deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-28 05:07:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into mdatp-gov

Browse Source
This commit is contained in:
Joey Caparas 2019-07-11 14:48:53 -07:00
commit 1fa2d85c54
169 changed files with 1404 additions and 2291 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.openpublishing.redirection.json
View File

@ -6503,7 +6503,7 @@
{
"source_path": "store-for-business/app-inventory-management-windows-store-for-business.md",
"redirect_url": "/microsoft-store/app-inventory-management-microsoft-store-for-business",
"redirect_document_id": true
"redirect_document_id": false
},
{
"source_path": "windows/manage/application-development-for-windows-as-a-service.md",

12
devices/hololens/TOC.md
View File

@ -10,15 +10,25 @@
## [Enroll HoloLens in MDM](hololens-enroll-mdm.md)
## [Manage updates to HoloLens](hololens-updates.md)
## [Restore HoloLens 2 using Advanced Recovery Companion](hololens-recovery.md)
## [Use the HoloLens Clicker](hololens-clicker.md)
## [Restart, reset, or recover the HoloLens](hololens-restart-recover.md)
## [Restart or recover the HoloLens clicker](hololens-clicker-restart-recover.md)
# Application Management
## [Install apps on HoloLens](hololens-install-apps.md)
## [Share HoloLens with multiple people](hololens-multiple-users.md)
## [Cortana on HoloLens](hololens-cortana.md)
## [Get apps for HoloLens](hololens-get-apps.md)
## [Use apps on HoloLens](hololens-use-apps.md)
## [Use HoloLens offline](hololens-offline.md)
## [Spaces on HoloLens](hololens-spaces-on-hololens.md)
# User/Access Management
## [Set up single application access](hololens-kiosk.md)
## [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md)
## [How HoloLens stores data for spaces](hololens-spaces.md)
## [Find and save files](hololens-find-and-save-files.md)
# [Insider preview for Microsoft HoloLens](hololens-insider.md)
# [Change history for Microsoft HoloLens documentation](change-history-hololens.md)
# [Change history for Microsoft HoloLens documentation](change-history-hololens.md)

47
devices/hololens/hololens-clicker-restart-recover.md Normal file
View File

@ -0,0 +1,47 @@
---
title: Restart or recover the HoloLens clicker
description: Things to try if the HoloLens clicker is unresponsive or isnt working well.
ms.assetid: 13406eca-e2c6-4cfc-8ace-426ff8f837f4
ms.reviewer: jarrettrenshaw
ms.date: 07/01/2019
manager: v-miegge
keywords: hololens
ms.prod: hololens
ms.sitesec: library
author: v-miegge
ms.author: v-miegge
ms.topic: article
ms.localizationpriority: medium
---
# Restart or recover the HoloLens clicker
Here are some things to try if the HoloLens clicker is unresponsive or isnt working well.
## Restart the clicker
Use the tip of a pen to press and hold the [pairing button](https://support.microsoft.com/en-us/help/12646).
![Hold the pairing button](images/recover-clicker-1.png)
At the same time, click and hold the clicker for 15 seconds. If the clicker was already paired with your HoloLens, it will stay paired after it restarts.
![Hold the clicker](images/recover-clicker-2.png)
If the clicker won't turn on or restart, try charging it using the HoloLens charger. If the battery is very low, it might take a few minutes for the white indicator light to turn on.
## Re-pair the clicker
Go to Settings > Devices and select the clicker. Select Remove, wait a few seconds, then pair the clicker again.
## Recover the clicker
If restarting and re-pairing the clicker dont fix the problem, the Windows Device Recovery Tool can help you recover it. The recovery process may take some time, and the latest version of the clicker software will be installed. To use the tool, youll need a computer running Windows 10 or later with at least 4 GB of free storage space.
To recover the clicker:
1. Download and install the [Windows Device Recovery Tool](https://dev.azure.com/ContentIdea/ContentIdea/_queries/query/8a004dbe-73f8-4a32-94bc-368fc2f2a895/) on your computer.
1. Connect the clicker to your computer using the Micro USB cable that came with your HoloLens.
1. Run the Windows Device Recovery Tool and follow the instructions.
If the clicker isnt automatically detected, select **My device was not detected** and follow the instructions to put your device into recovery mode.

65
devices/hololens/hololens-clicker.md Normal file
View File

@ -0,0 +1,65 @@
---
title: Use the HoloLens Clicker
description:
ms.assetid: 7d4a30fd-cf1d-4c9a-8eb1-1968ccecbe59
ms.reviewer: jarrettrenshaw
ms.date: 07/01/2019
manager: v-miegge
keywords: hololens
ms.prod: hololens
ms.sitesec: library
author: v-miegge
ms.author: v-miegge
ms.topic: article
ms.localizationpriority: medium
---
# Use the HoloLens Clicker
The clicker was designed specifically for HoloLens and gives you another way to interact with holograms. It comes with HoloLens, in a separate box. Use it in place of hand gestures to select, scroll, move, and resize.
![The HoloLens Clicker](images/use-hololens-clicker-1.png)
## Hold the clicker
To put on the clicker, slide the loop over your ring or middle finger with the Micro USB port toward your wrist. Rest your thumb in the indentation.
![How to hold the Clicker](images/use-hololens-clicker-2.png)
## Clicker gestures
Clicker gestures are small wrist rotations, not the larger movements used for HoloLens hand gestures. And HoloLens will recognize your gestures and clicks even if the clicker is outside the [gesture frame](https://support.microsoft.com/help/12644), so you can hold the clicker in the position that's most comfortable for you.
- **Select**. To select a hologram, button, or other element, gaze at it, then click.
- **Click and hold**. Click and hold your thumb down on the button to do some of the same things you would with tap and hold, like move or resize a hologram.
- **Scroll**. On the app bar, select **Scroll Tool**. Click and hold, then rotate the clicker up, down, left, or right. To scroll faster, move your hand farther from the center of the scroll tool.
- **Zoom**. On the app bar, select **Zoom Tool**. Click and hold, then rotate the clicker up to zoom in, or down to zoom out.
>[!TIP]
>In Microsoft Edge, gaze at a page and double-click to zoom in or out.
## Pair and charge the clicker
To pair the clicker with your HoloLens, see [Pair Bluetooth devices](https://support.microsoft.com/help/12636).
When the clicker battery is low, the battery indicator will blink amber. Plug the Micro USB cable into a USB power supply to charge the device.
## Indicator lights
Here's what the lights on the clicker mean.
- **Blinking white**. The clicker is in pairing mode.
- **Fast-blinking white**. Pairing was successful.
- **Solid white**. The clicker is charging.
- **Blinking amber**. The battery is low.
- **Solid amber**. The clicker ran into an error and you'll need to restart it. While pressing the pairing button, click and hold for 15 seconds.
>[!NOTE]
>If the clicker doesn't respond or won't start, see [Restart or recover the HoloLens clicker](https://support.microsoft.com/help/15555/hololens-restart-or-recover-the-hololens-clicker).

50
devices/hololens/hololens-cortana.md Normal file
View File

@ -0,0 +1,50 @@
---
title: Cortana on HoloLens
description: Cortana can help you do all kinds of things on your HoloLens
ms.assetid: fd96fb0e-6759-4dbe-be1f-58bedad66fed
ms.reviewer: jarrettrenshaw
ms.date: 07/01/2019
manager: v-miegge
keywords: hololens
ms.prod: hololens
ms.sitesec: library
author: v-miegge
ms.author: v-miegge
ms.topic: article
ms.localizationpriority: medium
---
# Cortana on HoloLens
Cortana can help you do all kinds of things on your HoloLens, from searching the web to shutting down your device. To get her attention, select Cortana on Start or say "Hey Cortana" anytime.
![Hey Cortana!](images/cortana-on-hololens.png)
## What do I say to Cortana
Here are some things you can try saying (remember to say "Hey Cortana" first):
- What can I say?
- Increase the volume.
- Decrease the brightness.
- Shut down.
- Restart.
- Go to sleep.
- Mute.
- Launch <app name>.
- Move <app name> here (gaze at the spot you want the app to move to).
- Go to Start.
- Take a picture.
- Start recording. (Starts recording a video.)
- Stop recording. (Stops recording a video.)
- Call <contact>. (Requires Skype.)
- What time is it?
- Show me the latest NBA scores.
- How much battery do I have left?
- Tell me a joke.
>[!NOTE]
>- Some Cortana features you're used to from Windows on your PC or phone (for example, reminders and notifications) aren't supported in Microsoft HoloLens Development Edition. Cortana on HoloLens is English only, and the Cortana experience may vary among regions.
>- Cortana is on the first time you use HoloLens. You can turn her off in Cortana's settings. In the All apps list, select Cortana > Settings. Then turn off Cortana can give you suggestions, ideas, reminders, alerts, and more.
>- If Cortana isn't responding to "Hey Cortana," go to Cortana's settings and check to make sure she's on.
>- If you turn Cortana off, "Hey Cortana" voice commands won't be available, but you'll still be able to use other commands (like "Select" and "Place").

44
devices/hololens/hololens-find-and-save-files.md Normal file
View File

@ -0,0 +1,44 @@
---
title: Find and save files on HoloLens
description: Use File Explorer on HoloLens to view and manage files on your device
ms.assetid: 77d2e357-f65f-43c8-b62f-6cd9bf37070a
ms.reviewer: jarrettrenshaw
ms.date: 07/01/2019
manager: v-miegge
keywords: hololens
ms.prod: hololens
ms.sitesec: library
author: v-miegge
ms.author: v-miegge
ms.topic: article
ms.localizationpriority: medium
---
# Find and save files on HoloLens
Files you create on HoloLens, including Office documents, photos, and videos, are saved to your HoloLens. To view and manage them, you can use the File Explorer app on HoloLens or File Explorer on your PC. To sync photos and other files to the cloud, use the OneDrive app on HoloLens.
## View files on HoloLens
Use File Explorer on HoloLens to view and manage files on your device, including 3D objects, documents, and pictures. Go to Start > All apps > File Explorer on HoloLens to get started.
>[!TIP]
>If there are no files listed in File Explorer, select **This Device** in the top left pane.
## View HoloLens files on your PC
To see your HoloLens files in File Explorer on your PC:
1. Sign in to HoloLens, then plug it into the PC using the USB cable that came with the HoloLens.
1. Select **Open Device to view files with File Explorer**, or open File Explorer on the PC and navigate to the device.
>[!TIP]
>To see info about your HoloLens, right-click the device name in File Explorer on your PC, then select **Properties**.
## Sync to the cloud
To sync photos and other files from your HoloLens to the cloud, install and set up OneDrive on HoloLens. To get OneDrive, search for it in the Microsoft Store on your HoloLens.
>[!TIP]
>HoloLens doesn't back up app files and data, so it's a good idea to save your important stuff to OneDrive. That way, if you reset your device or uninstall an app, your info will be backed up.

37
devices/hololens/hololens-get-apps.md Normal file
View File

@ -0,0 +1,37 @@
---
title: Get apps for HoloLens
description: The Microsoft Store is your source for apps and games that work with HoloLens.
ms.assetid: cbe9aa3a-884f-4a92-bf54-8d4917bc3435
ms.reviewer: jarrettrenshaw
ms.date: 07/01/2019
manager: v-miegge
keywords: hololens
ms.prod: hololens
ms.sitesec: library
author: v-miegge
ms.author: v-miegge
ms.topic: article
ms.localizationpriority: medium
---
# Get apps for HoloLens
The Microsoft Store is your source for apps and games that work with HoloLens. When you go to the Store on your HoloLens, any apps you see there will run on it.
Apps on HoloLens use either 2D view or holographic view. Apps with 2D view look like windows and can be positioned all around you. Apps that use holographic view surround you and become the only app you see.
## Get apps
Open the Microsoft Store from the Start menu. Then browse for apps and games (or use your voice to search), select the microphone on the HoloLens keyboard, and start talking.
To download apps, you'll need to be signed in with a Microsoft account. To buy them, you'll need a payment method associated with the Microsoft account you use on your HoloLens. To set up a payment method, go to [account.microsoft.com](http://account.microsoft.com/) and select **Payment & billing** > **Payment options** > **Add a payment option**.
## Find your apps
Once you've installed an app, you'll find it in the All apps list (Start > All apps ). Keep apps handy by [pinning them to Start](https://support.microsoft.com/help/12638).
App updates are automatic, and they're free.
>[!NOTE]
>- To purchase apps in the Store, the billing address for your payment method must match the country or region your HoloLens is set to.
>- Some apps may not be available in all countries and regions.

41
devices/hololens/hololens-kiosk.md
View File

@ -16,7 +16,7 @@ manager: dansimp
In Windows 10, version 1803, you can configure your HoloLens devices to run as multi-app or single-app kiosks. You can also configure guest access for a HoloLens kiosk device by [designating a SpecialGroup account in your XML file.](#guest)
In Windows 10, version 1803, you can configure your HoloLens devices to run as multi-app or single-app kiosks. You can also configure guest access for a HoloLens kiosk device by [designating a SpecialGroup account in your XML file.](#add-guest-access-to-the-kiosk-configuration-optional)
When HoloLens is configured as a multi-app kiosk, only the allowed apps are available to the user. The benefit of a multi-app kiosk, or fixed-purpose device, is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they dont need to access.
@ -40,21 +40,19 @@ The [AssignedAccess Configuration Service Provider (CSP)](https://docs.microsoft
>Be aware that voice commands are enabled for kiosk mode configured in Microsoft Intune or provisioning packages, even if the Cortana app is not selected as a kiosk app.
For HoloLens devices running Windows 10, version 1803, there are three methods that you can use to configure the device as a kiosk:
- You can use [Microsoft Intune or other mobile device management (MDM) service](#intune-kiosk) to configure single-app and multi-app kiosks.
- You can [use a provisioning package](#ppkg-kiosk) to configure single-app and multi-app kiosks.
- You can [use the Windows Device Portal](#portal-kiosk) to configure single-app kiosks. This method is recommended only for demonstrations, as it requires that developer mode be enabled on the device.
- You can use [Microsoft Intune or other mobile device management (MDM) service](#set-up-kiosk-mode-using-microsoft-intune-or-mdm-windows-10-version-1803) to configure single-app and multi-app kiosks.
- You can [use a provisioning package](#setup-kiosk-mode-using-a-provisioning-package-windows-10-version-1803) to configure single-app and multi-app kiosks.
- You can [use the Windows Device Portal](#set-up-kiosk-mode-using-the-windows-device-portal-windows-10-version-1607-and-version-1803) to configure single-app kiosks. This method is recommended only for demonstrations, as it requires that developer mode be enabled on the device.
For HoloLens devices running Windows 10, version 1607, you can [use the Windows Device Portal](#portal-kiosk) to configure single-app kiosks.
For HoloLens devices running Windows 10, version 1607, you can [use the Windows Device Portal](#set-up-kiosk-mode-using-the-windows-device-portal-windows-10-version-1607-and-version-1803) to configure single-app kiosks.
<span id="start-kiosk"/>
## Start layout for HoloLens
## Start layout for HoloLens
If you use [MDM, Microsoft Intune](#intune-kiosk), or a [provisioning package](#ppkg-kiosk) to configure a multi-app kiosk, the procedure requires a Start layout. Start layout customization isn't supported in Holographic for Business, so you'll need to use a placeholder Start layout.
If you use [MDM, Microsoft Intune](#set-up-kiosk-mode-using-microsoft-intune-or-mdm-windows-10-version-1803), or a [provisioning package](#setup-kiosk-mode-using-a-provisioning-package-windows-10-version-1803) to configure a multi-app kiosk, the procedure requires a Start layout. Start layout customization isn't supported in Holographic for Business, so you'll need to use a placeholder Start layout.
>[!NOTE]
>Because a single-app kiosk launches the kiosk app when a user signs in, there is no Start screen displayed.
<span id="start-layout-file-for-intune" />
### Start layout file for MDM (Intune and others)
Save the following sample as an XML file. You will select this file when you configure the kiosk in Microsoft Intune (or in another MDM service that provides a kiosk profile).
@ -80,7 +78,7 @@ Save the following sample as an XML file. You will select this file when you con
### Start layout for a provisioning package
You will [create an XML file](#ppkg-kiosk) to define the kiosk configuration to be included in a provisioning package. Use the following sample in the `StartLayout` section of your XML file.
You will [create an XML file](#setup-kiosk-mode-using-a-provisioning-package-windows-10-version-1803) to define the kiosk configuration to be included in a provisioning package. Use the following sample in the `StartLayout` section of your XML file.
```xml
<!-- This section is required for parity with Desktop Assigned Access. It is not currently used on HoloLens -->
@ -100,34 +98,28 @@ You will [create an XML file](#ppkg-kiosk) to define the kiosk configuration to
]]>
</StartLayout>
<!-- This section is required for parity with Desktop Assigned Access. It is not currently used on HoloLens -->
```
```
<span id="intune-kiosk"/>
## Set up kiosk mode using Microsoft Intune or MDM (Windows 10, version 1803)
For HoloLens devices that are managed by Microsoft Intune, you [create a device profile](https://docs.microsoft.com/intune/device-profile-create) and configure the [Kiosk settings](https://docs.microsoft.com/intune/kiosk-settings).
For other MDM services, check your provider's documentation for instructions. If you need to use a custom setting and full XML configuration to set up a kiosk in your MDM service, [create an XML file that defines the kiosk configuration](#create-xml-file), and make sure to include the [Start layout](#start-layout-for-a-provisioning-package) in the XML file.
For other MDM services, check your provider's documentation for instructions. If you need to use a custom setting and full XML configuration to set up a kiosk in your MDM service, [create an XML file that defines the kiosk configuration](#create-a-kiosk-configuration-xml-file), and make sure to include the [Start layout](#start-layout-for-a-provisioning-package) in the XML file.
<span id="ppkg-kiosk"/>
## Setup kiosk mode using a provisioning package (Windows 10, version 1803)
Process:
1. [Create an XML file that defines the kiosk configuration.](#create-xml-file)
2. [Add the XML file to a provisioning package.](#add-xml)
3. [Apply the provisioning package to HoloLens.](#apply-ppkg)
1. [Create an XML file that defines the kiosk configuration.](#create-a-kiosk-configuration-xml-file)
2. [Add the XML file to a provisioning package.](#add-the-kiosk-configuration-xml-file-to-a-provisioning-package)
3. [Apply the provisioning package to HoloLens.](#apply-the-provisioning-package-to-hololens)
<span id="create-xml-file"/>
### Create a kiosk configuration XML file
Follow [the instructions for creating a kiosk configuration XML file for desktop](https://docs.microsoft.com/windows/configuration/lock-down-windows-10-to-specific-apps#configure-a-kiosk-using-a-provisioning-package), with the following exceptions:
- Do not include Classic Windows applications (Win32) since they aren't supported on HoloLens.
- Use the [placeholder Start XML](#start-kiosk) for HoloLens.
- Use the [placeholder Start XML](#start-layout-for-hololens) for HoloLens.
<span id="guest" />
#### Add guest access to the kiosk configuration (optional)
In the [Configs section of the XML file](https://docs.microsoft.com/windows/configuration/lock-down-windows-10-to-specific-apps#configs), you can configure a special group named **Visitor** to allow guests to use the kiosk. When the kiosk is configured with the **Visitor** special group, a "**Guest**" option is added to the sign-in page. The **Guest** account does not require a password, and any data associated with the account is deleted when the account signs out.
@ -143,8 +135,6 @@ Use the following snippet in your kiosk configuration XML to enable the **Guest*
</Configs>
```
<span id="add-xml"/>
### Add the kiosk configuration XML file to a provisioning package
1. Open [Windows Configuration Designer](https://www.microsoft.com/store/apps/9nblggh4tx22).
@ -174,8 +164,6 @@ Use the following snippet in your kiosk configuration XML to enable the **Guest*
16. Click **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status.
<span id="apply-ppkg"/>
### Apply the provisioning package to HoloLens
1. Connect HoloLens via USB to a PC and start the device, but do not continue past the **Fit** page of OOBE (the first page with the blue box).
@ -191,7 +179,6 @@ Use the following snippet in your kiosk configuration XML to enable the **Guest*
7. You will see whether the package was applied successfully or not. If it failed, you can fix your package and try again. If it succeeded, proceed with OOBE.
<span id="portal-kiosk"/>
## Set up kiosk mode using the Windows Device Portal (Windows 10, version 1607 and version 1803)
1. [Set up the HoloLens to use the Windows Device Portal](https://developer.microsoft.com/windows/mixed-reality/using_the_windows_device_portal#setting_up_hololens_to_use_windows_device_portal). The Device Portal is a web server on your HoloLens that you can connect to from a web browser on your PC.

