Middleware packages are used for linking to other packages by using connection groups. |
+ | Middleware | Creates a package that is required by a standard application, for example, Java. Middleware packages are used for linking to other packages through connection groups. |
-2. Copy all required installation files to the computer that is running the sequencer.
+2. Copy all required installation files to the computer that is running the sequencer.
-3. Make a backup image of your virtual environment before sequencing an application, and then revert to that image each time after you finish sequencing an application.
+3. Make a backup image of your virtual environment before sequencing an application, and then revert to that image each time after you finish sequencing an application.
-4. Review the following items:
+4. Review the following items:
- - If an application installer changes the security access to a new or existing file or directory, those changes are not captured in the package.
+ - If an application installer changes the security access to a new or existing file or directory, those changes are not captured in the package.
+ - If short paths have been disabled for the virtualized package’s target volume, you must also sequence the package to a volume that was created and still has short-paths disabled. It cannot be the system volume.
- - If short paths have been disabled for the virtualized package’s target volume, you must also sequence the package to a volume that was created and still has short-paths disabled. It cannot be the system volume.
+>[!NOTE]
+>The App-V Sequencer cannot sequence applications with filenames matching "CO_<_x_>" where *x* is any numeral. Error 0x8007139F will be generated.
->[!NOTE]
->The App-V Sequencer cannot sequence applications with filenames matching "CO_<_x_>" where x is any numeral. Error 0x8007139F will be generated.
+## Sequence a new standard application
-**To sequence a new standard application**
+1. On the computer that runs the sequencer, select **All Programs**, and then select **Microsoft Application Virtualization**, and then select **Microsoft Application Virtualization Sequencer**.
-1. On the computer that runs the sequencer, click **All Programs**, and then click **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**.
+2. In the sequencer, select **Create a New Virtual Application Package**. Select **Create Package (default)**, and then select **Next**.
-2. In the sequencer, click **Create a New Virtual Application Package**. Select **Create Package (default)**, and then click **Next**.
+3. On the **Prepare Computer** page, review the issues that could cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, select **Refresh** to display the updated information. After you have resolved all potential issues, select **Next**.
-3. On the **Prepare Computer** page, review the issues that could cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, click **Refresh** to display the updated information. After you have resolved all potential issues, click **Next**.
-
- >[!IMPORTANT]
+ >[!IMPORTANT]
>If you are required to disable virus scanning software, you should first scan the computer that runs the sequencer in order to ensure that no unwanted or malicious files could be added to the package.
-4. On the **Type of Application** page, click the **Standard Application (default)** check box, and then click **Next**.
+4. On the **Type of Application** page, select the **Standard Application (default)** check box, and then select **Next**.
-5. On the **Select Installer** page, click **Browse** and specify the installation file for the application.
+5. On the **Select Installer** page, select **Browse** and specify the installation file for the application.
- >[!NOTE]
+ >[!NOTE]
>If the specified application installer modifies security access to a file or directory, existing or new, the associated changes will not be captured into the package.
-
- If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Perform a Custom Installation** check box, and then click **Next**.
-6. On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name is displayed in the App-V Management Console.
+ If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Perform a Custom Installation** check box, and then select **Next**.
- Click **Next**.
+6. On the **Package Name** page, specify a name for the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name is displayed in the App-V Management Console. Once you're done, select **Next**.
-7. On the **Installation** page, when the sequencer and application installer are ready you can proceed to install the application so that the sequencer can monitor the installation process.
+7. On the **Installation** page, when the sequencer and application installer are ready, you can install the application so that the sequencer can monitor the installation process.
- >[!IMPORTANT]
+ >[!IMPORTANT]
>You should always install applications to a secure location and make sure no other users are logged on to the computer running the sequencer during monitoring.
-
- Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, click **Run** to locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**. Click **Next**.
-8. On the **Installation** page, wait while the sequencer configures the virtualized application package.
+ Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, select **Run** to locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**, then select **Next**.
-9. On the **Configure Software** page, optionally run the programs contained in the package. This step allows you to complete any necessary license or configuration tasks before you deploy and run the package on target computers. To run all the programs at one time, select at least one program, and then click **Run All**. To run specific programs, select the program or programs, and then click **Run Selected**. Complete the required configuration tasks and then close the applications. You may need to wait several minutes for all programs to run.
+8. On the **Installation** page, wait while the sequencer configures the virtualized application package.
- >[!NOTE]
+9. On the **Configure Software** page, optionally run the programs contained in the package. This step allows you to complete any necessary license or configuration tasks before you deploy and run the package on target computers. To run all the programs at one time, select at least one program, and then select **Run All**. To run specific programs, select the program or programs, and then select **Run Selected**. Complete the required configuration tasks and then close the applications. You may need to wait several minutes for all programs to run.
+
+ >[!NOTE]
>To run first-use tasks for any application that is not available in the list, open the application. The associated information will be captured during this step.
-
- Click **Next**.
-10. On the **Installation Report** page, you can review information about the virtualized application package you have just sequenced. In **Additional Information**, double-click an event to obtain more detailed information. To proceed, click **Next**.
+ Select **Next**.
-11. The **Customize** page is displayed. If you are finished installing and configuring the virtual application, select **Stop now** and skip to step 14 of this procedure. To perform either of the following customizations, select **Customize**.
+10. On the **Installation Report** page, you can review information about the virtualized application package you have just sequenced. In **Additional Information**, double-click an event to obtain more detailed information. To proceed, select **Next**.
- - Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers.
+11. The **Customize** page is displayed. If you've finished installing and configuring the virtual application, select **Stop now** and skip to step 14 of this procedure. To perform either of the following customizations, select **Customize**.
- - Specify the operating systems that can run this package.
+ - Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers.
+ - Specify the operating systems that can run this package.
- Click **Next**.
+ Once you're ready, select **Next**.
-12. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. It can take several minutes for all the applications to run. After all applications have run, close each of the applications, and then click **Next**.
+12. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. It can take several minutes for all the applications to run. After all applications have run, close each of the applications, and then select **Next**.
- >[!NOTE]
- >If you do not open any applications during this step, the default streaming method is on-demand streaming delivery. This means applications will be downloaded bit by bit until it can be opened, and then depending on how the background loading is configured, will load the rest of the application.
+ >[!NOTE]
+ >If you do not open any applications during this step, the default streaming method is on-demand streaming delivery. This means applications will be downloaded bit by bit until it can be opened. After that, depending on how the background loading is configured, it will load the rest of the application.
-13. On the **Target OS** page, specify the operating systems that can run this package. To allow all supported operating systems in your environment to run this package, select **Allow this package to run on any operating system**. To configure this package to run only on specific operating systems, select **Allow this package to run only on the following operating systems** and select the operating systems that can run this package. Click **Next**.
+13. On the **Target OS** page, specify the operating systems that can run this package. To allow all supported operating systems in your environment to run this package, select **Allow this package to run on any operating system**. To configure this package to run only on specific operating systems, select **Allow this package to run only on the following operating systems** and select the operating systems that can run this package. After that, select **Next**.
- >[!IMPORTANT]
+ >[!IMPORTANT]
>Make sure that the operating systems you specify here are supported by the application you are sequencing.
-
-14. The **Create Package** page is displayed. To modify the package without saving it, select **Continue to modify package without saving using the package editor**. This option opens the package in the sequencer console so that you can modify the package before it is saved. Click **Next**.
+14. The **Create Package** page is displayed. To modify the package without saving it, select **Continue to modify package without saving using the package editor**. This option opens the package in the sequencer console so that you can modify the package before saving it. Select **Next**.
To save the package immediately, select **Save the package now** (default). Add optional **Comments** to be associated with the package. Comments are useful for identifying the program version and other information about the package.
- >[!IMPORTANT]
+ >[!IMPORTANT]
>The system does not support non-printable characters in **Comments** and **Descriptions**.
-
- The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**.
-15. The **Completion** page is displayed. Review the information in the **Virtual Application Package Report** pane as needed, then click **Close**. This information is also available in the **Report.xml** file that is located in the directory where the package was created.
+ The default **Save Location** is also displayed on this page. To change the default location, select **Browse** and specify the new location. After that, select **Create**.
- The package is now available in the sequencer.
+15. The **Completion** page is displayed. Review the information in the **Virtual Application Package Report** pane as needed, then select **Close**. This information is also available in the **Report.xml** file located in the directory where the package was created.
- >[!IMPORTANT]
- >After you have successfully created a virtual application package, you cannot run the virtual application package on the computer that is running the sequencer.
-
+ Your package should now be available in the sequencer.
-**To sequence an add-on or plug-in application**
+ >[!IMPORTANT]
+ >After you have successfully created a virtual application package, you can't run the virtual application package on the computer that is running the sequencer.
->[!NOTE]
+## Sequence an add-on or plug-in application
+
+>[!NOTE]
>Before performing the following procedure, install the parent application locally on the computer that is running the sequencer. Or if you have the parent application virtualized, you can follow the steps in the add-on or plug-in workflow to unpack the parent application on the computer.
+>For example, if you are sequencing a plug-in for Microsoft Excel, install Microsoft Excel locally on the computer that's running the sequencer. You should also install the parent application in the same directory where the application is installed on target computers. If the plug-in or add-on is going to be used with an existing virtual application package, install the application on the same virtual application drive that was used when you created the parent virtual application package.
->For example, if you are sequencing a plug-in for Microsoft Excel, install Microsoft Excel locally on the computer that is running the sequencer. Also install the parent application in the same directory where the application is installed on target computers. If the plug-in or add-on is going to be used with an existing virtual application package, install the application on the same virtual application drive that was used when you created the parent virtual application package.
+1. On the computer that runs the sequencer, first, select **All Programs**, then select **Microsoft Application Virtualization**, and then select **Microsoft Application Virtualization Sequencer**.
-1. On the computer that runs the sequencer, click **All Programs**, and then Click **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**.
+2. In the sequencer, select **Create a New Virtual Application Package**, select **Create Package (default)**, and then select **Next**.
-2. In the sequencer, click **Create a New Virtual Application Package**, select **Create Package (default)**, and then click **Next**.
+3. On the **Prepare Computer** page, review the issues that might cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, select **Refresh** to display the updated information. After you have resolved all potential issues, select **Next**.
-3. On the **Prepare Computer** page, review the issues that might cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, click **Refresh** to display the updated information. After you have resolved all potential issues, click **Next**.
-
- >[!IMPORTANT]
+ >[!IMPORTANT]
>If you are required to disable virus scanning software, you should first scan the computer that runs the sequencer in order to ensure that no unwanted or malicious files could be added to the package.
-4. On the **Type of Application** page, select **Add-on or Plug-in**, and then click **Next**.
+4. On the **Type of Application** page, select **Add-on or Plug-in**, and then select **Next**.
-5. On the **Select Installer** page, click **Browse** and specify the installation file for the add-on or plug-in. If the add-on or plug-in does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**.
+5. On the **Select Installer** page, select **Browse** and specify the installation file for the add-on or plug-in. If the add-on or plug-in does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, then select **Next**.
-6. On the **Install Primary** page, ensure that the primary application is installed on the computer that runs the sequencer. Alternatively, you can expand an existing package that has been saved locally on the computer that runs the sequencer. To do this, click **Expand Package**, and then select the package. After you have expanded or installed the parent program, select **I have installed the primary parent program**.
+6. On the **Install Primary** page, ensure that the primary application is installed on the computer that runs the sequencer. Alternatively, you can expand an existing package that has been saved locally on the computer that runs the sequencer. To do this, select **Expand Package**, and then select the package. After you have expanded or installed the parent program, select **I have installed the primary parent program**.
-7. Click **Next**.
+7. Select **Next**.
-8. On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name will be displayed in the App-V Management Console.
+8. On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name will be displayed in the App-V Management Console.
-9. Click **Next**.
+9. Select **Next**.
-10. On the **Installation** page, when the sequencer and application installer are ready you can proceed to install the plug-in or add-in application so the sequencer can monitor the installation process. Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, click **Run** and locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**, and then click **Next**.
+10. On the **Installation** page, when the sequencer and application installer are ready you can proceed to install the plug-in or add-in application so the sequencer can monitor the installation process. Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, select **Run** and locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**, and then select **Next**.
-11. On the **Installation Report** page, you can review information about the virtual application package that you just sequenced. For a more detailed explanation about the information displayed in **Additional Information**, double-click the event. After you have reviewed the information, click **Next**.
+11. On the **Installation Report** page, you can review information about the virtual application package that you just sequenced. For a more detailed explanation about the information displayed in **Additional Information**, double-click the event. After you have reviewed the information, select **Next**.
12. The **Customize** page is displayed. If you are finished installing and configuring the virtual application, select **Stop now** and skip to step 12 of this procedure. To perform either of the following customizations, select **Customize**.
- - Optimize how the package will run across a slow or unreliable network.
+ - Optimize how the package will run across a slow or unreliable network.
+ - Specify the operating systems that can run this package.
- - Specify the operating systems that can run this package.
+ When you're finished, select **Next**.
- Click **Next**.
+13. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. Streaming improves the experience when the virtual application package is run on target computers on high-latency networks. It can take several minutes for all applications to run. After all applications have run, close each application. You can also configure the package to be required to be fully downloaded before opening by selecting the **Force applications to be downloaded** check-box. Select **Next**.
-13. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. Streaming improves the experience when the virtual application package is run on target computers on high-latency networks. It can take several minutes for all the applications to run. After all applications have run, close each of the applications. You can also configure the package to be required to be fully downloaded before opening by selecting the **Force applications to be downloaded** check-box. Click **Next**.
+ >[!NOTE]
+ >If necessary, you can stop an application from loading during this step. In the **Application Launch** dialog box, select **Stop** and select one of the check boxes: **Stop all applications** or **Stop this application only**.
- >[!NOTE]
- >If necessary, you can stop an application from loading during this step. In the **Application Launch** dialog box, click **Stop** and select one of the check boxes: **Stop all applications** or **Stop this application only**.
+14. On the **Target OS** page, specify the operating systems that can run this package. To allow all supported operating systems in your environment to run this package, select the **Allow this package to run on any operating system** check box. To configure this package to run only on specific operating systems, select the **Allow this package to run only on the following operating systems** check box, and then select the operating systems that can run this package. Select **Next**.
-12. On the **Target OS** page, specify the operating systems that can run this package. To allow all supported operating systems in your environment to run this package, select the **Allow this package to run on any operating system** check box. To configure this package to run only on specific operating systems, select the **Allow this package to run only on the following operating systems** check box, and then select the operating systems that can run this package. Click **Next**.
+15. The **Create Package** page is displayed. To modify the package without saving it, select **Continue to modify package without saving using the package editor** check box. This option opens the package in the sequencer console so that you can modify the package before it is saved. Select **Next**.
-13. The **Create Package** page is displayed. To modify the package without saving it, select **Continue to modify package without saving using the package editor** check box. This option opens the package in the sequencer console so that you can modify the package before it is saved. Click **Next**.
+ To save the package immediately, select **Save the package now**. Optionally, add a **Description** for the package. Descriptions are useful for identifying the version and other important information about the package.
- To save the package immediately, select **Save the package now**. Optionally, add a **Description** that will be associated with the package. Descriptions are useful for identifying the version and other information about the package.
-
- >[!IMPORTANT]
+ >[!IMPORTANT]
>The system does not support non-printable characters in Comments and Descriptions.
-
- The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**.
-**To sequence a middleware application**
+ The default **Save Location** is also displayed on this page. To change the default location, select **Browse** and specify the new location. Select **Create**.
-1. On the computer that runs the sequencer, click **All Programs**, and then Click **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**.
+### Sequence a middleware application
-2. In the sequencer, click **Create a New Virtual Application Package**, select **Create Package (default)**, and then click **Next**.
+1. On the computer that runs the sequencer, select **All Programs**, then select **Microsoft Application Virtualization**, and then select **Microsoft Application Virtualization Sequencer**.
-3. On the **Prepare Computer** page, review the issues that could cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, click **Refresh** to display the updated information. After you have resolved all potential issues, click **Next**.
+2. In the sequencer, select **Create a New Virtual Application Package**, select **Create Package (default)**, and then select **Next**.
- >[!IMPORTANT]
+3. On the **Prepare Computer** page, review the issues that could cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, select **Refresh** to display the updated information. After you have resolved all potential issues, select **Next**.
+
+ >[!IMPORTANT]
>If you are required to disable virus scanning software, you should first scan the computer that runs the App-V Sequencer in order to ensure that no unwanted or malicious files can be added to the package.
-4. On the **Type of Application** page, select **Middleware**, and then click **Next**.
+4. On the **Type of Application** page, select **Middleware**, and then select **Next**.
-5. On the **Select Installer** page, click **Browse** and specify the installation file for the application. If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**.
+5. On the **Select Installer** page, select **Browse** and specify the installation file for the application. If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, then select **Next**.
-6. On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name is displayed in the App-V Management Console.
+6. On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name is displayed in the App-V Management Console.
-7. Click **Next**.
+7. Select **Next**.
-8. On the **Installation** page, when the sequencer and middleware application installer are ready you can proceed to install the application so that the sequencer can monitor the installation process. Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, click **Run**, to locate and run the additional installation files. When you are finished with the installation, select the **I am finished installing** check box, and then click **Next**.
+8. On the **Installation** page, when the sequencer and middleware application installer are ready you can proceed to install the application so that the sequencer can monitor the installation process. Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, select **Run**, to locate and run the additional installation files. When you are finished with the installation, select the **I am finished installing** check box, and then select **Next**.
9. On the **Installation** page, wait while the sequencer configures the virtual application package.
-10. On the **Installation Report** page, you can review information about the virtual application package that you have just sequenced. In **Additional Information**, double-click an event to obtain more detailed information. To proceed, click **Next**.
+10. On the **Installation Report** page, you can review information about the virtual application package that you have just sequenced. In **Additional Information**, double-click an event to obtain more detailed information. To proceed, select **Next**.
-11. On the **Target OS** page, specify the operating systems that can run this package. To enable all supported operating systems in your environment to run this package, select the **Allow this package to run on any operating system** check box. To configure this package to run only on specific operating systems, select the **Allow this package to run only on the following operating systems** check box and select the operating systems that can run this package. Click **Next**.
+11. On the **Target OS** page, specify the operating systems that can run this package. To enable all supported operating systems in your environment to run this package, select the **Allow this package to run on any operating system** check box. To configure this package to run only on specific operating systems, select the **Allow this package to run only on the following operating systems** check box and select the operating systems that can run this package. Once you're done, select **Next**.
-12. On the **Create Package** page is displayed. To modify the package without saving it, select **Continue to modify package without saving using the package editor**. This option opens the package in the sequencer console so that you can modify the package before it is saved. Click **Next**.
+12. On the **Create Package** page is displayed. To modify the package without saving it, select **Continue to modify package without saving using the package editor**. This option opens the package in the sequencer console so that you can modify the package before it is saved. Select **Next**.
To save the package immediately, select **Save the package now**. Optionally, add a **Description** to be associated with the package. Descriptions are useful for identifying the program version and other information about the package.
- >[!IMPORTANT]
- >The system does not support non-printable characters in Comments and Descriptions.
-
- The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**.
+ >[!IMPORTANT]
+ >The system does not support non-printable characters in comments and descriptions.
-13. The **Completion** page is displayed. Review the information in the **Virtual Application Package Report** pane as needed, then click **Close**. This information is also available in the **Report.xml** file that is located in the directory specified in step 11 of this procedure.
+ The default **Save Location** is also displayed on this page. To change the default location, select **Browse** and specify the new location. Select **Create**.
- The package is now available in the sequencer. To edit the package properties, click **Edit \[Package Name\]**.
+13. The **Completion** page is displayed. Review the information in the **Virtual Application Package Report** pane as needed, then select **Close**. This information is also available in the **Report.xml** file that is located in the directory specified in step 11 of this procedure.
- >[!IMPORTANT]
- >After you have successfully created a virtual application package, you cannot run the virtual application package on the computer that is running the sequencer.
+ The package is now available in the sequencer. To edit the package properties, select **Edit \[Package Name\]**.
+
+ >[!IMPORTANT]
+ >After you have successfully created a virtual application package, you can't run the virtual application package on the computer that is running the sequencer.
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
+
- [Install the App-V Sequencer](appv-install-the-sequencer.md)
- [Operations for App-V](appv-operations.md)
diff --git a/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md b/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md
index 8d8eb13511..8a03631883 100644
--- a/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md
+++ b/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md
@@ -71,4 +71,4 @@ In Windows 10, version 1703, running the new-appvsequencerpackage or the update-
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-supported-configurations.md b/windows/application-management/app-v/appv-supported-configurations.md
index e1e458b316..3a0c6514b4 100644
--- a/windows/application-management/app-v/appv-supported-configurations.md
+++ b/windows/application-management/app-v/appv-supported-configurations.md
@@ -6,158 +6,87 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/16/2018
---
-
-
# App-V Supported Configurations
-**Applies to**
-- Windows 10, version 1607; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; and Windows Server 2008 R2
+>Applies to: Windows 10, version 1607; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2
-This topic specifies the requirements to install and run App-V in your Windows 10 environment. For information about prerequisite software such as the .NET Framework, see [App-V Prerequisites](appv-prerequisites.md).
+This topic specifies the requirements to install and run App-V in your Windows 10 environment. For information about prerequisite software such as the .NET Framework, see [App-V prerequisites](appv-prerequisites.md).
## App-V Server system requirements
-This section lists the operating system and hardware requirements for all of the App-V server components.
+This section lists the operating system and hardware requirements for all App-V server components.
### Unsupported App-V server scenarios
The App-V server does not support the following scenarios:
-- Deployment to a computer that runs the Server Core installation option.
-
-- Deployment to a computer that runs a previous version of the App-V server components. You can install App-V side by side with the App-V 4.5 Lightweight Streaming Server (LWS) server only. Deployment of App-V side by side with the Application Virtualization Management Service (HWS) 4.x is not supported.
-
-- Deployment to a computer that runs Microsoft SQL Server Express edition.
-
-- Deployment to a domain controller.
-
-- Short paths. If you plan to use a short path, you must create a new volume.
+* Deployment to a computer that runs the Server Core installation option.
+* Deployment to a computer that runs a previous version of the App-V server components. You can only install App-V side-by-side with the App-V 4.5 Lightweight Streaming Server (LWS) server. This scenario doesn't support side-by-side deployment of App-V and the Application Virtualization Management Service (HWS) 4.x.
+* Deployment to a computer running Microsoft SQL Server Express edition.
+* Deployment to a domain controller.
+* Short paths. If you plan to use a short path, you must create a new volume.
### Management server operating system requirements
-The App-V Management server can be installed on a server that runs Windows Server 2008 R2 with SP1 or later.
+You can install the App-V Management server on a server running Windows Server 2008 R2 with SP1 or later.
-> [!IMPORTANT]
-> Deployment of the Management server role to a computer with Remote Desktop Services enabled is not supported.
-
-
+>[!IMPORTANT]
+>Deploying a Management server role to a computer with Remote Desktop Services enabled is not supported.
### Management server hardware requirements
-- Processor—1.4 GHz or faster, 64-bit (x64) processor
-
-- RAM—1 GB RAM (64-bit)
-
-- Disk space—200 MB available hard disk space, not including the content directory
+* A 64-bit (x64) processor that runs at 1.4 GHz or faster.
+* 1 GB RAM (64-bit).
+* 200 MB of available hard disk space, not including the content directory.
### Management server database requirements
-The following table lists the SQL Server versions that are supported for the App-V Management database installation.
+The following table lists the SQL Server versions that the App-V Management database installation supports.
-
-
+|SQL Server version|Service pack|System architecture|
+|---|---|---|
+|Microsoft SQL Server 2014||32-bit or 64-bit|
+|Microsoft SQL Server 2012|SP2|32-bit or 64-bit|
+|Microsoft SQL Server 2008 R2|SP3|32-bit or 64-bit|
-
### Publishing server operating system requirements
The App-V Publishing server can be installed on a server that runs Windows Server 2008 R2 with SP1 or later.
-
### Publishing server hardware requirements
App-V adds no additional requirements beyond those of Windows Server.
-- Processor—1.4 GHz or faster, 64-bit (x64) processor
-
-- RAM—2 GB RAM (64-bit)
-
-- Disk space—200 MB available hard disk space, not including the content directory
+* A 64-bit (x64) processor that runs at 1.4 GHz or faster.
+* 2 GB RAM (64-bit).
+* 200 MB of available hard disk space, not including the content directory.
### Reporting server operating system requirements
-The App-V Reporting server can be installed on a server that runs Windows Server 2008 R2 with SP1 or later.
+You can install the App-V Reporting server on a server running Windows Server 2008 R2 with SP1 or later.
### Reporting server hardware requirements
App-V adds no additional requirements beyond those of Windows Server.
-- Processor—1.4 GHz or faster, 64-bit (x64) processor
-
-- RAM—2 GB RAM (64-bit)
-
-- Disk space—200 MB available hard disk space
+* A 64-bit (x64) processor that runs at 1.4 GHz or faster.
+* 2 GB RAM (64-bit).
+* 200 MB of available hard disk space, not including the content directory.
### Reporting server database requirements
The following table lists the SQL Server versions that are supported for the App-V Reporting database installation.
-
-
-
-
-SQL Server version
-Service pack
-System architecture
-
-
-
-
-
-
-
-
-
-
+|SQL Server version|Service pack|System architecture|
+|---|---|---|
+|Microsoft SQL Server 2014||32-bit or 64-bit|
+|Microsoft SQL Server 2012|SP2|32-bit or 64-bit|
+|Microsoft SQL Server 2008 R2|SP3|32-bit or 64-bit|
-
-
-## App-V client requirements and Remote Desktop Services client requirements
+## App-V client and Remote Desktop Services client requirements
With Windows 10, version 1607 and later releases, the App-V client is included with Windows 10 Enterprise and Windows 10 Education. The App-V client is no longer part of the Microsoft Desktop Optimization Pack. Before you can use the App-V client, it must be enabled, as described in [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md).