23
devices/hololens/hololens-offline.md Normal file
View File

@ -0,0 +1,23 @@
---
title: Use HoloLens offline
description: To set up HoloLens, you'll need to connect to a Wi-Fi network
ms.assetid: b86f603c-d25f-409b-b055-4bbc6edcd301
ms.reviewer: jarrettrenshaw
ms.date: 07/01/2019
manager: v-miegge
keywords: hololens
ms.prod: hololens
ms.sitesec: library
author: v-miegge
ms.author: v-miegge
ms.topic: article
ms.localizationpriority: medium
---
# Use HoloLens offline
To set up HoloLens, you'll need to connect to a Wi-Fi network—the setup tutorial will show you how.
## HoloLens limitations
After your HoloLens is set up, you can use it without a Wi-Fi connection, but apps that use Internet connections may have limited capabilities when you use HoloLens offline.

55
devices/hololens/hololens-restart-recover.md Normal file
View File

@ -0,0 +1,55 @@
---
title: Restart, reset, or recover HoloLens
description: Restart, reset, or recover HoloLens
ms.assetid: 9a546416-1648-403c-9e0c-742171b8812e
ms.reviewer: jarrettrenshaw
ms.date: 07/01/2019
manager: v-miegge
keywords: hololens
ms.prod: hololens
ms.sitesec: library
author: v-miegge
ms.author: v-miegge
ms.topic: article
ms.localizationpriority: medium
---
# Restart, reset, or recover HoloLens
Here are some things to try if your HoloLens is unresponsive, isnt running well, or is experiencing software or update problems.
## Restart your HoloLens
If your HoloLens isnt running well or is unresponsive, try the following things.
First, try restarting the device: say, "Hey Cortana, restart the device."
If youre still having problems, press the power button for 4 seconds, until all of the battery indicators fade out. Wait 1 minute, then press the power button again to turn on the device.
If neither of those things works, force restart the device. Hold down the power button for 10 seconds. Release it and wait 30 seconds, then press the power button again to turn on the device.
## Reset or recover your HoloLens
If restarting your HoloLens doesnt help, another option is to reset it. If resetting it doesnt fix the problem, the Windows Device Recovery Tool can help you recover your device.
>[!IMPORTANT]
>Resetting or recovering your HoloLens will erase all of your personal data, including apps, games, photos, and settings. You wont be able to restore a backup once the reset is complete.
## Reset
Resetting your HoloLens keeps the version of the Windows Holographic software thats installed on it and returns everything else to factory settings.
To reset your HoloLens, go to **Settings** > **Update** > **Reset** and select **Reset device**. The battery will need to have at least a 40 percent charge remaining to reset.
## Recover using the Windows Device Recovery Tool
Before you use this tool, determine if restarting or resetting your HoloLens fixes the problem. The recovery process may take some time, and the latest version of the Windows Holographic software approved for your HoloLens will be installed.
To use the tool, youll need a computer running Windows 10 or later, with at least 4 GB of free storage space. Please note that you cant run this tool on a virtual machine.
To recover your HoloLens
1. Download and install the [Windows Device Recovery Tool](https://dev.azure.com/ContentIdea/ContentIdea/_queries/query/8a004dbe-73f8-4a32-94bc-368fc2f2a895/) on your computer.
1. Connect the clicker to your computer using the Micro USB cable that came with your HoloLens.
1. Run the Windows Device Recovery Tool and follow the instructions.
If the clicker isnt automatically detected, select **My device was not detected** and follow the instructions to put your device into recovery mode.

40
devices/hololens/hololens-spaces-on-hololens.md Normal file
View File

@ -0,0 +1,40 @@
---
title: Spaces on HoloLens
description: HoloLens blends holograms with your world
ms.assetid: bd55ecd1-697a-4b09-8274-48d1499fcb0b
ms.reviewer: jarrettrenshaw
ms.date: 07/01/2019
manager: v-miegge
keywords: hololens
ms.prod: hololens
ms.sitesec: library
author: v-miegge
ms.author: v-miegge
ms.topic: article
ms.localizationpriority: medium
---
# Spaces on HoloLens
HoloLens blends holograms with your world, mapping your surroundings to remember where you place your apps and content.
>[!NOTE]
>For your HoloLens to work properly, HoloLens Wi-Fi needs to be turned on, though it doesn't have to be connected to a network.
## Tips for setting up your space
HoloLens works best in certain kinds of environments. Choose a room with adequate light and plenty of space. Avoid dark spaces and rooms with a lot of dark, shiny, or translucent surfaces (for instance, mirrors or gauzy curtains).
>[!NOTE]
>HoloLens is optimized for indoor use. Use it in a safe place with no tripping hazards. [More on safety](https://support.microsoft.com/help/4023454/safety-information).
## Mapping your space
When HoloLens starts mapping your surroundings, you'll see a mesh graphic spreading over the space.
To help HoloLens learn a space, walk around the space and gaze around you. Air tap in a space to light up the mesh and see what's been mapped.
If your space changes significantly—for example, if a piece of furniture is moved—you might need to walk around the space and gaze around you so HoloLens can relearn it.
>[!NOTE]
>If HoloLens is having trouble mapping your space or you're have difficulty placing holograms, see [HoloLens and holograms: FAQ](https://support.microsoft.com/help/13456/hololens-and-holograms-faq).

40
devices/hololens/hololens-use-apps.md Normal file
View File

@ -0,0 +1,40 @@
---
title: Use apps on HoloLens
description: Apps on HoloLens use either 2D view or holographic view.
ms.assetid: 6bd124c4-731c-4bcc-86c7-23f9b67ff616
ms.reviewer: jarrettrenshaw
ms.date: 07/01/2019
manager: v-miegge
keywords: hololens
ms.prod: hololens
ms.sitesec: library
author: v-miegge
ms.author: v-miegge
ms.topic: article
ms.localizationpriority: medium
---
# Use apps on HoloLens
Apps on HoloLens use either 2D view or holographic view. Apps with 2D view look like windows, and apps with holographic view surround you and become the only app you see.
## Open apps
You'll find your apps either pinned to Start or in the All apps list. To get to the All apps list, use the bloom gesture to go to Start, then select **All apps**.
On Start or in the All apps list, select an app. It will open in a good position for viewing.
>[!NOTE]
>- Up to three 2D app windows can be active at a time. You can open more, but only three will remain active.
>- Each open app can have one active window at a time, except Microsoft Edge, which can have up to three.
>- If you're having problems with apps, make sure there's enough light in your space, and walk around so HoloLens has a current scan. If you keep having trouble, see [HoloLens and holograms: FAQ](https://support.microsoft.com/help/13456/hololens-and-holograms-faq) for more info.
## Move, resize, and rotate apps
After opening an app, you can [change its position and size](https://support.microsoft.com/help/12634).
## Close apps
To close an app that uses 2D view, gaze at it, then select **Close**.
To close an app that uses holographic view, use the bloom gesture to leave holographic view, then select **Close**.

BIN
devices/hololens/images/cortana-on-hololens.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 21 KiB

BIN
devices/hololens/images/recover-clicker-1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 28 KiB

BIN
devices/hololens/images/recover-clicker-2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 18 KiB

BIN
devices/hololens/images/use-hololens-clicker-1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 28 KiB

BIN
devices/hololens/images/use-hololens-clicker-2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 18 KiB

4
devices/surface-hub/TOC.md
View File

@ -6,6 +6,7 @@
### [What's new in Surface Hub 2S for IT admins](surface-hub-2s-whats-new.md)
### [Surface Hub 2S tech specs](surface-hub-2s-techspecs.md)
### [Operating system essentials (Surface Hub) ](differences-between-surface-hub-and-windows-10-enterprise.md)
### [Adjust Surface Hub 2S brightness, volume, and input](surface-hub-2s-onscreen-display.md)
## Plan
### [Surface Hub 2S Site Readiness Guide](surface-hub-2s-site-readiness-guide.md)
@ -20,7 +21,8 @@
### [Configure Easy Authentication for Surface Hub 2S](surface-hub-2s-phone-authenticate.md)
## Deploy
### [First run setup for Surface Hub 2S](surface-hub-2s-setup.md)
### [Surface Hub 2S adoption toolkit](surface-hub-2s-adoption-kit.md)
### [First time setup for Surface Hub 2S](surface-hub-2s-setup.md)
### [Surface Hub 2S deployment checklist](surface-hub-2s-deploy-checklist.md)
### [Create Surface Hub 2S device account](surface-hub-2s-account.md)
### [Create provisioning packages for Surface Hub 2S](surface-hub-2s-deploy.md)

BIN
devices/surface-hub/downloads/Guide-Surface Hub 2S-Office365.pptx Normal file
View File

Binary file not shown.

BIN
devices/surface-hub/downloads/Guide-SurfaceHub 2S-Navigation.pptx Normal file
View File

Binary file not shown.

BIN
devices/surface-hub/downloads/Guide-SurfaceHub2S-Teams.pptx Normal file
View File

Binary file not shown.

BIN
devices/surface-hub/downloads/Guide-SurfaceHub2S-Whiteboard.pptx Normal file
View File

Binary file not shown.

BIN
devices/surface-hub/downloads/Outline-SurfaceHub2S-EndUser.pdf Normal file
View File

Binary file not shown.

BIN
devices/surface-hub/downloads/Outline-SurfaceHub2S-HelpDesk.pdf Normal file
View File

Binary file not shown.

BIN
devices/surface-hub/downloads/Outline-SurfaceHub2S-PowerUser.pdf Normal file
View File

Binary file not shown.

BIN
devices/surface-hub/downloads/QRCConnectYourPC.pdf Normal file
View File

Binary file not shown.

BIN
devices/surface-hub/downloads/QRCJoinTeamsMeeting.pdf Normal file
View File

Binary file not shown.

BIN
devices/surface-hub/downloads/QRCManageTeamsMeeting.pdf Normal file
View File

Binary file not shown.

BIN
devices/surface-hub/downloads/QRCNavigationBasics.pdf Normal file
View File

Binary file not shown.

BIN
devices/surface-hub/downloads/QRCScheduleTeamsMeeting.pdf Normal file
View File

Binary file not shown.

BIN
devices/surface-hub/downloads/QRCShareSendFile.pdf Normal file
View File

Binary file not shown.

BIN
devices/surface-hub/downloads/QRCSignInToViewMeetingsFiles.pdf Normal file
View File

Binary file not shown.

BIN
devices/surface-hub/downloads/QRCStartNewTeamsMeeting.pdf Normal file
View File

Binary file not shown.

BIN
devices/surface-hub/downloads/QRCWhiteboardAdvanced.pdf Normal file
View File

Binary file not shown.

BIN
devices/surface-hub/downloads/QRCWhiteboardTools.pdf Normal file
View File

Binary file not shown.

BIN
devices/surface-hub/downloads/SurfaceHubAdoptionToolKit.pdf Normal file
View File

Binary file not shown.

BIN
devices/surface-hub/downloads/Training Guide-SurfaceHub2S-HelpDesk.pdf Normal file
View File

Binary file not shown.

BIN
devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-EndUser.pdf Normal file
View File

Binary file not shown.

BIN
devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-PowerUser.pdf Normal file
View File

Binary file not shown.

BIN
devices/surface-hub/images/sh2-onscreen-display.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 13 KiB

3
devices/surface-hub/local-management-surface-hub-settings.md
View File

@ -7,7 +7,7 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
ms.date: 06/20/2019
ms.date: 07/08/2019
ms.reviewer:
manager: dansimp
ms.localizationpriority: medium
@ -29,7 +29,6 @@ Surface Hubs have many settings that are common to other Windows devices, but al
| Change admin account password | Surface Hub > Accounts | Change the password for the local admin account. This is only available if you configured the device to use a local admin during first run. |
| Device Management | Surface Hub > Device management | Manage policies and business applications using mobile device management (MDM). |
| Provisioning packages | Surface Hub > Device management | Set or change provisioning packages installed on the Surface Hub. |
| Configure Operations Management Suite (OMS) | Surface Hub > Device management | Set up monitoring for your Surface Hub using OMS. |
| Open the Microsoft Store app | Surface Hub > Apps & features | The Microsoft Store app is only available to admins through the Settings app. |
| Skype for Business domain name | Surface Hub > Calling & Audio | Configure a domain name for your Skype for Business server. |
| Default Speaker volume | Surface Hub > Calling & Audio | Configure the default speaker volume for the Surface Hub when it starts a session. |

4
devices/surface-hub/save-bitlocker-key-surface-hub.md
View File

@ -10,7 +10,7 @@ ms.sitesec: library
author: levinec
ms.author: ellevin
ms.topic: article
ms.date: 06/20/2019
ms.date: 07/08/2019
ms.localizationpriority: medium
---
@ -27,7 +27,7 @@ There are several ways to manage your BitLocker key on the Surface Hub.
2. If youve joined the Surface Hub to Azure Active Directory (Azure AD), the BitLocker key will be stored under the account that was used to join the device.
3. If youre using an admin account to manage the device, you can save the BitLocker key by going to the **Settings** app and navigating to **Update & security** &gt; **Recovery**. Insert a USB drive and select the option to save the BitLocker key. The key will be saved to a text file on the USB drive.
3. If youre using a local admin account to manage the device, you can save the BitLocker key by going to the **Settings** app and navigating to **Update & security** &gt; **Recovery**. Insert a USB drive and select the option to save the BitLocker key. The key will be saved to a text file on the USB drive.
## Related topics

41
devices/surface-hub/surface-hub-2s-adoption-kit.md Normal file
View File

@ -0,0 +1,41 @@
---
title: "Surface Hub 2S adoption toolkit"
description: "Microsoft has developed downloadable materials that you can make available for your users to aid in adoption of Surface Hub 2S."
keywords: separate values with commas
ms.prod: surface-hub
ms.sitesec: library
author: robmazz
ms.author: robmazz
audience: Admin
ms.topic: article
ms.date: 07/08/2019
ms.localizationpriority: Normal
---
# Surface Hub 2S adoption toolkit
Microsoft has developed downloadable materials that you can make available for your users to aid in adoption of Surface Hub 2S.
## Training guides
- Surface Hub adoption toolkit
- Training guide end user
- Training guide power user
- Training guide help desk
- Training guide Microsoft Teams desktop
## End user guides
- Guide to Navigation on Surface Hub our
- Guide to Office 365 on Surface Hub
- Guide to Microsoft Whiteboard on Surface Hub
- Guide to Microsoft Teams on Surface Hub
## Quick reference cards
- Connect your PC
- Join a Teams Meeting
- Manage a Teams meeting
- Navigation basics
- Schedule a Teams meeting
- Start a new Teams meeting
- Share or send a file
- Sign in to view meetings and files
- Whiteboard advanced
- Whiteboard tools

37
devices/surface-hub/surface-hub-2s-onscreen-display.md Normal file
View File

@ -0,0 +1,37 @@
---
title: "Adjust Surface Hub 2S brightness, volume, and input"
description: "Learn how to use the onscreen display to adjust brightness and other settings in Surface Hub 2S."
keywords: separate values with commas
ms.prod: surface-hub
ms.sitesec: library
author: robmazz
ms.author: robmazz
audience: Admin
ms.topic: article
ms.date: 07/09/2019
ms.localizationpriority: Normal
---
# Adjust Surface Hub 2S brightness, volume, and input
Surface Hub 2S provides an on-screen display for volume, brightness, and input control. The Source button functions as a toggle key to switch between the volume, brightness, and input control menus.
**To show the on-screen display:**
- Press and hold the **Source** button for 4 seconds.
![Surface Hub 2S on-screen display](images/sh2-onscreen-display.png)<br>
When the on-screen display is visible, use one or more buttons to reach desired settings.
**To adjust volume:**
- Use the **Volume up/down** button to increase or decrease volume.
**To adjust brightness:**
1. Press the **Source** button again to switch to the brightness menu.
2. Use the **Volume up/down** button to increase or decrease brightness.
**To adjust input:**
1. Press the **Source** button twice to switch to the Source menu.
2. Use the **Volume up/down** button to switch between PC, HDMI, and USB-C inputs.

10
devices/surface-hub/surface-hub-2s-pack-components.md
View File

@ -19,15 +19,9 @@ If you replace your Surface Hub 2S, one of its components, or a related accessor
>[!IMPORTANT]
>When packing your device for shipment, make sure that you use the packaging in which your replacement device arrived.
This article contains the following procedures:
## How to pack your Surface Hub 2S 50”
- [How to pack your Surface Hub 2S 55”](#how-to-pack-your-surface-hub-2s-55)
- [How to replace and pack your Surface Hub 2S Compute Cartridge](#how-to-replace-and-pack-your-surface-hub-2s-compute-cartridge)
- [How to replace your Surface Hub 2S Camera](#how-to-replace-your-surface-hub-2s-camera)
## How to pack your Surface Hub 2S 55”
Use the following steps to pack your Surface Hub 2S 55" for shipment.
Use the following steps to pack your Surface Hub 2S 50" for shipment.
![The Surface Hub unit and mobile stand.](images/surface-hub-2s-repack-1.png)

1
devices/surface-hub/surface-hub-2s-setup.md
View File

@ -8,6 +8,7 @@ author: robmazz
ms.author: robmazz
audience: Admin
ms.topic: article
ms.date: 07/03/2019
ms.localizationpriority: Normal
---

5
devices/surface/TOC.md
View File

@ -30,7 +30,7 @@
### [Surface System SKU reference](surface-system-sku-reference.md)
## Manage
### [Maintain optimal power settings on Surface devices](maintain-optimal-power-settings-on-Surface-devices.md)
### [Best practice power settings for Surface devices](maintain-optimal-power-settings-on-Surface-devices.md)
### [Battery Limit setting](battery-limit.md)
### [Surface Brightness Control](microsoft-surface-brightness-control.md)
### [Surface Asset Tag](assettag.md)
@ -48,7 +48,8 @@
### [Unenroll Surface devices from SEMM](unenroll-surface-devices-from-semm.md)
## Support
### [Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md)
### [Fix common Surface problems using the Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-for-business-intro.md)
### [Deploy Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md)
### [Use Surface Diagnostic Toolkit for Business in desktop mode](surface-diagnostic-toolkit-desktop-mode.md)
### [Run Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md)
### [Surface Data Eraser](microsoft-surface-data-eraser.md)

22
devices/surface/change-history-for-surface.md
View File

@ -15,19 +15,27 @@ ms.topic: article
This topic lists new and updated topics in the Surface documentation library.
## July 2019
| **New or changed topic** | **Description** |
| ------------------------ | --------------- |
| [Deploy Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md) | Renamed to reflect focus on deployment guidance for IT professionals. Covers minor changes in Version 2.41.139.0. |
## June 2019
New or changed topic | Description
--- | ---
| **New or changed topic** | **Description** |
| ------------------------ | --------------- |
|[Fix common Surface problems using the Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-for-business-intro.md) | New introductory page for the Surface Diagnostic Toolkit for Business. |
| [Best practice power settings for Surface devices](maintain-optimal-power-settings-on-Surface-devices.md) |Updated with summary of recommendations for managing power settings and optimizing battery life. |
[Fix common Surface problems using the Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-for-business-intro.md) | New
## March 2019
New or changed topic | Description
--- | ---
[Surface System SKU reference](surface-system-sku-reference.md) | New
| **New or changed topic** | **Description** |
| ------------------------ | --------------- |
| [Surface System SKU reference](surface-system-sku-reference.md) | New |
## February 2019

26
devices/surface/images/Surface-Devices-400x140.svg
View File

@ -1 +1,25 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 140"><defs><style>.cls-1{fill:#939393;}.cls-2{fill:#d8d8d8;}.cls-3{fill:#2f2f2f;}</style></defs><title>Surface-Devices-400x140</title><g id="Layer_2" data-name="Layer 2"><rect class="cls-1" x="75.66" y="15.04" width="128" height="88" rx="5"/><rect class="cls-1" x="116.66" y="119.14" width="50" height="4.81"/><path class="cls-1" d="M167.66,101l-.8,13.08a3.69,3.69,0,0,1-3.3,2.92h-45.2a2.8,2.8,0,0,1-2.8-2.8h0l-.9-13.2h-3v19h59V101Z"/><rect class="cls-2" x="79.66" y="19.04" width="120" height="80"/><path class="cls-1" d="M315.66,122V62.5A2.46,2.46,0,0,0,313.2,60H226.12a2.46,2.46,0,0,0-2.46,2.46h0V122Z"/><rect class="cls-2" x="226.66" y="63.04" width="86" height="53"/><path class="cls-1" d="M322.56,124H216.78c-3.53,0-4.1-5-4.1-5h114S325.29,124,322.56,124Z"/><rect class="cls-3" x="268.66" y="62.04" width="1" height="1"/></g></svg>
<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 23.0.3, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
viewBox="0 0 400 140" style="enable-background:new 0 0 400 140;" xml:space="preserve">
<style type="text/css">
.st0{fill:#939393;}
.st1{fill:#2F2F2F;}
.st2{fill:#C2C2C2;}
.st3{opacity:0.25;fill:#E6E6E6;enable-background:new ;}
.st4{opacity:0.25;fill:#F3F3F3;enable-background:new ;}
</style>
<title>Surface-Devices-400x140</title>
<path class="st0" d="M80.7,15h118c2.8,0,5,2.2,5,5v78c0,2.8-2.2,5-5,5h-118c-2.8,0-5-2.2-5-5V20C75.7,17.3,77.9,15,80.7,15z"/>
<rect x="116.7" y="119.1" class="st0" width="50" height="4.8"/>
<path class="st0" d="M167.7,101l-0.8,13.1c-0.3,1.6-1.7,2.8-3.3,2.9h-45.2c-1.5,0-2.8-1.3-2.8-2.8v0l0,0l-0.9-13.2h-3v19h59v-19
H167.7z"/>
<path class="st0" d="M315.7,122V62.5c0-1.4-1.1-2.5-2.4-2.5c0,0,0,0,0,0h-87.1c-1.4,0-2.5,1.1-2.5,2.5c0,0,0,0,0,0l0,0V122H315.7z"
/>
<path class="st0" d="M322.6,124H216.8c-3.5,0-4.1-5-4.1-5h114C326.7,119,325.3,124,322.6,124z"/>
<rect x="268.7" y="62" class="st1" width="1" height="1"/>
<rect x="79.3" y="19" class="st2" width="120" height="80"/>
<polygon class="st3" points="199.3,19 151.3,19 199.3,63.9 "/>
<rect x="226.3" y="63" class="st2" width="86" height="53"/>
<polygon class="st4" points="311.3,63 273,63 311.3,98.9 "/>
</svg>

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 893 B

After

Width:  |  Height:  |  Size: 1.4 KiB

86
devices/surface/images/Surface-Hub-400x140.svg
View File

@ -1,59 +1,51 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 23.0.3, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
viewBox="0 0 400 140" style="enable-background:new 0 0 400 140;" xml:space="preserve">
<style type="text/css">
.st0{fill:#939393;}
.st1{fill:#C2C2C2;}
.st2{fill:#D8D8D8;}
.st3{opacity:0.2;fill:#2F2F2F;enable-background:new ;}
.st4{opacity:0.2;enable-background:new ;}
.st2{opacity:0.2;fill:#2F2F2F;enable-background:new ;}
.st3{opacity:0.2;enable-background:new ;}
.st4{opacity:0.25;fill:#FFFFFF;enable-background:new ;}
.st5{fill:#2F2F2F;}
.st6{fill:#808080;}
.st7{fill:#0078D4;}
</style>
<g id="Layer_1">
</g>
<g id="Layer_2">
<g>
<title>win_it-pro-6</title>
<g>
<rect x="84.5" y="8.5" class="st0" width="231" height="123"/>
<rect x="303.5" y="50.5" class="st1" width="11" height="80"/>
<rect x="85.5" y="50.5" class="st1" width="11" height="80"/>
<rect x="102.5" y="14.5" class="st2" width="195" height="111"/>
<rect x="303.5" y="8.5" class="st1" width="1" height="42"/>
<rect x="95.5" y="8.5" class="st1" width="1" height="42"/>
<circle class="st3" cx="90.5" cy="44.5" r="2"/>
<circle class="st3" cx="90.5" cy="55.5" r="2"/>
<circle class="st4" cx="309.5" cy="44.5" r="2"/>
<circle class="st4" cx="309.5" cy="55.5" r="2"/>
</g>
</g>
<g>
<title>DevicesLaptopTablet-blue</title>
<path class="st1" d="M371.9-633v10h4v-2.5c0-0.9,0.5-1.8,1.2-2.4l-0.2,0.1l0,0v-2.6h2v1.4l0,0l-0.2,0.1c0.3-0.1,0.6-0.2,0.9-0.2
h0.3v-2.4h2v2.4h8v-4L371.9-633z M375.9-624.5h-2v-5h2V-624.5z"/>
<path class="st5" d="M365.9-616.9c0,0.3,0.1,0.5,0.2,0.7c0.1,0.2,0.2,0.4,0.4,0.6c0.2,0.2,0.4,0.3,0.6,0.4
c0.2,0.1,0.5,0.2,0.7,0.2h8.1v-8h-4v-10h18v4h2v-6h-22v12.6l-3.3,3.5c-0.3,0.3-0.4,0.6-0.6,1C366-617.6,365.9-617.3,365.9-616.9z"
/>
<rect x="371.9" y="-623" class="st5" width="4" height="0"/>
<polygon class="st5" points="371.9,-633 389.9,-633 389.9,-633 "/>
<path class="st5" d="M397.3-611.6c0.2-0.2,0.3-0.4,0.4-0.6c0.1-0.3,0.2-0.5,0.2-0.8v-12c0-0.3-0.1-0.5-0.2-0.8
c-0.1-0.2-0.3-0.4-0.4-0.6c-0.2-0.2-0.4-0.3-0.6-0.4c-0.2-0.1-0.5-0.2-0.8-0.2h-16c-0.4,0-0.7,0.1-1,0.3c-0.6,0.3-1,0.9-1,1.6
v10.1l0,0v2c0,0.3,0,0.5,0.2,0.8c0.1,0.2,0.2,0.5,0.4,0.6c0.2,0.2,0.4,0.3,0.6,0.4c0.2,0.1,0.5,0.2,0.8,0.2h16
c0.3,0,0.5,0,0.8-0.2C396.9-611.2,397.1-611.4,397.3-611.6z M395.9-613h-16v-12h16V-613z"/>
<path class="st1" d="M379.9-613h16v-12h-16V-613z M387.9-621.2h2v6.3h-2V-621.2z M384.9-618h2v3.2h-2V-618z M381.9-619.8h2v5h-2
V-619.8z"/>
<path class="st6" d="M378.9-630.3h-2v2.6l0,0l0.1-0.1l0.2-0.1c0.1-0.1,0.3-0.2,0.5-0.3h0.1c0.2-0.1,0.3-0.2,0.5-0.3l0.4-0.2h0.1
l0.2-0.2V-630.3z"/>
<path class="st6" d="M378.9-628.9l-0.2,0.1L378.9-628.9z"/>
<rect x="381.9" y="-619.8" class="st6" width="2" height="5"/>
<rect x="384.9" y="-618" class="st6" width="2" height="3.2"/>
<rect x="387.9" y="-621.2" class="st7" width="2" height="6.3"/>
<rect x="373.9" y="-629.5" class="st6" width="2" height="5"/>
<polygon class="st7" points="381.9,-631.3 379.9,-631.3 379.9,-629 379.9,-629 381.9,-629 381.9,-629 381.9,-629 "/>
<rect x="379.9" y="-631.4" class="st7" width="2" height="0"/>
</g>
<title>win_it-pro-6</title>
<rect x="84.5" y="8.5" class="st0" width="231" height="123"/>
<rect x="303.5" y="50.5" class="st1" width="11" height="80"/>
<rect x="85.5" y="50.5" class="st1" width="11" height="80"/>
<rect x="303.5" y="8.5" class="st1" width="1" height="42"/>
<rect x="95.5" y="8.5" class="st1" width="1" height="42"/>
<circle class="st2" cx="90.5" cy="44.5" r="2"/>
<circle class="st2" cx="90.5" cy="55.5" r="2"/>
<circle class="st3" cx="309.5" cy="44.5" r="2"/>
<circle class="st3" cx="309.5" cy="55.5" r="2"/>
<rect x="102" y="15" class="st1" width="195" height="111"/>
<polygon class="st4" points="297,15 229.7,15 297,78 "/>
<g>
<title>DevicesLaptopTablet-blue</title>
<path class="st1" d="M371.9-633v10h4v-2.5c0-0.9,0.5-1.8,1.2-2.4l-0.2,0.1l0,0v-2.6h2v1.4l0,0l-0.2,0.1c0.3-0.1,0.6-0.2,0.9-0.2
h0.3v-2.4h2v2.4h8v-4L371.9-633z M375.9-624.5h-2v-5h2V-624.5z"/>
<path class="st5" d="M365.9-616.9c0,0.3,0.1,0.5,0.2,0.7s0.2,0.4,0.4,0.6c0.2,0.2,0.4,0.3,0.6,0.4c0.2,0.1,0.5,0.2,0.7,0.2h8.1v-8
h-4v-10h18v4h2v-6h-22v12.6l-3.3,3.5c-0.3,0.3-0.4,0.6-0.6,1C366-617.6,365.9-617.3,365.9-616.9z"/>
<polygon class="st5" points="371.9,-623 375.9,-623 375.9,-623 "/>
<polygon class="st5" points="371.9,-633 389.9,-633 389.9,-633 "/>
<path class="st5" d="M397.3-611.6c0.2-0.2,0.3-0.4,0.4-0.6c0.1-0.3,0.2-0.5,0.2-0.8v-12c0-0.3-0.1-0.5-0.2-0.8
c-0.1-0.2-0.3-0.4-0.4-0.6c-0.2-0.2-0.4-0.3-0.6-0.4c-0.2-0.1-0.5-0.2-0.8-0.2h-16c-0.4,0-0.7,0.1-1,0.3c-0.6,0.3-1,0.9-1,1.6v10.1
l0,0v2c0,0.3,0,0.5,0.2,0.8c0.1,0.2,0.2,0.5,0.4,0.6c0.2,0.2,0.4,0.3,0.6,0.4c0.2,0.1,0.5,0.2,0.8,0.2h16c0.3,0,0.5,0,0.8-0.2
C396.9-611.2,397.1-611.4,397.3-611.6z M395.9-613h-16v-12h16V-613z"/>
<path class="st1" d="M379.9-613h16v-12h-16V-613z M387.9-621.2h2v6.3h-2V-621.2z M384.9-618h2v3.2h-2V-618z M381.9-619.8h2v5h-2
V-619.8z"/>
<path class="st6" d="M378.9-630.3h-2v2.6l0,0l0.1-0.1l0.2-0.1c0.1-0.1,0.3-0.2,0.5-0.3h0.1c0.2-0.1,0.3-0.2,0.5-0.3l0.4-0.2h0.1
l0.2-0.2v-1.4H378.9z"/>
<path class="st6" d="M378.9-628.9l-0.2,0.1L378.9-628.9z"/>
<rect x="381.9" y="-619.8" class="st6" width="2" height="5"/>
<rect x="384.9" y="-618" class="st6" width="2" height="3.2"/>
<rect x="387.9" y="-621.2" class="st7" width="2" height="6.3"/>
<rect x="373.9" y="-629.5" class="st6" width="2" height="5"/>
<polygon class="st7" points="381.9,-631.3 379.9,-631.3 379.9,-629 379.9,-629 381.9,-629 381.9,-629 381.9,-629 "/>
<polygon class="st7" points="379.9,-631.4 381.9,-631.4 381.9,-631.4 "/>
</g>
</svg>

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 3.1 KiB

After

Width:  |  Height:  |  Size: 3.1 KiB

25
devices/surface/surface-diagnostic-toolkit-business.md
View File

@ -33,7 +33,7 @@ To run SDT for Business, download the components listed in the following table.
Mode | Primary scenarios | Download | Learn more
--- | --- | --- | ---
Desktop mode | Assist users in running SDT on their Surface devices to troubleshoot issues.<br>Create a custom package to deploy on one or more Surface devices allowing users to select specific logs to collect and analyze. | SDT distributable MSI package:<br>Microsoft Surface Diagnostic Toolkit for Business Installer<br>[Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) | [Use Surface Diagnostic Toolkit in desktop mode](surface-diagnostic-toolkit-desktop-mode.md)
Command line | Directly troubleshoot Surface devices remotely without user interaction, using standard tools such as Configuration Manager. It includes the following commands:<br>`-DataCollector` collects all log files<br>`-bpa` runs health diagnostics using Best Practice Analyzer.<br>`-windowsupdate` checks Windows update for missing firmware or driver updates.<br>`-warranty` checks warranty information. <br><br>| SDT console app:<br>Microsoft Surface Diagnostics App Console<br>[Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) | [Run Surface Diagnostic Toolkit using commands](surface-diagnostic-toolkit-command-line.md)
Command line | Directly troubleshoot Surface devices remotely without user interaction, using standard tools such as Configuration Manager. It includes the following commands:<br>`-DataCollector` collects all log files<br>`-bpa` runs health diagnostics using Best Practice Analyzer.<br>`-windowsupdate` checks Windows Update for missing firmware or driver updates.<br>`-warranty` checks warranty information. <br><br>| SDT console app:<br>Microsoft Surface Diagnostics App Console<br>[Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) | [Run Surface Diagnostic Toolkit using commands](surface-diagnostic-toolkit-command-line.md)
## Supported devices
@ -123,21 +123,22 @@ Creating a custom package allows you to target the tool to specific known issues
*Figure 3. Create custom package*
### Language and telemetry page
### Language and telemetry settings
When you start creating the custom package, youre asked whether you agree to send data to Microsoft to help improve the application. For more information,see the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement). Sharing is on by default, so uncheck the box if you wish to decline.
When creating a package, you can select language settings or opt out of sending telemetry information to Microsoft. By default, SDT sends telemetry to Microsoft that is used to improve the application in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement). If you wish to decline, clear the check box when creating a custom package, as shown below. Or clear the **Send telemetry to Microsoft** check box on the **Install Options** page during SDT Setup.
>[!NOTE]
>This setting is limited to only sharing data generated while running packages.
>This setting does not affect the minimal telemetry automatically stored on Microsoft servers when running tests and repairs that require an Internet connection, such as Windows Update and Software repair, or providing feedback using the Smile or Frown buttons in the app toolbar.
![Select language and telemetry settings](images/sdt-4.png)
*Figure 4. Select language and telemetry settings*
### Windows Update page
Select the option appropriate for your organization. Most organizations with multiple users will typically select to receive updates via Windows Server Update Services (WSUS), as shown in figure 5. If using local Windows update packages or WSUS, enter the path as appropriate.
Select the option appropriate for your organization. Most organizations with multiple users will typically select to receive updates via Windows Server Update Services (WSUS), as shown in figure 5. If using local Windows Update packages or WSUS, enter the path as appropriate.
![Select Windows Update option](images/sdt-5.png)
@ -170,8 +171,8 @@ You can select to run a wide range of logs across applications, drivers, hardwar
*Release date: June 24, 2019*<br>
This version of Surface Diagnostic Toolkit for Business adds support for the following:
- Driver version information included in logs and report.
- Ability to provide feedback about the app <br>
Please note that even though you turn off telemtry, windows update and feedback still connect to the internet.
- Ability to provide feedback about the app.<br>
### Version 2.36.139.0
*Release date: April 26, 2019*<br>
@ -180,11 +181,3 @@ This version of Surface Diagnostic Toolkit for Business adds support for the fol
- Accessibility improvements.
- Surface brightness control settings included in logs.
- External monitor compatibility support link in report generator.

2
devices/surface/surface-diagnostic-toolkit-for-business-intro.md
View File

@ -28,7 +28,7 @@ Before you run the diagnostic tool, make sure you have the latest Windows update
**To run the Surface Diagnostic Toolkit for Business:**
1. Download the [Surface Diagnostic Toolkit for Business](https://aka.ms/checkmysurface).
1. Download the [Surface Diagnostic Toolkit for Business](https://aka.ms/SDT4B).
2. Select Run and follow the on-screen instructions.
The diagnosis and repair time averages 15 minutes but could take an hour or longer, depending on internet connection speed and the number of updates or repairs required. For more detailed information on Surface Diagnostic Toolkit for Business, refer to [Deploy Surface Diagnostic Toolkit for Business](https://docs.microsoft.com/surface/surface-diagnostic-toolkit-business).