@@ -165,76 +94,27 @@ Similarly, the App-V Remote Desktop Services (RDS) client is included with Windo
## Sequencer system requirements
+The following table lists the operating systems that the App-V Sequencer installation supports.
-The following table lists the operating systems that are supported for the App-V Sequencer installation.
-
-
-
-
-
-SQL Server version
-Service pack
-System architecture
-
-
-
-
-
-
-
-
-
-
-
+|Operating system|Service pack|System architecture|
+|---|---|---|
+|Microsoft Windows Server 2012 R2||64-bit|
+|Microsoft Windows Server 2012||64-bit|
+|Microsoft Windows Server 2008 R2|SP1|64-bit|
+|Microsoft Windows 10||32-bit and 64-bit|
+|Microsoft Windows 8.1||32-bit and 64-bit|
+|Microsoft Windows 8||32-bit and 64-bit|
+|Microsoft Windows 7|SP1|32-bit and 64-bit|
### Sequencer hardware requirements
-See the Windows or Windows Server documentation for the hardware requirements. App-V adds no additional hardware requirements.
+See the Windows or Windows Server documentation for the hardware requirements.
-## Supported versions of System Center Configuration Manager
+## Supported versions of System Center Configuration Manager
The App-V client works with System Center Configuration Manager versions starting with Technical Preview for System Center Configuration Manager, version 1606.
-## Have a suggestion for App-V?
-
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
-
-
-
-Operating system
-Service pack
-System architecture
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
-
## Related topics
-- [Planning to Deploy App-V](appv-planning-to-deploy-appv.md)
-- [App-V Prerequisites](appv-prerequisites.md)
+* [Planning to deploy App-V](appv-planning-to-deploy-appv.md)
+* [App-V prerequisites](appv-prerequisites.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-technical-reference.md b/windows/application-management/app-v/appv-technical-reference.md
index f93b0e90ca..81b431ddac 100644
--- a/windows/application-management/app-v/appv-technical-reference.md
+++ b/windows/application-management/app-v/appv-technical-reference.md
@@ -39,7 +39,7 @@ This section provides reference information related to managing App-V.
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md b/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md
index 3fbc1956ed..242fdc9cf7 100644
--- a/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md
@@ -29,7 +29,7 @@ Use the following procedure to transfer the access and default package configura
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-troubleshooting.md b/windows/application-management/app-v/appv-troubleshooting.md
index c1e0968b82..c3011b5f88 100644
--- a/windows/application-management/app-v/appv-troubleshooting.md
+++ b/windows/application-management/app-v/appv-troubleshooting.md
@@ -17,7 +17,7 @@ ms.date: 04/19/2017
For information that can help with troubleshooting App-V for Windows 10, see:
-- [Application Virtualization (App-V): List of Microsoft Support Knowledge Base Articles](http://social.technet.microsoft.com/wiki/contents/articles/14272.app-v-v5-x-list-of-microsoft-support-knowledge-base-articles.aspx)
+- [Application Virtualization (App-V): List of Microsoft Support Knowledge Base Articles](https://social.technet.microsoft.com/wiki/contents/articles/14272.app-v-v5-x-list-of-microsoft-support-knowledge-base-articles.aspx)
- [Microsoft App-V Team Blog](https://blogs.technet.microsoft.com/appv/)
@@ -42,4 +42,4 @@ For information that can help with troubleshooting App-V for Windows 10, see:
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md b/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
index 2cd95ea922..9331c1584b 100644
--- a/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
+++ b/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
@@ -72,7 +72,7 @@ Once you’ve enabled the in-box App-V client, you need to configure it to point
Type the following cmdlet in a Windows PowerShell window:
-`Add-AppvPublishingServer -Name AppVServer -URL http:// appvserver:2222`
+`Add-AppvPublishingServer -Name AppVServer -URL https:// appvserver:2222`
**To modify client settings to point to an existing App-V publishing server with Group Policy**
@@ -96,4 +96,4 @@ Type the following cmdlet in a Windows PowerShell window:
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-using-the-client-management-console.md b/windows/application-management/app-v/appv-using-the-client-management-console.md
index 1372c4e630..54b1306b2e 100644
--- a/windows/application-management/app-v/appv-using-the-client-management-console.md
+++ b/windows/application-management/app-v/appv-using-the-client-management-console.md
@@ -82,7 +82,7 @@ The client management console contains the following described main tabs.
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md b/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md
index ffb8290ae7..fdf7299db8 100644
--- a/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md
@@ -33,7 +33,7 @@ Use the following procedure to view and configure default package extensions.
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md b/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md
index 60f321a711..46b0feb4f1 100644
--- a/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md
+++ b/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md
@@ -154,7 +154,7 @@ In your publishing metadata query, enter the string values that correspond to th
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index b0b0610178..659b090224 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -70,6 +70,8 @@
## [Configuration service provider reference](configuration-service-provider-reference.md)
### [AccountManagement CSP](accountmanagement-csp.md)
#### [AccountManagement DDF file](accountmanagement-ddf.md)
+### [Accounts CSP](accounts-csp.md)
+#### [Accounts DDF file](accounts-ddf-file.md)
### [ActiveSync CSP](activesync-csp.md)
#### [ActiveSync DDF file](activesync-ddf-file.md)
### [AllJoynManagement CSP](alljoynmanagement-csp.md)
diff --git a/windows/client-management/mdm/accounts-csp.md b/windows/client-management/mdm/accounts-csp.md
new file mode 100644
index 0000000000..0cec8a8ad3
--- /dev/null
+++ b/windows/client-management/mdm/accounts-csp.md
@@ -0,0 +1,51 @@
+---
+title: Accounts CSP
+description: The Accounts configuration service provider (CSP) is used by the enterprise (1) to rename a device, (2) to create a new local Windows account and joint it to a local user group.
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+ms.date: 04/17/2018
+---
+
+# Accounts CSP
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+The Accounts configuration service provider (CSP) is used by the enterprise (1) to rename a device, (2) to create a new local Windows account and joint it to a local user group. This CSP was added in Windows 10, version 1803.
+
+
+The following diagram shows the Accounts configuration service provider in tree format.
+
+
+
+**./Device/Vendor/MSFT/Accounts**
+Root node.
+
+**Domain**
+Interior node for the account domain information.
+
+**Domain/ComputerName**
+This node specifies the name for a device. This setting can be managed remotely. A couple of macros can be embedded within the value for dynamic substitution: %RAND:<# of digits>% and %SERIAL%.
+
+Examples: (a) "Test%RAND:6%" will generate a name "Test" followed by 6 random digits (e.g., "Test123456"). (b) "Foo%SERIAL%", will generate a name "Foo" followed by the serial number derived from device's ID. The server must explicitly reboot the device for this value to take effect.
+
+Supported operation is Add.
+
+**Users**
+Interior node for the user account information.
+
+**Users/_UserName_**
+This node specifies the username for a new local user account. This setting can be managed remotely.
+
+**Users/_UserName_/Password**
+This node specifies the password for a new local user account. This setting can be managed remotely.
+
+Supported operation is Add.
+
+**Users/_UserName_/LocalUserGroup**
+This optional node specifies the local user group that a local user account should be joined to. If the node is not set, the new local user account is joined just to the Standard Users group. Set the value to 2 for Administrators group. This setting can be managed remotely.
+
+Supported operation is Add.
\ No newline at end of file
diff --git a/windows/client-management/mdm/accounts-ddf-file.md b/windows/client-management/mdm/accounts-ddf-file.md
new file mode 100644
index 0000000000..311ed73e93
--- /dev/null
+++ b/windows/client-management/mdm/accounts-ddf-file.md
@@ -0,0 +1,179 @@
+---
+title: Accounts DDF file
+description: XML file containing the device description framework
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+ms.date: 04/17/2018
+---
+
+# Accounts CSP
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+This topic shows the OMA DM device description framework (DDF) for the **Accounts** configuration service provider.
+
+The XML below is for Windows 10, version 1803.
+
+``` syntax
+
+]>
+
+
+
+
+
+
[ActiveSync CSP](activesync-csp.md)
diff --git a/windows/client-management/mdm/images/provisioning-csp-accounts.png b/windows/client-management/mdm/images/provisioning-csp-accounts.png
new file mode 100644
index 0000000000..ceb90aff58
Binary files /dev/null and b/windows/client-management/mdm/images/provisioning-csp-accounts.png differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-wifi.png b/windows/client-management/mdm/images/provisioning-csp-wifi.png
index c3f21cb31d..463a784f95 100644
Binary files a/windows/client-management/mdm/images/provisioning-csp-wifi.png and b/windows/client-management/mdm/images/provisioning-csp-wifi.png differ
diff --git a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
index 4fe82b932b..72566a2607 100644
--- a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
+++ b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
@@ -110,7 +110,7 @@ All Windows devices can be connected to an Azure AD domain. These devices can be
3. Type in your Azure AD username. This is the email address you use to log into Microsoft Office 365 and similar services.
- If the tenant is a cloud-only tenant, this page will change to show the organization's custom branding, and you will be able to enter your password directly on this page. If the tenant is part of a federated domain, you will be redirected to the organization's on-premises federation server, such as Active Directory Federation Services (AD FS) for authentication.
+ If the tenant is a cloud-only, password hash sync, or pass-through authentication tenant, this page will change to show the organization's custom branding, and you will be able to enter your password directly on this page. If the tenant is part of a federated domain, you will be redirected to the organization's on-premises federation server, such as Active Directory Federation Services (AD FS) for authentication.
Based on IT policy, you may also be prompted to provide a second factor of authentication at this point. If your Azure AD tenant has auto-enrollment configured, your device will also be enrolled into MDM during this flow. For more information, see [these steps](azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md). If your tenant is not configured for auto-enrollment, you will have to go through the enrollment flow a second time to connect your device to MDM. After you complete the flow, your device will be connected to your organization’s Azure AD domain.
@@ -142,7 +142,7 @@ All Windows devices can be connected to an Azure AD domain. These devices can be
-7. If the tenant is a cloud only tenant, this page will change to show the organization's custom branding, and you will be able to enter your password directly on this page. If the tenant is part of a federated domain, you will be redirected to the organization's on-premises federation server, such as AD FS, for authentication.
+7. If the tenant is a cloud only, password hash sync, or pass-through authentication tenant, this page will change to show the organization's custom branding, and you will be able to enter your password directly on this page. If the tenant is part of a federated domain, you will be redirected to the organization's on-premises federation server, such as AD FS, for authentication.
Based on IT policy, you may also be prompted to provide a second factor of authentication at this point.
@@ -194,7 +194,7 @@ All Windows 10-based devices can be connected to a work or school account. You
-5. If the tenant is a cloud only tenant, this page will change to show the organization's custom branding, and you will be able to enter your password directly into the page. If the tenant is part of a federated domain, you will be redirected to the organization's on-premises federation server, such as AD FS, for authentication.
+5. If the tenant is a cloud only, password hash sync, or pass-through authentication tenant, this page will change to show the organization's custom branding, and you will be able to enter your password directly into the page. If the tenant is part of a federated domain, you will be redirected to the organization's on-premises federation server, such as AD FS, for authentication.
Based on IT policy, you may also be prompted to provide a second factor of authentication at this point.
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 6270e63cb6..6c8aea7fd4 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -1340,7 +1340,6 @@ For details about Microsoft mobile device management protocols for Windows 10 s
+
+Home
+ Pro
+ Business
+ Enterprise
+ Education
+ Mobile
+ Mobile Enterprise
+
+
+
4
[AccountManagement CSP](accountmanagement-csp.md)
+[RootCATrustedCertificates CSP](rootcacertificates-csp.md)
@@ -1356,6 +1355,10 @@ For details about Microsoft mobile device management protocols for Windows 10 s
+
@@ -1654,6 +1657,10 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
[Accounts CSP](accounts-csp.md)
+
+
+[Accounts CSP](accounts-csp.md)
+
[Policy CSP](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md
index 4ffde366c7..0a7c86e017 100644
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@@ -547,7 +547,7 @@ The following list shows the supported values:
+ 111Mobile Enterprise
-
@@ -3404,13 +3404,13 @@ ADMX Info:
- Mobile Enterprise
-
@@ -3456,13 +3456,13 @@ ADMX Info:
- Mobile Enterprise
-
@@ -3508,13 +3508,13 @@ ADMX Info:
- Mobile Enterprise
-
diff --git a/windows/client-management/mdm/wifi-csp.md b/windows/client-management/mdm/wifi-csp.md
index a533138079..65e4a03576 100644
--- a/windows/client-management/mdm/wifi-csp.md
+++ b/windows/client-management/mdm/wifi-csp.md
@@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 06/26/2017
+ms.date: 04/16/2018
---
# WiFi CSP
@@ -31,6 +31,9 @@ The following image shows the WiFi configuration service provider in tree format
The following list shows the characteristics and parameters.
+**Device or User profile**
+For user profile, use ./User/Vendor/MSFT/Wifi path and for device profile, use ./Device/Vendor/MSFT/Wifi path.
+
**Profile**
Identifies the Wi-Fi network configuration. Each Wi-Fi network configuration is represented by a profile object. This network profile includes all the information required for the device to connect to that network – for example, the SSID, authentication and encryption methods and passphrase in case of WEP or WPA2 networks.
diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
index e123d33d74..80bd272f42 100644
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
@@ -94,7 +94,16 @@ Added in Windows 10, version 1803. This policy setting allows you to determine w
- 1 - Turns on the functionality to allow users to download files from Edge in the container to the host file system.
**Status**
-
-
>See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
-The following steps can resolve many Windows upgrade problems.
+The following list of fixes can resolve many Windows upgrade problems. You should try these steps before contacting Microsoft support, or attempting a more advanced analysis of a Windows upgrade failure. Also review information at [Windows 10 help](https://support.microsoft.com/en-us/products/windows?os=windows-10).
+
+The Microsoft Virtual Agent provided by [Microsoft Support](https://support.microsoft.com/contactus/) can help you to analyze and correct some Windows upgrade errors. To talk to a person about your issue, start the Virtual Agent (click **Get started**) and enter "Talk to a person" two times.
+
+You might also wish to try a new tool available from Microsoft that helps to diagnose many Windows upgrade errors. For more information and to download this tool, see [SetupDiag](setupdiag.md). The topic is more advanced (300 level) because several advanced options are available for using the tool. However, you can also just download the tool and run it with no advanced options. You must understand how to download and then run the program from an [elevated command prompt](#open-an-elevated-command-prompt).
+
+## List of fixes
-
+
-
-
-
-
-
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/en-us/windows/dn798752.aspx)
[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications)
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
-
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821)
+
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821)
\ No newline at end of file
diff --git a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md
index 1f7c1def87..8c1c9c5f20 100644
--- a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md
+++ b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
-ms.date: 04/03/2018
+ms.date: 04/18/2018
ms.localizationpriority: high
---
@@ -16,11 +16,12 @@ ms.localizationpriority: high
**Applies to**
- Windows 10
->**Important**: This topic contains technical instructions for IT administrators. If you are not an IT administrator, see the following topic: [Get help with Windows 10 upgrade and installation errors](https://support.microsoft.com/en-us/help/10587/windows-10-get-help-with-upgrade-installation-errors). You can also [Submit Windows 10 upgrade errors using Feedback Hub](submit-errors.md).
+>[!IMPORTANT]
+>This article contains technical instructions for IT administrators. If you are not an IT administrator, try some of the [quick fixes](quick-fixes.md) described in this article then contact [Microsoft Support](https://support.microsoft.com/contactus/) starting with the Virtual Agent. To talk to a person about your issue, click **Get started** to interact with the Virtual Agent, then enter "Talk to a person" two times. The Virtual Agent can also help you to resolve many Windows upgrade issues. Also see: [Get help with Windows 10 upgrade and installation errors](https://support.microsoft.com/en-us/help/10587/windows-10-get-help-with-upgrade-installation-errors) and [Submit Windows 10 upgrade errors using Feedback Hub](submit-errors.md).
-This topic contains a brief introduction to Windows 10 installation processes, and provides resolution procedures that IT administrators can use to resolve issues with Windows 10 upgrade.
+This article contains a brief introduction to Windows 10 installation processes, and provides resolution procedures that IT administrators can use to resolve issues with Windows 10 upgrade.
-The topic was originally one page, but has been divided into sub-topics of different technical levels. Basic level provides common procedures that can resolve several types of upgrade errors. Advanced level requires some experience with detailed troubleshooting methods.
+The article was originally one page, but has been divided into sub-topics of different technical levels. Basic level provides common procedures that can resolve several types of upgrade errors. Advanced level requires some experience with detailed troubleshooting methods.
The following four levels are assigned:
@@ -31,7 +32,7 @@ Level 400: Advanced
## In this guide
-See the following topics:
+See the following topics in this article:
- [Quick fixes](quick-fixes.md): \Level 100\ Steps you can take to eliminate many Windows upgrade errors.
- [SetupDiag](setupdiag.md): \Level 300\ SetupDiag is a new tool to help you isolate the root cause of an upgrade failure.
@@ -57,3 +58,4 @@ See the following topics:
[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications)
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821)
+
\ No newline at end of file
diff --git a/windows/deployment/upgrade/troubleshoot-upgrade-errors.md b/windows/deployment/upgrade/troubleshoot-upgrade-errors.md
index a7f5d26c91..9ebd8766d6 100644
--- a/windows/deployment/upgrade/troubleshoot-upgrade-errors.md
+++ b/windows/deployment/upgrade/troubleshoot-upgrade-errors.md
@@ -32,6 +32,9 @@ These phases are explained in greater detail [below](#the-windows-10-upgrade-pro
Since the computer is booted into Windows PE during the SafeOS phase, a useful troubleshooting technique is to boot into [Windows PE](https://docs.microsoft.com/windows-hardware/manufacture/desktop/winpe-intro) using installation media. You can use the [media creation tool](https://www.microsoft.com/software-download/windows10) to create bootable media, or you can use tools such as the [Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit), and then boot your device from this media to test for hardware and firmware compatibility issues.
+ >[!TIP]
+ >If you attempt to use the media creation tool with a USB drive and this fails with error 0x80004005 - 0xa001a, this is because the USB drive is using GPT partition style. The tool requires that you use MBR partition style. You can use the DISKPART command to convert the USB drive from GPT to MBR. For more information, see [Change a GUID Partition Table Disk into a Master Boot Record Disk](https://go.microsoft.com/fwlink/?LinkId=207050).
+
**Do not proceed with the Windows 10 installation after booting from this media**. This method can only be used to perform a clean install which will not migrate any of your apps and settings, and you will be required re-enter your Windows 10 license information.
If the computer does not successfully boot into Windows PE using the media that you created, this is likely due to a hardware or firmware issue. Check with your hardware manufacturer and apply any recommended BIOS and firmware updates. If you are still unable to boot to installation media after applying updates, disconnect or replace legacy hardware.
diff --git a/windows/security/hardware-protection/tpm/trusted-platform-module-services-group-policy-settings.md b/windows/security/hardware-protection/tpm/trusted-platform-module-services-group-policy-settings.md
index ea9f6e17a8..bcb246ccb6 100644
--- a/windows/security/hardware-protection/tpm/trusted-platform-module-services-group-policy-settings.md
+++ b/windows/security/hardware-protection/tpm/trusted-platform-module-services-group-policy-settings.md
@@ -22,7 +22,7 @@ The Group Policy settings for TPM services are located at:
**Computer Configuration\\Administrative Templates\\System\\Trusted Platform Module Services\\**
-The following Group Policy settings were introduced in Window 10:
+The following Group Policy settings were introduced in Window 10.
## Configure the list of blocked TPM commands
@@ -36,17 +36,11 @@ If you disable or do not configure this policy setting, only those TPM commands
- The local list of blocked TPM commands is configured outside of Group Policy by running the TPM Management Console or scripting using the **Win32\_Tpm** interface.
-For information how to enforce or ignore the default and local lists of blocked TPM commands, see
-
-- [Ignore the default list of blocked TPM commands](#ignore-the-default-list-of-blocked-tpm-commands)
-
-- [Ignore the local list of blocked TPM commands](#ignore-the-local-list-of-blocked-tpm-commands)
-
## Ignore the default list of blocked TPM commands
This policy setting allows you to enforce or ignore the computer's default list of blocked Trusted Platform Module (TPM) commands.
-The default list of blocked TPM commands is preconfigured by Windows. You can view the default list by typing **tpm.msc** at the command prompt to open the TPM Management Console, navigating to the **Command Management** section, and exposing the **On Default Block List** column. Also see the related policy setting, [Configure the list of blocked TPM commands](#configure-the-list-of-blocked-tpm-commands).
+The default list of blocked TPM commands is preconfigured by Windows. You can view the default list by typing **tpm.msc** at the command prompt to open the TPM Management Console, navigating to the **Command Management** section, and exposing the **On Default Block List** column.
If you enable this policy setting, the Windows operating system will ignore the computer's default list of blocked TPM commands, and it will block only those TPM commands that are specified by Group Policy or the local list.
@@ -56,7 +50,8 @@ If you disable or do not configure this policy setting, Windows will block the T
This policy setting allows you to enforce or ignore the computer's local list of blocked Trusted Platform Module (TPM) commands.
-The local list of blocked TPM commands is configured outside of Group Policy by typing **tpm.msc** at the command prompt to open the TPM Management Console, or scripting using the **Win32\_Tpm** interface. (The default list of blocked TPM commands is preconfigured by Windows.) Also see the related policy setting, [Configure the list of blocked TPM commands](#configure-the-list-of-blocked-tpm-commands).
+The local list of blocked TPM commands is configured outside of Group Policy by typing **tpm.msc** at the command prompt to open the TPM Management Console, or scripting using the **Win32\_Tpm** interface. (The default list of blocked TPM commands is preconfigured by Windows.)
+
If you enable this policy setting, the Windows operating system will ignore the computer's local list of blocked TPM commands, and it will block only those TPM commands that are specified by Group Policy or the default list.
@@ -64,10 +59,9 @@ If you disable or do not configure this policy setting, Windows will block the T
## Configure the level of TPM owner authorization information available to the operating system
-This policy setting configures how much of the TPM owner authorization information is stored in the registry of the local computer. Depending on the amount of TPM owner authorization information that is stored locally, the Windows operating system and TPM-based applications can perform certain actions in the TPM that require TPM owner authorization without requiring the user to enter the TPM owner password.
+Beginning with Windows 10 version 1607 and Windows Server 2016, this policy setting is no longer used by Windows, but it continues to appear in GPEdit.msc for compatibility with previous versions.
-> [!IMPORTANT]
-> This policy setting is not available in the Windows 10, version 1607 and Windows Server 2016 and later versions of the ADMX files.
+This policy setting configures how much of the TPM owner authorization information is stored in the registry of the local computer. Depending on the amount of TPM owner authorization information that is stored locally, the Windows operating system and TPM-based applications can perform certain actions in the TPM that require TPM owner authorization without requiring the user to enter the TPM owner password.
There are three TPM owner authentication settings that are managed by the Windows operating system. You can choose a value of **Full**, **Delegate**, or **None**.
@@ -143,13 +137,6 @@ An administrator with the TPM owner password can fully reset the TPM's hardware
If you do not configure this policy setting, a default value of 9 is used. A value of zero means that the operating system will not allow standard users to send commands to the TPM, which might cause an authorization failure.
-> [!IMPORTANT]
-> The **Turn on TPM backup to Active Directory Domain Services** is not available in the Windows 10, version 1607 and Windows Server 2016 and later versions of the ADMX files.
-
-If you enable this policy setting, TPM owner information will be automatically and silently backed up to AD DS when you use Windows to set or change a TPM owner password. When this policy setting is enabled, a TPM owner password cannot be set or changed unless the computer is connected to the domain and the AD DS backup succeeds.
-
-If you disable or do not configure this policy setting, TPM owner information will not be backed up to AD DS.
-
## Configure the system to use legacy Dictionary Attack Prevention Parameters setting for TPM 2.0
Introduced in Windows 10, version 1703, this policy setting configures the TPM to use the Dictionary Attack Prevention Parameters (lockout threshold and recovery time) to the values that were used for Windows 10 Version 1607 and below.
@@ -167,6 +154,6 @@ Introduced in Windows 10, version 1703, this policy setting configures the TPM t
## Related topics
-- [Trusted Platform Module](trusted-platform-module-top-node.md) (list of topics)
-- [TPM Cmdlets in Windows PowerShell](http://technet.microsoft.com/library/jj603116.aspx)
-- [Prepare your organization for BitLocker: Planning and Policies - TPM configurations](https://technet.microsoft.com/itpro/windows/keep-secure/prepare-your-organization-for-bitlocker-planning-and-policies#bkmk-tpmconfigurations)
\ No newline at end of file
+- [Trusted Platform Module](trusted-platform-module-top-node.md)
+- [TPM Cmdlets in Windows PowerShell](https://docs.microsoft.com/powershell/module/trustedplatformmodule/?view=win10-ps)
+- [Prepare your organization for BitLocker: Planning and Policies - TPM configurations](https://docs.microsoft.com/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies#bkmk-tpmconfigurations)
\ No newline at end of file
diff --git a/windows/security/identity-protection/hello-for-business/hello-features.md b/windows/security/identity-protection/hello-for-business/hello-features.md
index b53fb11810..2cff590539 100644
--- a/windows/security/identity-protection/hello-for-business/hello-features.md
+++ b/windows/security/identity-protection/hello-for-business/hello-features.md
@@ -112,7 +112,7 @@ To configure PIN reset on Windows devices you manage, use an [Intune Windows 10
Set the value for this CSP to **True**.
-Read the [Steps to reset the passcode](https://docs.microsoft.com/en-us/intune/device-windows-pin-reset#steps-to-reset-the-passcode) section to removely reset a PIN on an Intune managed device.
+Read the [Steps to reset the passcode](https://docs.microsoft.com/en-us/intune/device-windows-pin-reset#steps-to-reset-the-passcode) section to remotely reset a PIN on an Intune managed device.
### On-premises Deployments
@@ -122,7 +122,7 @@ Read the [Steps to reset the passcode](https://docs.microsoft.com/en-us/intune/d
* Reset from settings - Windows 10, version 1703
* Reset above Lock - Windows 10, version 1709
-On-premises deployments provide users with the ability to reset forgotton PINs either through the settings page or from above the user's lock screen. Users must know or be provider their password for authentication, must perform a second factor of authentication, and then reprovision Windows Hello for Business.
+On-premises deployments provide users with the ability to reset forgotton PINs either through the settings page or from above the user's lock screen. Users must know or be provided their password for authentication, must perform a second factor of authentication, and then reprovision Windows Hello for Business.
>[!IMPORTANT]
>Users must have corporate network connectivity to domain controllers and the AD FS server to reset their PINs.
@@ -145,10 +145,10 @@ On-premises deployments provide users with the ability to reset forgotton PINs e
**Requirements**
* Hybrid and On-premises Windows Hello for Business deployments
-* Domain Joined or Hybird Azure joined devices
+* Domain Joined or Hybrid Azure joined devices
* Windows 10, version 1709
-The privileged credentials scenario enables administrators to perform elevated, admistrative funcions by enrolling both their non-privileged and privileged credentials on their device.
+The privileged credentials scenario enables administrators to perform elevated, administrative functions by enrolling both their non-privileged and privileged credentials on their device.
By design, Windows 10 does not enumerate all Windows Hello for Business users from within a user's session. Using the computer Group Policy setting, Allow enumeration of emulated smart card for all users, you can configure a device to all this enumeration on selected devices.
diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md
index 829934ef39..7d22c3efb9 100644
--- a/windows/security/identity-protection/vpn/vpn-conditional-access.md
+++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md
@@ -1,20 +1,21 @@
---
title: VPN and conditional access (Windows 10)
-description: tbd
+description: The VPN client is now able to integrate with the cloud-based Conditional Access Platform to provide a device compliance option for remote clients. Conditional Access is a policy-based evaluation engine that lets you create access rules for any Azure Active Directory (Azure AD) connected application.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, networking
-author: jdeckerms
+author: shortpatti
+ms.author: pashort
+manager: elizapo
+ms.reviewer:
ms.localizationpriority: high
-ms.date: 07/27/2017
+ms.date: 04/20/2018
---
# VPN and conditional access
-**Applies to**
-- Windows 10
-- Windows 10 Mobile
+>Applies to: Windows 10 and Windows 10 Mobile
The VPN client is now able to integrate with the cloud-based Conditional Access Platform to provide a device compliance option for remote clients. Conditional Access is a policy-based evaluation engine that lets you create access rules for any Azure Active Directory (Azure AD) connected application.
@@ -44,13 +45,13 @@ Conditional Access Platform components used for Device Compliance include the fo
- Encryption compliance
- Device health attestation state (validated against attestation service after query)
-
The following client-side components are also required:
- [HealthAttestation Configuration Service Provider (CSP)](https://msdn.microsoft.com/library/windows/hardware/dn934876.aspx)
- [VPNv2 CSP](https://msdn.microsoft.com/library/windows/hardware/dn914776.aspx) DeviceCompliance node settings
- Trusted Platform Module (TPM)
## VPN device compliance
+According to the VPNv2 CSP, these settings options are **Optional**. If you want your users to access on-premises resources, such as files on a network share, based on the credential of a certificate that was issued by an on-premises CA, and not the Cloud CA certificate, you add these settings to the VPNv2 profile. Alternatively, if you add the cloud root certificates to the NTAuth store in on-prem AD, your user's cloud certificate will chain and KDC will issue TGT and TGS tickets to them.
Server-side infrastructure requirements to support VPN device compliance include:
@@ -65,9 +66,9 @@ After the server side is set up, VPN admins can add the policy settings for cond
Two client-side configuration service providers are leveraged for VPN device compliance.
- VPNv2 CSP DeviceCompliance settings
- - **Enabled**: enables the Device Compliance flow from the client. If marked as **true**, the VPN client will attempt to communicate with Azure AD to get a certificate to use for authentication. The VPN should be set up to use certificate authentication and the VPN server must trust the server returned by Azure AD.
- - **Sso**: nodes under SSO can be used to choose a certificate different from the VPN authentication certificate for Kerberos authentication in the case of device compliance.
- - **Sso/Enabled**: if this field is set to **true**, the VPN client will look for a separate certificate for Kerberos authentication.
+ - **Enabled**: enables the Device Compliance flow from the client. If marked as **true**, the VPN client attempts to communicate with Azure AD to get a certificate to use for authentication. The VPN should be set up to use certificate authentication and the VPN server must trust the server returned by Azure AD.
+ - **Sso**: nodes under SSO can be used to choose a certificate different from the VPN authentication certificate for Kerberos authentication in the case of device compliance.
+ - **Sso/Enabled**: if this field is set to **true**, the VPN client looks for a separate certificate for Kerberos authentication.
- **Sso/IssuerHash**: hashes for the VPN client to look for the correct certificate for Kerberos authentication.
- **Sso/Eku**: comma-separated list of Enhanced Key Usage (EKU) extensions for the VPN client to look for the correct certificate for Kerberos authentication.
- HealthAttestation CSP (not a requirement) - functions performed by the HealthAttestation CSP include:
@@ -76,14 +77,16 @@ Two client-side configuration service providers are leveraged for VPN device com
- Provisions the Health Attestation Certificate received from the HAS
- Upon request, forwards the Health Attestation Certificate (received from HAS) and related runtime information to the MDM server for verification
+>[!NOTE]
+>Enabling SSO is not necessarily required unless you want VPN users to be issued Kerberos tickets to access on-premises resources using a certificate issued by the on-premises CA; not the cloud certificate issued by AAD.
+
+
## Client connection flow
-
-
-The VPN client side connection flow works as follows:
+The VPN client side connection flow works as follows:
-When a Device Compliance-enabled VPN connection profile is triggered (either manually or automatically):
+When a VPNv2 Profile is configured with \
Only code that is verified by WDAC, usually through the digital signature that you have identified as being from a trusted signer, is allowed to run. This allows full control over allowed code in both kernel and user mode.
**Specialized hardware required?** No security-related hardware features are required, but WDAC is strengthened by such features, as described in the next rows.
[!NOTE] Prior to Windows 10, version 1709, Windows Defender Application Control was known as configurable code integrity policies. |
-| **Exposure to unsigned code** (most malware is unsigned) | **WDAC plus catalog files as needed**: Because most malware is unsigned, WDAC can immediately help protect against a large number of threats. For organizations that use unsigned line-of-business (LOB) applications, you can use a tool called Package Inspector to create a *catalog* of all deployed and executed binary files for your trusted applications. After you sign and distribute the catalog, your trusted applications can be handled by WDAC in the same way as any other signed application. With this foundation, you can more easily block all unsigned applications, allowing only signed applications to run.
**Specialized hardware required?** No, but WDAC and catalogs are strengthened by the hardware features, as described in the next rows. |
-| **Malware that gains access to the kernel** and then, from within the kernel, captures sensitive information or damages the system | **Virtualization-based protection of code integrity**: This is protection that uses Windows 10’s new virtualization-based security (VBS) feature to help protect the kernel and other parts of the operating system. When virtualization-based protection of code integrity (also known as hypervisor-protected code integrity, or HVCI) is enabled, it strengthens either the default kernel-mode code integrity policy (which protects against bad drivers or system files), or the configurable code integrity policy that you deploy.
With HVCI, even if malware gains access to the kernel, the effects can be severely limited because the hypervisor can prevent the malware from executing code. The hypervisor, the most privileged level of system software, enforces R/W/X permissions across system memory. Code integrity checks are performed in a secure environment which is resistant to attack from kernel mode software, and page permissions for kernel mode are set and maintained by the hypervisor. Even if there are vulnerabilities that allow memory modification, like a buffer overflow, the modified memory cannot be executed.
**Specialized hardware required?** Yes, VBS requires at least CPU virtualization extensions and SLAT, as described in [Hardware, firmware, and software requirements for Windows Defender Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-windows-defender-device-guard). |
-| **DMA-based attacks**, for example, attacks launched from a malicious device that reads secrets from memory, making the enterprise more vulnerable to attack | **Virtualization-based security (VBS) using IOMMUs**: With this type of VBS protection, when the DMA-based attack makes a memory request, IOMMUs will evaluate the request and deny access.
**Specialized hardware required?** Yes, IOMMUs are a hardware feature that supports the hypervisor, and if you choose hardware that includes them, they can help protect against malicious attempts to access memory. |
-| **Exposure to boot kits or to a physically present attacker at boot time** | **Universal Extensible Firmware Interface (UEFI) Secure Boot**: Secure Boot and related methods protect the boot process and firmware from tampering. This tampering can come from a physically present attacker or from forms of malware that run early in the boot process or in the kernel after startup. UEFI is locked down (Boot order, Boot entries, Secure Boot, Virtualization extensions, IOMMU, Microsoft UEFI CA), so the settings in UEFI cannot be changed to compromise Windows Defender Device Guard security.
**Specialized hardware required?** UEFI Secure Boot has firmware requirements. For more information, see [Hardware, firmware, and software requirements for Windows Defender Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-windows-defender-device-guard). |
+As a result, many customers assumed that they couldn’t use configurable CI either.
+But configurable CI carries no specific hardware or software requirements other than running Windows 10, which means many customers were wrongly denied the benefits of this powerful application control capability.
-In this guide, you learn about the individual features found within Windows Defender Device Guard as well as how to plan for, configure, and deploy them. Windows Defender Device Guard with WDAC is intended for deployment alongside additional threat-mitigating Windows features such as [Windows Defender Credential Guard](/windows/access-protection/credential-guard/credential-guard) and [AppLocker](/windows/device-security/applocker/applocker-overview).
+Since the initial release of Windows 10, the world has witnessed numerous hacking and malware attacks where application control alone could have prevented the attack altogether. So we are promoting configurable CI within our security stack and giving it a name of its own: [Windows Defender Application Control](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control).
+We hope this branding change will help us better communicate options for adopting application control within an organization.
-## New and changed functionality
+Does this mean Windows Defender Device Guard is going away? Not at all. Device Guard will continue to exist as a way to describe the fully locked down state achieved through the use of Windows Defender Application Control (WDAC), [HVCI](https://docs.microsoft.com/windows/security/threat-protection/enable-virtualization-based-protection-of-code-integrity), and hardware and firmware security features. It also allows us to work with our OEM partners to identify specifications for devices that are “Device Guard capable” so that our joint customers can easily purchase devices that meet all of the hardware and firmware requirements of the original Device Guard scenario.
-Prior to Windows 10, version 1709, Windows Defender Application Control (WDAC) was known as configurable code integrity policies.
+## Related topics
-Beginning with Windows 10, version 1703, you can use WDAC not only to control applications, but also to control whether specific plug-ins, add-ins, and modules can run from specific apps (such as a line-of-business application or a browser). For more information, see [Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules](steps-to-deploy-windows-defender-application-control.md#use-a-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules).
+- [Windows Defender Application Control](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control)
-## Tools for managing Windows Defender Device Guard features
+- [HVCI](https://docs.microsoft.com/windows/security/threat-protection/enable-virtualization-based-protection-of-code-integrity)
-You can easily manage Windows Defender Device Guard features by using familiar enterprise and client-management tools that IT pros use every day:
+[Dropping the Hammer Down on Malware Threats with Windows 10’s Windows Defender Device Guard](https://channel9.msdn.com/Events/Ignite/2015/BRK2336)
-
-
-- **Group Policy**. Windows 10 provides an administrative template to configure and deploy the configurable WDAC policies for your organization. Another template allows you to specify which hardware-based security features you would like to enable and deploy. You can manage these settings along with your existing Group Policy Objects (GPOs), which makes it simpler to implement Windows Defender Device Guard features. In addition to these WDAC and hardware-based security features, you can use Group Policy to help you manage your catalog files.
-
- - For a description of catalog files, see the table row describing **Exposure to unsigned code** in [How Windows Defender Device Guard features help protect against threats](#how-windows-defender-device-guard-features-help-protect-against-threats), earlier in this topic.
- - For information about using Group Policy as a deployment tool, see:
[Deploy catalog files with Group Policy](deploy-catalog-files-to-support-windows-defender-application-control.md#deploy-catalog-files-with-group-policy)
[Deploy and manage WDAC with Group Policy](steps-to-deploy-windows-defender-application-control.md#deploy-and-manage-windows-defender-application-control-with-group-policy)
-
-- **Microsoft System Center Configuration Manager**. You can use System Center Configuration Manager to simplify deployment and management of catalog files, WDAC policies, and hardware-based security features, as well as provide version control. For more information, see [Deploy catalog files with System Center Configuration Manager](deploy-catalog-files-to-support-windows-defender-application-control.md#deploy-catalog-files-with-system-center-configuration-manager).
-
-- **Microsoft Intune**. You can use Microsoft Intune to simplify deployment and management of WDAC policies, as well as provide version control. In a future release of Microsoft Intune, Microsoft is considering including features that will support the deployment and management of catalog files.
-
-- **Windows PowerShell**. You can use Windows PowerShell to create and service WDAC policies. For more information, see [Deploy Windows Defender Application Control: steps](steps-to-deploy-windows-defender-application-control.md).
-
-These options provide the same experience you're used to in order to manage your existing enterprise management solutions.
-
-For more information about the deployment of Windows Defender Device Guard features, see:
-- [Deploy Windows Defender Application Control](deploy-windows-defender-application-control.md)
-- [Deploy virtualization-based protection of code integrity](deploy-device-guard-enable-virtualization-based-security.md)
-
-## Other features that relate to Windows Defender Device Guard
-
-### Windows Defender Device Guard with AppLocker
-
-Although [AppLocker](/windows/device-security/applocker/applocker-overview) is not considered a new Windows Defender Device Guard feature, it complements Windows Defender Device Guard functionality when WDAC cannot be fully implemented or its functionality does not cover every desired scenario. There are many scenarios in which WDAC would be used alongside AppLocker rules. As a best practice, you should enforce WDAC at the most restrictive level possible for your organization, and then you can use AppLocker to fine-tune the restrictions to an even lower level.
-
-> **Note** One example of how Windows Defender Device Guard functionality can be enhanced by AppLocker is when you want to apply different policies for different users on the same device. For example, you may allow your IT support personnel to run additional apps that you do not allow for your end-users. You can accomplish this user-specific enforcement by using an AppLocker rule.
-
-AppLocker and Windows Defender Device Guard should run side-by-side in your organization, which offers the best of both security features at the same time and provides the most comprehensive security to as many devices as possible. In addition to these features, we recommend that you continue to maintain an enterprise antivirus solution for a well-rounded enterprise security portfolio.
-
-### Windows Defender Device Guard with Windows Defender Credential Guard
-
-Another Windows 10 feature that employs VBS is [Windows Defender Credential Guard](/windows/access-protection/credential-guard/credential-guard). Windows Defender Credential Guard provides additional protection to Active Directory domain users by storing domain credentials within the same type of VBS virtualization container that hosts code integrity when HVCI is enabled. By isolating these domain credentials from the active user mode and kernel mode, they have a much lower risk of being stolen. For more information about Windows Defender Credential Guard (which is not a feature within Windows Defender Device Guard), see [Protect derived domain credentials with Windows Defender Credential Guard](/windows/access-protection/credential-guard/credential-guard).
-
-Windows Defender Credential Guard is targeted at resisting pass-the-hash and pass-the-ticket techniques. By employing multifactor authentication with Windows Defender Credential Guard, organizations can gain additional protection against such threats.
+[Driver compatibility with Windows Defender Device Guard in Windows 10](https://blogs.msdn.microsoft.com/windows_hardware_certification/2015/05/22/driver-compatibility-with-device-guard-in-windows-10)
+[Code integrity](https://technet.microsoft.com/library/dd348642.aspx)
diff --git a/windows/security/threat-protection/device-guard/planning-and-getting-started-on-the-device-guard-deployment-process.md b/windows/security/threat-protection/device-guard/planning-and-getting-started-on-the-device-guard-deployment-process.md
deleted file mode 100644
index b2c2cb7926..0000000000
--- a/windows/security/threat-protection/device-guard/planning-and-getting-started-on-the-device-guard-deployment-process.md
+++ /dev/null
@@ -1,78 +0,0 @@
----
-title: Planning and getting started on the Windows Defender Device Guard deployment process (Windows 10)
-description: To help you plan and begin the initial test stages of a deployment of Microsoft Windows Defender Device Guard, this article outlines how to gather information, create a plan, and begin to create and test initial code integrity policies.
-keywords: virtualization, security, malware
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: high
-author: brianlic-msft
-ms.date: 10/20/2017
----
-
-# Planning and getting started on the Windows Defender Device Guard deployment process
-
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
-This topic provides a roadmap for planning and getting started on the Windows Defender Device Guard deployment process, with links to topics that provide additional detail. Planning for Windows Defender Device Guard deployment involves looking at both the end-user and the IT pro impact of your choices. Use the following steps to guide you.
-
-## Planning
-
-1. **Review requirements, especially hardware requirements for VBS**. Review the virtualization-based security (VBS) features described in [How Windows Defender Device Guard features help protect against threats](introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md#how-windows-defender-device-guard-features-help-protect-against-threats). Then you can assess your end-user systems to see how many support the VBS features you are interested in, as described in [Hardware, firmware, and software requirements for Windows Defender Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-windows-defender-device-guard).
-
-2. **Group devices by degree of control needed**. Group devices according to the table in [Windows Defender Device Guard deployment in different scenarios: types of devices](requirements-and-deployment-planning-guidelines-for-device-guard.md#windows-defender-device-guard-deployment-in-different-scenarios-types-of-devices). Do most devices fit neatly into a few categories, or are they scattered across all categories? Are users allowed to install any application or must they choose from a list? Are users allowed to use their own peripheral devices?
Deployment is simpler if everything is locked down in the same way, but meeting individual departments’ needs, and working with a wide variety of devices, may require a more complicated and flexible deployment.
-
-3. **Review how much variety in software and hardware is needed by roles or departments**. When several departments all use the same hardware and software, you might need to deploy only one Windows Defender Application Control (WDAC) policy for them. More variety across departments might mean you need to create and manage more WDAC policies. The following questions can help you clarify how many WDAC policies to create:
- - How standardized is the hardware?
This can be relevant because of drivers. You could create a WDAC policy on hardware that uses a particular set of drivers, and if other drivers in your environment use the same signature, they would also be allowed to run. However, you might need to create several WDAC policies on different "reference" hardware, then merge the policies together, to ensure that the resulting policy recognizes all the drivers in your environment.
-
- - What software does each department or role need? Should they be able to install and run other departments’ software?
If multiple departments are allowed to run the same list of software, you might be able to merge several WDAC policies to simplify management.
-
- - Are there departments or roles where unique, restricted software is used?
If one department needs to run an application that no other department is allowed, it might require a separate WDAC policy. Similarly, if only one department must run an old version of an application (while other departments allow only the newer version), it might require a separate WDAC policy.
-
- - Is there already a list of accepted applications?
A list of accepted applications can be used to help create a baseline WDAC policy.
As of Windows 10, version 1703, it might also be useful to have a list of plug-ins, add-ins, or modules that you want to allow only in a specific app (such as a line-of-business app). Similarly, it might be useful to have a list of plug-ins, add-ins, or modules that you want to block in a specific app (such as a browser).
-
- - As part of a threat review process, have you reviewed systems for software that can load arbitrary DLLs or run code or scripts?
- In day-to-day operations, your organization’s security policy may allow certain applications, code, or scripts to run on your systems depending on their role and the context. However, if your security policy requires that you run only trusted applications, code, and scripts on your systems, you may decide to lock these systems down securely with Windows Defender Application Control policies. You can also fine-tune your control by using Windows Defender Application Control in combination with AppLocker, as described in [Windows Defender Device Guard with AppLocker](introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md#windows-defender-device-guard-with-applocker).
-
- Legitimate applications from trusted vendors provide valid functionality. However, an attacker could also potentially use that same functionality to run malicious executable code that could bypass WDAC.
-
- For operational scenarios that require elevated security, certain applications with known Code Integrity bypasses may represent a security risk if you whitelist them in your WDAC policies. Other applications where older versions of the application had vulnerabilities also represent a risk. Therefore, you may want to deny or block such applications from your WDAC policies. For applications with vulnerabilities, once the vulnerabilities are fixed you can create a rule that only allows the fixed or newer versions of that application. The decision to allow or block applications depends on the context and on how the reference system is being used.
-
- Security professionals collaborate with Microsoft continuously to help protect customers. With the help of their valuable reports, Microsoft has identified a list of known applications that an attacker could potentially use to bypass Windows Defender Application Control. Depending on the context, you may want to block these applications. To view this list of applications and for use case examples, such as disabling msbuild.exe, see [Deploy Windows Defender Application Control: steps](steps-to-deploy-windows-defender-application-control.md).
-
-
-
-
-
-
-4. **Identify LOB applications that are currently unsigned**. Although requiring signed code (through WDAC) protects against many threats, your organization might use unsigned LOB applications, for which the process of signing might be difficult. You might also have applications that are signed, but you want to add a secondary signature to them. If so, identify these applications, because you will need to create a catalog file for them. For a basic description of catalog files, see the table in [Introduction to Windows Defender Device Guard: virtualization-based security and Windows Defender Application Control](introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md). For more background information about catalog files, see [Reviewing your applications: application signing and catalog files](requirements-and-deployment-planning-guidelines-for-device-guard.md#reviewing-your-applications-application-signing-and-catalog-files).
-
-## Getting started on the deployment process
-
-1. **Optionally, create a signing certificate for Windows Defender Application Control**. As you deploy WDAC, you might need to sign catalog files or WDAC policies internally. To do this, you will either need a publicly issued code signing certificate (that you purchase) or an internal CA. If you choose to use an internal CA, you will need to create a code signing certificate. For more information, see [Optional: Create a code signing certificate for Windows Defender Application Control](optional-create-a-code-signing-certificate-for-windows-defender-application-control.md).
-
-2. **Create WDAC policies from “golden” computers**. When you have identified departments or roles that use distinctive or partly-distinctive sets of hardware and software, you can set up “golden” computers containing that software and hardware. In this respect, creating and managing WDAC policies to align with the needs of roles or departments can be similar to managing corporate images. From each “golden” computer, you can create a WDAC policy, and decide how to manage that policy. You can merge WDAC policies to create a broader policy or a master policy, or you can manage and deploy each policy individually. For more information, see:
- - [Deploy Windows Defender Application Control: policy rules and file rules](deploy-windows-defender-application-control-policy-rules-and-file-rules.md)
- - [Deploy Windows Defender Application Control: steps](steps-to-deploy-windows-defender-application-control.md)
-
-3. **Audit the WDAC policy and capture information about applications that are outside the policy**. We recommend that you use “audit mode” to carefully test each WDAC policy before you enforce it. With audit mode, no application is blocked—the policy just logs an event whenever an application outside the policy is started. Later, you can expand the policy to allow these applications, as needed. For more information, see [Audit Windows Defender Application Control policies](steps-to-deploy-windows-defender-application-control.md#audit-windows-defender-application-control-policies).
-
-4. **Create a “catalog file” for unsigned LOB applications**. Use the Package Inspector tool to create and sign a catalog file for your unsigned LOB applications. For more information, review step 4 **Identify LOB applications that are currently unsigned**, earlier in this list, and see [Deploy catalog files to support Windows Defender Application Control](deploy-catalog-files-to-support-windows-defender-application-control.md). In later steps, you can merge the catalog file's signature into your WDAC policy, so that applications in the catalog will be allowed by the policy.
-
-6. **Capture needed policy information from the event log, and merge information into the existing policy as needed**. After a WDAC policy has been running for a time in audit mode, the event log will contain information about applications that are outside the policy. To expand the policy so that it allows for these applications, use Windows PowerShell commands to capture the needed policy information from the event log, and then merge that information into the existing policy. You can merge WDAC policies from other sources also, for flexibility in how you create your final WDAC policies. For more information, see:
- - [Create a Windows Defender Application Control policy that captures audit information from the event log](steps-to-deploy-windows-defender-application-control.md#create-a-windows-defender-application-control-policy-that-captures-audit-information-from-the-event-log)
- - [Merge Windows Defender Application Control policies](steps-to-deploy-windows-defender-application-control.md#merge-windows-defender-application-control-policies)
-
-7. **Deploy WDAC policies and catalog files**. After you confirm that you have completed all the preceding steps, you can begin deploying catalog files and taking WDAC policies out of auditing mode. We strongly recommend that you begin this process with a test group of users. This provides a final quality-control validation before you deploy the catalog files and WDAC policies more broadly. For more information, see:
- - [Enforce Windows Defender Application Control policies](steps-to-deploy-windows-defender-application-control.md#enforce-windows-defender-application-control-policies)
- - [Deploy and manage Windows Defender Application Control with Group Policy](steps-to-deploy-windows-defender-application-control.md#deploy-and-manage-windows-defender-application-control-with-group-policy)
-
-8. **Enable desired virtualization-based security (VBS) features**. Hardware-based security features—also called virtualization-based security (VBS) features—strengthen the protections offered by Windows Defender Application Control, as described in [How Windows Defender Device Guard features help protect against threats](introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md#how-windows-defender-device-guard-features-help-protect-against-threats).
-
- > [!WARNING]
- > Virtualization-based protection of code integrity may be incompatible with some devices and applications. We strongly recommend testing this configuration in your lab before enabling virtualization-based protection of code integrity on production systems. Failure to do so may result in unexpected failures up to and including data loss or a blue screen error (also called a stop error).
-
- For information about enabling VBS features, see [Enable virtualization-based protection of code integrity](deploy-device-guard-enable-virtualization-based-security.md).