12
education/index.md
View File

@ -55,8 +55,8 @@ ms.prod: w10
</div>
</div>
<div class="cardText">
<h3>Deployment Overview</h3>
<p>Learn how to deploy our suite of education offerings. Set up a cloud infrastructure for your school, acquire apps, and configure and manage Windows 10 devices.</p>
<h3>Deployment Guidance</h3>
<p>Dive right into the step-by-step process for the easiest deployment path to M365 EDU. We walk you through setting up cloud infrastructure, configuring and managing devices, and migrating on-premise servers for Sharepoint and Exchange to the cloud.</p>
</div>
</div>
</div>
@ -76,7 +76,7 @@ ms.prod: w10
</div>
</div>
<div class="cardText">
<h3>1. Cloud deployment</h3>
<h3>1. M365 EDU deployment</h3>
<p>Get started by creating your Office 365 tenant, setting up a cloud infrastructure for your school, and creating, managing, and syncing user accounts.</p>
</div>
</div>
@ -104,7 +104,7 @@ ms.prod: w10
</a>
</li>
<li>
<a href="/microsoft-365/education/index?branch=m365-integration#pivot=itpro&amp;panel=itpro-atft" target="_blank">
<a href="/microsoft-365/education/deploy/post-deployment-next-steps" target="_blank">
<div class="cardSize">
<div class="cardPadding">
<div class="card">
@ -114,8 +114,8 @@ ms.prod: w10
</div>
</div>
<div class="cardText">
<h3>3. Tools for Teachers</h3>
<p>The latest classroom resources at teachers fingertips when you deploy Learning Tools, OneNote Class Notebooks, Teams, and more.</p>
<h3>3. Post Deployment Next Steps</h3>
<p>Migrate to Sharepoint Server Hybrid or Sharepoint Online, and Exchange Server Hybrid or Exchange Online. Configure settings in your Admin portals.</p>
</div>
</div>
</div>

24
mdop/appv-v5/app-v-51-supported-configurations.md
View File

@ -118,11 +118,21 @@ The following table lists the SQL Server versions that are supported for the App
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>Microsoft SQL Server 2014</p></td>
<td align="left"><p>Microsoft SQL Server 2017</p></td>
<td align="left"><p></p></td>
<td align="left"><p>32-bit or 64-bit</p></td>
</tr>
<tr class="even">
<td align="left"><p>Microsoft SQL Server 2016</p></td>
<td align="left"><p>SP2</p></td>
<td align="left"><p>32-bit or 64-bit</p></td>
</tr>
<tr class="odd">
<td align="left"><p>Microsoft SQL Server 2014</p></td>
<td align="left"><p>SP2</p></td>
<td align="left"><p>32-bit or 64-bit</p></td>
</tr>
<tr class="even">
<td align="left"><p>Microsoft SQL Server 2012</p></td>
<td align="left"><p>SP2</p></td>
<td align="left"><p>32-bit or 64-bit</p></td>
@ -262,11 +272,21 @@ The following table lists the SQL Server versions that are supported for the App
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>Microsoft SQL Server 2014</p></td>
<td align="left"><p>Microsoft SQL Server 2017</p></td>
<td align="left"><p></p></td>
<td align="left"><p>32-bit or 64-bit</p></td>
</tr>
<tr class="even">
<td align="left"><p>Microsoft SQL Server 2016</p></td>
<td align="left"><p>SP2</p></td>
<td align="left"><p>32-bit or 64-bit</p></td>
</tr>
<tr class="odd">
<td align="left"><p>Microsoft SQL Server 2014</p></td>
<td align="left"><p>SP2</p></td>
<td align="left"><p>32-bit or 64-bit</p></td>
</tr>
<tr class="even">
<td align="left"><p>Microsoft SQL Server 2012</p></td>
<td align="left"><p>SP2</p></td>
<td align="left"><p>32-bit or 64-bit</p></td>

2
mdop/mbam-v25/about-mbam-25.md
View File

@ -358,7 +358,7 @@ MBAM is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part o
For more information and late-breaking news that is not included in this documentation, see [Release Notes for MBAM 2.5](release-notes-for-mbam-25.md).
## Got a suggestion for MBAM?
- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring).
- Send your feedback [here](https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub).
- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
## Related topics

6
windows/application-management/manage-windows-mixed-reality.md
View File

@ -22,10 +22,8 @@ ms.topic: article
[Windows Mixed Reality](https://blogs.windows.com/windowsexperience/2017/10/03/the-era-of-windows-mixed-reality-begins-october-17/) was introduced in Windows 10, version 1709 (also known as the Fall Creators Update), as a [Windows 10 Feature on Demand (FOD)](https://docs.microsoft.com/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities). Features on Demand are Windows feature packages that can be added at any time. When a Windows 10 PC needs a new feature, it can request the feature package from Windows Update.
Organizations that use Windows Server Update Services (WSUS) must take action to [enable Windows Mixed Reality](#enable). Any organization that wants to prohibit use of Windows Mixed Reality can [block the installation of the Mixed Reality Portal](#block).
Organizations that use Windows Server Update Services (WSUS) must take action to [enable Windows Mixed Reality](#enable-windows-mixed-reality-in-wsus). Any organization that wants to prohibit use of Windows Mixed Reality can [block the installation of the Mixed Reality Portal](#block-the-mixed-reality-portal).
<span id="enable" />
## Enable Windows Mixed Reality in WSUS
1. [Check your version of Windows 10.](https://support.microsoft.com/help/13443/windows-which-operating-system)
@ -52,8 +50,6 @@ Organizations that use Windows Server Update Services (WSUS) must take action to
IT admins can also create [Side by side feature store (shared folder)](https://technet.microsoft.com/library/jj127275.aspx) to allow access to the Windows Mixed Reality FOD.
<span id="block" />
## Block the Mixed Reality Portal
You can use the [AppLocker configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/applocker-csp) to block the Mixed Reality software.

22
windows/client-management/mdm/TOC.md
View File

@ -45,28 +45,6 @@
## [DMProcessConfigXMLFiltered](dmprocessconfigxmlfiltered.md)
## [Using PowerShell scripting with the WMI Bridge Provider](using-powershell-scripting-with-the-wmi-bridge-provider.md)
## [WMI providers supported in Windows 10](wmi-providers-supported-in-windows.md)
## [Create a custom configuration service provider](create-a-custom-configuration-service-provider.md)
### [Design a custom configuration service provider](design-a-custom-windows-csp.md)
### [IConfigServiceProvider2](iconfigserviceprovider2.md)
#### [IConfigServiceProvider2::ConfigManagerNotification](iconfigserviceprovider2configmanagernotification.md)
#### [IConfigServiceProvider2::GetNode](iconfigserviceprovider2getnode.md)
### [ICSPNode](icspnode.md)
#### [ICSPNode::Add](icspnodeadd.md)
#### [ICSPNode::Clear](icspnodeclear.md)
#### [ICSPNode::Copy](icspnodecopy.md)
#### [ICSPNode::DeleteChild](icspnodedeletechild.md)
#### [ICSPNode::DeleteProperty](icspnodedeleteproperty.md)
#### [ICSPNode::Execute](icspnodeexecute.md)
#### [ICSPNode::GetChildNodeNames](icspnodegetchildnodenames.md)
#### [ICSPNode::GetProperty](icspnodegetproperty.md)
#### [ICSPNode::GetPropertyIdentifiers](icspnodegetpropertyidentifiers.md)
#### [ICSPNode::GetValue](icspnodegetvalue.md)
#### [ICSPNode::Move](icspnodemove.md)
#### [ICSPNode::SetProperty](icspnodesetproperty.md)
#### [ICSPNode::SetValue](icspnodesetvalue.md)
### [ICSPNodeTransactioning](icspnodetransactioning.md)
### [ICSPValidate](icspvalidate.md)
### [Samples for writing a custom configuration service provider](samples-for-writing-a-custom-configuration-service-provider.md)
## [Configuration service provider reference](configuration-service-provider-reference.md)
### [AccountManagement CSP](accountmanagement-csp.md)
#### [AccountManagement DDF file](accountmanagement-ddf.md)

97
windows/client-management/mdm/create-a-custom-configuration-service-provider.md
View File

@ -1,97 +0,0 @@
---
title: Create a custom configuration service provider
description: Create a custom configuration service provider
ms.assetid: 0cb37f03-5bf2-4451-8276-23f4a1dee33f
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 06/26/2017
---
# Create a custom configuration service provider
Mobile device OEMs can create custom configuration service providers to manage their devices. A configuration service provider includes an interface for creating, editing, and deleting nodes, and the nodes themselves. Each node contains data for one registry value and can optionally support get, set, and delete operations.
To design a custom configuration service provider, the OEM must perform the following steps:
1. Establish node semantics
2. Shape the configuration service provider's subtree
3. Choose a transactioning scheme for each node
4. Determine node operations
For more information, see [Designing a custom configuration service provider](design-a-custom-windows-csp.md).
To write a custom configuration service provider, the OEM must implement the following interfaces:
- [IConfigServiceProvider2](iconfigserviceprovider2.md) (one per configuration service provider)
- [ICSPNode](icspnode.md) (one per node)
- [ICSPNodeTransactioning](icspnodetransactioning.md) (optional, for internally transactioned nodes only)
- [ICSPValidate](icspvalidate.md) (optional, for UI only)
This code must be compiled into a single .dll file and added to a package by using the instructions found in "Adding content to a package" in [Creating packages](https://msdn.microsoft.com/library/windows/hardware/dn756642). While writing this code, OEMs can store registry settings and files in the following locations.
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<tbody>
<tr class="odd">
<td><p><strong>File location</strong></p></td>
<td><p>%DataDrive%\SharedData\OEM\CSP&lt;/p&gt;</td>
</tr>
<tr class="even">
<td><p><strong>Registry location</strong></p></td>
<td><p>$(HKLM.SOFTWARE)\OEM\CSP&lt;/p&gt;</td>
</tr>
</tbody>
</table>
For examples of how to perform common tasks such as adding a node, replacing a node's value, querying a node's value, or enumerating a node's children, see [Samples for writing a custom configuration service provider](samples-for-writing-a-custom-configuration-service-provider.md).
To register the configuration service provider as a COM object, you must add the following registry setting to your package. This step is required. In the following sample, replace *uniqueCSPguid* with a new, unique CLSID generated for this purpose. Replace *dllName* with the name of the .dll file that contains the code for your configuration service provider.
``` syntax
<RegKeys>
<RegKey KeyName="$(HKCR.CLASSES)\CLSID\{uniqueCSPguid}\InprocServer32">
<RegValue Name="@" Type="REG_SZ" Value="dllName.dll" />
</RegKey>
</RegKeys>
```
To register the configuration service provider with ConfigManager2, you must add the following registry setting to your package. This step is required. In the following sample, replace *dllName* with the name of the configuration service provider (the name of the root node). Replace *uniqueCSPguid* with the same *uniqueCSPguid* value as in the preceding example.
``` syntax
<RegKeys>
<RegKey KeyName="$(HKLM.SOFTWARE)\Microsoft\Provisioning\CSPs\.\Vendor\OEM\{Name}">
<RegValue Name="@" Value="{uniqueCSPguid}" Type="REG_SZ"/>
</RegKey>
</RegKeys>
```
To make the configuration service provider accessible from WAP XML, you must register it with the WAP data processing unit by setting the following registry key in your package. Replace *Name* with the name of the configuration service provider. Leave the GUID value exactly as written here.
``` syntax
<RegKeys>
<RegKey KeyName="$(HKLM.SOFTWARE)\Classes\Name">
<RegValue Name="WAPNodeProcessor" Value="{FB11047A-4051-4d1d-9DCA-C80C5DF98D70}"
Type="REG_SZ"/>
</RegKey>
</RegKeys>
```

169
windows/client-management/mdm/design-a-custom-windows-csp.md
View File

@ -1,169 +0,0 @@
---
title: Design a custom configuration service provider
description: Design a custom configuration service provider
MS-HAID:
- 'p\_phDeviceMgmt.designing\_a\_custom\_configuration\_service\_provider'
- 'p\_phDeviceMgmt.design\_a\_custom\_windows\_csp'
ms.assetid: 0fff9516-a71a-4036-a57b-503ef1a81a37
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 06/26/2017
---
# Design a custom configuration service provider
To design a custom configuration service provider, the OEM must perform the following steps:
1. Establish node semantics
2. Shape the configuration service provider's subtree
3. Choose a transactioning scheme for each node
4. Determine node operations
For more information about the larger process of writing a new configuration service provider, see [Create a custom configuration service provider](create-a-custom-configuration-service-provider.md).
## Establish node semantics
First, determine the nodes you need based on the kind of data to be stored in the registry.
Nodes can represent anything from abstract concepts or collections (such as email accounts or connection settings) to more concrete objects (such as registry keys and values, directories, and files).
### Example
For example, a hypothetical Email configuration service provider might have these nodes:
- Account: The name of the email account (such as "Hotmail")
- Username: The user name or email address ("exampleAccount@hotmail.com")
- Password: The user's password
- Server: The DNS address of the server ("mail-serv1-example.mail.hotmail.com")
The `Account`, `Username`, and `Server` nodes would hold text-based information about the email account, the user's email address, and the server address associated with that account. The `Password` node, however, might hold a binary hash of the user's password.
## Shape the configuration service provider's subtree
After determining what the nodes represent, decide where each node fits in the settings hierarchy.
The root node of a configuration service provider's subtree must be the name of the configuration service provider. In this example, the root node is `Email`.
All of the nodes defined in the previous step must reside under the configuration service provider's root node. Leaf nodes should be used to store data, and interior nodes should be used to group the data into logical collections. Node URIs must be unique. In other words, no two nodes can have both the same parent and the same name.
There are three typical scenarios for grouping and structuring the nodes:
- If all of the data belongs to the same component and no further categorizing or grouping is required, you can build a flat tree in which all values are stored directly under the root node. For examples of this design, see [DevInfo configuration service provider](devinfo-csp.md), [HotSpot configuration service provider](hotspot-csp.md), and [w4 APPLICATION configuration service provider](w4-application-csp.md).
- If the configuration service provider's nodes represent a preexisting set of entities whose structure is well-defined (such as directories and files), the configuration service provider's nodes can simply mirror the existing structure.
- If the data must be grouped by type or component, a more complex structure is required. This is especially true when there can be multiple instances of the dataset on the device, and each set is indexed by an ID, account name, or account type. In this case, you must build a more complex tree structure. For examples, see [ActiveSync configuration service provider](activesync-csp.md), [CertificateStore configuration service provider](certificatestore-csp.md), and [CMPolicy configuration service provider](cmpolicy-csp.md).
### Example
The following image shows an incorrect way to structure the hypothetical `Email` configuration service provider. The interior `Account` nodes group the account data (server name, user name, and user password).
![provisioning\-customcsp\-example1](images/provisioning-customcsp-example1.png)
However, the account nodes in this design are not unique. Even though the nodes are grouped sensibly, the path for each of the leaf nodes is ambiguous. There is no way to disambiguate the two `Username` nodes, for example, or to reliably access the same node by using the same path. This structure will not work. The easiest solution to this problem is usually to replace an interior node (the grouping node) by:
1. Promoting a child node.
2. Using the node value as the name of the new interior node.
The following design conveys the same amount of information as the first design, but all nodes have a unique path, and therefore it will work.
![provisioning\-customcsp\-example2](images/provisioning-customcsp-example2.png)
In this case, the `Server` nodes have been promoted up one level to replace the `Account` nodes, and their values are now used as the node names. For example, you could have two different email accounts on the phone, with server names "www.hotmail.com" and "exchange.microsoft.com", each of which stores a user name and a password.
Note that the process of shaping the configuration service providers subtree influences the choice of transactioning schemes for each node. If possible, peer nodes should not have dependencies on each other. Internode dependencies other than parent/child relationships create mandatory groups of settings, which makes configuration service provider development more difficult.
## Choose a transactioning scheme for each node
For each node, decide whether to use *external transactioning* or *internal transactioning* to manage the transaction phases (rollback persistence, rollback, and commitment) for the node.
External transactioning is the simplest option because it allows ConfigManager2 to automatically handle the node's transactioning.
However, you must use internal transactioning for the following types of nodes:
- A node that supports the **Execute** method.
- A node that contains sensitive information (such as a password) that must not be saved in plain text in the ConfigManager2 rollback document.
- A node that has a dependency on another node that is not a parent. For example, if a parent node has two children that are both required, the configuration service provider could use internal transactioning to defer provisioning the account until both values are set.
You can choose to mix transactioning modes in your configuration service provider, using internal transactioning for some operations but external transactioning for others. For more information about writing an internally transactioned node, see the [ICSPNodeTransactioning](icspnodetransactioning.md) interface.
## Determine node operations
The operations available for each node can vary depending on the purpose of the configuration service provider. The configuration service provider will be easier to use if the operations are consistent. For more information about the supported operations, see the [ICSPNode](icspnode.md) interface.
For externally transactioned nodes, an operation implementation must include the contrary operations shown in the following table to allow rollback of the operation.
For internally transactioned nodes, the practice of implementing the contrary commands for each command is recommended, but not required.
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th>Node operation</th>
<th>Contrary node operation</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td><p><strong>Add</strong></p></td>
<td><p><strong>Clear</strong> and <strong>DeleteChild</strong></p></td>
</tr>
<tr class="even">
<td><p><strong>Copy</strong></p></td>
<td><p>To copy to a new node: <strong>Clear</strong> and <strong>DeleteChild</strong></p>
<p>To copy to an existing node: <strong>Add</strong> and <strong>SetValue</strong></p></td>
</tr>
<tr class="odd">
<td><p><strong>Clear</strong></p></td>
<td><p>To restore the state of the deleted node: <strong>SetValue</strong> and <strong>SetProperty</strong></p></td>
</tr>
<tr class="even">
<td><p><strong>DeleteChild</strong></p></td>
<td><p>To restore the old node: <strong>Add</strong></p></td>
</tr>
<tr class="odd">
<td><p><strong>DeleteProperty</strong></p></td>
<td><p>To restore the deleted property: <strong>SetProperty</strong></p></td>
</tr>
<tr class="even">
<td><p><strong>Execute</strong></p></td>
<td><p>Externally transactioned nodes do not support the <strong>Execute</strong> command.</p></td>
</tr>
<tr class="odd">
<td><p><strong>GetValue</strong></p></td>
<td><p>None</p></td>
</tr>
<tr class="even">
<td><p><strong>Move</strong></p></td>
<td><p>To restore a source node: <strong>Move</strong></p>
<p>To restore an overwritten target node: <strong>Add</strong> and <strong>SetValue</strong></p></td>
</tr>
<tr class="odd">
<td><p><strong>SetValue</strong></p></td>
<td><p>To restore the previous value: <strong>SetValue</strong></p></td>
</tr>
</tbody>
</table>

57
windows/client-management/mdm/iconfigserviceprovider2.md
View File

@ -1,57 +0,0 @@
---
title: IConfigServiceProvider2
description: IConfigServiceProvider2
ms.assetid: 8deec0fb-59a6-4d08-8ddb-6d0d3d868a10
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 06/26/2017
---
# IConfigServiceProvider2
OEMs are required to implement this interface once per configuration service provider. ConfigManager2 clients use this interface to instantiate the configuration service provider, to communicate general state information to the configuration service provider, and often to access or create nodes.
The following table shows the methods defined by this interface that OEMs must implement.
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th>Method</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td><p><a href="iconfigserviceprovider2configmanagernotification.md" data-raw-source="[IConfigServiceProvider2::ConfigManagerNotification](iconfigserviceprovider2configmanagernotification.md)">IConfigServiceProvider2::ConfigManagerNotification</a></p></td>
<td><p>Enables ConfigManager2 to send notifications to a configuration service provider of events such as when the configuration service provider is loaded or unloaded, when rollbacks are performed, and when actions are called on nodes.</p></td>
</tr>
<tr class="even">
<td><p><a href="iconfigserviceprovider2getnode.md" data-raw-source="[IConfigServiceProvider2::GetNode](iconfigserviceprovider2getnode.md)">IConfigServiceProvider2::GetNode</a></p></td>
<td><p>Returns a node from the configuration service provider based on the path relative to the root node.</p></td>
</tr>
</tbody>
</table>
## Related topics
[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md)

146
windows/client-management/mdm/iconfigserviceprovider2configmanagernotification.md
View File