-
-
diff --git a/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-device-guard.md b/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-device-guard.md
deleted file mode 100644
index 418d67676f..0000000000
--- a/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-device-guard.md
+++ /dev/null
@@ -1,157 +0,0 @@
----
-title: Requirements and deployment planning guidelines for Windows Defender Device Guard (Windows 10)
-description: To help you plan a deployment of Microsoft Windows Defender Device Guard, this article describes hardware requirements for Windows Defender Device Guard, outlines deployment approaches, and describes methods for code signing and the deployment of code integrity policies.
-keywords: virtualization, security, malware
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: high
-author: brianlic-msft
-ms.date: 10/20/2017
----
-
-# Requirements and deployment planning guidelines for Windows Defender Device Guard
-
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
-The information in this article is intended for IT professionals, and provides a foundation for [Planning and getting started on the Windows Defender Device Guard deployment process](planning-and-getting-started-on-the-device-guard-deployment-process.md).
-
->**Note** If you are an OEM, see the requirements information at [PC OEM requirements for Windows Defender Device Guard and Windows Defender Credential Guard](https://msdn.microsoft.com/library/windows/hardware/mt767514.aspx).
-
-## Hardware, firmware, and software requirements for Windows Defender Device Guard
-
-To deploy Windows Defender Device Guard in a way that uses all of its virtualization-based security (VBS) features, the computers you are protecting must meet certain hardware, firmware, and software requirements. However, computers lacking some of the hardware and firmware requirements will still receive some protection when you deploy Windows Defender Application Control (WDAC) policies—the difference is that those computers will not be as hardened against certain threats.
-
-For example, hardware that includes CPU virtualization extensions and SLAT will be hardened against malware that attempts to gain access to the kernel, but without protected BIOS options such as “Boot only from internal hard drive,” the computer could be booted (by a malicious person who has physical access) into an operating system on bootable media. For an outline of how VBS-related hardware strengthens the hardening offered by Windows Defender Device Guard, see [Introduction to Windows Defender Device Guard: virtualization-based security and Windows Defender Application Control](introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md).
-
-You can deploy Windows Defender Device Guard in phases, and plan these phases in relation to the computer purchases you plan for your next hardware refresh.
-
-> [!WARNING]
-> Virtualization-based protection of code integrity may be incompatible with some devices and applications. We strongly recommend testing this configuration in your lab before enabling virtualization-based protection of code integrity on production systems. Failure to do so may result in unexpected failures up to and including data loss or a blue screen error (also called a stop error).
-
-The following tables provide more information about the hardware, firmware, and software required for deployment of various Windows Defender Device Guard features. The tables describe baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017.
-
-> **Notes**
-> • To understand the requirements in the following tables, you will need to be familiar with the main features in Windows Defender Device Guard: Windows Defender Application Control (WDAC), virtualization-based protection of code integrity, and Universal Extensible Firmware Interface (UEFI) Secure Boot. For information about these features, see [How Windows Defender Device Guard features help protect against threats](introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md#how-windows-defender-device-guard-features-help-protect-against-threats).
-> • Beginning with Windows 10, version 1607, Trusted Platform Module (TPM 2.0) must be enabled by default on new computers.
-
-## Baseline protections
-
-|Baseline Protections | Description | Security benefits |
-|--------------------------------|----------------------------------------------------|-------------------|
-| Hardware: **64-bit CPU** | A 64-bit computer is required for the Windows hypervisor to provide VBS. | |
-| Hardware: **CPU virtualization extensions**,
plus **extended page tables** | These hardware features are required for VBS:
One of the following virtualization extensions:
• VT-x (Intel) or
• AMD-V
And:
• Extended page tables, also called Second Level Address Translation (SLAT). | VBS provides isolation of the secure kernel from the normal operating system. Vulnerabilities and zero-days in the normal operating system cannot be exploited because of this isolation. |
-| Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot** | See the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](http://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot) | UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots. |
-| Firmware: **Secure firmware update process** | UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](http://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot). | UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed. |
-| Software: **HVCI compatible drivers** | See the Windows Hardware Compatibility Program requirements under [Filter.Driver.DeviceGuard.DriverCompatibility](https://msdn.microsoft.com/library/windows/hardware/mt589732(v=vs.85).aspx).| [HVCI Compatible](https://blogs.msdn.microsoft.com/windows_hardware_certification/2015/05/22/driver-compatibility-with-device-guard-in-windows-10/) drivers help ensure that VBS can maintain appropriate memory permissions. This increases resistance to bypassing vulnerable kernel drivers and helps ensure that malware cannot run in kernel. Only code verified through code integrity can run in kernel mode. |
-| Software: Qualified **Windows operating system** | Windows 10 Enterprise, Windows 10 Education, Windows Server 2016, or Windows 10 IoT Enterprise
| Support for VBS and for management features that simplify configuration of Windows Defender Device Guard. |
-
-> **Important** The following tables list additional qualifications for improved security. You can use Windows Defender Device Guard with hardware, firmware, and software that support baseline protections, even if they do not support protections for improved security. However, we strongly recommend meeting these additional qualifications to significantly strengthen the level of security that Windows Defender Device Guard can provide.
-
-## Additional qualifications for improved security
-
-The following tables describe additional hardware and firmware qualifications, and the improved security that is available when these qualifications are met.
-
-
-### Additional security qualifications starting with Windows 10, version 1507, and Windows Server 2016, Technical Preview 4
-
-| Protections for Improved Security | Description | Security benefits |
-|---------------------------------------------|----------------------------------------------------|------|
-| Firmware: **Securing Boot Configuration and Management** | • BIOS password or stronger authentication must be supported.
Windows Server 2016 running as a domain controller does not support Windows Defender Credential Guard. Only virtualization-based protection of code integrity is supported in this configuration.
• In the BIOS configuration, BIOS authentication must be set.
• There must be support for protected BIOS option to configure list of permitted boot devices (for example, “Boot only from internal hard drive”) and boot device order, overriding BOOTORDER modification made by operating system.
• In the BIOS configuration, BIOS options related to security and boot options (list of permitted boot devices, boot order) must be secured to prevent other operating systems from starting and to prevent changes to the BIOS settings. | • BIOS password or stronger authentication helps ensure that only authenticated Platform BIOS administrators can change BIOS settings. This helps protect against a physically present user with BIOS access.
• Boot order when locked provides protection against the computer being booted into WinRE or another operating system on bootable media. |
-
-
-
-### Additional security qualifications starting with Windows 10, version 1607, and Windows Server 2016
-
-
-| Protections for Improved Security | Description | Security benefits |
-|---------------------------------------------|----------------------------------------------------|-----|
-| Firmware: **Hardware Rooted Trust Platform Secure Boot** | • Boot Integrity (Platform Secure Boot) must be supported. See the Windows Hardware Compatibility Program requirements under [System.Fundamentals.Firmware.CS.UEFISecureBoot.ConnectedStandby](https://msdn.microsoft.com/library/windows/hardware/dn932807(v=vs.85).aspx#system_fundamentals_firmware_cs_uefisecureboot_connectedstandby)
• The Hardware Security Test Interface (HSTI) 1.1.a must be implemented. See [Hardware Security Testability Specification](https://msdn.microsoft.com/en-us/library/windows/hardware/mt712332.aspx). | • Boot Integrity (Platform Secure Boot) from Power-On provides protections against physically present attackers, and defense-in-depth against malware.
• HSTI 1.1.a provides additional security assurance for correctly secured silicon and platform. |
-| Firmware: **Firmware Update through Windows Update** | Firmware must support field updates through Windows Update and UEFI encapsulation update. | Helps ensure that firmware updates are fast, secure, and reliable. |
-| Firmware: **Securing Boot Configuration and Management** | • Required BIOS capabilities: Ability of OEM to add ISV, OEM, or Enterprise Certificate in Secure Boot DB at manufacturing time.
• Required configurations: Microsoft UEFI CA must be removed from Secure Boot DB. Support for 3rd-party UEFI modules is permitted but should leverage ISV-provided certificates or OEM certificate for the specific UEFI software.| • Enterprises can choose to allow proprietary EFI drivers/applications to run.
• Removing Microsoft UEFI CA from Secure Boot DB provides full control to enterprises over software that runs before the operating system boots. |
-
-
-
-### Additional security qualifications starting with Windows 10, version 1703
-
-
-| Protections for Improved Security | Description | Security benefits |
-|---------------------------------------------|----------------------------------------------------|------|
-| Firmware: **VBS enablement of NX protection for UEFI runtime services** | • VBS will enable No-Execute (NX) protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be exceutable.
• UEFI runtime service must meet these requirements:
• Implement UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE. All UEFI runtime service memory (code and data) must be described by this table.
• PE sections need to be page-aligned in memory (not required for in non-volitile storage).
• The Memory Attributes Table needs to correctly mark code and data as RO/NX for configuration by the OS:
• All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both
• No entries may be left with neither of the above attributes, indicating memory that is both exceutable and writable. Memory must be either readable and executable or writeable and non-executable.
• This only applies to UEFI runtime service memory, and not UEFI boot service memory.
• This protection is applied by VBS on OS page tables.
Please also note the following:
• Do not use sections that are both writeable and exceutable
• Do not attempt to directly modify executable system memory
• Do not use dynamic code | • Vulnerabilities in UEFI runtime, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
• Reduces the attack surface to VBS from system firmware. |
-| Firmware: **Firmware support for SMM protection** | The [Windows SMM Security Mitigations Table (WSMT) specification](http://download.microsoft.com/download/1/8/A/18A21244-EB67-4538-BAA2-1A54E0E490B6/WSMT.docx) contains details of an Advanced Configuration and Power Interface (ACPI) table that was created for use with Windows operating systems that support Windows virtualization-based security (VBS) features.| • Protects against potential vulnerabilities in UEFI runtime services, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
• Reduces the attack surface to VBS from system firmware.
• Blocks additional security attacks against SMM. |
-
-## Windows Defender Device Guard deployment in different scenarios: types of devices
-
-Typically, deployment of Windows Defender Device Guard happens best in phases, rather than being a feature that you simply “turn on.” The choice and sequence of phases depends on the way various computers and other devices are used in your organization, and to what degree IT manages those devices. The following table can help you begin to develop a plan for deploying Windows Defender Device Guard in your organization.
-
-| **Type of device** | **How Windows Defender Device Guard relates to this type of device** | **Windows Defender Device Guard components that you can use to protect this kind of device** |
-|------------------------------------|------------------------------------------------------|--------------------------------------------------------------------------------|
-| **Fixed-workload devices**: Perform same tasks every day.
Lists of approved applications rarely change.
Examples: kiosks, point-of-sale systems, call center computers. | Windows Defender Device Guard can be deployed fully, and deployment and ongoing administration are relatively straightforward.
After Windows Defender Device Guard deployment, only approved applications can run. This is because of protections offered by WDAC. | - VBS (hardware-based) protections, enabled.
• WDAC in enforced mode, with UMCI enabled. |
-| **Fully managed devices**: Allowed software is restricted by IT department.
Users can request additional software, or install from a list of applications provided by IT department.
Examples: locked-down, company-owned desktops and laptops. | An initial baseline WDAC policy can be established and enforced. Whenever the IT department approves additional applications, it will update the WDAC policy and (for unsigned LOB applications) the catalog.
WDAC policies are supported by the HVCI service. | - VBS (hardware-based) protections, enabled.
• WDAC in enforced mode, with UMCI enabled. |
-| **Lightly managed devices**: Company-owned, but users are free to install software.
Devices are required to run organization's antivirus solution and client management tools. | Windows Defender Device Guard can be used to help protect the kernel, and to monitor (audit) for problem applications rather than limiting the applications that can be run. | - VBS (hardware-based) protections, enabled. When enabled with a WDAC policy in audit mode only, VBS means the hypervisor helps enforce the default kernel-mode code integrity policy, which protects against unsigned drivers or system files.
• WDAC, with UMCI enabled, but running in audit mode only. This means applications are not blocked—the policy just logs an event whenever an application outside the policy is started. |
-| **Bring Your Own Device**: Employees are allowed to bring their own devices, and also use those devices away from work. | Windows Defender Device Guard does not apply. Instead, you can explore other hardening and security features with MDM-based conditional access solutions, such as Microsoft Intune. | N/A |
-
-## Windows Defender Device Guard deployment in virtual machines
-
-Windows Defender Device Guard can protect a Hyper-V virtual machine, just as it would a physical machine. The steps to enable Windows Defender Device Guard are the same from within the virtual machine.
-
-Windows Defender Device Guard protects against malware running in the guest virtual machine. It does not provide additional protection from the host administrator. From the host, you can disable Windows Defender Device Guard for a virtual machine:
-
-` Set-VMSecurity -VMName
-
-|Name|Twitter|
-|---|---|
-|Casey Smith |@subTee|
-|Matt Graeber | @mattifestation|
-|Matt Nelson | @enigma0x3|
-|Oddvar Moe |@Oddvarmoe|
-|Alex Ionescu | @aionescu|
-|Lee Christensen|@tifkin_|
-
-
-
->[!Note]
->This application list will be updated with the latest vendor information as application vulnerabilities are resolved and new issues are discovered.
-
-Certain software applications may allow additional code to run by design.
-These types of applications should be blocked by your Windows Defender Application Control policy.
-In addition, when an application version is upgraded to fix a security vulnerability or potential Windows Defender Application Control bypass, you should add deny rules to your WDAC policies for that application’s previous, less secure versions.
-
-Microsoft recommends that you install the latest security updates.
-The June 2017 Windows updates resolve several issues in PowerShell modules that allowed an attacker to bypass Windows Defender Application Control.
-These modules cannot be blocked by name or version, and therefore must be blocked by their corresponding hashes.
-
-For October 2017, we are announcing an update to system.management.automation.dll in which we are revoking older versions by hash values, instead of version rules.
-
-Microsoft recommends that you block the following Microsoft-signed applications and PowerShell files by merging the following policy into your existing policy to add these deny rules using the Merge-CIPolicy cmdlet:
-
-```
-
-
-
-To create a WDAC policy, copy each of the following commands into an elevated Windows PowerShell session, in order:
-
-1. Initialize variables that you will use. The following example commands use **InitialScan.xml** and **DeviceGuardPolicy.bin** for the names of the files that will be created:
-
- ` $CIPolicyPath=$env:userprofile+"\Desktop\"`
-
- ` $InitialCIPolicy=$CIPolicyPath+"InitialScan.xml"`
-
- ` $CIPolicyBin=$CIPolicyPath+"DeviceGuardPolicy.bin"`
-
-2. Use [New-CIPolicy](https://docs.microsoft.com/powershell/module/configci/new-cipolicy?view=win10-ps) to create a new WDAC policy by scanning the system for installed applications:
-
- ` New-CIPolicy -Level FilePublisher -FilePath $InitialCIPolicy –UserPEs -FallBack Hash 3> CIPolicyLog.txt `
-
- > [!Note]
-
- > - When you specify the **-UserPEs** parameter (to include user mode executables in the scan), rule option **0 Enabled:UMCI** is automatically added to the WDAC policy. In contrast, if you do not specify **-UserPEs**, the policy will be empty of user mode executables and will only have rules for kernel mode binaries like drivers, in other words, the whitelist will not include applications. If you create such a policy and later add rule option **0 Enabled:UMCI**, all attempts to start applications will cause a response from Windows Defender Application Control. In audit mode, the response is logging an event, and in enforced mode, the response is blocking the application.
-
- > - You can add the **-Fallback** parameter to catch any applications not discovered using the primary file rule level specified by the **-Level** parameter. For more information about file rule level options, see [Windows Defender Application Control file rule levels](deploy-windows-defender-application-control-policy-rules-and-file-rules.md#windows-defender-application-control-file-rule-levels) in “Deploy Windows Defender Application Control: policy rules and file rules.”
-
- > - To specify that the WDAC policy scan only a specific drive, include the **-ScanPath** parameter followed by a path. Without this parameter, the entire system is scanned.
-
- > - The preceding example includes `3> CIPolicylog.txt`, which redirects warning messages to a text file, **CIPolicylog.txt**.
-
-3. Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/powershell/module/configci/convertfrom-cipolicy?view=win10-ps) to convert the WDAC policy to a binary format:
-
- ` ConvertFrom-CIPolicy $InitialCIPolicy $CIPolicyBin`
-
-After you complete these steps, the WDAC binary file (DeviceGuardPolicy.bin) and original .xml file (IntialScan.xml) will be available on your desktop. You can use the binary file as a WDAC policy or sign it for additional security.
-
-> [!Note]
-> We recommend that you keep the original .xml file of the policy for use when you need to merge the WDAC policy with another policy or update its rule options. Alternatively, you would have to create a new policy from a new scan for servicing. For more information about how to merge WDAC policies, see [Merge Windows Defender Application Control policies](#merge-windows-defender-application-control-policies).
-
-We recommend that every WDAC policy be run in audit mode before being enforced. Doing so allows administrators to discover any issues with the policy without receiving error message dialog boxes. For information about how to audit a WDAC policy, see the next section, [Audit Windows Defender Application Control policies](#audit-windows-defender-application-control-policies).
-
-## Audit Windows Defender Application Control policies
-
-When WDAC policies are run in audit mode, it allows administrators to discover any applications that were missed during an initial policy scan and to identify any new applications that have been installed and run since the original policy was created. While a WDAC policy is running in audit mode, any binary that runs and would have been denied had the policy been enforced is logged in the **Applications and Services Logs\\Microsoft\\Windows\\CodeIntegrity\\Operational** event log. When these logged binaries have been validated, they can easily be added to a new WDAC policy. When the new exception policy is created, you can merge it with your existing WDAC policies.
-
-> [!Note]
-> Before you begin this process, you need to create a WDAC policy binary file. If you have not already done so, see [Create a Windows Defender Application Control policy from a reference computer](#create-a-windows-defender-application-control-policy-from-a-reference-computer), earlier in this topic, for a step-by-step walkthrough of the process to create a WDAC policy and convert it to binary format.
-
-**To audit a Windows Defender Application Control policy with local policy:**
-
-1. Find a *.bin policy file that you have created, for example, the DeviceGuardPolicy.bin file that resulted from the steps in the earlier section, [Create a Windows Defender Application Control policy from a reference computer](#create-a-windows-defender-application-control-policy-from-a-reference-computer). Copy the file to C:\\Windows\\System32\\CodeIntegrity.
-
-2. On the computer you want to run in audit mode, open the Local Group Policy Editor by running **GPEdit.msc**.
-
- > [!Note]
-
- > - The computer that you will run in audit mode must be clean of viruses or malware. Otherwise, in the process that you follow after auditing the system, you might unintentionally merge in a policy that allows viruses or malware to run.
-
- > - An alternative method to test a policy is to rename the test file to SIPolicy.p7b and drop it into C:\\Windows\\System32\\CodeIntegrity, rather than deploy it by using the Local Group Policy Editor.
-
-3. Navigate to **Computer Configuration\\Administrative Templates\\System\\Device Guard**, and then select **Deploy Windows Defender Application Control**. Enable this setting by using the appropriate file path, for example, C:\\Windows\\System32\\CodeIntegrity\\DeviceGuardPolicy.bin, as shown in Figure 1.
-
- > [!Note]
-
- > - The illustration shows the example file name *DeviceGuardPolicy.bin* because this name was used earlier in this topic, in [Create a Windows Defender Application Control policy from a reference computer](#create-a-windows-defender-application-control-policy-from-a-reference-computer). Also, this policy file does not need to be copied to every system. You can instead copy the WDAC policies to a file share to which all computer accounts have access.
-
- > - Any policy you select here is converted to SIPolicy.p7b when it is deployed to the individual computers.
-
- > - You might have noticed that the GPO setting references a .p7b file and this policy uses a .bin file. Regardless of the type of policy you deploy (.bin, .p7b, or .p7), they are all converted to SIPolicy.p7b when dropped onto the computers running Windows 10. We recommend that you make your WDAC policy names friendly and allow the system to convert the policy names for you. By doing this, it ensures that the policies are easily distinguishable when viewed in a share or any other central repository.
-
- 
-
- Figure 1. Deploy your Windows Defender Application Control policy
-
-4. Restart the reference system for the WDAC policy to take effect.
-
-5. Use the system as you normally would, and monitor code integrity events in the event log. While in audit mode, any exception to the deployed WDAC policy will be logged in the **Applications and Services Logs\\Microsoft\\Windows\\CodeIntegrity\\Operational** event log, as shown in Figure 2.
-
- 
-
- Figure 2. Exceptions to the deployed WDAC policy
-
- You will be reviewing the exceptions that appear in the event log, and making a list of any applications that should be allowed to run in your environment.
-
-6. If you want to create a catalog file to simplify the process of including unsigned LOB applications in your WDAC policy, this is a good time to create it. For information, see [Deploy catalog files to support Windows Defender Application Control](deploy-catalog-files-to-support-windows-defender-application-control.md).
-
-Now that you have a WDAC policy deployed in audit mode, you can capture any audit information that appears in the event log. This is described in the next section.
-
-## Create a Windows Defender Application Control policy that captures audit information from the event log
-
-Use the following procedure after you have been running a computer with a WDAC policy in audit mode for a period of time. When you are ready to capture the needed policy information from the event log (so that you can later merge that information into the original WDAC policy), complete the following steps.
-
-
-
-1. Review the audit information in the event log. From the WDAC policy exceptions that you see, make a list of any applications that should be allowed to run in your environment, and decide on the file rule level that should be used to trust these applications.
-
- Although the Hash file rule level will catch all of these exceptions, it may not be the best way to trust all of them. For information about file rule levels, see [Windows Defender Application Control file rule levels](deploy-windows-defender-application-control-policy-rules-and-file-rules.md#windows-defender-application-control-file-rule-levels) in "Deploy Windows Defender Application Control: policy rules and file rules."
-
- Your event log might also contain exceptions for applications that you eventually want your WDAC policy to block. If these appear, make a list of these also, for a later step in this procedure.
-
-2. In an elevated Windows PowerShell session, initialize the variables that will be used. The example filename shown here is **DeviceGuardAuditPolicy.xml**:
-
- ` $CIPolicyPath=$env:userprofile+"\Desktop\"`
-
- ` $CIAuditPolicy=$CIPolicyPath+"DeviceGuardAuditPolicy.xml"`
-
-3. Use [New-CIPolicy](https://docs.microsoft.com/powershell/module/configci/new-cipolicy?view=win10-ps) to generate a new WDAC policy from logged audit events. This example uses a file rule level of **Hash** and includes `3> CIPolicylog.txt`, which redirects warning messages to a text file, **CIPolicylog.txt**.
-
- ` New-CIPolicy -Audit -Level Hash -FilePath $CIAuditPolicy –UserPEs 3 -FallBack Hash > CIPolicylog.txt`
-
- > [!Note]
- > When you create policies from audit events, you should carefully consider the file rule level that you select to trust. The preceding example uses the **Hash** rule level, which is the most specific. Any change to the file (such as replacing the file with a newer version of the same file) will change the Hash value, and require an update to the policy.
-
-4. Find and review the WDAC audit policy .xml file that you created. If you used the example variables as shown, the filename will be **DeviceGuardAuditPolicy.xml**, and it will be on your desktop. Look for the following:
-
- - Any applications that were caught as exceptions, but should be allowed to run in your environment. These are applications that should be in the .xml file. Leave these as-is in the file.
-
- - Any applications that actually should not be allowed to run in your environment. Edit these out of the .xml file. If they remain in the .xml file, and the information in the file is merged into your existing WDAC policy, the policy will treat the applications as trusted, and allow them to run.
-
-You can now use this file to update the existing WDAC policy that you ran in audit mode by merging the two policies. For instructions on how to merge this audit policy with the existing WDAC policy, see the next section, [Merge Windows Defender Application Control policies](#merge-windows-defender-application-control-policies).
-
-> [!Note]
-> You may have noticed that you did not generate a binary version of this policy as you did in [Create a Windows Defender Application Control policy from a reference computer](#create-a-windows-defender-application-control-policy-from-a-reference-computer). This is because WDAC policies created from an audit log are not intended to run as stand-alone policies but rather to update existing WDAC policies.
-
-## Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules
-
-As of Windows 10, version 1703, you can use WDAC policies not only to control applications, but also to control whether specific plug-ins, add-ins, and modules can run from specific apps (such as a line-of-business application or a browser):
-
-| Approach (as of Windows 10, version 1703) | Guideline |
-|---|---|
-| You can work from a list of plug-ins, add-ins, or modules that you want only a specific application to be able to run. Other applications would be blocked from running them. | Use `New-CIPolicyRule` with the `-AppID` option. |
-| In addition, you can work from a list of plug-ins, add-ins, or modules that you want to block in a specific application. Other applications would be allowed to run them. | Use `New-CIPolicyRule` with the `-AppID` and `-Deny` options. |
-
-To work with these options, the typical method is to create a policy that only affects plug-ins, add-ins, and modules, then merge it into your ‘master’ policy (merging is described in the next section).
-
-For example, to create a WDAC policy that allows **addin1.dll** and **addin2.dll** to run in **ERP1.exe**, your organization’s enterprise resource planning (ERP) application, but blocks those add-ins in other applications, run the following commands. Note that in the second command, **+=** is used to add a second rule to the **$rule** variable:
-
-```
-$rule = New-CIPolicyRule -DriverFilePath '.\temp\addin1.dll' -Level FileName -AppID '.\ERP1.exe'
-$rule += New-CIPolicyRule -DriverFilePath '.\temp\addin2.dll' -Level FileName -AppID '.\ERP1.exe'
-New-CIPolicy -Rules $rule -FilePath ".\AllowERPAddins.xml" -UserPEs
-```
-
-As another example, to create a WDAC policy that blocks **addin3.dll** from running in Microsoft Word, run the following command. You must include the `-Deny` option to block the specified add-ins in the specifed application:
-
-```
-$rule = New-CIPolicyRule -DriverFilePath '.\temp\addin3.dll' -Level FileName -Deny -AppID '.\winword.exe'
-New-CIPolicy -Rules $rule -FilePath ".\BlockAddins.xml" -UserPEs
-```
-
-## Merge Windows Defender Application Control policies
-
-When you develop WDAC policies, you will occasionally need to merge two policies. A common example is when a WDAC policy is initially created and audited. Another example is when you create a single master policy by using multiple policies previously created from reference computers. Because each computer running Windows 10 can have only one WDAC policy, it is important to properly maintain these policies. In this example, audit events have been saved into a secondary WDAC policy that you then merge with the initial WDAC policy.