@ -1,146 +0,0 @@
---
title: IConfigServiceProvider2 ConfigManagerNotification
description: IConfigServiceProvider2 ConfigManagerNotification
ms.assetid: b1f0fe0f-afbe-4b36-a75d-34239a86a75c
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 06/26/2017
---
# IConfigServiceProvider2::ConfigManagerNotification
This method enables ConfigManager2 to send notifications of events to a configuration service provider, such as when the configuration service provider is loaded or unloaded, when rollbacks are performed, and when actions are called on nodes.
## Syntax
``` syntax
HRESULT ConfigManagerNotification([in] CFGMGR_NOTIFICATION cmnfyState,
[in] LPARAM lpParam);
```
## Parameters
<a href="" id="cmnfystate"></a>*cmnfyState*
<ul style="list-style-type:none">
<li>
The following events are supported by all configuration service providers.
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th>Event</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td><p>CFGMGR_NOTIFICATION_LOAD</p></td>
<td><p>First time the configuration service provider is loaded/instantiated.</p></td>
</tr>
<tr class="even">
<td><p>CFGMGR_NOTIFICATION_BEGINCOMMANDPROCESSING</p></td>
<td><p>About to run the first command of a transaction.</p></td>
</tr>
<tr class="odd">
<td><p>CFGMGR_NOTIFICATION_ENDCOMMANDPROCESSING</p></td>
<td><p>Last command of transaction has executed. This event is always raised if <code>BEGINCOMMANDPROCESSING</code> was raised, even if the handling of <code>BEGINCOMMANDPROCESSING</code> failed.</p></td>
</tr>
<tr class="even">
<td><p>CFGMGR_NOTIFICATION_BEGINCOMMIT</p></td>
<td><p>About to commit the first command of a transaction.</p></td>
</tr>
<tr class="odd">
<td><p>CFGMGR_NOTIFICATION_ENDCOMMIT</p></td>
<td><p>Last command of a transaction has been committed. This event is always raised if <code>BEGINCOMMIT</code> was raised, even if the handling of <code>BEGINCOMMIT</code> failed.</p></td>
</tr>
<tr class="even">
<td><p>CFGMGR_NOTIFICATION_BEGINROLLBACK</p></td>
<td><p>About to roll back the first command of the transaction.</p></td>
</tr>
<tr class="odd">
<td><p>CFGMGR_NOTIFICATION_ENDROLLBACK</p></td>
<td><p>Last command of the transaction has been rolled back. This event is always raised if <code>BEGINROLLBACK</code> was raised, even if the handling of <code>BEGINROLLBACK</code> failed.</p></td>
</tr>
<tr class="even">
<td><p>CFGMGR_NOTIFICATION_UNLOAD</p></td>
<td><p>The configuration service provider is about to be unloaded/deleted.</p></td>
</tr>
<tr class="odd">
<td><p>CFGMGR_NOTIFICATION_SETSESSIONOBJ</p></td>
<td><p>Session object is available for use; <em>lpParam</em> can be cast to an IConfigSession2 pointer.</p></td>
</tr>
<tr class="even">
<td><p>CFGMGR_NOTIFICATION_BEGINTRANSACTIONING</p></td>
<td><p>Primarily used for compatibility with v1 configuration service providers. Signals the beginning of a transactioning sequence.</p></td>
</tr>
<tr class="odd">
<td><p>CFGMGR_NOTIFICATION_ENDTRANSACTIONING</p></td>
<td><p>Primarily used for compatibility with v1 configuration service providers. Signals the end of a transactioning sequence.</p></td>
</tr>
</tbody>
</table>
</li>
</ul>
<br>
<a href="" id="lpparam"></a>*lpParam*
<ul style="list-style-type:none">
<li>
Normally NULL, but contains a pointer to an IConfigSession2 instance if <em>cmnfState</em> is CFGMGR_NOTIFICATION_SETSESSIONOBJ.
</li>
</ul>
<br>
## Return Value
A value of S\_OK indicates success.
## Remarks
ConfigManager2 guarantees that if it raised one of the BEGIN events
- CFGMGR\_NOTIFICATION\_BEGINCOMMANDPROCESSING
- CFGMGR\_NOTIFICATION\_BEGINCOMMIT
- CFGMGR\_NOTIFICATION\_BEGINROLLBACK
then the corresponding END event will be raised, even if the handling of the BEGIN notification failed.
For each transaction, the sequence of notifications is:
1. BEGINCOMMANDPROCESSING
2. BEGINTRANSACTIONING
3. ENDTRANSACTIONING
4. ENDCOMMANDPROCESSING
5. Either BEGINCOMMIT or BEGINROLLBACK, depending on whether the transaction succeeded or failed.
6. Either ENDCOMMIT or ENDROLLBACK, depending on whether the transaction succeeded or failed.
Each configuration service provider will receive the relevant BEGIN/END notifications exactly once per each transaction that ConfigManager2 executes.
## Requirements
**Header:** None

106
windows/client-management/mdm/iconfigserviceprovider2getnode.md
View File

@ -1,106 +0,0 @@
---
title: IConfigServiceProvider2 GetNode
description: IConfigServiceProvider2 GetNode
ms.assetid: 4dc10a59-f6a2-45c0-927c-d594afc9bb91
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 06/26/2017
---
# IConfigServiceProvider2::GetNode
This method returns a node from the configuration service provider based on the path that was passed in. The returned node is a descendent of the root node.
## Syntax
``` syntax
HRESULT GetNode([in] IConfigManager2URI* pURI,
[out] ICSPNode** ppNode,
[in, out] DWORD* pgrfNodeOptions);
```
## Parameters
<a href="" id="puri"></a>*pUri*
<ul style="list-style-type:none">
<li>
URI of the child node, relative to the root node. For example, to access the &quot;./Vendor/Contoso/SampleCSP/ContainerA/UserName&quot; node, ConfigManager2 calls the configuration service provider&#39;s <code>GetNode</code> method and passes in an IConfigManager2URI instance representing the URI “SampleCSP/ContainerA/UserName”.
</li>
</ul>
<br>
<a href="" id="ppnode"></a><em>ppNode</em>
<ul style="list-style-type:none">
<li>
If the query is successful, this returns the ICSPNode instance at the <em>pUri</em> location in the configuration service provider&#39;s tree.
</li>
</ul>
<br>
<a href="" id="pgrfnodeoptions"></a><em>pgrfNodeOptions</em>
<ul style="list-style-type:none">
<li>
Nodes support the following features.
<table>
<colgroup>
<col width="33%" />
<col width="33%" />
<col width="33%" />
</colgroup>
<thead>
<tr class="header">
<th>Feature name</th>
<th>Bit value (in hex)</th>
<th>Notes</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td><p><code>CSPNODE_OPTION_NATIVESECURITY</code></p></td>
<td><p>0x01</p></td>
<td><p>The native security option signifies that the node handles its own security checking, and that ConfigManager2 does not have to manage security for this node.</p></td>
</tr>
<tr class="even">
<td><p><code>CSPNODE_OPTION_INTERNALTRANSACTION</code></p></td>
<td><p>0x02</p></td>
<td><p>The internal transactioning option tells ConfigManager2 that the configuration service provider handles the transactioning (rollback and commitment) for the node. To handle internal transactioning, the node must implement the <a href="icspnodetransactioning.md" data-raw-source="[ICSPNodeTransactioning](icspnodetransactioning.md)">ICSPNodeTransactioning</a>.</p></td>
</tr>
<tr class="odd">
<td><p><code>CSPNODE_OPTION_HANDLEALLPROPERTIES</code></p></td>
<td><p>0x04</p></td>
<td><p>Unused.</p></td>
</tr>
<tr class="even">
<td><p><code>CSPNODE_OPTION_SECRETDATA</code></p></td>
<td><p>0x08</p></td>
<td><p>Unused.</p></td>
</tr>
</tbody>
</table>
</li>
</ul>
<br>
## Return Value
This method returns an ICSPNode. If the function returns null, call GetLastError to get the error value.
A value of S\_OK indicates that a node was successfully found. CFGMGR\_E\_NODENOTFOUND indicates that the node does not exist. Note that this may be normal, as in the case of optional nodes.
## Requirements
**Header:** None

104
windows/client-management/mdm/icspnode.md
View File

@ -1,104 +0,0 @@
---
title: ICSPNode
description: ICSPNode
ms.assetid: 023466e6-a8ab-48ad-8548-291409686ac2
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 06/26/2017
---
# ICSPNode
This interface does most of the work in a configuration service provider. Each individual node in a configuration service provider tree is represented by a separate implementation of this interface. The actions of a ConfigManager2 client are typically translated into calls to an instance of an ICSPNode.
These methods must be implemented so that, if they fail, the node's state at the end of the method matches the state before the method was called.
Some nodes will not be able to perform certain actions, and can return CFGMGR\_E\_COMMANDNOTALLOWED for those methods. For each method that is implemented for externallytransactioned nodes, the contrary method must also be implemented, as defined by "Determine node operations" in [Designing a custom configuration service provider](design-a-custom-windows-csp.md).
The following table shows the methods defined by this interface that OEMs must implement.
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th>Method</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td><p><a href="icspnodeadd.md" data-raw-source="[ICSPNode::Add](icspnodeadd.md)">ICSPNode::Add</a></p></td>
<td><p>Adds an immediate child to a configuration service provider node and returns a pointer to the new child node.</p></td>
</tr>
<tr class="even">
<td><p><a href="icspnodeclear.md" data-raw-source="[ICSPNode::Clear](icspnodeclear.md)">ICSPNode::Clear</a></p></td>
<td><p>Deletes the contents and children of the current configuration service provider node. Called before <a href="icspnodedeletechild.md" data-raw-source="[ICSPNode::DeleteChild](icspnodedeletechild.md)">ICSPNode::DeleteChild</a>.</p></td>
</tr>
<tr class="odd">
<td><p><a href="icspnodecopy.md" data-raw-source="[ICSPNode::Copy](icspnodecopy.md)">ICSPNode::Copy</a></p></td>
<td><p>Makes a copy of the current node at the specified path within the configuration service provider. If the target node exists, it should be overwritten.</p></td>
</tr>
<tr class="even">
<td><p><a href="icspnodedeletechild.md" data-raw-source="[ICSPNode::DeleteChild](icspnodedeletechild.md)">ICSPNode::DeleteChild</a></p></td>
<td><p>Deletes the specified child node from the configuration service provider node.</p></td>
</tr>
<tr class="odd">
<td><p><a href="icspnodedeleteproperty.md" data-raw-source="[ICSPNode::DeleteProperty](icspnodedeleteproperty.md)">ICSPNode::DeleteProperty</a></p></td>
<td><p>Deletes a property from a configuration service provider node.</p></td>
</tr>
<tr class="even">
<td><p><a href="icspnodeexecute.md" data-raw-source="[ICSPNode::Execute](icspnodeexecute.md)">ICSPNode::Execute</a></p></td>
<td><p>Runs a task on an internally-transactioned configuration service provider node by passing in the specified user data and returning a result.</p></td>
</tr>
<tr class="odd">
<td><p><a href="icspnodegetchildnodenames.md" data-raw-source="[ICSPNode::GetChildNodeNames](icspnodegetchildnodenames.md)">ICSPNode::GetChildNodeNames</a></p></td>
<td><p>Returns the list of children for a configuration service provider node.</p></td>
</tr>
<tr class="even">
<td><p><a href="icspnodegetproperty.md" data-raw-source="[ICSPNode::GetProperty](icspnodegetproperty.md)">ICSPNode::GetProperty</a></p></td>
<td><p>Returns a property value from a configuration service provider node.</p></td>
</tr>
<tr class="odd">
<td><p><a href="icspnodegetpropertyidentifiers.md" data-raw-source="[ICSPNode::GetPropertyIdentifiers](icspnodegetpropertyidentifiers.md)">ICSPNode::GetPropertyIdentifiers</a></p></td>
<td><p>Returns a list of non-standard properties supported by the node. The returned array must be allocated with <code>CoTaskMemAlloc</code>.</p></td>
</tr>
<tr class="even">
<td><p><a href="icspnodegetvalue.md" data-raw-source="[ICSPNode::GetValue](icspnodegetvalue.md)">ICSPNode::GetValue</a></p></td>
<td><p>Gets the value and data type for the node. Interior (non-leaf) nodes may not have a value.</p></td>
</tr>
<tr class="odd">
<td><p><a href="icspnodemove.md" data-raw-source="[ICSPNode::Move](icspnodemove.md)">ICSPNode::Move</a></p></td>
<td><p>Moves this node to a new location within the configuration service provider. If the target node already exists, it should be overwritten.</p></td>
</tr>
<tr class="even">
<td><p><a href="icspnodesetproperty.md" data-raw-source="[ICSPNode::SetProperty](icspnodesetproperty.md)">ICSPNode::SetProperty</a></p></td>
<td><p>Sets a property value for a configuration service provider node.</p></td>
</tr>
<tr class="odd">
<td><p><a href="icspnodesetvalue.md" data-raw-source="[ICSPNode::SetValue](icspnodesetvalue.md)">ICSPNode::SetValue</a></p></td>
<td><p>Sets the value for the configuration service provider node. It is an error to attempt to set the value of an interior node.</p></td>
</tr>
</tbody>
</table>
## Related topics
[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md)

118
windows/client-management/mdm/icspnodeadd.md
View File

@ -1,118 +0,0 @@
---
title: ICSPNode Add
description: ICSPNode Add
ms.assetid: 5f03d350-c82b-4747-975f-385fd8b5b3a8
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 06/26/2017
---
# ICSPNode::Add
This method adds an immediate child node to a configuration service provider node and returns a pointer to the new node.
## Syntax
``` syntax
HRESULT Add([in] IConfigManager2URI* pChildName,
[in] CFG_DATATYPE DataType,
[in] VARIANT varValue,
[in, out] ICSPNode** ppNewNode,
[in, out] DWORD* pgrfNodeOptions);
```
## Parameters
<a href="" id="pchildname"></a>*pChildName*
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Name of child node to add.
<a href="" id="datatype"></a>*DataType*
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Data type of the child node to add. Supported types include:
- CFG\_DATATYPE\_NODE
- CFG\_DATATYPE\_NULL
- CFG\_DATATYPE\_BINARY
- CFG\_DATATYPE\_INTEGER
- CFG\_DATATYPE\_STRING
- CFG\_DATATYPE\_MULTIPLE\_STRING
<a href="" id="varvalue"></a>*varValue*
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Value of the child node to add.
<a href="" id="ppnewnode"></a>*ppNewNode*
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;New child node to return.
<a href="" id="pgrfnodeoptions"></a>*pgrfNodeOptions*
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Features supported on the new child node.
<table style="margin-left:26px">
<colgroup>
<col width="33%" />
<col width="33%" />
<col width="33%" />
</colgroup>
<thead>
<tr class="header">
<th>Feature name</th>
<th>Bit value (in hex)</th>
<th>Notes</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="vertical-align:top"><p><code>CSPNODE_OPTION_NATIVESECURITY</code></p></td>
<td style="vertical-align:top"><p>0x01</p></td>
<td style="vertical-align:top"><p>The native security option signifies that the node handles its own security checking, and that ConfigManager2 does not have to manage security for this node.</p></td>
</tr>
<tr class="even">
<td style="vertical-align:top"><p><code>CSPNODE_OPTION_INTERNALTRANSACTION</code></p></td>
<td style="vertical-align:top"><p>0x02</p></td>
<td style="vertical-align:top"><p>The internal transactioning option tells ConfigManager2 that the configuration service provider handles the transactioning (rollback and commitment) for the node. To handle internal transactioning, the node must implement the <a href="icspnodetransactioning.md" data-raw-source="[ICSPNodeTransactioning](icspnodetransactioning.md)">ICSPNodeTransactioning</a>.</p></td>
</tr>
<tr class="odd">
<td style="vertical-align:top"><p><code>CSPNODE_OPTION_HANDLEALLPROPERTIES</code></p></td>
<td style="vertical-align:top"><p>0x04</p></td>
<td style="vertical-align:top"><p>Unused.</p></td>
</tr>
<tr class="even">
<td style="vertical-align:top"><p><code>CSPNODE_OPTION_SECRETDATA</code></p></td>
<td style="vertical-align:top"><p>0x08</p></td>
<td style="vertical-align:top"><p>Unused.</p></td>
</tr>
</tbody>
</table>
## Return Value
This method returns an ICSPNode and the feature options supported on that child node. If the method returns null, call GetLastError to get the error value.
A value of S\_OK indicates that a node was successfully found. CMN\_E\_ALREADY\_EXISTS indicates that a child node with the same name already exists. CFGMGR\_E\_COMMANDNOTALLOWED indicates that this node does not support the **Add** method.
## Remarks
For externallytransactioned nodes, if this method is implemented, then [ICSPNode::Clear](icspnodeclear.md) and [ICSPNode::DeleteChild](icspnodedeletechild.md) must also be implemented or rollback will fail.
## Requirements
**Header:** None
## Related topics
[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md)

53
windows/client-management/mdm/icspnodeclear.md
View File

@ -1,53 +0,0 @@
---
title: ICSPNode Clear
description: ICSPNode Clear
ms.assetid: b414498b-110a-472d-95c0-2d5b38cd78a6
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 06/26/2017
---
# ICSPNode::Clear
This method deletes the contents and child nodes of the current configuration service provider node. This method is always called on the child node before [ICSPNode::DeleteChild](icspnodedeletechild.md) is called on the parent node.
## Syntax
``` syntax
HRESULT Clear();
```
## Return Value
A value of S\_OK indicates that the node was successfully cleared. CFGMGR\_E\_COMMANDNOTALLOWED indicates that this node does not support the **Clear** method.
## Remarks
For externallytransactioned nodes, if this method is implemented, then [ICSPNode::SetValue](icspnodesetvalue.md) and [ICSPNode::SetProperty](icspnodesetproperty.md) must also be implemented or rollback will fail.
Before calling **Clear** on the target node, ConfigManager2 attempts to gather the current state of the node; the parent node does not have to preserve the state of its child nodes if they are externally-transactioned.
## Requirements
**Header:** None
## Related topics
[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md)
 

96
windows/client-management/mdm/icspnodecopy.md
View File

@ -1,96 +0,0 @@
---
title: ICSPNode Copy
description: ICSPNode Copy
ms.assetid: cd5ce0bc-a08b-4f82-802d-c7ff8701b41f
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 06/26/2017
---
# ICSPNode::Copy
This method makes a copy of the current node at the specified path within the configuration service provider. If the target node exists, it should be overwritten.
## Syntax
``` syntax
HRESULT Copy([in] IConfigManager2URI* puriDestination,
[in, out] ICSPNode** ppNewNode,
[in, out] DWORD* pgrfNodeOptions);
```
## Parameters
<a href="" id="puridestination"></a>*puriDestination*
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Path and name of new node's location, relative to the configuration service provider's root node.
<a href="" id="ppnewnode"></a>*ppNewNode*
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;New node created by the copy operation.
<a href="" id="pgrfnodeoptions"></a>*pgrfNodeOptions*
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Features supported on the new node.
<table style="margin-left:26px">
<colgroup>
<col width="33%" />
<col width="33%" />
<col width="33%" />
</colgroup>
<thead>
<tr class="header">
<th>Feature name</th>
<th>Bit value (in hex)</th>
<th>Notes</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td><p><code>CSPNODE_OPTION_NATIVESECURITY</code></p></td>
<td><p>0x01</p></td>
<td><p>The native security option signifies that the node handles its own security checking, and that ConfigManager2 does not have to manage security for this node.</p></td>
</tr>
<tr class="even">
<td><p><code>CSPNODE_OPTION_INTERNALTRANSACTION</code></p></td>
<td><p>0x02</p></td>
<td><p>The internal transactioning option tells ConfigManager2 that the configuration service provider handles the transactioning (rollback and commitment) for the node. To handle internal transactioning, the node must implement the <a href="icspnodetransactioning.md" data-raw-source="[ICSPNodeTransactioning](icspnodetransactioning.md)">ICSPNodeTransactioning</a>.</p></td>
</tr>
<tr class="odd">
<td><p><code>CSPNODE_OPTION_HANDLEALLPROPERTIES</code></p></td>
<td><p>0x04</p></td>
<td><p>Unused.</p></td>
</tr>
<tr class="even">
<td><p><code>CSPNODE_OPTION_SECRETDATA</code></p></td>
<td><p>0x08</p></td>
<td><p>Unused.</p></td>
</tr>
</tbody>
</table>
## Return Value
A value of S\_OK indicates that the node was successfully copied to the new location. CFGMGR\_E\_COMMANDNOTALLOWED indicates that this node does not support the **Copy** method.
## Remarks
For externallytransactioned nodes, if this method is implemented, then [ICSPNode::Add](icspnodeadd.md), [ICSPNode::SetValue](icspnodesetvalue.md), [ICSPNode::Clear](icspnodeclear.md), and [ICSPNode::DeleteChild](icspnodedeletechild.md) must also be implemented or rollback will fail.
## Requirements
**Header:** None
## Related topics
[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md)

59
windows/client-management/mdm/icspnodedeletechild.md
View File

@ -1,59 +0,0 @@
---
title: ICSPNode DeleteChild
description: ICSPNode DeleteChild
ms.assetid: 8cf3663d-a4cf-4d11-b03a-f1d096ad7f9c
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 06/26/2017
---
# ICSPNode::DeleteChild
Deletes the specified child node from the configuration service provider node. [ICSPNode::Clear](icspnodeclear.md) must always be called first on the child node that is to be deleted.
## Syntax
``` syntax
HRESULT DeleteChild([in] IConfigManager2URI* puriChildToDelete);
```
## Parameters
<a href="" id="purichildtodelete"></a>*puriChildToDelete*
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;The name of the child node to delete.
## Return Values
| Return Value | Description |
|------------------------------|--------------------------------------------------|
| CFGMGR\_E\_NODENOTFOUND | The child node does not exist |
| CFGMGR\_E\_COMMANDNOTALLOWED | The child node to be deleted is a read-only node |
| S\_OK | Success. |
 