-
-> [!Note]
-> The following example uses several of the WDAC policy .xml files that you created in earlier sections in this topic. You can follow this process, however, with any two WDAC policies you would like to combine.
-
-To merge two WDAC policies, complete the following steps in an elevated Windows PowerShell session:
-
-1. Initialize the variables that will be used:
-
- ` $CIPolicyPath=$env:userprofile+"\Desktop\"`
-
- ` $InitialCIPolicy=$CIPolicyPath+"InitialScan.xml"`
-
- ` $AuditCIPolicy=$CIPolicyPath+"DeviceGuardAuditPolicy.xml"`
-
- ` $MergedCIPolicy=$CIPolicyPath+"MergedPolicy.xml"`
-
- ` $CIPolicyBin=$CIPolicyPath+"NewDeviceGuardPolicy.bin"`
-
- > [!Note]
- > The variables in this section specifically expect to find an initial policy on your desktop called **InitialScan.xml** and an audit WDAC policy called **DeviceGuardAuditPolicy.xml**. If you want to merge other WDAC policies, update the variables accordingly.
-
-2. Use [Merge-CIPolicy](https://docs.microsoft.com/powershell/module/configci/merge-cipolicy?view=win10-ps) to merge two policies and create a new WDAC policy:
-
- ` Merge-CIPolicy -PolicyPaths $InitialCIPolicy,$AuditCIPolicy -OutputFilePath $MergedCIPolicy`
-
-3. Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/powershell/module/configci/convertfrom-cipolicy?view=win10-ps) to convert the merged WDAC policy to binary format:
-
- ` ConvertFrom-CIPolicy $MergedCIPolicy $CIPolicyBin `
-
-Now that you have created a new WDAC policy (for example, called **NewDeviceGuardPolicy.bin**), you can deploy the policy binary to systems manually or by using Group Policy or Microsoft client management solutions. For information about how to deploy this new policy with Group Policy, see the [Deploy and manage Windows Defender Application Control with Group Policy](#deploy-and-manage-windows-defender-application-control-with-group-policy) section.
-
-## Enforce Windows Defender Application Control policies
-
-Every WDAC policy is created with audit mode enabled. After you have successfully deployed and tested a WDAC policy in audit mode and are ready to test the policy in enforced mode, complete the following steps in an elevated Windows PowerShell session:
-
-> [!Note]
-> Every WDAC policy should be tested in audit mode first. For information about how to audit WDAC policies, see [Audit Windows Defender Application Control policies](#audit-windows-defender-application-control-policies), earlier in this topic.
-
-1. Initialize the variables that will be used:
-
- ` $CIPolicyPath=$env:userprofile+"\Desktop\"`
-
- ` $InitialCIPolicy=$CIPolicyPath+"InitialScan.xml" `
-
- ` $EnforcedCIPolicy=$CIPolicyPath+"EnforcedPolicy.xml"`
-
- ` $CIPolicyBin=$CIPolicyPath+"EnforcedDeviceGuardPolicy.bin"`
-
- > [!Note]
- > The initial WDAC policy that this section refers to was created in the [Create a Windows Defender Application Control policy from a reference computer](#create-a-windows-defender-application-control-policy-from-a-reference-computer) section. If you are using a different WDAC policy, update the **CIPolicyPath** and **InitialCIPolicy** variables.
-
-2. Ensure that rule options 9 (“Advanced Boot Options Menu”) and 10 (“Boot Audit on Failure”) are set the way that you intend for this policy. We strongly recommend that you enable these rule options before you run any enforced policy for the first time. Enabling these options provides administrators with a pre-boot command prompt, and allows Windows to start even if the WDAC policy blocks a kernel-mode driver from running. When ready for enterprise deployment, you can remove these options.
-
- To ensure that these options are enabled in a policy, use [Set-RuleOption](https://docs.microsoft.com/powershell/module/configci/set-ruleoption?view=win10-ps) as shown in the following commands. You can run these commands even if you're not sure whether options 9 and 10 are already enabled—if so, the commands have no effect.
-
- ` Set-RuleOption -FilePath $InitialCIPolicy -Option 9`
-
- ` Set-RuleOption -FilePath $InitialCIPolicy -Option 10`
-
-3. Copy the initial file to maintain an original copy:
-
- ` copy $InitialCIPolicy $EnforcedCIPolicy`
-
-4. Use [Set-RuleOption](https://docs.microsoft.com/powershell/module/configci/set-ruleoption?view=win10-ps) to delete the audit mode rule option:
-
- ` Set-RuleOption -FilePath $EnforcedCIPolicy -Option 3 -Delete`
-
- > [!Note]
- > To enforce a WDAC policy, you delete option 3, the **Audit Mode Enabled** option. There is no “enforced” option that can be placed in a WDAC policy.
-
-5. Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/powershell/module/configci/convertfrom-cipolicy?view=win10-ps) to convert the new WDAC policy to binary format:
-
- ` ConvertFrom-CIPolicy $EnforcedCIPolicy $CIPolicyBin`
-
-Now that this policy is in enforced mode, you can deploy it to your test computers. Rename the policy to SIPolicy.p7b and copy it to C:\\Windows\\System32\\CodeIntegrity for testing, or deploy the policy through Group Policy by following the instructions in [Deploy and manage Windows Defender Application Control with Group Policy](#deploy-and-manage-windows-defender-application-control-with-group-policy). You can also use other client management software to deploy and manage the policy.
-
-## Signing Windows Defender Application Control policies with SignTool.exe
-
-Signed WDAC policies give organizations the highest level of malware protection available in Windows 10.
-In addition to their enforced policy rules, signed policies cannot be modified or deleted by a user or administrator on the computer.
-These policies are designed to prevent administrative tampering and kernel mode exploit access.
-With this in mind, it is much more difficult to remove signed WDAC policies.
-Before you sign and deploy a signed WDAC policy, we recommend that you [audit the policy](#audit-windows-defender-application-control-policies) to discover any blocked applications that should be allowed to run.
-
-Signing WDAC policies by using an on-premises CA-generated certificate or a purchased code signing certificate is straightforward.
-If you do not currently have a code signing certificate exported in .pfx format (containing private keys, extensions, and root certificates), see [Optional: Create a code signing certificate for Windows Defender Application Control](optional-create-a-code-signing-certificate-for-windows-defender-application-control.md) to create one with your on-premises CA.
-
-Before signing WDAC policies for the first time, be sure to enable rule options 9 (“Advanced Boot Options Menu”) and 10 (“Boot Audit on Failure”) to leave troubleshooting options available to administrators. To ensure that a rule option is enabled, you can run a command such as `Set-RuleOption -FilePath
Primary group: NTAUTHORITY/SYSTEM (WellKnownGroup) (S-1-5-18)
DACL:
• Revision: 0x02
• Size: 0x0020
• Ace Count: 0x001
• Ace[00]-------------------------
AceType:0x00
(ACCESS\_ALLOWED_ACE_TYPE)
AceSize:0x0018
InheritFlags:0x00
Access Mask:0x00020000
AceSid: BUILTIN\Administrators (Alias) (S-1-5-32-544)
SACL: Not present |Grants RC access (READ_CONTROL, also known as STANDARD_RIGHTS_READ) only to members of the local (built-in) Administrators group. |
+|Windows 10, version 1607 non-domain controller|O:SYG:SYD:(A;;RC;;;BA)| Owner: NTAUTHORITY/SYSTEM (WellKnownGroup) (S-1-5-18)
Primary group: NTAUTHORITY/SYSTEM (WellKnownGroup) (S-1-5-18)
DACL:
• Revision: 0x02
• Size: 0x0020
• Ace Count: 0x001
• Ace[00]-------------------------
AceType:0x00
(ACCESS\_ALLOWED_ACE_TYPE)
AceSize:0x0018
InheritFlags:0x00
Access Mask:0x00020000
AceSid: BUILTIN\Administrators (Alias) (S-1-5-32-544)
SACL: Not present |Grants RC access (READ_CONTROL, also known as STANDARD_RIGHTS_READ) only to members of the local (built-in) Administrators group. |
|Earlier non-domain controller |-|-|No access check is performed by default.|
## Policy management
@@ -163,4 +163,4 @@ If the policy is defined, admin tools, scripts and software that formerly enumer
[SAMRi10 - Hardening SAM Remote Access in Windows 10/Server 2016](https://gallery.technet.microsoft.com/SAMRi10-Hardening-Remote-48d94b5b)
-
\ No newline at end of file
+
diff --git a/windows/security/threat-protection/windows-defender-antivirus/TOC.md b/windows/security/threat-protection/windows-defender-antivirus/TOC.md
new file mode 100644
index 0000000000..d86f08369c
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-antivirus/TOC.md
@@ -0,0 +1,68 @@
+
+# [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
+
+## [Windows Defender AV in the Windows Defender Security Center app](windows-defender-security-center-antivirus.md)
+
+## [Windows Defender AV on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md)
+
+## [Windows Defender Antivirus compatibility](windows-defender-antivirus-compatibility.md)
+### [Use limited periodic scanning in Windows Defender AV](limited-periodic-scanning-windows-defender-antivirus.md)
+
+
+## [Evaluate Windows Defender Antivirus protection](evaluate-windows-defender-antivirus.md)
+
+
+## [Deploy, manage updates, and report on Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md)
+### [Deploy and enable Windows Defender Antivirus](deploy-windows-defender-antivirus.md)
+#### [Deployment guide for VDI environments](deployment-vdi-windows-defender-antivirus.md)
+### [Report on Windows Defender Antivirus protection](report-monitor-windows-defender-antivirus.md)
+#### [Troubleshoot Windows Defender Antivirus reporting in Update Compliance](troubleshoot-reporting.md)
+### [Manage updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md)
+#### [Manage protection and definition updates](manage-protection-updates-windows-defender-antivirus.md)
+#### [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-windows-defender-antivirus.md)
+#### [Manage updates for endpoints that are out of date](manage-outdated-endpoints-windows-defender-antivirus.md)
+#### [Manage event-based forced updates](manage-event-based-updates-windows-defender-antivirus.md)
+#### [Manage updates for mobile devices and VMs](manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
+
+
+## [Configure Windows Defender Antivirus features](configure-windows-defender-antivirus-features.md)
+### [Utilize Microsoft cloud-delivered protection](utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
+#### [Enable cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md)
+#### [Specify the cloud-delivered protection level](specify-cloud-protection-level-windows-defender-antivirus.md)
+#### [Configure and validate network connections](configure-network-connections-windows-defender-antivirus.md)
+#### [Enable the Block at First Sight feature](configure-block-at-first-sight-windows-defender-antivirus.md)
+#### [Configure the cloud block timeout period](configure-cloud-block-timeout-period-windows-defender-antivirus.md)
+### [Configure behavioral, heuristic, and real-time protection](configure-protection-features-windows-defender-antivirus.md)
+#### [Detect and block Potentially Unwanted Applications](detect-block-potentially-unwanted-apps-windows-defender-antivirus.md)
+#### [Enable and configure always-on protection and monitoring](configure-real-time-protection-windows-defender-antivirus.md)
+### [Configure end-user interaction with Windows Defender AV](configure-end-user-interaction-windows-defender-antivirus.md)
+#### [Configure the notifications that appear on endpoints](configure-notifications-windows-defender-antivirus.md)
+#### [Prevent users from seeing or interacting with the user interface](prevent-end-user-interaction-windows-defender-antivirus.md)
+#### [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-windows-defender-antivirus.md)
+
+
+## [Customize, initiate, and review the results of scans and remediation](customize-run-review-remediate-scans-windows-defender-antivirus.md)
+### [Configure and validate exclusions in Windows Defender AV scans](configure-exclusions-windows-defender-antivirus.md)
+#### [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-windows-defender-antivirus.md)
+#### [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-windows-defender-antivirus.md)
+#### [Configure exclusions in Windows Defender AV on Windows Server 2016](configure-server-exclusions-windows-defender-antivirus.md)
+### [Configure scanning options in Windows Defender AV](configure-advanced-scan-types-windows-defender-antivirus.md)
+### [Configure remediation for scans](configure-remediation-windows-defender-antivirus.md)
+### [Configure scheduled scans](scheduled-catch-up-scans-windows-defender-antivirus.md)
+### [Configure and run scans](run-scan-windows-defender-antivirus.md)
+### [Review scan results](review-scan-results-windows-defender-antivirus.md)
+### [Run and review the results of a Windows Defender Offline scan](windows-defender-offline.md)
+
+
+## [Review event logs and error codes to troubleshoot issues](troubleshoot-windows-defender-antivirus.md)
+
+
+
+## [Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md)
+### [Use Group Policy settings to configure and manage Windows Defender AV](use-group-policy-windows-defender-antivirus.md)
+### [Use System Center Configuration Manager and Microsoft Intune to configure and manage Windows Defender AV](use-intune-config-manager-windows-defender-antivirus.md)
+### [Use PowerShell cmdlets to configure and manage Windows Defender AV](use-powershell-cmdlets-windows-defender-antivirus.md)
+### [Use Windows Management Instrumentation (WMI) to configure and manage Windows Defender AV](use-wmi-windows-defender-antivirus.md)
+### [Use the mpcmdrun.exe commandline tool to configure and manage Windows Defender AV](command-line-arguments-windows-defender-antivirus.md)
+
+
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md
index 4545c0e5dc..e84172c1e3 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md
@@ -9,9 +9,9 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: iaanw
-ms.author: iawilt
-ms.date: 08/26/2017
+author: andreabichsel
+ms.author: v-anbic
+ms.date: 04/17/2018
---
# Prevent or allow users to locally modify Windows Defender AV policy settings
@@ -47,7 +47,7 @@ To configure these settings:
3. In the **Group Policy Management Editor** go to **Computer configuration**.
-4. Click **Policies** then **Administrative templates**.
+4. Click **Administrative templates**.
5. Expand the tree to **Windows components > Windows Defender Antivirus** and then the **Location** specified in the table below.
@@ -91,12 +91,14 @@ You can disable this setting to ensure that only globally defined lists (such as
3. In the **Group Policy Management Editor** go to **Computer configuration**.
-4. Click **Policies** then **Administrative templates**.
+4. Click **Administrative templates**.
5. Expand the tree to **Windows components > Windows Defender Antivirus**.
6. Double-click the **Configure local administrator merge behavior for lists** setting and set the option to **Enabled**. Click **OK**.
+> [!NOTE]
+> If you disable local list merging, it will override Controlled folder access settings in Windows Defender Exploit Guard. It also overrides any protected folders or allowed apps set by the local administrator. For more information about Controlled folder access settings, see [Enable Controlled folder access](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard).
## Related topics
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md
index 27f2b3e2e4..8fbf0984c3 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md
@@ -65,6 +65,13 @@ Quarantine | Configure removal of items from Quarantine folder | Specify how man
Threats | Specify threat alert levels at which default action should not be taken when detected | Every threat that is detected by Windows Defender AV is assigned a threat level (low, medium, high, or severe). You can use this setting to define how all threats for each of the threat levels should be remediated (quarantined, removed, or ignored) | Not applicable
Threats | Specify threats upon which default action should not be taken when detected | Specify how specific threats (using their threat ID) should be remediated. You can specify whether the specific threat should be quarantined, removed, or ignored | Not applicable
+>[!IMPORTANT]
+>Windows Defender Antivirus detects and remediates files based on many factors. Sometimes, completing a remediation requires a reboot. Even if the detection is later determined to be a false positive, the reboot must be completed to ensure all additional remediation steps have been completed.
+>
| Business group | +Organizational unit | +Implement AppLocker? | +Apps | +Installation path | +Use default rule or define new rule condition | +Allow or deny | +GPO name | +Support policy | +
|---|---|---|---|---|---|---|---|---|
Bank Tellers |
+Teller-East and Teller-West |
+Yes |
+Teller Software |
+C:\Program Files\Woodgrove\Teller.exe |
+File is signed; create a publisher condition |
+Allow |
+Tellers-AppLockerTellerRules |
+Web help |
+
| + | + | + | Windows files + |
+C:\Windows |
+Create a path exception to the default rule to exclude \Windows\Temp |
+Allow |
++ | Help desk |
+
Human Resources |
+HR-All |
+Yes |
+Check Payout |
+C:\Program Files\Woodgrove\HR\Checkcut.exe |
+File is signed; create a publisher condition |
+Allow |
+HR-AppLockerHRRules |
+Web help |
+
| + | + | + | Time Sheet Organizer |
+C:\Program Files\Woodgrove\HR\Timesheet.exe |
+File is not signed; create a file hash condition |
+Allow |
++ | Web help |
+
| + | + | + | Internet Explorer 7 |
+C:\Program Files\Internet Explorer\ |
+File is signed; create a publisher condition |
+Deny |
++ | Web help + |
+
| + | + | + | Windows files |
+C:\Windows |
+Use the default rule for the Windows path |
+Allow |
++ | Help desk |
+
| Business group | +AppLocker event collection location | +Archival policy | +Analyzed? | +Security policy | +
|---|---|---|---|---|
Bank Tellers |
+Forwarded to: AppLocker Event Repository on srvBT093 |
+Standard |
+None |
+Standard |
+
Human Resources |
+DO NOT FORWARD. srvHR004 |
+60 months |
+Yes, summary reports monthly to managers |
+Standard |
+
| Business group | +Rule update policy | +Application decommission policy | +Application version policy | +Application deployment policy | +
|---|---|---|---|---|
Bank Tellers |
+Planned: Monthly through business office triage +Emergency: Request through help desk |
+Through business office triage +30-day notice required |
+General policy: Keep past versions for 12 months +List policies for each application |
+Coordinated through business office +30-day notice required |
+
Human Resources |
+Planned: Monthly through HR triage +Emergency: Request through help desk |
+Through HR triage +30-day notice required |
+General policy: Keep past versions for 60 months +List policies for each application |
+Coordinated through HR +30-day notice required |
+
C:\Program Files\Woodgrove\Teller.exe
File is signed; create a publisher condition
Allow
Tellers-AppLockerTellerRules
Tellers-WDACTellerRules
Web help
C:\Program Files\Woodgrove\HR\Checkcut.exe
File is signed; create a publisher condition
Allow
HR-AppLockerHRRules
HR-WDACHRRules
Web help
Bank Tellers
Forwarded to: AppLocker Event Repository on srvBT093
Forwarded to: WDAC Event Repository on srvBT093
Standard
None
Standard
| Business group | Organizational unit | -Implement AppLocker? | +Implement WDAC? | Apps | Installation path | Use default rule or define new rule condition | @@ -78,7 +75,7 @@ The following table contains the added sample data that was collected when deterC:\Program Files\Woodgrove\Teller.exe |
File is signed; create a publisher condition |
Allow |
-Tellers-AppLockerTellerRules |
+Tellers-WDACTellerRules |
Web help |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
C:\Program Files\Woodgrove\HR\Checkcut.exe |
File is signed; create a publisher condition |
Allow |
-HR-AppLockerHRRules |
+HR-WDACHRRules |
Web help |
|||||||
Bank Tellers
Forwarded to: AppLocker Event Repository on srvBT093
Forwarded to: CodeIntegrity Event Repository on srvBT093
Standard
None
Standard
+ +|Name|Twitter| +|---|---| +|Casey Smith |@subTee| +|Matt Graeber | @mattifestation| +|Matt Nelson | @enigma0x3| +|Oddvar Moe |@Oddvarmoe| +|Alex Ionescu | @aionescu| +|Lee Christensen|@tifkin_| +|Vladas Bulavas | Kaspersky Lab | + +
+ +>[!Note] +>This application list will be updated with the latest vendor information as application vulnerabilities are resolved and new issues are discovered. + +Certain software applications may allow additional code to run by design. +These types of applications should be blocked by your Windows Defender Application Control policy. +In addition, when an application version is upgraded to fix a security vulnerability or potential Windows Defender Application Control bypass, you should add deny rules to your WDAC policies for that application’s previous, less secure versions. + +Microsoft recommends that you install the latest security updates. +The June 2017 Windows updates resolve several issues in PowerShell modules that allowed an attacker to bypass Windows Defender Application Control. +These modules cannot be blocked by name or version, and therefore must be blocked by their corresponding hashes. + +For October 2017, we are announcing an update to system.management.automation.dll in which we are revoking older versions by hash values, instead of version rules. + +Microsoft recommends that you block the following Microsoft-signed applications and PowerShell files by merging the following policy into your existing policy to add these deny rules using the Merge-CIPolicy cmdlet: + +``` + +-
+ diff --git a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md new file mode 100644 index 0000000000..239ebf291c --- /dev/null +++ b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md @@ -0,0 +1,88 @@ +--- +title: Plan for Windows Defender Application Control policy management (Windows 10) +description: Plan for Windows Defender Application Control policy management. +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +author: jsuther1974 +ms.date: 02/21/2018 +--- + +# Plan for Windows Defender Application Control policy management + +**Applies to:** + +- Windows 10 +- Windows Server 2016 + +This topic for describes the decisions you need to make to establish the processes for managing and maintaining Windows Defender Application Control (WDAC) policies. + +## Policy management + +Before you begin the deployment process, consider how the WDAC rules will be managed. Developing a process for managing WDAC rules helps assure that WDAC continues to effectively control how applications are allowed to run in your organization. + +### Application and user support policy + +Considerations include: + +- What type of end-user support is provided for blocked applications? +- How are new rules added to the policy? +- How are existing rules updated? +- Are events forwarded for review? + +**Help desk support** + +If your organization has an established help desk support department in place, consider the following when deploying WDAC policies: + +- What documentation does your support department require for new policy deployments? +- What are the critical processes in each business group both in work flow and timing that will be affected by application control policies and how could they affect your support department's workload? +- Who are the contacts in the support department? +- How will the support department resolve application control issues between the end user and those who maintain the WDAC rules? + +**End-user support** + +Because WDAC is preventing unapproved apps from running, it is important that your organization carefully plan how to provide end-user support. Considerations include: + +- Do you want to use an intranet site as a first line of support for users who have tried to run a blocked app? +- How do you want to support exceptions to the policy? Will you allow users to run a script to temporarily allow access to a blocked app? + +**WDAC event management** + +Each time that a process requests permission to run, WDAC creates an event in the CodeIntegrity log. The event details which file tried to run, the attributes of that file, and the user that initiated the request. + +Collecting these events in a central location can help you maintain your WDAC policy and troubleshoot rule configuration problems. Event collection technologies such as those available in Windows allow administrators to subscribe to specific event channels and have the events from source computers aggregated into a forwarded event log on a Windows Server operating system collector. For more info about setting up an event subscription, see [Configure Computers to Collect and Forward Events](https://go.microsoft.com/fwlink/p/?LinkId=145012). + +### Policy maintenance + +As new apps are deployed or existing apps are updated by the software publisher, you will need to make revisions to your rule collections to ensure that the policy is current. + +To ensure version control when modifying an WDAC policy, use Group Policy management software that allows you to create versions of Group Policy Objects (GPOs). An example of this type of software is the Advanced Group Policy Management feature from the Microsoft Desktop Optimization Pack. For more info about Advanced Group Policy Management, see [Advanced Group Policy Management Overview](https://go.microsoft.com/fwlink/p/?LinkId=145013) (https://go.microsoft.com/fwlink/p/?LinkId=145013). + +**New version of a supported app** + +When a new version of an app is deployed in the organization, you need to determine whether to continue to support the previous version of that app. To add the new version, you might only need to create a new rule for each file that is associated with the app. If you are using publisher conditions and the version is not specified, then the existing rule or rules might be sufficient to allow the updated file to run. You must ensure, however, that the updated app has not altered the file names or added files to support new functionality. If so, then you must modify the existing rules or create new rules. To continue to reuse a publisher-based rule without a specific file version, you must also ensure that the file's digital signature is still identical to the previous version—the publisher, product name, and file name (if configured in your rule) must all match for the rule to be correctly applied. + +To determine whether a file has been modified during an app update, review the publisher's release details provided with the update package. You can also review the publisher's web page to retrieve this information. Each file can also be inspected to determine the version. + +For files that are allowed or denied with file hash conditions, you must retrieve the new file hash. To add support for a new version and maintain support for the older version, you can either create a new file hash rule for the new version or edit the existing rule and add the new file hash to the list of conditions. + +For files with path conditions, you should verify that the installation path has not changed from what is stated in the rule. If the path has changed, you need to update the rule before installing the new version of the app + +**Recently deployed app** + +To support a new app, you must add one or more rules to the existing WDAC policy. + +**App is no longer supported** + +If your organization has determined that it will no longer support an application that has WDAC rules associated with it, the easiest way to prevent users from running the app is to delete these rules. + +## Next steps + +After deciding how your organization will manage your WDAC policy, record your findings. + +- **End-user support policy.** Document the process that you will use for handling calls from users who have attempted to run a blocked app, and ensure that support personnel have clear escalation steps so that the administrator can update the WDAC policy, if necessary. +- **Event processing.** Document whether events will be collected in a central location called a store, how that store will be archived, and whether the events will be processed for analysis. +- **Policy maintenance.** Detail how rules will be added to the policy and in which GPO the rules are defined. + +For information and steps how to document your processes, see [Document your application control management processes](document-your-windows-defender-application-control-management-processes.md). diff --git a/windows/security/threat-protection/device-guard/deploy-windows-defender-application-control-policy-rules-and-file-rules.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md similarity index 66% rename from windows/security/threat-protection/device-guard/deploy-windows-defender-application-control-policy-rules-and-file-rules.md rename to windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index 1abe52b44a..3ebdf18aaf 100644 --- a/windows/security/threat-protection/device-guard/deploy-windows-defender-application-control-policy-rules-and-file-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -1,48 +1,36 @@ --- -title: Deploy code integrity policies - policy rules and file rules (Windows 10) -description: This article provides information about two elements in code integrity policies, called policy rules and file rules. Code integrity policies are part of Windows Defender Device Guard in Windows 10. -keywords: virtualization, security, malware +title: Select the types of rules to create (Windows 10) +description: Select the types of rules to create. ms.prod: w10 ms.mktglfcycl: deploy -ms.localizationpriority: high -author: brianlic-msft -ms.date: 10/20/2017 +ms.sitesec: library +ms.pagetype: security +author: jsuther1974 +ms.date: 04/20/2018 --- -# Deploy Windows Defender Application Control: policy rules and file rules +# Deploy Windows Defender Application Control policy rules and file rules -**Applies to** -- Windows 10 -- Windows Server 2016 +**Applies to:** -Windows Defender Application Control (WDAC) provides control over a computer running Windows 10 by specifying whether a driver or application is trusted and can be run. For an overview of WDAC, see: -- [How Windows Defender Device Guard features help protect against threats](introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md#how-windows-defender-device-guard-features-help-protect-against-threats) in "Introduction to Windows Defender Device Guard: virtualization-based security and Windows Defender Application Control." -- [Windows Defender Application Control policy formats and signing](requirements-and-deployment-planning-guidelines-for-device-guard.md#windows-defender-application-control-policy-formats-and-signing) in "Requirements and deployment planning guidelines for Windows Defender Device Guard." +- Windows 10 +- Windows Server 2016 -If you already understand the basics of WDAC and want procedures for creating, auditing, and merging WDAC policies, see [Deploy Windows Defender Application Control: steps](steps-to-deploy-windows-defender-application-control.md). - -This topic includes the following sections: - -- [Overview of the process of creating Windows Defender Application Control policies](#overview-of-the-process-of-creating-windows-defender-application-control-policies): Helps familiarize you with the process described in this and related topics. -- [Windows Defender Application Control policy rules](#windows-defender-application-control-policy-rules): Describes one key element you specify in a policy, the *policy rules*, which control options such as audit mode or whether user mode code integrity (UMCI) is enabled in a WDAC policy. -- [Windows Defender Application Control file rule levels](#windows-defender-application-control-file-rule-levels): Describes the other key element you specify in a policy, the *file rules* (or *file rule levels*), which specify the level at which applications will be identified and trusted. -- [Example of file rule levels in use](#example-of-file-rule-levels-in-use): Gives an example of how file rule levels can be applied. +Windows Defender Application Control (WDAC) provides control over a computer running Windows 10 by using policies that specify whether a driver or application is trusted and can be run. A policy includes *policy rules* that control options such as audit mode or whether user mode code integrity (UMCI) is enabled in a WDAC policy, and *file rules* (or *file rule levels*) that specify the level at which applications will be identified and trusted. ## Overview of the process of creating Windows Defender Application Control policies -A common system imaging practice in today’s IT organization is to establish a “golden” image as a reference for what an ideal system should look like, and then use that image to clone additional company assets. WDAC policies follow a similar methodology, that begins with the establishment of a golden computer. As with imaging, you can have multiple golden computers based on model, department, application set, and so on. Although the thought process around the creation of WDAC policies is similar to imaging, these policies should be maintained independently. Assess the necessity of additional WDAC policies based on what should be allowed to be installed and run and for whom. For more details on doing this assessment, see the planning steps in [Planning and getting started on the Windows Defender Device Guard deployment process](planning-and-getting-started-on-the-device-guard-deployment-process.md). +A common system imaging practice in today’s IT organization is to establish a “golden” image as a reference for what an ideal system should look like, and then use that image to clone additional company assets. WDAC policies follow a similar methodology, that begins with the establishment of a golden computer. As with imaging, you can have multiple golden computers based on model, department, application set, and so on. Although the thought process around the creation of WDAC policies is similar to imaging, these policies should be maintained independently. Assess the necessity of additional WDAC policies based on what should be allowed to be installed and run and for whom. For more details on doing this assessment, see the [WDAC Design Guide](windows-defender-application-control-design-guide.md). > **Note** Each computer can have only **one** WDAC policy at a time. Whichever way you deploy this policy, it is renamed to SIPolicy.p7b and copied to **C:\\Windows\\System32\\CodeIntegrity** and, for UEFI computers, **<EFI System Partition>\\Microsoft\\Boot**. Keep this in mind when you create your WDAC policies. Optionally, WDAC can align with your software catalog as well as any IT department–approved applications. One straightforward method to implement WDAC is to use existing images to create one master WDAC policy. You do so by creating a WDAC policy from each image, and then by merging the policies. This way, what is installed on all of those images will be allowed to run, if the applications are installed on a computer based on a different image. Alternatively, you may choose to create a base applications policy and add policies based on the computer’s role or department. Organizations have a choice of how their policies are created, merged or serviced, and managed. -If you plan to use an internal CA to sign catalog files or WDAC policies, see the steps in [Optional: Create a code signing certificate for Windows Defender Application Control](optional-create-a-code-signing-certificate-for-windows-defender-application-control.md). +If you plan to use an internal CA to sign catalog files or WDAC policies, see the steps in [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md). ## Windows Defender Application Control policy rules -WDAC policies include *policy rules*, which control options such as audit mode or whether UMCI is enabled in a WDAC policy. You can modify these options in a new or existing WDAC policy. (For information about *file rules*, which specify the level at which applications will be identified and trusted, see the next section, [Windows Defender Application Control file rule levels](#windows-defender-application-control-file-rule-levels).) - -To modify the policy rule options of an existing WDAC policy, use [Set-RuleOption](https://docs.microsoft.com/powershell/module/configci/set-ruleoption?view=win10-ps). Note the following examples of how to use this cmdlet to add and remove a rule option on an existing WDAC policy: +To modify the policy rule options of an existing WDAC policy, use [Set-RuleOption](https://docs.microsoft.com/powershell/module/configci/set-ruleoption). Note the following examples of how to use this cmdlet to add and remove a rule option on an existing WDAC policy: - To ensure that UMCI is enabled for a WDAC policy that was created with the `-UserPEs` (user mode) option, add rule option 0 to an existing policy by running the following command: @@ -54,12 +42,10 @@ To modify the policy rule options of an existing WDAC policy, use [Set-RuleOptio ` Set-RuleOption -FilePath
Lists of approved applications rarely change.
Examples: kiosks, point-of-sale systems, call center computers. | WDAC can be deployed fully, and deployment and ongoing administration are relatively straightforward.
After WDAC deployment, only approved applications can run. This is because of protections offered by WDAC. | +| **Fully managed devices**: Allowed software is restricted by IT department.
Users can request additional software, or install from a list of applications provided by IT department.
Examples: locked-down, company-owned desktops and laptops. | An initial baseline WDAC policy can be established and enforced. Whenever the IT department approves additional applications, it will update the WDAC policy and (for unsigned LOB applications) the catalog.
WDAC policies are supported by the HVCI service. | +| **Lightly managed devices**: Company-owned, but users are free to install software.
Devices are required to run organization's antivirus solution and client management tools. | WDAC can be used to help protect the kernel, and to monitor (audit) for problem applications rather than limiting the applications that can be run. | +| **Bring Your Own Device**: Employees are allowed to bring their own devices, and also use those devices away from work. | WDAC does not apply. Instead, you can explore other hardening and security features with MDM-based conditional access solutions, such as Microsoft Intune. | + + +## Related topics + +- [Windows Defender Application Control Design Guide](windows-defender-application-control-design-guide.md) +- [Windows Defender Application Control Deployment Guide](windows-defender-application-control-deployment-guide.md) + + diff --git a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md new file mode 100644 index 0000000000..0148e43cae --- /dev/null +++ b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md @@ -0,0 +1,138 @@ +--- +title: Understand Windows Defender Application Control policy design decisions (Windows 10) +description: Understand Windows Defender Application Control policy design decisions. +ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +author: jsuther1974 +ms.date: 02/08/2018 +--- + +# Understand Windows Defender Application Control policy design decisions + +**Applies to:** + +- Windows 10 +- Windows Server 2016 + +This topic for the IT professional lists the design questions, possible answers, and ramifications of the decisions when you plan a deployment of application control policies by using Windows Defender Application Control (WDAC) within a Windows operating system environment. + +When you begin the design and planning process, you should consider the ramifications of your design choices. The resulting decisions will affect your policy deployment scheme and subsequent application control policy maintenance. + +You should consider using WDAC as part of your organization's application control policies if all the following are true: + +- You have deployed or plan to deploy the supported versions of Windows in your organization. +- You need improved control over the access to your organization's applications and the data your users access. +- The number of applications in your organization is known and manageable. +- You have resources to test policies against the organization's requirements. +- You have resources to involve Help Desk or to build a self-help process for end-user application access issues. +- The group's requirements for productivity, manageability, and security can be controlled by restrictive policies. + +The following questions are not in priority or sequential order. They should be considered when you deploy application control policies (as appropriate for your targeted environment). + +### Which apps do you need to control in your organization? + +You might need to control a limited number of apps because they access sensitive data, or you might have to exclude all applications except those that are sanctioned for business purposes. There might be certain business groups that require strict control, and others that promote independent application usage. + +| Possible answers | Design considerations| +| - | - | +| Control all apps | WDAC policies control applications by creating an allowed list of applications. Exceptions are also possible. WDAC policies can only be applied to applications installed on computers running Windows 10 . | +| Control specific apps | When you create WDAC rules, a list of allowed apps are created. All apps on that list will be allowed to run (except those on the exception list). Apps that are not on the list will be prevented from running. WDAC policies can only be applied to apps installed on computers running Windows 10 or Windows Server 2016. | +|Control only Classic Windows applications, only Universal Windows apps, or both| WDAC policies control apps by creating an allowed list of apps based on code signing certificate and\or file hash information. Because Universal Windows apps are all signed by the Windows Store, Classic Windows applications and Universal Windows apps can be controlled together. WDAC policies for Universal Windows apps can be applied only to apps that are installed on PCs that support the Microsoft Store, but Classic Windows applications can be controlled with WDAC on Windows. The rules you currently have configured for Classic Windows applications can remain, and you can create new ones for Universal Windows apps.| +| Control apps by business group | WDAC policies can be applied through a Group Policy Object (GPO) to computer objects within an organizational unit (OU). | +| Control apps by computer, not user | WDAC is a computer-based policy implementation. If your domain or site organizational structure is not based on a logical user structure, such as an OU, you might want to set up that structure before you begin your WDAC planning. Otherwise, you will have to identify users, their computers, and their app access requirements.| +|Understand app usage, but there is no need to control any apps yet | WDAC policies can be set to audit app usage to help you track which apps are used in your organization. You can then use teh CodeIntegrity log in Event Viewer to create WDAC policies.| + +### How do you currently control app usage in your organization? + +Most organizations have evolved app control policies and methods over time. With heightened security concerns and an emphasis on tighter IT control over desktop use, your organization might decide to consolidate app control practices or design a comprehensive application control scheme. WDAC includes improvements over AppLocker and SRP in the architecture and management of application control policies. + +| Possible answers | Design considerations | +| - | - | +| Security polices (locally set or through Mobile Device Management (MDM) or Group Policy) | Using WDAC requires increased effort in planning to create correct policies, but this results in a simpler distribution method.| +| Non-Microsoft app control software | Using WDAC requires a complete app control policy evaluation and implementation.| +| Managed usage by group or OU | Using WDAC requires a complete app control policy evaluation and implementation.| +| Authorization Manager or other role-based access technologies | Using WDAC requires a complete app control policy evaluation and implementation.| +| Other | Using WDAC requires a complete app control policy evaluation and implementation.| + +### Are there specific groups in your organization that need customized application control policies? + +Most business groups or departments have specific security requirements that pertain to data access and the applications used to access that data. You should consider the scope of the project for each group and the group’s priorities before you deploy application control policies for the entire organization. + +| Possible answers | Design considerations | +| - | - | +| Yes | For each group, you need to create a list that includes their application control requirements. Although this may increase the planning time, it will most likely result in a more effective deployment.
If your GPO structure is not currently configured so that you can apply different policies to specific groups, you can alternatively apply WDAC rules in a GPO to specific user groups.| +| No | WDAC policies can be applied globally to applications that are installed on PCs running Windows 10. Depending on the number of apps you need to control, managing all the rules and exceptions might be challenging.| + +### Does your IT department have resources to analyze application usage, and to design and manage the policies? + +The time and resources that are available to you to perform the research and analysis can affect the detail of your plan and processes for continuing policy management and maintenance. + +| Possible answers | Design considerations | +| - | - | +| Yes | Invest the time to analyze your organization's application control requirements, and plan a complete deployment that uses rules that are as simply constructed as possible.| +| No | Consider a focused and phased deployment for specific groups by using a small number of rules. As you apply controls to applications in a specific group, learn from that deployment to plan your next deployment. | + +### Does your organization have Help Desk support? + +Preventing your users from accessing known, deployed, or personal applications will initially cause an increase in end-user support. It will be necessary to address the various support issues in your organization so security policies are followed and business workflow is not hampered. + +| Possible answers | Design considerations | +| - | - | +| Yes | Involve the support department early in the planning phase because your users may inadvertently be blocked from using their applications, or they may seek exceptions to use specific applications. | +| No | Invest time in developing online support processes and documentation before deployment. | + + +### Do you know what applications require restrictive policies? +Any successful application control policy implementation is based on your knowledge and understanding of app usage within the organization or business group. In addition, the application control design is dependent on the security requirements for data and the apps that access that data. + +| Possible answers | Design considerations | +| - | - | +| Yes | You should determine the application control priorities for a business group and then attempt to design the simplest scheme for their application control policies. | +| No | You will have to perform an audit and requirements gathering project to discover the application usage. WDAC provides the means to deploy policies in audit mode.| + +### How do you deploy or sanction applications (upgraded or new) in your organization? + +Implementing a successful application control policy is based on your knowledge and understanding of application usage within the organization or business group. In addition, the application control design is dependent on the security requirements for data and the applications that access that data. Understanding the upgrade and deployment policy will help shape the construction of the application control policies. + +| Possible answers | Design considerations | +| - | - | +| Ad hoc | You need to gather requirements from each group. Some groups might want unrestricted access or installation, while other groups might want strict controls.| +| Strict written policy or guidelines to follow | You need to develop WDAC rules that reflect those policies, and then test and maintain the rules. | +| No process in place | You need to determine if you have the resources to develop an application control policy, and for which groups. | + +### What are your organization's priorities when implementing application control policies? + +Some organizations will benefit from application control policies as shown by an increase in productivity or conformance, while others will be hindered in performing their duties. Prioritize these aspects for each group to allow you to evaluate the effectiveness of WDAC. + +| Possible answers | Design considerations | +| - | - | +| Productivity: The organization assures that tools work and required applications can be installed. | To meet innovation and productivity goals, some groups require the ability to install and run a variety of software from different sources, including software that they developed. Therefore, if innovation and productivity is a high priority, managing application control policies through an allowed list might be time consuming and an impediment to progress. | +| Management: The organization is aware of and controls the apps it supports. | In some business groups, application usage can be managed from a central point of control. WDAC policies can be built into a GPO for that purpose. This shifts the burden of app access to the IT department, but it also has the benefit of controlling the number of apps that can be run and controlling the versions of those apps| +| Security: The organization must protect data in part by ensuring that only approved apps are used. | WDAC can help protect data by allowing a defined set of users access to apps that access the data. If security is the top priority, the application control policies will be the most restrictive.| + +### How are apps currently accessed in your organization? + +WDAC is very effective for organizations that have application restriction requirements if they have environments with a simple topography and application control policy goals that are straightforward. For example, WDAC can benefit an environment where non-employees have access to computers that are connected to the organizational network, such as a school or library. Large organizations also benefit from WDAC policy deployment when the goal is to achieve a detailed level of control on the desktop computers with a relatively small number of applications to manage, or when the applications are manageable with a small number of rules. + +| Possible answers | Design considerations | +| - | - | +| Users run without administrative rights. | Apps are installed by using an installation deployment technology.| +| WDAC can help reduce the total cost of ownership for business groups that typically use a finite set of apps, such as human resources and finance departments. At the same time, these departments access highly sensitive information, much of which contains confidential and proprietary information. By using WDAC to create rules for specific apps that are allowed to run, you can help limit unauthorized applications from accessing this information.
**Note: **WDAC can also be effective in helping create standardized desktops in organizations where users run as administrators. | Users must be able to install applications as needed. +| Users currently have administrator access, and it would be difficult to change this.|Enforcing WDAC rules is not suited for business groups that must be able to install apps as needed and without approval from the IT department. If one or more OUs in your organization has this requirement, you can choose not to enforce application rules in those OUs by using WDAC or to implement the audit only enforcement setting.| + +### Is the structure in Active Directory Domain Services based on the organization's hierarchy? + +Designing application control policies based on an organizational structure that is already built into Active Directory Domain Services (AD DS) is easier than converting the existing structure to an organizational structure. +Because the effectiveness of application control policies is dependent on the ability to update policies, consider what organizational work needs to be accomplished before deployment begins. + +| Possible answers | Design considerations | +| - | - | +| Yes | WDAC rules can be developed and implemented through Group Policy, based on your AD DS structure.| +| No | The IT department must create a scheme to identify how application control policies can be applied to the correct user or computer.| + +## Record your findings + +The next step in the process is to record and analyze your answers to the preceding questions. If WDAC is the right solution for your goals, you can set your application control policy objectives and plan your WDAC rules. \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md new file mode 100644 index 0000000000..94fa8ec867 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md @@ -0,0 +1,62 @@ +--- +title: Use code signing to simplify application control for classic Windows applications (Windows 10) +description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. +ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.localizationpriority: high +author: jsuther1974 +ms.date: 02/27/2018 +--- + +# Use code signing to simplify application control for classic Windows applications + +**Applies to:** + +- Windows 10 +- Windows Server 2016 + +This topic covers guidelines for using code signing control classic Windows apps. + +## Reviewing your applications: application signing and catalog files + +Typically, WDAC policies are configured to use the application's signing certificate as part or all of what identifies the application as trusted. This means that applications must either use embedded signing—where the signature is part of the binary—or catalog signing, where you generate a “catalog file” from the applications, sign it, and through the signed catalog file, configure the WDAC policy to recognize the applications as signed. + +Catalog files can be very useful for unsigned LOB applications that cannot easily be given an embedded signature. However, catalogs need to be updated each time an application is updated. In contrast, with embedded signing, your WDAC policies typically do not have to be updated when an application is updated. For this reason, if code-signing is or can be included in your in-house application development process, it can simplify the management of WDAC (compared to using catalog signing). + +To obtain signed applications or embed signatures in your in-house applications, you can choose from a variety of methods: + +- Using the Microsoft Store publishing process. All apps that come out of the Microsoft Store are automatically signed with special signatures that can roll-up to our certificate authority (CA) or to your own. + +- Using your own digital certificate or public key infrastructure (PKI). ISV's and enterprises can sign their own Classic Windows applications themselves, adding themselves to the trusted list of signers. + +- Using a non-Microsoft signing authority. ISV's and enterprises can use a trusted non-Microsoft signing authority to sign all of their own Classic Windows applications. + +To use catalog signing, you can choose from the following options: + +- Use the Windows Defender Device Guard signing portal available in the Microsoft Store for Business and Education. The portal is a Microsoft web service that you can use to sign your Classic Windows applications. For more information, see [Device Guard signing](https://technet.microsoft.com/itpro/windows/manage/device-guard-signing-portal). + +- Create your own catalog files, which are described in the next section. + +### Catalog files + +Catalog files (which you can create in Windows 10 with a tool called Package Inspector) contain information about all deployed and executed binary files associated with your trusted but unsigned applications. When you create catalog files, you can also include signed applications for which you do not want to trust the signer but rather the specific application. After creating a catalog, you must sign the catalog file itself by using enterprise public key infrastructure (PKI), or a purchased code signing certificate. Then you can distribute the catalog, so that your trusted applications can be handled by WDAC in the same way as any other signed application. + +Catalog files are simply Secure Hash Algorithm 2 (SHA2) hash lists of discovered binaries. These binaries’ hash values are updated each time an application is updated, which requires the catalog file to be updated also. + +After you have created and signed your catalog files, you can configure your WDAC policies to trust the signer or signing certificate of those files. + +> [!NOTE] +> Package Inspector only works on operating systems that support Windows Defender Device Guard, such as Windows 10 Enterprise, Windows 10 Education, Windows 2016 Server, or Windows Enterprise IoT. + +For procedures for working with catalog files, see [Deploy catalog files to support Windows Defender Application Control](deploy-catalog-files-to-support-windows-defender-application-control.md). + +## Windows Defender Application Control policy formats and signing + +When you generate a WDAC policy, you are generating a binary-encoded XML document that includes configuration settings for both the User and Kernel-modes of Windows 10 Enterprise, along with restrictions on Windows 10 script hosts. You can view your original XML document in a text editor, for example if you want to check the rule options that are present in the **<Rules>** section of the file. + +We recommend that you keep the original XML file for use when you need to merge the WDAC policy with another policy or update its rule options. For deployment purposes, the file is converted to a binary format, which can be done using a simple Windows PowerShell command. + +When the WDAC policy is deployed, it restricts the software that can run on a device. The XML document can be signed, helping to add additional protection against administrative users changing or removing the policy. \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md new file mode 100644 index 0000000000..fd0fd8af09 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md @@ -0,0 +1,18 @@ +--- +title: Use the Device Guard Signing Portal in the Microsoft Store for Business (Windows 10) +description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. +ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +author: jsuther1974 +ms.date: 02/28/2018 +--- + +# Optional: Use the Device Guard Signing Portal in the Microsoft Store for Business + +**Applies to:** + +- Windows 10 +- Windows Server 2016 \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md new file mode 100644 index 0000000000..34188e138e --- /dev/null +++ b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md @@ -0,0 +1,86 @@ +--- +title: Use signed policies to protect Windows Defender Application Control against tampering (Windows 10) +description: Signed WDAC policies give organizations the highest level of malware protection available in Windows 10. +ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.localizationpriority: high +author: jsuther1974 +ms.date: 02/27/2018 +--- + +# Use signed policies to protect Windows Defender Application Control against tampering + +**Applies to:** + +- Windows 10 +- Windows Server 2016 + + +Signed WDAC policies give organizations the highest level of malware protection available in Windows 10. +In addition to their enforced policy rules, signed policies cannot be modified or deleted by a user or administrator on the computer. +These policies are designed to prevent administrative tampering and kernel mode exploit access. +With this in mind, it is much more difficult to remove signed WDAC policies. +Before you sign and deploy a signed WDAC policy, we recommend that you [audit the policy](audit-windows-defender-application-control-policies.md) to discover any blocked applications that should be allowed to run. + +Signing WDAC policies by using an on-premises CA-generated certificate or a purchased code signing certificate is straightforward. +If you do not currently have a code signing certificate exported in .pfx format (containing private keys, extensions, and root certificates), see [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md) to create one with your on-premises CA. + +Before signing WDAC policies for the first time, be sure to enable rule options 9 (“Advanced Boot Options Menu”) and 10 (“Boot Audit on Failure”) to leave troubleshooting options available to administrators. To ensure that a rule option is enabled, you can run a command such as `Set-RuleOption -FilePath
Deployment is simpler if everything is locked down in the same way, but meeting individual departments’ needs, and working with a wide variety of devices, may require a more complicated and flexible deployment. + +3. Review how much variety in software and hardware is needed by roles or departments. The following questions can help you clarify how many WDAC policies to create: + + - How standardized is the hardware?
This can be relevant because of drivers. You could create a WDAC policy on hardware that uses a particular set of drivers, and if other drivers in your environment use the same signature, they would also be allowed to run. However, you might need to create several WDAC policies on different "reference" hardware, then merge the policies together, to ensure that the resulting policy recognizes all the drivers in your environment. + + - What software does each department or role need? Should they be able to install and run other departments’ software?
If multiple departments are allowed to run the same list of software, you might be able to merge several WDAC policies to simplify management. + + - Are there departments or roles where unique, restricted software is used?
If one department needs to run an application that no other department is allowed, it might require a separate WDAC policy. Similarly, if only one department must run an old version of an application (while other departments allow only the newer version), it might require a separate WDAC policy. + + - Is there already a list of accepted applications?
A list of accepted applications can be used to help create a baseline WDAC policy.