A value of S\_OK indicates that a node was successfully deleted. CFGMGR\_E\_NODENOTFOUND indicates that the child node does not exist. CFGMGR\_E\_COMMANDNOTALLOWED indicates that this node does not support the **ICSP::DeleteChild** method, or that the child node to be deleted is a read-only node.
## Remarks
For externallytransactioned nodes, if this method is implemented, then [ICSPNode::Add](icspnodeadd.md) must also be implemented or rollback will fail.
## Requirements
**Header:** None
## Related topics
[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md)
 

52
windows/client-management/mdm/icspnodedeleteproperty.md
View File

@ -1,52 +0,0 @@
---
title: ICSPNode DeleteProperty
description: ICSPNode DeleteProperty
ms.assetid: 7e21851f-d663-4558-b3e8-590d24b4f6c4
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 06/26/2017
---
# ICSPNode::DeleteProperty
This method deletes a property from a configuration service provider node.
## Syntax
``` syntax
HRESULT DeleteProperty([in] REFGUID guidProperty);
```
## Parameters
<a href="" id="guidproperty"></a>*guidProperty*
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;The GUID of the property to delete.
## Return Value
A value of S\_OK indicates that a node was successfully found. CFGMGR\_E\_PROPERTYNOTSUPPORTED indicates that this node does not manage or implement the property itself, but delegates it to ConfigManager2. E\_NOTIMPL indicates this method is not supported by this node.
## Remarks
For externallytransactioned nodes, if this method is implemented, then [ICSPNode::SetProperty](icspnodesetproperty.md) must also be implemented or rollback will fail.
## Requirements
**Header:** None
## Related topics
[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md)
 

50
windows/client-management/mdm/icspnodeexecute.md
View File

@ -1,50 +0,0 @@
---
title: ICSPNode Execute
description: ICSPNode Execute
ms.assetid: 5916e7b7-256d-49fd-82b6-db0547a215ec
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 06/26/2017
---
# ICSPNode::Execute
This method runs a task on an internally-transactioned configuration service provider node by passing in the specified user data and returning a result. The exact meaning of **Execute** and whether it is even supported depends on the purpose of the node. For example, **Execute** called on a node that represents a file should probably **ShellExecute** the file, whereas calling **Execute** on a registry node generally does not make sense.
## Syntax
``` syntax
HRESULT Execute([in] VARIANT varUserData);
```
## Parameters
<a href="" id="varuserdata"></a>*varUserData*
&nbsp;&nbsp;&nbsp;&nbsp;Data to pass into the execution.
## Return Value
A value of S\_OK indicates that the operation was performed successfully on the node. E\_NOTIMPL should be returned if this method is not implemented.
## Remarks
Externallytransactioned nodes do not support this method.
## Requirements
**Header:** None
## Related topics
[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md)
 

56
windows/client-management/mdm/icspnodegetchildnodenames.md
View File

@ -1,56 +0,0 @@
---
title: ICSPNode GetChildNodeNames
description: ICSPNode GetChildNodeNames
ms.assetid: dc057f2b-282b-49ac-91c4-bb83bd3ca4dc
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 06/26/2017
---
# ICSPNode::GetChildNodeNames
This method returns the list of child nodes for a configuration service provider node.
## Syntax
``` syntax
HRESULT GetChildNodeNames([out] ULONG* pulCount,
[out,size_is(,*pulCount)] BSTR** pbstrNodeNames);
```
## Parameters
<a href="" id="pulcount"></a>*pulCount*
<p style="margin-left: 25px">The number of child nodes to return.</p>
<a href="" id="pbstrnodenames"></a>*pbstrNodeNames*
<p style="margin-left: 25px">The array of child node names. The returned array must be allocated with <code>CoTaskMemAlloc</code>. Each element of the array must be a valid, non-NULL <code>BSTR</code>, allocated by <code>SysAllocString</code> or <code>SysAllocStringLen</code>. The names returned must not be encoded in any way, including URI-encoding, for canonicalization reasons.</p>
## Return Value
A value of S\_OK indicates that a node was successfully found. CFGMGR\_E\_COMMANDNOTALLOWED indicates that this was called on a leaf node (no children will be returned).
## Remarks
For externallytransactioned nodes, no additional methods are required for successful rollback.
## Requirements
**Header:** None
## Related topics
[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md)

58
windows/client-management/mdm/icspnodegetproperty.md
View File

@ -1,58 +0,0 @@
---
title: ICSPNode GetProperty
description: ICSPNode GetProperty
ms.assetid: a2bdc158-72e0-4cdb-97ce-f5cf1a44b7db
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 06/26/2017
---
# ICSPNode::GetProperty
This method returns a property value from a configuration service provider node.
## Syntax
``` syntax
HRESULT GetProperty([in] REFGUID guidProperty,
[in,out] VARIANT* pvarValue);
```
## Parameters
<a href="" id="guidproperty"></a>*guidProperty*
<p style="margin-left: 25px">GUID that specifies the property to return.</p>
<a href="" id="pvarvalue"></a>*pvarValue*
<p style="margin-left: 25px">Value to return.</p>
## Return Value
A value of S\_OK indicates that the value was successfully returned. CFGMGR\_E\_COMMANDNOTSUPPORTED indicates that the node does not implement the property itself, but delegates the management of the property to ConfigManager2.
## Remarks
Every node must handle the CFGMGR\_PROPERTY\_DATATYPE property.
For externallytransactioned nodes, no additional methods are required for successful rollback.
## Requirements
**Header:** None
## Related topics
[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md)

55
windows/client-management/mdm/icspnodegetpropertyidentifiers.md
View File

@ -1,55 +0,0 @@
---
title: ICSPNode GetPropertyIdentifiers
description: ICSPNode GetPropertyIdentifiers
ms.assetid: 8a052cd3-d74c-40c4-845f-f804b920deb4
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 06/26/2017
---
# ICSPNode::GetPropertyIdentifiers
This method returns a list of non-standard properties supported by the node. The returned array must be allocated with `CoTaskMemAlloc`.
## Syntax
``` syntax
HRESULT GetPropertyIdentifiers([out] ULONG* pulCount,
[out,size_is(,*pulCount)] GUID** pguidProperties);
```
## Parameters
<a href="" id="pulcount"></a>*pulCount*
<p style="margin-left: 25px">The number of non-standard properties to return.</p>
<a href="" id="pguidproperties"></a>*pguidProperties*
<p style="margin-left: 25px">The array of property GUIDs to return. This array must be allocated with <code>CoTaskMemAlloc</code>.</p>
## Return Value
A value of S\_OK indicates that the properties were successfully returned. E\_NOTIMPL indicates that this method is not supported by the node.
## Remarks
For externallytransactioned nodes, no additional methods are required for successful rollback.
## Requirements
**Header:** None
## Related topics
[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md)

53
windows/client-management/mdm/icspnodegetvalue.md
View File

@ -1,53 +0,0 @@
---
title: ICSPNode GetValue
description: ICSPNode GetValue
ms.assetid: c684036d-98be-4659-8ce8-f72436a39b90
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 06/26/2017
---
# ICSPNode::GetValue
This method gets the value and data type for the node. Interior (non-leaf) nodes may not have a value.
## Syntax
``` syntax
HRESULT GetValue([in,out] VARIANT* pvarValue);
```
## Parameters
<a href="" id="pvarvalue"></a>*pvarValue*
<p style="margin-left: 25px">Data value to return. A node containing a password value returns 16 asterisks (*) for this method. A leaf node whose value has not been set returns a variant whose type is <code>VT_NULL</code>.
</p>
## Return Value
A value of S\_OK indicates that a node was successfully found. CFGMGR\_E\_COMMANDNOTALLOWED indicates that this node does not support the **ICSP::GetValue** methods, or that this is an interior node.
## Remarks
For externallytransactioned nodes, this node is not required to implement any other methods for a successful rollback.
## Requirements
**Header:** None
## Related topics
[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md)

52
windows/client-management/mdm/icspnodemove.md
View File

@ -1,52 +0,0 @@
---
title: ICSPNode Move
description: ICSPNode Move
ms.assetid: efb359c3-5c86-4975-bf6f-a1c33922442a
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 06/26/2017
---
# ICSPNode::Move
This method moves the node to a new location within the configuration service provider. If the target node already exists, it should be overwritten.
## Syntax
``` syntax
HRESULT Move([in] IConfigManager2URI* puriDestination);
```
## Parameters
<a href="" id="puridestination"></a>*puriDestination*
<p style="margin-left: 25px">Path and name of the node&#39;s new location, relative to the configuration service provider&#39;s root node.</p>
## Return Value
A value of S\_OK indicates that the node was successfully moved. CFGMGR\_E\_COMMANDNOTALLOWED indicates that this node does not support the **ICSP::Move** method.
## Remarks
For externallytransactioned nodes, if this method is implemented, then [ICSPNode::Add](icspnodeadd.md) and [ICSPNode::SetValue](icspnodesetvalue.md) must also be implemented or rollback will fail.
## Requirements
**Header:** None
## Related topics
[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md)

58
windows/client-management/mdm/icspnodesetproperty.md
View File

@ -1,58 +0,0 @@
---
title: ICSPNode SetProperty
description: ICSPNode SetProperty
ms.assetid: e235c38f-ea04-4cd8-adec-3c6c0ce7172d
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 06/26/2017
---
# ICSPNode::SetProperty
This method sets a property value for a configuration service provider node.
## Syntax
``` syntax
HRESULT SetProperty([in] REFGUID guidProperty,
[in] VARIANT varValue);
```
## Parameters
<a href="" id="guidproperty"></a>*guidProperty*
<p style="margin-left: 25px">The GUID of the property.</p>
<a href="" id="varvalue"></a>*varValue*
<p style="margin-left: 25px">The value to return.</p>
## Return Value
A value of S\_OK indicates that a node was successfully found. CFGMGR\_E\_COMMANDNOTSUPPORTED indicates that this node delegates the management of the property to ConfigManager2.
## Remarks
Every node must properly handle the CFGMGR\_PROPERTY\_DATATYPE property.
For externallytransactioned nodes, no additional methods are required for successful rollback.
## Requirements
**Header:** None
## Related topics
[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md)

52
windows/client-management/mdm/icspnodesetvalue.md
View File

@ -1,52 +0,0 @@
---
title: ICSPNode SetValue
description: ICSPNode SetValue
ms.assetid: b218636d-fe8b-4a0f-b4e8-a621f65619d3
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 06/26/2017
---
# ICSPNode::SetValue
This method sets the value for the configuration service provider node. It is an error to attempt to set the value of an interior node.
## Syntax
``` syntax
HRESULT SetValue([in] VARIANT varValue);
```
## Parameters
<a href="" id="varvalue"></a>*varValue*
<p style="margin-left: 25px">Value to set. To clear a leaf nodes value, set <em>varValue</em>s type to <code>VT_NULL</code>.</p>
## Return Value
A value of S\_OK indicates that the value was set successfully. CFGMGR\_E\_COMMANDNOTALLOWED indicates that this node does not support the **ICSP::SetValue** method, or that it's an internal node.
## Remarks
For externallytransactioned nodes, no additional methods must be implemented to support rollback.
## Requirements
**Header:** None
## Related topics
[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md)

83
windows/client-management/mdm/icspnodetransactioning.md
View File

@ -1,83 +0,0 @@
---
title: ICSPNodeTransactioning
description: ICSPNodeTransactioning
ms.assetid: 24dc518a-4a8d-41fe-9bc6-217bbbdf6a3f
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 06/26/2017
---
# ICSPNodeTransactioning
This is an optional interface that enables a configuration service provider to define its own transactioning scheme (internal transactioning) for an individual node. Transactioning supports the ability to roll back previous actions on a node. The majority of nodes use external transactioning, which is handled automatically, and do not need to implement this interface. For more information about internal and external transactioning, including how to handle the `RollbackAction` functions, see "Determine node operations" in [Designing a custom configuration service provider](design-a-custom-windows-csp.md).
``` syntax
interface ICSPNodeTransactioning : IUnknown
{
HRESULT PersistRollbackAddState([in] IConfigManager2URI* puriChild,
[in] CFG_DATATYPE DataType,
[in] VARIANT varValue,
[in] ISequentialStream* pRollbackStream,
[in] ISequentialStream* pUninstallStream);
HRESULT PersistRollbackCopyState([in] IConfigManager2URI* puriDestination,
[in] ISequentialStream* pRollbackStream,
[in] ISequentialStream* pUninstallStream);
HRESULT PersistRollbackDeleteChildState([in] IConfigManager2URI* puriChild,
[in] ISequentialStream* pRollbackStream,
[in] ISequentialStream* pUninstallStream);
HRESULT PersistRollbackClearState([in] ISequentialStream* pRollbackStream,
[in] ISequentialStream* pUninstallStream);
HRESULT PersistRollbackExecuteState([in] VARIANT varUserData,
[in] ISequentialStream* pRollbackStream,
[in] ISequentialStream* pUninstallStream);
HRESULT PersistRollbackMoveState([in] IConfigManager2URI* puriDestination,
[in] ISequentialStream* pRollbackStream,
[in] ISequentialStream* pUninstallStream);
HRESULT PersistRollbackSetValueState([in] VARIANT varValue,
[in] ISequentialStream* pRollbackStream,
[in] ISequentialStream* pUninstallStream);
HRESULT PersistRollbackSetPropertyState([in] REFGUID guidProperty,
[in] VARIANT varValue,
[in] ISequentialStream* pRollbackStream,
[in] ISequentialStream* pUninstallStream);
HRESULT PersistRollbackDeletePropertyState([in] REFGUID guidProperty,
[in] ISequentialStream* pRollbackStream,
[in] ISequentialStream* pUninstallStream);
HRESULT RollbackAdd([in] ISequentialStream* pUndoStream,
[in] BOOL fRecoveryRollback);
HRESULT RollbackCopy([in] ISequentialStream* pUndoStream,
[in] BOOL fRecoveryRollback);
HRESULT RollbackDeleteChild([in] ISequentialStream* pUndoStream,
[in] BOOL fRecoveryRollback);
HRESULT RollbackClear([in] ISequentialStream* pUndoStream,
[in] BOOL fRecoveryRollback);
HRESULT RollbackExecute([in] ISequentialStream* pUndoStream,
[in] BOOL fRecoveryRollback);
HRESULT RollbackMove([in] ISequentialStream* pUndoStream,
[in] BOOL fRecoveryRollback);
HRESULT RollbackSetValue([in] ISequentialStream* pUndoStream,
[in] BOOL fRecoveryRollback);
HRESULT RollbackSetProperty([in] ISequentialStream* pUndoStream,
[in] BOOL fRecoveryRollback);
HRESULT RollbackDeleteProperty([in] ISequentialStream* pUndoStream,
[in] BOOL fRecoveryRollback);
HRESULT Commit();
};
```
## Related topics
[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md)
 

54
windows/client-management/mdm/icspvalidate.md
View File

@ -1,54 +0,0 @@
---
title: ICSPValidate
description: ICSPValidate
ms.assetid: b0993f2d-6269-412f-a329-af25fff34ca2
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 06/26/2017
---
# ICSPValidate
This interface is optional. It is called by ConfigManager2 as it batches commands before transactioning begins. This allows the configuration service provider to validate the node before performing specific actions. It is generally only used for configuration service providers that need to expose UI.
``` syntax
interface ICSPValidate : IUnknown
{
HRESULT ValidateAdd([in] IConfigNodeState* pNodeState,
[in] IConfigManager2URI* puriChild,
[in] CFG_DATATYPE DataType,
[in] VARIANT varValue);
HRESULT ValidateCopy([in] IConfigNodeState* pNodeState,
[in] IConfigManager2URI* puriDestination);
HRESULT ValidateDeleteChild([in] IConfigNodeState* pNodeState,
[in] IConfigManager2URI* puriChild);
HRESULT ValidateClear([in] IConfigNodeState* pNodeState);
HRESULT ValidateExecute([in] IConfigNodeState* pNodeState,
[in] VARIANT varUserData);
HRESULT ValidateMove([in] IConfigNodeState* pNodeState,
[in] IConfigManager2URI* puriDestination);
HRESULT ValidateSetValue([in] IConfigNodeState* pNodeState,
[in] VARIANT varValue);
HRESULT ValidateSetProperty([in] IConfigNodeState* pNodeState,
[in] REFGUID guidProperty,
[in] VARIANT varValue);
HRESULT ValidateDeleteProperty([in] IConfigNodeState* pNodeState,
[in] REFGUID guidProperty);
```
## Related topics
[Create a custom configuration service provider](create-a-custom-configuration-service-provider.md)
 

13
windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
View File

@ -12,7 +12,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 05/15/2019
ms.date: 07/01/2019
---
# What's new in mobile device enrollment and management
@ -56,6 +56,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
- [What is dmwappushsvc?](#what-is-dmwappushsvc)
- **Change history in MDM documentation**
- [July 2019](#july-2019)
- [June 2019](#june-2019)
- [May 2019](#may-2019)
- [April 2019](#april-2019)
@ -120,6 +121,8 @@ For details about Microsoft mobile device management protocols for Windows 10 s
<li><a href="policy-csp-power.md#power-turnoffhybridsleeppluggedin" data-raw-source="[Power/TurnOffHybridSleepPluggedIn](policy-csp-power.md#power-turnoffhybridsleeppluggedin)">Power/TurnOffHybridSleepPluggedIn</a></li>
<li><a href="policy-csp-power.md#power-unattendedsleeptimeoutonbattery" data-raw-source="[Power/UnattendedSleepTimeoutOnBattery](policy-csp-power.md#power-unattendedsleeptimeoutonbattery)">Power/UnattendedSleepTimeoutOnBattery</a></li>
<li><a href="policy-csp-power.md#power-unattendedsleeptimeoutpluggedin" data-raw-source="[Power/UnattendedSleepTimeoutPluggedIn](policy-csp-power.md#power-unattendedsleeptimeoutpluggedin)">Power/UnattendedSleepTimeoutPluggedIn</a></li>
<li><a href="policy-csp-privacy.md#privacy-letappsactivatewithvoice" data-raw-source="[Privacy/LetAppsActivateWithVoice](policy-csp-privacy.md#privacy-letappsactivatewithvoice)">Privacy/LetAppsActivateWithVoice</a></li>
<li><a href="policy-csp-privacy.md#privacy-letappsactivatewithvoiceabovelock" data-raw-source="[Privacy/LetAppsActivateWithVoiceAboveLock](policy-csp-privacy.md#privacy-letappsactivatewithvoiceabovelock)">Privacy/LetAppsActivateWithVoiceAboveLock</a></li>
<li><a href="policy-csp-search.md#search-allowfindmyfiles" data-raw-source="[Search/AllowFindMyFiles](policy-csp-search.md#search-allowfindmyfiles)">Search/AllowFindMyFiles</a></li>
<li><a href="policy-csp-servicecontrolmanager.md#servicecontrolmanager-svchostprocessmitigation" data-raw-source="[ServiceControlManager/SvchostProcessMitigation](policy-csp-servicecontrolmanager.md#servicecontrolmanager-svchostprocessmitigation)">ServiceControlManager/SvchostProcessMitigation</a></li>
<li><a href="policy-csp-system.md#system-allowcommercialdatapipeline" data-raw-source="[System/AllowCommercialDataPipeline](policy-csp-system.md#system-allowcommercialdatapipeline)">System/AllowCommercialDataPipeline</a></li>
@ -1880,6 +1883,14 @@ How do I turn if off? | The service can be stopped from the "Services" console o
## Change history in MDM documentation
### July 2019
|New or updated topic | Description|
|--- | ---|
|[Policy CSP - Privacy](policy-csp-privacy.md)|Added the following new policies:<br>LetAppsActivateWithVoice, LetAppsActivateWithVoiceAboveLock|
|Create a custom configuration service provider|Deleted the following documents from the CSP reference because extensibility via CSPs is not currently supported:<br>Create a custom configuration service provider<br>Design a custom configuration service provider<br>IConfigServiceProvider2<br>IConfigServiceProvider2::ConfigManagerNotification<br>IConfigServiceProvider2::GetNode<br>ICSPNode<br>ICSPNode::Add<br>ICSPNode::Clear<br>ICSPNode::Copy<br>ICSPNode::DeleteChild<br>ICSPNode::DeleteProperty<br>ICSPNode::Execute<br>ICSPNode::GetChildNodeNames<br>ICSPNode::GetProperty<br>ICSPNode::GetPropertyIdentifiers<br>ICSPNode::GetValue<br>ICSPNode::Move<br>ICSPNode::SetProperty<br>ICSPNode::SetValue<br>ICSPNodeTransactioning<br>ICSPValidate<br>Samples for writing a custom configuration service provider|
### June 2019
|New or updated topic | Description|

12
windows/client-management/mdm/policy-configuration-service-provider.md
View File

@ -9,7 +9,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 05/01/2019
ms.date: 07/09/2019
---
# Policy CSP
@ -2743,6 +2743,12 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-privacy.md#privacy-letappsaccesstrusteddevices-userincontroloftheseapps" id="privacy-letappsaccesstrusteddevices-userincontroloftheseapps">Privacy/LetAppsAccessTrustedDevices_UserInControlOfTheseApps</a>
</dd>
<dd>
<a href="./policy-csp-privacy.md#privacy-letappsactivatewithvoice" id="privacy-letappsactivatewithvoice">Privacy/LetAppsActivateWithVoice</a>
</dd>
<dd>
<a href="./policy-csp-privacy.md#privacy-letappsactivatewithvoiceabovelock" id="privacy-letappsactivatewithvoiceabovelock">Privacy/LetAppsActivateWithVoiceAboveLock</a>
</dd>
<dd>
<a href="./policy-csp-privacy.md#privacy-letappsgetdiagnosticinfo" id="privacy-letappsgetdiagnosticinfo">Privacy/LetAppsGetDiagnosticInfo</a>
</dd>
@ -5358,6 +5364,8 @@ The following diagram shows the Policy configuration service provider in tree fo
- [DeviceHealthMonitoring/AllowDeviceHealthMonitoring](#devicehealthmonitoring-allowdevicehealthmonitoring)
- [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringScope](#devicehealthmonitoring-configdevicehealthmonitoringscope)
- [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringUploadDestination](#devicehealthmonitoring-configdevicehealthmonitoringuploaddestination)
- [Privacy/LetAppsActivateWithVoice](#privacy-letappsactivatewithvoice)
- [Privacy/LetAppsActivateWithVoiceAboveLock](#privacy-letappsactivatewithvoiceabovelock)
- [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates)
- [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates)
- [Update/ConfigureDeadlineGracePeriod](#update-configuredeadlinegraceperiod)
@ -5408,6 +5416,8 @@ The following diagram shows the Policy configuration service provider in tree fo
- [DeviceHealthMonitoring/AllowDeviceHealthMonitoring](#devicehealthmonitoring-allowdevicehealthmonitoring)
- [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringScope](#devicehealthmonitoring-configdevicehealthmonitoringscope)
- [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringUploadDestination](#devicehealthmonitoring-configdevicehealthmonitoringuploaddestination)
- [Privacy/LetAppsActivateWithVoice](#privacy-letappsactivatewithvoice)
- [Privacy/LetAppsActivateWithVoiceAboveLock](#privacy-letappsactivatewithvoiceabovelock)
- [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates)
- [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates)
- [Update/ConfigureDeadlineGracePeriod](#update-configuredeadlinegraceperiod)

3
windows/client-management/mdm/policy-csp-authentication.md
View File

@ -358,6 +358,9 @@ The following list shows the supported values:
This policy is intended for use on Shared PCs to enable a quick first sign-in experience for a user. It works by automatically connecting new non-admin Azure Active Directory (Azure AD) accounts to the pre-configured candidate local accounts.
> [!Important]
> Pre-configured candidate local accounts are any local accounts (pre-configured or added) in your device.
Value type is integer. Supported values:
- 0 - (default) The feature defaults to the existing SKU and device capabilities.

2
windows/client-management/mdm/policy-csp-bluetooth.md
View File

@ -335,7 +335,7 @@ If this policy is not set or it is deleted, the default local radio name is used
<!--/Scope-->
<!--Description-->
Set a list of allowable services and profiles. String hex formatted array of Bluetooth service UUIDs in canonical format, delimited by semicolons. For example, {782AFCFC-7CAA-436C-8BF0-78CD0FFBD4AF}.
Added in Windows 10, version 1511. Set a list of allowable services and profiles. String hex formatted array of Bluetooth service UUIDs in canonical format, delimited by semicolons. For example, {782AFCFC-7CAA-436C-8BF0-78CD0FFBD4AF}.
The default value is an empty string. For more information, see [ServicesAllowedList usage guide](#servicesallowedlist-usage-guide)

146
windows/client-management/mdm/policy-csp-privacy.md
View File

@ -6,17 +6,13 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 05/01/2019
ms.date: 07/09/2019
ms.reviewer:
manager: dansimp
---
# Policy CSP - Privacy
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
<hr/>
<!--Policies-->
@ -233,6 +229,12 @@ manager: dansimp
<dd>
<a href="#privacy-letappsaccesstrusteddevices-userincontroloftheseapps">Privacy/LetAppsAccessTrustedDevices_UserInControlOfTheseApps</a>
</dd>
<dd>
<a href="#privacy-letappsactivatewithvoice">Privacy/LetAppsActivateWithVoice</a>
</dd>
<dd>
<a href="#privacy-letappsactivatewithvoiceabovelock">Privacy/LetAppsActivateWithVoiceAboveLock</a>
</dd>
<dd>
<a href="#privacy-letappsgetdiagnosticinfo">Privacy/LetAppsGetDiagnosticInfo</a>
</dd>
@ -4088,6 +4090,126 @@ ADMX Info:
<hr/>
<!--Policy-->
<a href="" id="privacy-letappsactivatewithvoice"></a>**Privacy/LetAppsActivateWithVoice**
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/checkmark.png" alt="checkmark mark" /><sup>6</sup></td>
<td><img src="images/checkmark.png" alt="checkmark mark" /><sup>6</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
<td></td>
<td></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Specifies if Windows apps can be activated by voice.
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English name: *Allow voice activation*
- GP name: *LetAppsActivateWithVoice*
- GP element: *LetAppsActivateWithVoice_Enum*
- GP path: *Windows Components/App Privacy*
- GP ADMX file name: *AppPrivacy.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
- 0 (default) User in control. Users can decide if Windows apps can be activated by voice using Settings > Privacy options on the device.
- 1 Force allow. Windows apps can be activated by voice and users cannot change it.
- 2 - Force deny. Windows apps cannot be activated by voice and users cannot change it.
<!--/SupportedValues-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="privacy-letappsactivatewithvoiceabovelock"></a>**Privacy/LetAppsActivateWithVoiceAboveLock**
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
<td></td>
<td></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Specifies if Windows apps can be activated by voice while the screen is locked.
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English name: *Allow voice activation above locked screen*
- GP name: *LetAppsActivateWithVoiceAboveLock*
- GP element: *LetAppsActivateWithVoiceAboveLock_Enum*
- GP path: *Windows Components/App Privacy*
- GP ADMX file name: *AppPrivacy.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
- 0 (default) User in control. Users can decide if Windows apps can be activated by voice while the screen is locked using Settings > Privacy options on the device.
- 1 Force allow. Windows apps can be activated by voice while the screen is locked, and users cannot change it.
- 2 - Force deny. Windows apps cannot be activated by voice while the screen is locked, and users cannot change it.
<!--/SupportedValues-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="privacy-letappsgetdiagnosticinfo"></a>**Privacy/LetAppsGetDiagnosticInfo**
@ -4868,6 +4990,18 @@ ADMX Info:
- [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization)
<!--EndHoloLensBusiness-->
<!--StartIoTCore-->
## <a href="" id="iotcore"></a>Privacy policies supported by Windows 10 IoT Core
- [Privacy/LetAppsActivateWithVoice](#privacy-letappsactivatewithvoice)
- [Privacy/LetAppsActivateWithVoiceAboveLock](#privacy-letappsactivatewithvoiceabovelock)
<!--EndIoTCore-->
<!--StartIoTEnterprise-->
## <a href="" id="iotenterprise"></a>Privacy policies supported by Windows 10 IoT Enterprise
- [Privacy/LetAppsActivateWithVoice](#privacy-letappsactivatewithvoice)
- [Privacy/LetAppsActivateWithVoiceAboveLock](#privacy-letappsactivatewithvoiceabovelock)
<!--EndIoTEnterprise-->
<hr/>
Footnotes:
@ -4877,4 +5011,4 @@ Footnotes:
- 3 - Added in Windows 10, version 1709.
- 4 - Added in Windows 10, version 1803.
- 5 - Added in Windows 10, version 1809.
- 6 - Added in the next major release of Windows 10.
- 6 - Added in Windows 10, version 1903.

51
windows/client-management/mdm/samples-for-writing-a-custom-configuration-service-provider.md
View File

@ -1,51 +0,0 @@
---
title: Samples for writing a custom configuration service provider
description: Samples for writing a custom configuration service provider
ms.assetid: ccda4d62-7ce1-483b-912f-25d50c974270
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 06/26/2017
---
# Samples for writing a custom configuration service provider
The following example shows how to retrieve Integrated Circuit Card Identifier (ICCID) and International Mobile Subscriber Identity (IMSI) for a dual SIM phone.
## Retrieving ICCID and IMSI for a dual SIM phone
The following sample is used in the [IConfigServiceProvider2::ConfigManagerNotification](iconfigserviceprovider2configmanagernotification.md) method implementation. It first retrieves the IConfigSession2 object, and then queries the ICCID with the IConfigSession2::GetSessionVariable method. To retrieve the IMSI, replace L”ICCID” with L”IMSI”.
``` syntax
case CFGMGR_NOTIFICATION_SETSESSIONOBJ:
if (NULL != lpParam)
{
m_pSession = reinterpret_cast<IConfigSession2*>(lpParam);
        m_pSession->AddRef();
    }
    bstrContext = SysAllocString(L"ICCID");
    if (NULL == bstrContext)
    {
    hr = E_OUTOFMEMORY;
    goto Error;
    }
    hr = m_pSession->GetSessionVariable(bstrContext, &varValue);
    if (FAILED(hr))
    {
     goto Error;
    }
    break;
```
 