As of Windows 10, version 1703, it might also be useful to have a list of plug-ins, add-ins, or modules that you want to allow only in a specific app (such as a line-of-business app). Similarly, it might be useful to have a list of plug-ins, add-ins, or modules that you want to block in a specific app (such as a browser). + + - As part of a threat review process, have you reviewed systems for software that can load arbitrary DLLs or run code or scripts? + In day-to-day operations, your organization’s security policy may allow certain applications, code, or scripts to run on your systems depending on their role and the context. However, if your security policy requires that you run only trusted applications, code, and scripts on your systems, you may decide to lock these systems down securely with Windows Defender Application Control policies. + + Legitimate applications from trusted vendors provide valid functionality. However, an attacker could also potentially use that same functionality to run malicious executable code that could bypass WDAC. + + For operational scenarios that require elevated security, certain applications with known Code Integrity bypasses may represent a security risk if you whitelist them in your WDAC policies. Other applications where older versions of the application had vulnerabilities also represent a risk. Therefore, you may want to deny or block such applications from your WDAC policies. For applications with vulnerabilities, once the vulnerabilities are fixed you can create a rule that only allows the fixed or newer versions of that application. The decision to allow or block applications depends on the context and on how the reference system is being used. + + Security professionals collaborate with Microsoft continuously to help protect customers. With the help of their valuable reports, Microsoft has identified a list of known applications that an attacker could potentially use to bypass Windows Defender Application Control. Depending on the context, you may want to block these applications. To view this list of applications and for use case examples, such as disabling msbuild.exe, see [Microsoft recommended block rules](microsoft-recommended-block-rules.md). + +4. Identify LOB applications that are currently unsigned. Although requiring signed code (through WDAC) protects against many threats, your organization might use unsigned LOB applications, for which the process of signing might be difficult. You might also have applications that are signed, but you want to add a secondary signature to them. If so, identify these applications, because you will need to create a catalog file for them. + +## Getting started on the deployment process + +1. Optionally, create a signing certificate for Windows Defender Application Control. As you deploy WDAC, you might need to sign catalog files or WDAC policies internally. To do this, you will either need a publicly issued code signing certificate (that you purchase) or an internal CA. If you choose to use an internal CA, you will need to [create a code signing certificate](create-code-signing-cert-for-windows-defender-application-control.md). + +2. Create WDAC policies from reference computers. In this respect, creating and managing WDAC policies to align with the needs of roles or departments can be similar to managing corporate images. From each reference computer, you can create a WDAC policy, and decide how to manage that policy. You can [merge](merge-windows-defender-application-control-policies.md) WDAC policies to create a broader policy or a master policy, or you can manage and deploy each policy individually. + +3. Audit the WDAC policy and capture information about applications that are outside the policy. We recommend that you use [audit mode](audit-windows-defender-application-control-policies.md) to carefully test each WDAC policy before you enforce it. With audit mode, no application is blocked—the policy just logs an event whenever an application outside the policy is started. Later, you can expand the policy to allow these applications, as needed. + +4. Create a [catalog file](deploy-catalog-files-to-support-windows-defender-application-control.md) for unsigned LOB applications. Use the Package Inspector tool to create and sign a catalog file for your unsigned LOB applications. In later steps, you can merge the catalog file's signature into your WDAC policy, so that applications in the catalog will be allowed by the policy. + +6. Capture needed policy information from the event log, and merge information into the existing policy as needed. After a WDAC policy has been running for a time in audit mode, the event log will contain information about applications that are outside the policy. To expand the policy so that it allows for these applications, use Windows PowerShell commands to capture the needed policy information from the event log, and then merge that information into the existing policy. You can merge WDAC policies from other sources also, for flexibility in how you create your final WDAC policies. + +7. Deploy WDAC policies and catalog files. After you confirm that you have completed all the preceding steps, you can begin deploying catalog files and taking WDAC policies out of auditing mode. We strongly recommend that you begin this process with a test group of users. This provides a final quality-control validation before you deploy the catalog files and WDAC policies more broadly. + +8. Enable desired virtualization-based security (VBS) features. Hardware-based security features—also called virtualization-based security (VBS) features—strengthen the protections offered by Windows Defender Application Control. + + > [!WARNING] + > Virtualization-based protection of code integrity may be incompatible with some devices and applications. We strongly recommend testing this configuration in your lab before enabling virtualization-based protection of code integrity on production systems. Failure to do so may result in unexpected failures up to and including data loss or a blue screen error (also called a stop error). diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md new file mode 100644 index 0000000000..06f9907511 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md @@ -0,0 +1,31 @@ +--- +title: Windows Defender Application Control design guide (Windows 10) +description: Microsoft Windows Defender Device Guard is a feature set that consists of both hardware and software system integrity hardening features that revolutionize the Windows operating system’s security. +keywords: virtualization, security, malware +ms.prod: w10 +ms.mktglfcycl: deploy +ms.localizationpriority: high +author: brianlic-msft +ms.date: 02/20/2018 +--- + +# Windows Defender Application Control design guide + +**Applies to** + - Windows 10 + - Windows Server + +This guide covers design and planning for Windows Defender Application Control (WDAC). It is intended to help security architects, security administrators, and system administrators create a plan that addresses specific application control requirements for different departments or business groups within an organization. + + +## In this section + +| Topic | Description | +| - | - | +| [Understand WDAC policy design decisions](understand-windows-defender-application-control-policy-design-decisions.md) | This topic lists the design questions, possible answers, and ramifications of the decisions when you plan a deployment of application control policies. | +| [Select the types of rules to create](select-types-of-rules-to-create.md) | This topic lists resources you can use when selecting your application control policy rules by using WDAC. | +| [Plan for WDAC policy management](plan-windows-defender-application-control-management.md) | This topic describes the decisions you need to make to establish the processes for managing and maintaining WDAC policies. | +| [Create your WDAC planning document](create-your-windows-defender-application-control-planning-document.md) | This planning topic summarizes the information you need to research and include in your planning document. | + +After planning is complete, the next step is to deploy WDAC. The [Windows Defender Application Control Deployment Guide](windows-defender-application-control-deployment-guide.md) covers the creation and testing of policies, deploying the enforcement setting, and managing and maintaining the policies. + \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md similarity index 95% rename from windows/security/threat-protection/windows-defender-application-control.md rename to windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md index 74adeafb06..298f03c997 100644 --- a/windows/security/threat-protection/windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md @@ -6,8 +6,9 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security +ms.localizationpriority: high author: jsuther1974 -ms.date: 01/24/2018 +ms.date: 02/27/2018 --- # Windows Defender Application Control @@ -36,7 +37,7 @@ WDAC policies also block unsigned scripts and MSIs, and Windows PowerShell runs ## WDAC System Requirements WDAC policies can only be created on computers running Windows 10 Enterprise or Windows Server 2016. -They can be applied to computers running any edition of Windows 10 and managed via Mobile Device Management (MDM), such as Microsoft Intune. +They can be applied to computers running any edition of Windows 10 or Windows Server 2016 and managed via Mobile Device Management (MDM), such as Microsoft Intune. Group Policy can also be used to distribute Group Policy Objects that contain WDAC policies on computers running Windows 10 Enterprise or Windows Server 2016. ## New and changed functionality diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md new file mode 100644 index 0000000000..d14024b3df --- /dev/null +++ b/windows/security/threat-protection/windows-defender-atp/TOC.md @@ -0,0 +1,173 @@ +# [Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md) + +##Get started +## [Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md) +## [Validate licensing and complete setup](licensing-windows-defender-advanced-threat-protection.md) +## [Troubleshoot subscription and portal access issues](troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md) +## [Preview features](preview-windows-defender-advanced-threat-protection.md) +## [Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md) +## [Assign user access to the portal](assign-portal-access-windows-defender-advanced-threat-protection.md) +## [Onboard endpoints and set up access](onboard-configure-windows-defender-advanced-threat-protection.md) +## [Configure client endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) +### [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md) +### [Configure endpoints using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md) +### [Configure endpoints using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md) +#### [Configure endpoints using Microsoft Intune](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#configure-endpoints-using-microsoft-intune) +### [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md) +### [Configure non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md) +## [Configure server endpoints](configure-server-endpoints-windows-defender-advanced-threat-protection.md) +## [Configure non-Windows endpoints](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md) +## [Run a detection test on a newly onboarded endpoint](run-detection-test-windows-defender-advanced-threat-protection.md) +## [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) +## [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) +## [Understand the Windows Defender ATP portal](use-windows-defender-advanced-threat-protection.md) +## [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md) +## [View the Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md) +## [View the Security analytics dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md) + +##Investigate and remediate threats +##Alerts queue +### [View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md) +### [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md) +### [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) +### [Investigate files](investigate-files-windows-defender-advanced-threat-protection.md) +### [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md) +### [Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md) +### [Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md) +### [Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md) + +##Machines list +### [View and organize the Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md) +### [Manage machine group and tags](investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags) +### [Alerts related to this machine](investigate-machines-windows-defender-advanced-threat-protection.md#alerts-related-to-this-machine) +### [Machine timeline](investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline) +#### [Search for specific events](investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-events) +#### [Filter events from a specific date](investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date) +#### [Export machine timeline events](investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events) +#### [Navigate between pages](investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages) + + +## [Take response actions](response-actions-windows-defender-advanced-threat-protection.md) +### [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md) +#### [Collect investigation package](respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines) +### [Run antivirus scan](respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines) +### [Restrict app execution](respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution) +### [Remove app restriction](respond-machine-alerts-windows-defender-advanced-threat-protection.md#remove-app-restriction) +### [Isolate machines from the network](respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network) +### [Release machine from isolation](respond-machine-alerts-windows-defender-advanced-threat-protection.md#release-machine-from-isolation) +### [Check activity details in Action center](respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center) +### [Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md) +### [Stop and quarantine files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network) +### [Remove file from quarantine](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine) +### [Block files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network) +### [Remove file from blocked list](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-blocked-list) +### [Check activity details in Action center](respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center) +### [Deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis) +#### [Submit files for analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis) +#### [View deep analysis reports](respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports) +#### [Troubleshoot deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis) + +##API and SIEM support +## [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md) +### [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md) +### [Configure Splunk to pull alerts](configure-splunk-windows-defender-advanced-threat-protection.md) +### [Configure HP ArcSight to pull alerts](configure-arcsight-windows-defender-advanced-threat-protection.md) +### [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md) +### [Pull alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md) +### [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md) + +## [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md) +### [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md) +### [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md) +### [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md) +### [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md) +### [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md) +### [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md) +### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) +## [Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md) +### [Supported Windows Defender ATP APIs](supported-apis-windows-defender-advanced-threat-protection.md) +###Actor +#### [Get actor information](get-actor-information-windows-defender-advanced-threat-protection.md) +#### [Get actor related alerts](get-actor-related-alerts-windows-defender-advanced-threat-protection.md) +###Alerts +#### [Get alerts](get-alerts-windows-defender-advanced-threat-protection.md) +#### [Get alert information by ID](get-alert-info-by-id-windows-defender-advanced-threat-protection.md) +#### [Get alert related actor information](get-alert-related-actor-info-windows-defender-advanced-threat-protection.md) +#### [Get alert related domain information](get-alert-related-domain-info-windows-defender-advanced-threat-protection.md) +#### [Get alert related file information](get-alert-related-files-info-windows-defender-advanced-threat-protection.md) +#### [Get alert related IP information](get-alert-related-ip-info-windows-defender-advanced-threat-protection.md) +#### [Get alert related machine information](get-alert-related-machine-info-windows-defender-advanced-threat-protection.md) +###Domain +#### [Get domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection.md) +#### [Get domain related machines](get-domain-related-machines-windows-defender-advanced-threat-protection.md) +#### [Get domain statistics](get-domain-statistics-windows-defender-advanced-threat-protection.md) +#### [Is domain seen in organization](is-domain-seen-in-org-windows-defender-advanced-threat-protection.md) + +###File +#### [Block file API](block-file-windows-defender-advanced-threat-protection.md) +#### [Get file information](get-file-information-windows-defender-advanced-threat-protection.md) +#### [Get file related alerts](get-file-related-alerts-windows-defender-advanced-threat-protection.md) +#### [Get file related machines](get-file-related-machines-windows-defender-advanced-threat-protection.md) +#### [Get file statistics](get-file-statistics-windows-defender-advanced-threat-protection.md) +#### [Get FileActions collection API](get-fileactions-collection-windows-defender-advanced-threat-protection.md) +#### [Unblock file API](unblock-file-windows-defender-advanced-threat-protection.md) + +###IP +#### [Get IP related alerts](get-ip-related-alerts-windows-defender-advanced-threat-protection.md) +#### [Get IP related machines](get-ip-related-machines-windows-defender-advanced-threat-protection.md) +#### [Get IP statistics](get-ip-statistics-windows-defender-advanced-threat-protection.md) +#### [Is IP seen in organization](is-ip-seen-org-windows-defender-advanced-threat-protection.md) +###Machines +#### [Collect investigation package API](collect-investigation-package-windows-defender-advanced-threat-protection.md) +#### [Find machine information by IP](find-machine-info-by-ip-windows-defender-advanced-threat-protection.md) +#### [Get machines](get-machines-windows-defender-advanced-threat-protection.md) +#### [Get FileMachineAction object API](get-filemachineaction-object-windows-defender-advanced-threat-protection.md) +#### [Get FileMachineActions collection API](get-filemachineactions-collection-windows-defender-advanced-threat-protection.md) +#### [Get machine by ID](get-machine-by-id-windows-defender-advanced-threat-protection.md) +#### [Get machine log on users](get-machine-log-on-users-windows-defender-advanced-threat-protection.md) +#### [Get machine related alerts](get-machine-related-alerts-windows-defender-advanced-threat-protection.md) +#### [Get MachineAction object API](get-machineaction-object-windows-defender-advanced-threat-protection.md) +#### [Get MachineActions collection API](get-machineactions-collection-windows-defender-advanced-threat-protection.md) +#### [Get machines](get-machines-windows-defender-advanced-threat-protection.md) +#### [Get package SAS URI API](get-package-sas-uri-windows-defender-advanced-threat-protection.md) +#### [Isolate machine API](isolate-machine-windows-defender-advanced-threat-protection.md) +#### [Release machine from isolation API](unisolate-machine-windows-defender-advanced-threat-protection.md) +#### [Remove app restriction API](unrestrict-code-execution-windows-defender-advanced-threat-protection.md) +#### [Request sample API](request-sample-windows-defender-advanced-threat-protection.md) +#### [Restrict app execution API](restrict-code-execution-windows-defender-advanced-threat-protection.md) +#### [Run antivirus scan API](run-av-scan-windows-defender-advanced-threat-protection.md) +#### [Stop and quarantine file API](stop-quarantine-file-windows-defender-advanced-threat-protection.md) + + + +###User +#### [Get alert related user information](get-alert-related-user-info-windows-defender-advanced-threat-protection.md) +#### [Get user information](get-user-information-windows-defender-advanced-threat-protection.md) +#### [Get user related alerts](get-user-related-alerts-windows-defender-advanced-threat-protection.md) +#### [Get user related machines](get-user-related-machines-windows-defender-advanced-threat-protection.md) + +##Reporting +## [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md) + +##Check service health and sensor state +## [Check sensor state](check-sensor-status-windows-defender-advanced-threat-protection.md) +### [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md) +### [Inactive machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines) +### [Misconfigured machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines) +## [Check service health](service-status-windows-defender-advanced-threat-protection.md) +## [Configure Windows Defender ATP preferences settings](preferences-setup-windows-defender-advanced-threat-protection.md) +## [Update general settings](general-settings-windows-defender-advanced-threat-protection.md) +## [Enable advanced features](advanced-features-windows-defender-advanced-threat-protection.md) +## [Enable preview experience](preview-settings-windows-defender-advanced-threat-protection.md) +## [Configure email notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md) +## [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md) +## [Enable Threat intel API](enable-custom-ti-windows-defender-advanced-threat-protection.md) +## [Enable and create Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md) +## [Enable Security Analytics security controls](enable-security-analytics-windows-defender-advanced-threat-protection.md) + +## [Configure Windows Defender ATP time zone settings](settings-windows-defender-advanced-threat-protection.md) +## [Access the Windows Defender ATP Community Center](community-windows-defender-advanced-threat-protection.md) +## [Troubleshoot Windows Defender ATP](troubleshoot-windows-defender-advanced-threat-protection.md) +## [Review events and errors on endpoints with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md) +## [Windows Defender Antivirus compatibility with Windows Defender ATP](defender-compatibility-windows-defender-advanced-threat-protection.md) + diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md index bece8724df..8b0591b338 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md @@ -81,11 +81,10 @@ To receive contextual machine integration in Office 365 Threat Intelligence, you ## Microsoft Intune connection This feature is only available if you have an active Microsoft Intune (Intune) license. -When you enable this feature, you'll be able to share Windows Defender ATP device information to Intune and enhance policy enforcement. The machine risk score can be used in the integration to enforce conditional access and other security policies. +When you enable this feature, you'll be able to share Windows Defender ATP device information to Intune and enhance policy enforcement. >[!NOTE] ->You'll need to enable the integration on both Intune and Windows Defender ATP to use this feature. For more information on how to enable and configure the integration in Intune, see [Enable conditional access to better protect users, devices, and data](conditional-access-windows-defender-advanced-threat-protection.md). - +>You'll need to enable the integration on both Intune and Windows Defender ATP to use this feature. ## Enable advanced features diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md index db6c9b6f35..e0ff5a7be1 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md @@ -64,7 +64,7 @@ Use the following table to understand what the columns represent, its data type, | InitiatingProcessParentId | int | Process ID (PID) of the parent process that spawned the process responsible for the event. | | InitiatingProcessParentName | string | Name of the parent process that spawned the process responsible for the event. | | InitiatingProcessSha1 | string | SHA-1 of the process (image file) that initiated the event. | -| InitiatingProcessSha256 | string | SHA-256 of the process (image file) that initiated the event. | +| InitiatingProcessSha256 | string | SHA-256 of the process (image file) that initiated the event. This field is usually not populated—use the SHA1 column when available. | | InitiatingProcessTokenElevation | string | Token type indicating the presence or absence of User Access Control (UAC) privilege elevation applied to the process that initiated the event. | | IsAzureADJoined | boolean | Boolean indicator of whether machine is joined to the Azure Active Directory. | | LocalIP | string | IP address assigned to the local machine used during communication. | @@ -97,7 +97,7 @@ Use the following table to understand what the columns represent, its data type, | RemoteUrl | string | URL or fully qualified domain name (FQDN) that was being connected to. | | ReportIndex | long | Event identifier that is unique among the same event type. | | SHA1 | string | SHA-1 of the file that the recorded action was applied to. | -| SHA256 | string | SHA-256 of the file that the recorded action was applied to. +| SHA256 | string | SHA-256 of the file that the recorded action was applied to. This field is usually not populated—use the SHA1 column when available. >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-belowfoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md deleted file mode 100644 index aacc9c9ee1..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,157 +0,0 @@ ---- -title: Enable conditional access to better protect users, devices, and data -description: Enable conditional access to prevent applications from running if a device is considered at risk and an application is determined to be non-compliant. -keywords: conditional access, block applications, security level, intune, -search.product: eADQiWindows 10XVcnh -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: high -ms.date: 04/17/2018 ---- - -# Enable conditional access to better protect users, devices, and data - -**Applies to:** - -- Windows 10 Enterprise -- Windows 10 Education -- Windows 10 Pro -- Windows 10 Pro Education -- Windows Defender Advanced Threat Protection (Windows Defender ATP) - -[!include[Prerelease information](prerelease.md)] - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-conditionalaccess-abovefoldlink) - -Conditional access is a capability that helps you better protect your users and enterprise information by making sure that only secure devices have access to applications. - -With conditional access, you can control access to enterprise information based on the risk level of a device. This helps keep trusted users on trusted devices using trusted applications. - -You can define security conditions under which devices and applications can run and access information from your network by enforcing policies to stop applications from running until a device returns to a compliant state. - -The implementation of conditional access in Windows Defender ATP is based on Microsoft Intune (Intune) device compliance policies and Azure Active Directory (Azure AD) conditional access policies. - -The compliance policy is used with conditional access to allow only devices that fulfill one or more device compliance policy rules to access applications. - -## Understand the conditional access flow -Conditional access is put in place so that when a threat is seen on a device, access to sensitive content is blocked until the threat is remediated. - -The flow begins with machines being seen to have a low, medium, or high risk. These risk determinations are then sent to Intune. - -Depending on how you configure policies in Intune, conditional access can be set up so that when certain conditions are met, the policy is applied. - -For example, you can configure Intune to apply conditional access on devices that have a high risk. - -In Intune, a device compliance policy is used in conjunction with Azure AD conditional access to block access to applications. In parallel, an automated investigation and remediation process is launched. - - A user can still use the device while the automated investigation and remediation is taking place, but access to enterprise data is blocked until the threat is fully remediated. - -To resolve the risk found on a device, you'll need to return the device to a compliant state. A device returns to a compliant state when there is no risk seen on it. - -There are three ways to address a risk: -1. Use Manual or automated remediation. -2. Resolve active alerts on the machine. This will remove the risk from the machine. -3. You can remove the machine from the active policies and consequently, conditional access will not be applied on the machine. - -Manual remediation requires a secops admin to investigate an alert and address the risk seen on the device. The automated remediation is configured through configuration settings provided in the following section, [Configure conditional access](#configure-conditional-access). - -When the risk is removed either through manual or automated remediation, the device returns to a compliant state and access to applications is granted. - -The following example sequence of events explains conditional access in action: - -1. A user opens a malicious file and Windows Defender ATP flags the device as high risk. -2. The high risk assessment is passed along to Intune. In parallel, an automated investigation is initiated to remediate the identified threat. A manual remediation can also be done to remediate the identified threat. -3. Based on the policy created in Intune, the device is marked as not compliant. The assessment is then communicated to Azure AD by the Intune conditional access policy. In Azure AD, the corresponding policy is applied to block access to applications. -4. The manual or automated investigation and remediation is completed and the threat is removed. Windows Defender ATP sees that there is no risk on the device and Intune assesses the device to be in a compliant state. Azure AD applies the policy which allows access to applications. -5. Users can now access applications. - - - - ## Configure conditional access -This section guides you through all the steps you need to take to properly implement conditional access. - -### Before you begin ->[!WARNING] ->It's important to note that Azure AD registered devices is not supported in this scenario. ->Only Intune enrolled devices are supported. - -You need to make sure that all your devices are enrolled in Intune. You can use any of the following options to enroll devices in Intune: - - -- IT Admin: For more information on how to enabling auto-enrollment, see [Windows Enrollment](https://docs.microsoft.com/intune/windows-enroll#enable-windows-10-automatic-enrollment) -- End-user: For more information on how to enroll your Windows 10 device in Intune, see [Enroll your Windows 10 device in Intune](https://docs.microsoft.com/intune-user-help/enroll-your-w10-device-access-work-or-school) -- End-user alternative: For more information on joining an Azure AD domain, see [Set up Azure Active Directory joined devices](https://docs.microsoft.com/en-us/azure/active-directory/device-management-azuread-joined-devices-setup). - - - -There are steps you'll need to take in the Windows Defender ATP portal, the Intune portal, and Azure AD portal. - -> [!NOTE] -> You'll need a Microsoft Intune environment, with Intune managed and Azure AD joined Windows 10 devices. - -Take the following steps to enable conditional access: -- Step 1: Turn on the Microsoft Intune connection from the Windows Defender ATP portal -- Step 2: Turn on the Windows Defender ATP integration in Intune -- Step 3: Create the compliance policy in Intune -- Step 4: Assign the policy -- Step 5: Create an Azure AD conditional access policy - - -### Step 1: Turn on the Microsoft Intune connection -1. In the navigation pane, select **Settings** > **General** > **Advanced features** > **Microsoft Intune connection**. -2. Toggle the Microsoft Intune setting to **On**. -3. Click **Save preferences**. - - -### Step 2: Turn on the Windows Defender ATP integration in Intune -1. Sign in to the [Azure portal](https://portal.azure.com). -2. Select **Device compliance** > **Windows Defender ATP**. -3. Set **Connect Windows 10.0.15063+ devices to Windows Defender Advanced Threat Protection** to **On**. -4. Click **Save**. - - -### Step 3: Create the compliance policy in Intune -1. In the [Azure portal](https://portal.azure.com), select **All services**, filter on **Intune**, and select **Microsoft Intune**. -2. Select **Device compliance** > **Policies** > **Create policy**. -3. Enter a **Name** and **Description**. -4. In **Platform**, select **Windows 10 and later**. -5. In the **Device Health** settings, set **Require the device to be at or under the Device Threat Level** to your preferred level: - - - **Secured**: This level is the most secure. The device cannot have any existing threats and still access company resources. If any threats are found, the device is evaluated as noncompliant. - - **Low**: The device is compliant if only low-level threats exist. Devices with medium or high threat levels are not compliant. - - **Medium**: The device is compliant if the threats found on the device are low or medium. If high-level threats are detected, the device is determined as noncompliant. - - **High**: This level is the least secure, and allows all threat levels. So devices that with high, medium or low threat levels are considered compliant. - -6. Select **OK**, and **Create** to save your changes (and create the policy). - -### Step 4: Assign the policy -1. In the [Azure portal](https://portal.azure.com), select **All services**, filter on **Intune**, and select **Microsoft Intune**. -2. Select **Device compliance** > **Policies**> select your Windows Defender ATP compliance policy. -3. Select **Assignments**. -4. Include or exclude your Azure AD groups to assign them the policy. -5. To deploy the policy to the groups, select **Save**. The user devices targeted by the policy are evaluated for compliance. - -### Step 5: Create an Azure AD conditional access policy -1. In the [Azure portal](https://portal.azure.com), open **Azure Active Directory** > **Conditional access** > **New policy**. -2. Enter a policy **Name**, and select **Users and groups**. Use the Include or Exclude options to add your groups for the policy, and select **Done**. -3. Select **Cloud apps**, and choose which apps to protect. For example, choose **Select apps**, and select **Office 365 SharePoint Online** and **Office 365 Exchange Online**. Select **Done** to save your changes. - -4. Select **Conditions** > **Client apps** to apply the policy to apps and browsers. For example, select **Yes**, and then enable **Browser** and **Mobile apps and desktop clients**. Select **Done** to save your changes. - -5. Select **Grant** to apply conditional access based on device compliance. For example, select **Grant access** > **Require device to be marked as compliant**. Choose **Select** to save your changes. - -6. Select **Enable policy**, and then **Create** to save your changes. - -For more information, see [Enable Windows Defender ATP with conditional access in Intune](https://docs.microsoft.com/intune/advanced-threat-protection). - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-conditionalaccess-belowfoldlink) - -## Related topic -- [Configure advanced features in Windows Defender ATP](advanced-features-windows-defender-advanced-threat-protection.md) - - - diff --git a/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md index e262cc5244..e04a79d353 100644 --- a/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md @@ -51,7 +51,7 @@ In all scenarios, data is encrypted using 256-bit [AES encyption](https://en.wik ## Do I have the flexibility to select where to store my data? -When onboarding the service for the first time, you can choose to store your data in Microsoft Azure datacenters in Europe or in the United States. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Microsoft will not under any circumstance, transfer the data from the specified geolocation into another geolocation. +When onboarding the service for the first time, you can choose to store your data in Microsoft Azure datacenters in Europe or in the United States. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Customer data in de-identified form may also be stored in the central storage and processing systems in the United States. ## Is my data isolated from other customer data? Yes, your data is isolated through access authentication and logical segregation based on customer identifier. Each customer can only access data collected from its own organization and generic data that Microsoft provides. diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md index 06fd351604..9fb3644bae 100644 --- a/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md @@ -62,7 +62,6 @@ You'll also see details such as logon types for each user account, the user grou **Machine risk** The Machine risk tile shows the overall risk assessment of a machine. A machine's risk level is determined using the number of active alerts and their severity levels. You can influence a machine's risk level by resolving associated alerts manually or automatically and also by suppressing an alert. It's also indicators of the active threats that machines could be exposed to. -Depending on your connection settings, the risk level can influence enforcement of conditional access and other security policies on Microsoft Intune and other connected solutions. For more information on conditional access, see [Enable conditional access](conditional-access-windows-defender-advanced-threat-protection.md). **Azure Advanced Threat Protection** If you have enabled the Azure ATP feature and there are alerts related to the machine, you can click on the link that will take you to the Azure ATP page where more information about the alerts are provided. diff --git a/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md index b866964b62..71573b1352 100644 --- a/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md @@ -54,7 +54,7 @@ To gain access into which licenses are provisioned to your company, and to check When accessing the [Windows Defender ATP portal](https://SecurityCenter.Windows.com) for the first time there will be a setup wizard that will guide you through some initial steps. At the end of the setup wizard there will be a dedicated cloud instance of Windows Defender ATP created. -1. Each time you access the portal you will need to validate that you are authorized to access the product. Only if you are not authorized will This **Set up your permissions** step will only be available if you are not currently authorized to access the product. +1. Each time you access the portal you will need to validate that you are authorized to access the product. This **Set up your permissions** step will only be available if you are not currently authorized to access the product.  @@ -134,4 +134,4 @@ When accessing the [Windows Defender ATP portal](https://SecurityCenter.Windows. ## Related topics - [Onboard machines to the Windows Defender Advanced Threat Protection service](onboard-configure-windows-defender-advanced-threat-protection.md) -- [Troubleshoot onboarding process and portal access issues](troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md) \ No newline at end of file +- [Troubleshoot onboarding process and portal access issues](troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md index a87a7f95fe..278725340f 100644 --- a/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md @@ -55,9 +55,6 @@ You can use the following filters to limit the list of machines displayed during **Risk level** Machine risk levels are indicators of the active threats that machines could be exposed to. A machine's risk level is determined using the number of active alerts and their severity levels. You can influence a machine's risk level by resolving associated alerts manually or automatically and also by suppressing an alert. -Depending on your connection settings, the risk level can influence enforcement of conditional access and other security policies on Microsoft Intune and other connected solutions. For more information on conditional access, see [Enable conditional access](conditional-access-windows-defender-advanced-threat-protection.md). - - **OS Platform** - Windows 10 - Windows Server 2012 R2 diff --git a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md index a018b2c742..4d92a145bd 100644 --- a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md @@ -43,10 +43,6 @@ Turn on the preview experience setting to be among the first to try upcoming fea ## Preview features The following features are included in the preview release: -- [Enable conditional access to better protect users, devices, and data](conditional-access-windows-defender-advanced-threat-protection.md)
-With conditional access, you can control access to enterprise information based on the risk level of a device. This helps keep trusted users on trusted devices using trusted applications. - - - [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md)
Windows Defender ATP supports the onboarding of the following servers: - Windows Server 2012 R2 diff --git a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md index 2789778750..a3ae16d7dd 100644 --- a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md @@ -94,7 +94,6 @@ Get started | Learn about the minimum requirements, validate licensing and com [Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md) | Learn about onboarding client, server, and non-Windows machines. Learn how to run a detection test, configure proxy and Internet connectivity settings, and how to troubleshoot potential onboarding issues. [Understand the Windows Defender ATP portal](use-windows-defender-advanced-threat-protection.md) | Understand the Security operations, Secure Score, and Threat analytics dashboards as well as how to navigate the portal. Investigate and remediate threats | Investigate alerts, machines, and take response actions to remediate threats. -[Enable conditional access to better protect users, devices, and data](conditional-access-windows-defender-advanced-threat-protection.md) | Conditional access is a capability that helps you better protect your users and enterprise information by making sure that only secure devices have access to applications.
With conditional access, you can control access to enterprise information based on the risk level of a device. This helps keep trusted users on trusted devices using trusted applications. API and SIEM support | Use the supported APIs to pull and create custom alerts, or automate workflows. Use the supported SIEM tools to pull alerts from the Windows Defender ATP portal. Reporting | Create and build Power BI reports using Windows Defender ATP data. Check service health and sensor state | Verify that the service is running and check the sensor state on machines. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/TOC.md b/windows/security/threat-protection/windows-defender-exploit-guard/TOC.md new file mode 100644 index 0000000000..eedb76c8dc --- /dev/null +++ b/windows/security/threat-protection/windows-defender-exploit-guard/TOC.md @@ -0,0 +1,30 @@ +# [Windows Defender Exploit Guard](windows-defender-exploit-guard.md) + +## [Evaluate Windows Defender Exploit Guard](evaluate-windows-defender-exploit-guard.md) +### [Use auditing mode to evaluate Windows Defender Exploit Guard](audit-windows-defender-exploit-guard.md) +### [View Exploit Guard events](event-views-exploit-guard.md) + +## [Exploit protection](exploit-protection-exploit-guard.md) +### [Comparison with Enhanced Mitigation Experience Toolkit](emet-exploit-protection-exploit-guard.md) +### [Evaluate Exploit protection](evaluate-exploit-protection.md) +### [Enable Exploit protection](enable-exploit-protection.md) +### [Customize Exploit protection](customize-exploit-protection.md) +#### [Import, export, and deploy Exploit protection configurations](import-export-exploit-protection-emet-xml.md) +### [Memory integrity](memory-integrity.md) +#### [Requirements for virtualization-based protection of code integrity](requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md) +#### [Enable virtualization-based protection of code integrity](enable-virtualization-based-protection-of-code-integrity.md) +## [Attack surface reduction](attack-surface-reduction-exploit-guard.md) +### [Evaluate Attack surface reduction](evaluate-attack-surface-reduction.md) +### [Enable Attack surface reduction](enable-attack-surface-reduction.md) +### [Customize Attack surface reduction](customize-attack-surface-reduction.md) +### [Troubleshoot Attack surface reduction rules](troubleshoot-asr.md) +## [Network Protection](network-protection-exploit-guard.md) +### [Evaluate Network Protection](evaluate-network-protection.md) +### [Enable Network Protection](enable-network-protection.md) +### [Troubleshoot Network protection](troubleshoot-np.md) +## [Controlled folder access](controlled-folders-exploit-guard.md) +### [Evaluate Controlled folder access](evaluate-controlled-folder-access.md) +### [Enable Controlled folder access](enable-controlled-folders-exploit-guard.md) +### [Customize Controlled folder access](customize-controlled-folders-exploit-guard.md) + + diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md index 7511f2b65d..9cf38c9042 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md @@ -9,9 +9,9 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security localizationpriority: medium -author: iaanw -ms.author: iawilt -ms.date: 12/01/2017 +author: andreabichsel +ms.author: v-anbic +ms.date: 04/17/2018 --- @@ -21,7 +21,7 @@ ms.date: 12/01/2017 **Applies to:** -- Windows 10, version 1709 +- Windows 10, version 1709 and later @@ -54,7 +54,11 @@ For further details on how audit mode works, and when you might want to use it, >If the feature is configured with Group Policy, PowerShell, or MDM CSPs, the state will change in the Windows Defender Security Center app after a restart of the device. >If the feature is set to **Audit mode** with any of those tools, the Windows Defender Security Center app will show the state as **Off**. >See [Use audit mode to evaluate Windows Defender Exploit Guard features](audit-windows-defender-exploit-guard.md) for more details on how audit mode works. - +>
+>Group Policy settings that disable local administrator list merging will override Controlled folder access settings. They also override protected folders and allowed apps set by the local administrator through Controlled folder access. These policies include:
+>- Windows Defender Antivirus **Configure local administrator merge behavior for lists**
+>- System Center Endpoint Protection **Allow users to add exclusions and overrides**
+>For more information about disabling local list merging, see [Prevent or allow users to locally modify Windows Defender AV policy settings](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus#configure-how-locally-and-globally-defined-threat-remediation-and-exclusions-lists-are-merged).
### Use the Windows Defender Security app to enable Controlled folder access
diff --git a/windows/security/threat-protection/device-guard/deploy-device-guard-enable-virtualization-based-security.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md
similarity index 63%
rename from windows/security/threat-protection/device-guard/deploy-device-guard-enable-virtualization-based-security.md
rename to windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md
index 400d1f0540..bfebbbbc6e 100644
--- a/windows/security/threat-protection/device-guard/deploy-device-guard-enable-virtualization-based-security.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md
@@ -1,63 +1,52 @@
---
-title: Deploy Windows Defender Device Guard - enable virtualization-based security (Windows 10)
-description: This article describes how to enable virtualization-based security, one of the main features that are part of Windows Defender Device Guard in Windows 10.
-keywords: virtualization, security, malware
+title: Enable virtualization-based protection of code integrity
+description: This article explains the steps to opt in to using HVCI on Windows devices.
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: high
+ms.author: justinha
author: brianlic-msft
-ms.date: 10/20/2017
+ms.date: 04/19/2018
---
-# Enable virtualization-based protection of code integrity
+# Enable virtualization-based protection of code integrity
-**Applies to**
-- Windows 10
-- Windows Server 2016
+**Applies to**
-Virtualization-based protection of code integrity (herein referred to as Hypervisor-protected Code Integrity, or HVCI) is a powerful system mitigation that leverages hardware virtualization and the Windows Hyper-V hypervisor to protect Windows kernel-mode processes against the injection and execution of malicious or unverified code. Code integrity validation is performed in a secure environment that is resistant to attack from malicious software, and page permissions for kernel mode are set and maintained by the Hyper-V hypervisor. When used with Windows Defender Application Control (WDAC), HVCI helps achieve a locked down configuration state known as Windows Defender Device Guard that can block many types of malware from running on computers running Windows 10 and Windows Server 2016.
+- Windows 10
+- Windows Server 2016
-> [!NOTE]
-> Some applications, including device drivers, may be incompatible with HVCI. This can cause devices or software to malfunction and in rare cases may result in a Blue Screen. Such issues may occur after HVCI has been turned on or during the enablement process itself. We recommend testing thoroughly before enabling HVCI on production systems.
+Virtualization-based protection of code integrity (herein referred to as hypervisor-protected code integrity, or HVCI) is a powerful system mitigation that leverages hardware virtualization and the Windows Hyper-V hypervisor to protect Windows kernel-mode processes against the injection and execution of malicious or unverified code.
+Code integrity validation is performed in a secure environment that is resistant to attack from malicious software, and page permissions for kernel mode are set and maintained by the Hyper-V hypervisor.
-Use the following procedure to enable virtualization-based protection of code integrity:
+Some applications, including device drivers, may be incompatible with HVCI.
+This can cause devices or software to malfunction and in rare cases may result in a Blue Screen. Such issues may occur after HVCI has been turned on or during the enablement process itself.
+If this happens, see [Troubleshooting](#troubleshooting) for remediation steps.
-1. Decide whether to use the procedures in this topic, or to use [the Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337).
+## How to turn on HVCI in Windows 10
-2. Verify that [hardware and firmware requirements](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-windows-defender-device-guard) are met.
+To enable HVCI on Windows 10 devices with supporting hardware throughout an enterprise, use any of these options:
+- [Microsoft Intune (or another MDM provider)](#enable-hvci-using-intune)
+- [Group Policy](#enable-hvci-using-group-policy)
+- [System Center Configuration Manager](https://cloudblogs.microsoft.com/enterprisemobility/2015/10/30/managing-windows-10-device-guard-with-configuration-manager/)
+- [Registry](#use-registry-keys-to-enable-virtualization-based-protection-of-code-integrity)
-## Enable virtualization-based protection of code integrity
+### Enable HVCI using Intune
-If you don't want to use the [hardware readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337), you can use Group Policy or the Registry to enable HVCI.
+Enabling in Intune requires using the Code Integrity node in the [AppLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/applocker-csp).
-### Use Group Policy to enable virtualization-based protection of code integrity
+### Enable HVCI using Group Policy
-1. To create a new GPO, right-click the OU where you want to link the GPO, and then click **Create a GPO in this domain, and Link it here**.
+1. Use Group Policy Editor (gpedit.msc) to either edit an existing GPO or create a new one.
+2. Navigate to **Computer Configuration** > **Administrative Templates** > **System** > **Device Guard**.
+3. Double-click **Turn on Virtualization Based Security**.
+4. Click **Enabled** and under **Virtualization Based Protection of Code Integrity**, select **Enabled with UEFI lock** to ensure HVCI cannot be enabled remotely or select **Enabled without UEFI lock**.
- 
+ 
-2. Give the new GPO a name, then right-click the new GPO, and click **Edit**.
+5. Click **Ok** to close the editor.
-4. Within the selected GPO, navigate to Computer Configuration\\Policies\\Administrative Templates\\System\\Device Guard. Right-click **Turn On Virtualization Based Security**, and then click **Edit**.
-
- 
-
-5. Select the **Enabled** button. For **Select Platform Security Level**:
-
- - **Secure Boot** provides as much protection as a computer’s hardware can support. If the computer does not have input/output memory management units (IOMMUs), enable **Secure Boot**.
- - **Secure Boot with DMA** enables Secure Boot—and VBS itself—only on a computer that supports DMA, that is, a computer with IOMMUs. With this setting, any computer without IOMMUs will not have VBS or HVCI protection, although it can have WDAC enabled. Important: Notes:
For information about how VBS uses the hypervisor to strengthen protections provided by WDAC, see [How Windows Defender Device Guard features help protect against threats](introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md#how-windows-defender-device-guard-features-help-protect-against-threats).
-
- For **Virtualization Based Protection of Code Integrity**:
-
- - Beginning with Windows 10, version 1607 and Windows Server 2016:
For an initial deployment or test deployment, we recommend **Enabled without lock**.
When your deployment is stable, we recommend changing to **Enabled with UEFI lock**. This option helps protect the registry from tampering, either through malware or by an unauthorized person.
-
- - With earlier versions of Windows 10:
Select the **Enable Virtualization Based Protection of Code Integrity** check box.
-
- 
-
-7. Close the Group Policy Management Editor, and then restart the Windows 10 test computer. The settings will take effect upon restart.
-
-8. Check Device Guard logs in Event Viewer at **Applications and Services Logs\\Microsoft\\Windows\\DeviceGuard-GPEXT\\Operational** for Event ID 7000, which contains the selected settings within a GPO that has been successfully processed. This event is logged only when Group Policy is used.
+To apply the new policy on a domain-joined computer, either restart or run `gpupdate /force` in an elevated command prompt.
### Use registry keys to enable virtualization-based protection of code integrity
@@ -66,7 +55,7 @@ Set the following registry keys to enable HVCI. This provides exactly the same s
> [!IMPORTANT]
-> - Among the commands that follow, you can choose settings for **Secure Boot** and **Secure Boot with DMA**. In most situations, we recommend that you choose **Secure Boot**. This option provides Secure Boot with as much protection as is supported by a given computer’s hardware. A computer with input/output memory management units (IOMMUs) will have Secure Boot with DMA protection. A computer without IOMMUs will simply have Secure Boot enabled.
In contrast, with **Secure Boot with DMA**, the setting will enable Secure Boot—and VBS itself—only on a computer that supports DMA, that is, a computer with IOMMUs. With this setting, any computer without IOMMUs will not have VBS or HVCI protection, although it can still have WDAC enabled.
For information about how VBS uses the hypervisor to strengthen protections provided by WDAC, see [How Windows Defender Device Guard features help protect against threats](introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md#how-windows-defender-device-guard-features-help-protect-against-threats).
+> - Among the commands that follow, you can choose settings for **Secure Boot** and **Secure Boot with DMA**. In most situations, we recommend that you choose **Secure Boot**. This option provides Secure Boot with as much protection as is supported by a given computer’s hardware. A computer with input/output memory management units (IOMMUs) will have Secure Boot with DMA protection. A computer without IOMMUs will simply have Secure Boot enabled.
In contrast, with **Secure Boot with DMA**, the setting will enable Secure Boot—and VBS itself—only on a computer that supports DMA, that is, a computer with IOMMUs. With this setting, any computer without IOMMUs will not have VBS or HVCI protection, although it can still have WDAC enabled.
> - All drivers on the system must be compatible with virtualization-based protection of code integrity; otherwise, your system may fail. We recommend that you enable these features on a group of test computers before you enable them on users' computers.
#### For Windows 1607 and above
@@ -258,8 +247,34 @@ Another method to determine the available and enabled Windows Defender Device Gu
-## Related topics
-- [Introduction to Windows Defender Device Guard: virtualization-based security and Windows Defender Application Control](introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
+## Troubleshooting
-- [Deploy Windows Defender Application Control](deploy-windows-defender-application-control.md)
+A. If a device driver fails to load or crashes at runtime, you may be able to update the driver using **Device Manager**.
+
+B. If you experience software or device malfunction after using the above procedure to turn on HVCI, but you are able to log in to Windows, you can turn off HVCI by renaming or deleting the SIPolicy.p7b file from the file location in step 3 above and then restart your device.
+
+C. If you experience a critical error during boot or your system is unstable after using the above procedure to turn on HVCI, you can recover using the Windows Recovery Environment (Windows RE). To boot to Windows RE, see [Windows RE Technical Reference](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference). After logging in to Windows RE, you can turn off HVCI by renaming or deleting the SIPolicy.p7b file from the file location in step 3 above and then restart your device.
+
+## How to turn off HVCI on the Windows 10 Fall Creators Update
+
+1. Rename or delete the SIPolicy.p7b file located at C:\Windows\System32\CodeIntegrity.
+2. Restart the device.
+3. To confirm HVCI has been successfully disabled, open System Information and check **Virtualization-based security Services Running**, which should now have no value displayed.
+
+## HVCI deployment in virtual machines
+
+HVCI can protect a Hyper-V virtual machine, just as it would a physical machine. The steps to enable WDAC are the same from within the virtual machine.
+
+WDAC protects against malware running in the guest virtual machine. It does not provide additional protection from the host administrator. From the host, you can disable WDAC for a virtual machine:
+
+```powershell
+Set-VMSecurity -VMName
plus **extended page tables** | These hardware features are required for VBS:
One of the following virtualization extensions:
• VT-x (Intel) or
• AMD-V
And:
• Extended page tables, also called Second Level Address Translation (SLAT). | VBS provides isolation of the secure kernel from the normal operating system. Vulnerabilities and zero-days in the normal operating system cannot be exploited because of this isolation. |
+| Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot** | See the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](https://docs.microsoft.com/windows-hardware/design/compatibility/systems#systemfundamentalsfirmwareuefisecureboot) | UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots. |
+| Firmware: **Secure firmware update process** | UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](https://docs.microsoft.com/windows-hardware/design/compatibility/systems#systemfundamentalsfirmwareuefisecureboot) | UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed. |
+| Software: **HVCI compatible drivers** | See the Windows Hardware Compatibility Program requirements under [Filter.Driver.DeviceGuard.DriverCompatibility](https://docs.microsoft.com/windows-hardware/design/compatibility/filter#filterdriverdeviceguarddrivercompatibility).| [HVCI Compatible](https://blogs.msdn.microsoft.com/windows_hardware_certification/2015/05/22/driver-compatibility-with-device-guard-in-windows-10/) drivers help ensure that VBS can maintain appropriate memory permissions. This increases resistance to bypassing vulnerable kernel drivers and helps ensure that malware cannot run in kernel. Only code verified through code integrity can run in kernel mode. |
+| Software: Qualified **Windows operating system** | Windows 10 Enterprise, Windows 10 Education, Windows Server 2016, or Windows 10 IoT Enterprise
| Support for VBS and for management features that simplify configuration of Windows Defender Device Guard. |
+
+> **Important** The following tables list additional qualifications for improved security. You can use Windows Defender Device Guard with hardware, firmware, and software that support baseline protections, even if they do not support protections for improved security. However, we strongly recommend meeting these additional qualifications to significantly strengthen the level of security that Windows Defender Device Guard can provide.
+
+## Additional qualifications for improved security
+
+The following tables describe additional hardware and firmware qualifications, and the improved security that is available when these qualifications are met.
+
+
+### Additional security qualifications starting with Windows 10, version 1507, and Windows Server 2016, Technical Preview 4
+
+| Protections for Improved Security | Description | Security benefits |
+|---------------------------------------------|----------------------------------------------------|------|
+| Firmware: **Securing Boot Configuration and Management** | • BIOS password or stronger authentication must be supported.
Windows Server 2016 running as a domain controller does not support Windows Defender Credential Guard. Only virtualization-based protection of code integrity is supported in this configuration.
• In the BIOS configuration, BIOS authentication must be set.
• There must be support for protected BIOS option to configure list of permitted boot devices (for example, “Boot only from internal hard drive”) and boot device order, overriding BOOTORDER modification made by operating system.
• In the BIOS configuration, BIOS options related to security and boot options (list of permitted boot devices, boot order) must be secured to prevent other operating systems from starting and to prevent changes to the BIOS settings. | • BIOS password or stronger authentication helps ensure that only authenticated Platform BIOS administrators can change BIOS settings. This helps protect against a physically present user with BIOS access.
• Boot order when locked provides protection against the computer being booted into WinRE or another operating system on bootable media. |
+
+
+
+### Additional security qualifications starting with Windows 10, version 1607, and Windows Server 2016
+
+
+| Protections for Improved Security | Description | Security benefits |
+|---------------------------------------------|----------------------------------------------------|-----|
+| Firmware: **Hardware Rooted Trust Platform Secure Boot** | • Boot Integrity (Platform Secure Boot) must be supported. See the Windows Hardware Compatibility Program requirements under [System.Fundamentals.Firmware.CS.UEFISecureBoot.ConnectedStandby](https://docs.microsoft.com/windows-hardware/design/compatibility/systems#systemfundamentalsfirmwarecsuefisecurebootconnectedstandby)
• The Hardware Security Test Interface (HSTI) 1.1.a must be implemented. See [Hardware Security Testability Specification](https://docs.microsoft.com/windows-hardware/test/hlk/testref/hardware-security-testability-specification). | • Boot Integrity (Platform Secure Boot) from Power-On provides protections against physically present attackers, and defense-in-depth against malware.
• HSTI 1.1.a provides additional security assurance for correctly secured silicon and platform. |
+| Firmware: **Firmware Update through Windows Update** | Firmware must support field updates through Windows Update and UEFI encapsulation update. | Helps ensure that firmware updates are fast, secure, and reliable. |
+| Firmware: **Securing Boot Configuration and Management** | • Required BIOS capabilities: Ability of OEM to add ISV, OEM, or Enterprise Certificate in Secure Boot DB at manufacturing time.
• Required configurations: Microsoft UEFI CA must be removed from Secure Boot DB. Support for 3rd-party UEFI modules is permitted but should leverage ISV-provided certificates or OEM certificate for the specific UEFI software.| • Enterprises can choose to allow proprietary EFI drivers/applications to run.
• Removing Microsoft UEFI CA from Secure Boot DB provides full control to enterprises over software that runs before the operating system boots. |
+
+
+
+### Additional security qualifications starting with Windows 10, version 1703
+
+
+| Protections for Improved Security | Description | Security benefits |
+|---------------------------------------------|----------------------------------------------------|------|
+| Firmware: **VBS enablement of NX protection for UEFI runtime services** | • VBS will enable No-Execute (NX) protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be exceutable.
• UEFI runtime service must meet these requirements:
• Implement UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE. All UEFI runtime service memory (code and data) must be described by this table.
• PE sections need to be page-aligned in memory (not required for in non-volitile storage).
• The Memory Attributes Table needs to correctly mark code and data as RO/NX for configuration by the OS:
• All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both
• No entries may be left with neither of the above attributes, indicating memory that is both exceutable and writable. Memory must be either readable and executable or writeable and non-executable.
• This only applies to UEFI runtime service memory, and not UEFI boot service memory.
• This protection is applied by VBS on OS page tables.
Please also note the following:
• Do not use sections that are both writeable and exceutable
• Do not attempt to directly modify executable system memory
• Do not use dynamic code | • Vulnerabilities in UEFI runtime, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
• Reduces the attack surface to VBS from system firmware. |
+| Firmware: **Firmware support for SMM protection** | The [Windows SMM Security Mitigations Table (WSMT) specification](http://download.microsoft.com/download/1/8/A/18A21244-EB67-4538-BAA2-1A54E0E490B6/WSMT.docx) contains details of an Advanced Configuration and Power Interface (ACPI) table that was created for use with Windows operating systems that support Windows virtualization-based security (VBS) features.| • Protects against potential vulnerabilities in UEFI runtime services, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
• Reduces the attack surface to VBS from system firmware.
• Blocks additional security attacks against SMM. |
+
diff --git a/windows/security/threat-protection/windows-defender-security-center/TOC.md b/windows/security/threat-protection/windows-defender-security-center/TOC.md
new file mode 100644
index 0000000000..1bb541cc85
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-security-center/TOC.md
@@ -0,0 +1,11 @@
+# [The Windows Defender Security Center app](windows-defender-security-center.md)
+
+
+## [Customize the Windows Defender Security Center app for your organization](wdsc-customize-contact-information.md)
+## [Hide Windows Defender Security Center app notifications](wdsc-hide-notifications.md)
+## [Virus and threat protection](wdsc-virus-threat-protection.md)
+## [Device performance and health](wdsc-device-performance-health.md)
+## [Firewall and network protection](wdsc-firewall-network-protection.md)
+## [App and browser control](wdsc-app-browser-control.md)
+## [Family options](wdsc-family-options.md)
+