9
windows/configuration/customize-and-export-start-layout.md
View File

@ -45,10 +45,8 @@ You can deploy the resulting .xml file to devices using one of the following met
- [Mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
<span id="bkmkcustomizestartscreen" />
## Customize the Start screen on your test computer
To prepare a Start layout for export, you simply customize the Start layout on a test computer.
**To prepare a test computer**
@ -57,7 +55,6 @@ To prepare a Start layout for export, you simply customize the Start layout on a
2. Create a new user account that you will use to customize the Start layout.
<a href="" id="bmk-customize-start"></a>
**To customize Start**
1. Sign in to your test computer with the user account that you created.
@ -81,10 +78,8 @@ To prepare a Start layout for export, you simply customize the Start layout on a
>
>In earlier versions of Windows 10, no tile would be pinned.
<span id="bmk-exportstartscreenlayout" />
## Export the Start layout
When you have the Start layout that you want your users to see, use the [Export-StartLayout](https://docs.microsoft.com/powershell/module/startlayout/export-startlayout?view=win10-ps) cmdlet in Windows PowerShell to export the Start layout to an .xml file. Start layout is located by default at C:\Users\username\AppData\Local\Microsoft\Windows\Shell\
>[!IMPORTANT]
@ -176,9 +171,9 @@ If the Start layout is applied by Group Policy or MDM, and the policy is removed
**To configure a partial Start screen layout**
1. [Customize the Start layout](#bmk-customize-start).
1. [Customize the Start layout](#customize-the-start-screen-on-your-test-computer).
2. [Export the Start layout](#bmk-exportstartscreenlayout).
2. [Export the Start layout](#export-the-start-layout).
3. Open the layout .xml file. There is a `<DefaultLayoutOverride>` element. Add `LayoutCustomizationRestrictionType="OnlySpecifiedGroups"` to the **DefaultLayoutOverride** element as follows:
``` syntax

2
windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md
View File

@ -30,7 +30,7 @@ In Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education, you can us
>[!NOTE]
>Support for applying a customized taskbar using MDM is added in Windows 10, version 1703.
**Before you begin**: [Customize and export Start layout](customize-and-export-start-layout.md) for desktop editions.
**Before you begin**: [Customize and export Start layout](customize-and-export-start-layout.md) for desktop editions (also works for taskbar customization).
>[!WARNING]
>When a full Start layout is applied with this method, the users cannot pin, unpin, or uninstall apps from Start. Users can view and open all apps in the **All Apps** view, but they cannot pin any apps to Start. When a partial Start layout is applied, the contents of the specified tile groups cannot be changed, but users can move those groups, and can also create and customize their own groups.

2
windows/configuration/kiosk-single-app.md
View File

@ -31,7 +31,7 @@ A single-app kiosk uses the Assigned Access feature to run a single app above th
>[!IMPORTANT]
>[User account control (UAC)](https://docs.microsoft.com/windows/security/identity-protection/user-account-control/user-account-control-overview) must be turned on to enable kiosk mode.
>
>Kiosk mode is not supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk.
>Kiosk mode is not supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk. Apps that run in kiosk mode cannot use copy and paste.
You have several options for configuring your single-app kiosk.

182
windows/configuration/lock-down-windows-10-to-specific-apps.md
View File

@ -18,16 +18,13 @@ ms.topic: article
# Set up a multi-app kiosk
**Applies to**
- Windows 10 Pro, Enterprise, and Education
- Windows 10 Pro, Enterprise, and Education
A [kiosk device](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) typically runs a single app, and users are prevented from accessing any features or functions on the device outside of the kiosk app. In Windows 10, version 1709, the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) was expanded to make it easy for administrators to create kiosks that run more than one app. The benefit of a kiosk that runs only one or more specified apps is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they dont need to access.
A [kiosk device](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) typically runs a single app, and users are prevented from accessing any features or functions on the device outside of the kiosk app. In Windows 10, version 1709, the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) was expanded to make it easy for administrators to create kiosks that run more than one app. The benefit of a kiosk that runs only one or more specified apps is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they dont need to access.
The following table lists changes to multi-app kiosk in recent updates.
The following table lists changes to multi-app kiosk in recent updates.
| New features and improvements | In update |
|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
@ -39,21 +36,21 @@ The following table lists changes to multi-app kiosk in recent updates.
You can configure multi-app kiosks using [Microsoft Intune](#intune) or a [provisioning package](#provision).
>[!TIP]
>Be sure to check the [configuration recommendations](kiosk-prepare.md) before you set up your kiosk.
<span id="intune"/>
## Configure a kiosk in Microsoft Intune
## Configure a kiosk in Microsoft Intune
To configure a kiosk in Microsoft Intune, see [Windows 10 and Windows Holographic for Business device settings to run as a dedicated kiosk using Intune](https://docs.microsoft.com/intune/kiosk-settings). For explanations of the specific settings, see [Windows 10 and later device settings to run as a kiosk in Intune](https://docs.microsoft.com/intune/kiosk-settings-windows).
<span id="provision" />
## Configure a kiosk using a provisioning package
Process:
1. [Create XML file](#create-xml-file)
2. [Add XML file to provisioning package](#add-xml)
3. [Apply provisioning package to device](#apply-ppkg)
@ -70,19 +67,19 @@ If you don't want to use a provisioning package, you can deploy the configuratio
- The kiosk device must be running Windows 10 (S, Pro, Enterprise, or Education), version 1709 or later
>[!NOTE]
>For devices running versions of Windows 10 earlier than version 1709, you can [create AppLocker rules](lock-down-windows-10-applocker.md) to configure a multi-app kiosk.
>For devices running versions of Windows 10 earlier than version 1709, you can [create AppLocker rules](lock-down-windows-10-applocker.md) to configure a multi-app kiosk.
### Create XML file
Let's start by looking at the basic structure of the XML file.
Let's start by looking at the basic structure of the XML file.
- A configuration xml can define multiple *profiles*. Each profile has a unique **Id** and defines a set of applications that are allowed to run, whether the taskbar is visible, and can include a custom Start layout.
- A configuration xml can define multiple *profiles*. Each profile has a unique **Id** and defines a set of applications that are allowed to run, whether the taskbar is visible, and can include a custom Start layout.
- A configuration xml can have multiple *config* sections. Each config section associates a non-admin user account to a default profile **Id**.
- A configuration xml can have multiple *config* sections. Each config section associates a non-admin user account to a default profile **Id**.
- Multiple config sections can be associated to the same profile.
- A profile has no effect if its not associated to a config section.
- A profile has no effect if its not associated to a config section.
![profile = app and config = account](images/profile-config.png)
@ -90,7 +87,7 @@ You can start your file by pasting the following XML (or any other examples in t
```xml
<?xml version="1.0" encoding="utf-8" ?>
<AssignedAccessConfiguration
<AssignedAccessConfiguration
xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"
xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config"
>
@ -98,7 +95,7 @@ You can start your file by pasting the following XML (or any other examples in t
<Profile Id="">
<AllAppsList>
<AllowedApps/>
</AllAppsList>
</AllAppsList>
<StartLayout/>
<Taskbar/>
</Profile>
@ -119,11 +116,11 @@ There are two types of profiles that you can specify in the XML:
- **Lockdown profile**: Users assigned a lockdown profile will see the desktop in tablet mode with the specific apps on the Start screen.
- **Kiosk profile**: New in Windows 10, version 1803, this profile replaces the KioskModeApp node of the [AssignedAccess CSP](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp). Users assigned a kiosk profile will not see the desktop, but only the kiosk app running in full-screen mode.
A lockdown profile section in the XML has the following entries:
A lockdown profile section in the XML has the following entries:
- [**Id**](#id)
- [**Id**](#id)
- [**AllowedApps**](#allowedapps)
- [**AllowedApps**](#allowedapps)
- [**FileExplorerNamespaceRestrictions**](#fileexplorernamespacerestrictions)
@ -133,15 +130,13 @@ A lockdown profile section in the XML has the following entries:
A kiosk profile in the XML has the following entries:
- [**Id**](#id)
- [**Id**](#id)
- [**KioskModeApp**](#kioskmodeapp)
##### Id
The profile **Id** is a GUID attribute to uniquely identify the profile. You can create a GUID using a GUID generator. The GUID just needs to be unique within this XML file.
The profile **Id** is a GUID attribute to uniquely identify the profile. You can create a GUID using a GUID generator. The GUID just needs to be unique within this XML file.
```xml
<Profiles>
@ -151,30 +146,28 @@ The profile **Id** is a GUID attribute to uniquely identify the profile. You can
##### AllowedApps
**AllowedApps** is a list of applications that are allowed to run. Apps can be Universal Windows Platform (UWP) apps or Windows desktop applications. In Windows 10, version 1809, you can configure a single app in the **AllowedApps** list to run automatically when the assigned access user account signs in.
**AllowedApps** is a list of applications that are allowed to run. Apps can be Universal Windows Platform (UWP) apps or Windows desktop applications. In Windows 10, version 1809, you can configure a single app in the **AllowedApps** list to run automatically when the assigned access user account signs in.
- For UWP apps, you need to provide the App User Model ID (AUMID). [Learn how to get the AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867), or [get the AUMID from the Start Layout XML](#startlayout).
- For UWP apps, you need to provide the App User Model ID (AUMID). [Learn how to get the AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867), or [get the AUMID from the Start Layout XML](#startlayout).
- For desktop apps, you need to specify the full path of the executable, which can contain one or more system environment variables in the form of %variableName% (i.e. %systemroot%, %windir%).
- If an app has a dependency on another app, both must be included in the allowed apps list. For example, Internet Explorer 64-bit has a dependency on Internet Explorer 32-bit, so you must allow both "C:\Program Files\internet explorer\iexplore.exe" and “C:\Program Files (x86)\Internet Explorer\iexplore.exe”.
- If an app has a dependency on another app, both must be included in the allowed apps list. For example, Internet Explorer 64-bit has a dependency on Internet Explorer 32-bit, so you must allow both "C:\Program Files\internet explorer\iexplore.exe" and “C:\Program Files (x86)\Internet Explorer\iexplore.exe”.
- To configure a single app to launch automatically when the user signs in, include `rs5:AutoLaunch="true"` after the AUMID or path. You can also include arguments to be passed to the app. For an example, see [the AllowedApps sample XML](#apps-sample).
When the mult-app kiosk configuration is applied to a device, AppLocker rules will be generated to allow the apps that are listed in the configuration. Here are the predefined assigned access AppLocker rules for **UWP apps**:
When the multi-app kiosk configuration is applied to a device, AppLocker rules will be generated to allow the apps that are listed in the configuration. Here are the predefined assigned access AppLocker rules for **UWP apps**:
1. Default rule is to allow all users to launch the signed package apps.
2. The package app deny list is generated at runtime when the assigned access user signs in. Based on the installed/provisioned package apps available for the user account, assigned access generates the deny list. This list will exclude the default allowed inbox package apps which are critical for the system to function, and then exclude the allowed packages that enterprises defined in the assigned access configuration. If there are multiple apps within the same package, all these apps will be excluded. This deny list will be used to prevent the user from accessing the apps which are currently available for the user but not in the allowed list.
1. Default rule is to allow all users to launch the signed package apps.
2. The package app deny list is generated at runtime when the assigned access user signs in. Based on the installed/provisioned package apps available for the user account, assigned access generates the deny list. This list will exclude the default allowed inbox package apps which are critical for the system to function, and then exclude the allowed packages that enterprises defined in the assigned access configuration. If there are multiple apps within the same package, all these apps will be excluded. This deny list will be used to prevent the user from accessing the apps which are currently available for the user but not in the allowed list.
>[!NOTE]
>You cannot manage AppLocker rules that are generated by the multi-app kiosk configuration in [MMC snap-ins](https://technet.microsoft.com/library/hh994629.aspx#BKMK_Using_Snapins). Avoid creating AppLocker rules that conflict with AppLocker rules that are generated by the multi-app kiosk configuration.
>
>Multi-app kiosk mode doesnt block the enterprise or the users from installing UWP apps. When a new UWP app is installed during the current assigned access user session, this app will not be in the deny list. When the user signs out and signs in again, the app will be included in the deny list. If this is an enterprise-deployed line-of-business app and you want to allow it to run, update the assigned access configuration to include it in the allowed app list.
>Multi-app kiosk mode doesnt block the enterprise or the users from installing UWP apps. When a new UWP app is installed during the current assigned access user session, this app will not be in the deny list. When the user signs out and signs in again, the app will be included in the deny list. If this is an enterprise-deployed line-of-business app and you want to allow it to run, update the assigned access configuration to include it in the allowed app list.
Here are the predefined assigned access AppLocker rules for **desktop apps**:
1. Default rule is to allow all users to launch the desktop programs signed with Microsoft Certificate in order for the system to boot and function. The rule also allows the admin user group to launch all desktop programs.
2. There is a predefined inbox desktop app deny list for the assigned access user account, and this deny list is adjusted based on the desktop app allow list that you defined in the multi-app configuration.
3. Enterprise-defined allowed desktop apps are added in the AppLocker allow list.
1. Default rule is to allow all users to launch the desktop programs signed with Microsoft Certificate in order for the system to boot and function. The rule also allows the admin user group to launch all desktop programs.
2. There is a predefined inbox desktop app deny list for the assigned access user account, and this deny list is adjusted based on the desktop app allow list that you defined in the multi-app configuration.
3. Enterprise-defined allowed desktop apps are added in the AppLocker allow list.
The following example allows Groove Music, Movies & TV, Photos, Weather, Calculator, Paint, and Notepad apps to run on the device, with Notepad configured to automatically launch and create a file called `123.text` when the user signs in.
@ -220,23 +213,23 @@ The following example shows how to allow user access to the Downloads folder in
...
</StartLayout>
<Taskbar ShowTaskbar="true"/>
</Profile>
</Profile>
</Profiles>
</AssignedAccessConfiguration>
```
##### StartLayout
After you define the list of allowed applications, you can customize the Start layout for your kiosk experience. You can choose to pin all the allowed apps on the Start screen or just a subset, depending on whether you want the end user to directly access them on the Start screen.
After you define the list of allowed applications, you can customize the Start layout for your kiosk experience. You can choose to pin all the allowed apps on the Start screen or just a subset, depending on whether you want the end user to directly access them on the Start screen.
The easiest way to create a customized Start layout to apply to other Windows 10 devices is to set up the Start screen on a test device and then export the layout. For detailed steps, see [Customize and export Start layout](customize-and-export-start-layout.md).
A few things to note here:
- The test device on which you customize the Start layout should have the same OS version that is installed on the device where you plan to deploy the multi-app assigned access configuration.
- Since the multi-app assigned access experience is intended for fixed-purpose devices, to ensure the device experiences are consistent and predictable, use the *full* Start layout option instead of the *partial* Start layout.
- The test device on which you customize the Start layout should have the same OS version that is installed on the device where you plan to deploy the multi-app assigned access configuration.
- Since the multi-app assigned access experience is intended for fixed-purpose devices, to ensure the device experiences are consistent and predictable, use the *full* Start layout option instead of the *partial* Start layout.
- There are no apps pinned on the taskbar in the multi-app mode, and it is not supported to configure Taskbar layout using the `<CustomTaskbarLayoutCollection>` tag in a layout modification XML as part of the assigned access configuration.
- The following example uses DesktopApplicationLinkPath to pin the desktop app to start. When the desktop app doesnt have a shortcut link on the target device, [learn how to provision .lnk files using Windows Configuration Designer](#lnk-files).
- The following example uses DesktopApplicationLinkPath to pin the desktop app to start. When the desktop app doesnt have a shortcut link on the target device, [learn how to provision .lnk files using Windows Configuration Designer](#lnk-files).
This example pins Groove Music, Movies & TV, Photos, Weather, Calculator, Paint, and Notepad apps on Start.
@ -267,14 +260,13 @@ This example pins Groove Music, Movies & TV, Photos, Weather, Calculator, Paint,
```
>[!NOTE]
>If an app is not installed for the user but is included in the Start layout XML, the app will not be shown on the Start screen.
>If an app is not installed for the user but is included in the Start layout XML, the app will not be shown on the Start screen.
![What the Start screen looks like when the XML sample is applied](images/sample-start.png)
##### Taskbar
Define whether you want to have the taskbar present in the kiosk device. For tablet-based or touch-enabled all-in-one kiosks, when you dont attach a keyboard and mouse, you can hide the taskbar as part of the multi-app experience if you want.
Define whether you want to have the taskbar present in the kiosk device. For tablet-based or touch-enabled all-in-one kiosks, when you dont attach a keyboard and mouse, you can hide the taskbar as part of the multi-app experience if you want.
The following example exposes the taskbar to the end user:
@ -289,9 +281,9 @@ The following example hides the taskbar:
```
>[!NOTE]
>This is different from the **Automatically hide the taskbar** option in tablet mode, which shows the taskbar when swiping up from or moving the mouse pointer down to the bottom of the screen. Setting **ShowTaskbar** as **false** will always keep the taskbar hidden.
>This is different from the **Automatically hide the taskbar** option in tablet mode, which shows the taskbar when swiping up from or moving the mouse pointer down to the bottom of the screen. Setting **ShowTaskbar** as **false** will always keep the taskbar hidden.
##### KioskModeApp
##### KioskModeApp
**KioskModeApp** is used for a [kiosk profile](#profile) only. Enter the AUMID for a single app. You can only specify one kiosk profile in the XML.
@ -302,27 +294,25 @@ The following example hides the taskbar:
>[!IMPORTANT]
>The kiosk profile is designed for public-facing kiosk devices. We recommend that you use a local, non-administrator account. If the device is connected to your company network, using a domain or Azure Active Directory account could potentially compromise confidential information.
#### Configs
Under **Configs**, define which user account will be associated with the profile. When this user account signs in on the device, the associated assigned access profile will be enforced, including the allowed apps, Start layout, and taskbar configuration, as well as other local group policies or mobile device management (MDM) policies set as part of the multi-app experience.
Under **Configs**, define which user account will be associated with the profile. When this user account signs in on the device, the associated assigned access profile will be enforced, including the allowed apps, Start layout, and taskbar configuration, as well as other local group policies or mobile device management (MDM) policies set as part of the multi-app experience.
The full multi-app assigned access experience can only work for non-admin users. Its not supported to associate an admin user with the assigned access profile; doing this in the XML file will result in unexpected/unsupported experiences when this admin user signs in.
The full multi-app assigned access experience can only work for non-admin users. Its not supported to associate an admin user with the assigned access profile; doing this in the XML file will result in unexpected/unsupported experiences when this admin user signs in.
You can assign:
- [A local standard user account that signs in automatically](#config-for-autologon-account) (Applies to Windows 10, version 1803 only)
- [An individual account, which can be local, domain, or Azure Active Directory (Azure AD)](#config-for-individual-accounts)
- [A group account, which can be local, Active Directory (domain), or Azure AD](#config-for-group-accounts) (Applies to Windows 10, version 1803 only)
- [A group account, which can be local, Active Directory (domain), or Azure AD](#config-for-group-accounts) (Applies to Windows 10, version 1803 only).
>[!NOTE]
>Configs that specify group accounts cannot use a kiosk profile, only a lockdown profile. If a group is configured to a kiosk profile, the CSP will reject the request.
>Configs that specify group accounts cannot use a kiosk profile, only a lockdown profile. If a group is configured to a kiosk profile, the CSP will reject the request.
##### Config for AutoLogon Account
When you use `<AutoLogonAccount>` and the configuration is applied to a device, the specified account (managed by Assigned Access) is created on the device as a local standard user account. The specified account is signed in automatically after restart.
The following example shows how to specify an account to sign in automatically.
```xml
@ -331,7 +321,7 @@ The following example shows how to specify an account to sign in automatically.
<AutoLogonAccount/>
<DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
</Config>
</Configs>
</Configs>
```
In Windows 10, version 1809, you can configure the display name that will be shown when the user signs in. The following example shows how to create an AutoLogon Account that shows the name "Hello World".
@ -347,13 +337,12 @@ In Windows 10, version 1809, you can configure the display name that will be sho
On domain-joined devices, local user accounts aren't shown on the sign-in screen by default. To show the **AutoLogonAccount** on the sign-in screen, enable the following Group Policy setting: **Computer Configuration > Administrative Templates > System > Logon > Enumerate local users on domain-joined computers**. (The corresponding MDM policy setting is [WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers in the Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-windowslogon#windowslogon-enumeratelocalusersondomainjoinedcomputers).)
>[!IMPORTANT]
>When Exchange Active Sync (EAS) password restrictions are active on the device, the autologon feature does not work. This behavior is by design. For more informations, see [How to turn on automatic logon in Windows](https://support.microsoft.com/help/324737/how-to-turn-on-automatic-logon-in-windows).
##### Config for individual accounts
Individual accounts are specified using `<Account>`.
Individual accounts are specified using `<Account>`.
- Local account can be entered as `machinename\account` or `.\account` or just `account`.
- Domain account should be entered as `domain\account`.
@ -362,58 +351,56 @@ Individual accounts are specified using `<Account>`.
>[!WARNING]
>Assigned access can be configured via WMI or CSP to run its applications under a domain user or service account, rather than a local account. However, use of domain user or service accounts introduces risks that an attacker subverting the assigned access application might gain access to sensitive domain resources that have been inadvertently left accessible to any domain account. We recommend that customers proceed with caution when using domain accounts with assigned access, and consider the domain resources potentially exposed by the decision to do so.
Before applying the multi-app configuration, make sure the specified user account is available on the device, otherwise it will fail.
>[!NOTE]
>For both domain and Azure AD accounts, its not required that target account is explicitly added to the device. As long as the device is AD-joined or Azure AD-joined, the account can be discovered in the domain forest or tenant that the device is joined to. For local accounts, it is required that the account exist before you configure the account for assigned access.
```xml
<Configs>
<Config>
<Account>MultiAppKioskUser</Account>
<DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
</Config>
</Configs>
</Configs>
```
##### Config for group accounts
Group accounts are specified using `<UserGroup>`. Nested groups are not supported. For example, if user A is member of Group 1, Group 1 is member of Group 2, and Group 2 is used in `<Config/>`, user A will not have the kiosk experience.
Group accounts are specified using `<UserGroup>`. Nested groups are not supported. For example, if user A is member of Group 1, Group 1 is member of Group 2, and Group 2 is used in `<Config/>`, user A will not have the kiosk experience.
- Local group: Specify the group type as **LocalGroup** and put the group name in Name attribute. Any Azure AD accounts that are added to the local group will not have the kiosk settings applied.
```xml
<Config>
<UserGroup Type="LocalGroup" Name="mygroup" />
<DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
</Config>
<Config>
<UserGroup Type="LocalGroup" Name="mygroup" />
<DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
</Config>
```
- Domain group: Both security and distribution groups are supported. Specify the group type as <strong>ActiveDirectoryGroup</strong>. Use the domain name as the prefix in the name attribute.
```xml
<Config>
<UserGroup Type="ActiveDirectoryGroup" Name="mydomain\mygroup" />
<DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
</Config>
<Config>
<UserGroup Type="ActiveDirectoryGroup" Name="mydomain\mygroup" />
<DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
</Config>
```
- Azure AD group: Use the group object ID from the Azure portal to uniquely identify the group in the Name attribute. You can find the object ID on the overview page for the group in **Users and groups** > **All groups**. Specify the group type as **AzureActiveDirectoryGroup**. The kiosk device must have internet connectivity when users that belong to the group sign in.
```xml
<Config>
<UserGroup Type="AzureActiveDirectoryGroup" Name="a8d36e43-4180-4ac5-a627-fb8149bba1ac" />
<DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
</Config>
<Config>
<UserGroup Type="AzureActiveDirectoryGroup" Name="a8d36e43-4180-4ac5-a627-fb8149bba1ac" />
<DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
</Config>
```
>[!NOTE]
>If an Azure AD group is configured with a lockdown profile on a device, a user in the Azure AD group must change their password (after the account has been created with default password on the portal) before they can sign in to this device. If the user uses the default password to sign in to the device, the user will be immediately signed out.
>If an Azure AD group is configured with a lockdown profile on a device, a user in the Azure AD group must change their password (after the account has been created with default password on the portal) before they can sign in to this device. If the user uses the default password to sign in to the device, the user will be immediately signed out.
<span id="add-xml" />
### Add XML file to provisioning package
Before you add the XML file to a provisioning package, you can [validate your configuration XML against the XSD](kiosk-xml.md#xsd-for-assignedaccess-configuration-xml).
@ -439,7 +426,7 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
![Screenshot of the MultiAppAssignedAccessSettings field in Windows Configuration Designer](images/multiappassignedaccesssettings.png)
8. (**Optional**: If you want to apply the provisioning package after device initial setup and there is an admin user already available on the kiosk device, skip this step.) Create an admin user account in **Runtime settings** &gt; **Accounts** &gt; **Users**. Provide a **UserName** and **Password**, and select **UserGroup** as **Administrators**. With this account, you can view the provisioning status and logs if needed.
8. (**Optional**: If you want to apply the provisioning package after device initial setup and there is an admin user already available on the kiosk device, skip this step.) Create an admin user account in **Runtime settings** &gt; **Accounts** &gt; **Users**. Provide a **UserName** and **Password**, and select **UserGroup** as **Administrators**. With this account, you can view the provisioning status and logs if needed.
9. (**Optional**: If you already have a non-admin account on the kiosk device, skip this step.) Create a local standard user account in **Runtime settings** &gt; **Accounts** &gt; **Users**. Make sure the **UserName** is the same as the account that you specify in the configuration XML. Select **UserGroup** as **Standard Users**.
@ -451,9 +438,9 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
13. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing.
- **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen.
- **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen.
- **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Browse** and choosing the certificate you want to use to sign the package.
- **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Browse** and choosing the certificate you want to use to sign the package.
14. Click **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows Imaging and Configuration Designer (ICD) uses the project folder as the output location.
@ -469,12 +456,13 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
If your build is successful, the name of the provisioning package, output directory, and project directory will be shown.
- If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build.
- If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**.
- If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build.
- If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**.
18. Copy the provisioning package to the root directory of a USB drive.
<span id="apply-ppkg" />
### Apply provisioning package to device
Provisioning packages can be applied to a device during the first-run experience (out-of-box experience or "OOBE") and after ("runtime").
@ -504,46 +492,28 @@ Provisioning packages can be applied to a device during the first-run experience
![Do you trust this package?](images/trust-package.png)
#### After setup, from a USB drive, network folder, or SharePoint site
1. Sign in with an admin account.
2. Insert the USB drive to a desktop computer, navigate to **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** > **Add a package**, and select the package to install. For a provisioning package stored on a network folder or on a SharePoint site, navigate to the provisioning package and double-click it to begin installation.
>[!NOTE]
>if your provisioning package doesnt include the assigned access user account creation, make sure the account you specified in the multi-app configuration XML exists on the device.
>if your provisioning package doesnt include the assigned access user account creation, make sure the account you specified in the multi-app configuration XML exists on the device.
![add a package option](images/package.png)
<span id="alternate-methods" />
### Use MDM to deploy the multi-app configuration
### Use MDM to deploy the multi-app configuration
Multi-app kiosk mode is enabled by the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp). Your MDM policy can contain the assigned access configuration XML.
Multi-app kiosk mode is enabled by the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp). Your MDM policy can contain the assigned access configuration XML.
If your device is enrolled with a MDM server which supports applying the assigned access configuration, you can use it to apply the setting remotely.
If your device is enrolled with a MDM server which supports applying the assigned access configuration, you can use it to apply the setting remotely.
The OMA-URI for multi-app policy is `./Device/Vendor/MSFT/AssignedAccess/Configuration`.
## Considerations for Windows Mixed Reality immersive headsets
With the advent of [mixed reality devices (video link)](https://www.youtube.com/watch?v=u0jqNioU2Lo), you might want to create a kiosk that can run mixed reality apps.
With the advent of [mixed reality devices (video link)](https://www.youtube.com/watch?v=u0jqNioU2Lo), you might want to create a kiosk that can run mixed reality apps.
To create a multi-app kiosk that can run mixed reality apps, you must include the following apps in the [AllowedApps list](#allowedapps):
@ -561,14 +531,12 @@ After the admin has completed setup, the kiosk account can sign in and repeat th
There is a difference between the mixed reality experiences for a kiosk user and other users. Typically, when a user connects a mixed reality device, they begin in the [Mixed Reality home](https://developer.microsoft.com/windows/mixed-reality/navigating_the_windows_mixed_reality_home). The Mixed Reality home is a shell that runs in "silent" mode when the PC is configured as a kiosk. When a kiosk user connects a mixed reality device, they will see only a blank display in the device, and will not have access to the features and functionality available in the home. To run a mixed reality app, the kiosk user must launch the app from the PC Start screen.
## Policies set by multi-app kiosk configuration
It is not recommended to set policies enforced in assigned access multi-app mode to different values using other channels, as the multi-app mode has been optimized to provide a locked-down experience.
When the multi-app assigned access configuration is applied on the device, certain policies are enforced system-wide, and will impact other users on the device.
### Group Policy
The following local policies affect all **non-administrator** users on the system, regardless whether the user is configured as an assigned access user or not. This includes local users, domain users, and Azure Active Directory users.
@ -605,11 +573,8 @@ Prevent access to drives from My Computer | Enabled - Restrict all drivers
>[!NOTE]
>When **Prevent access to drives from My Computer** is enabled, users can browse the directory structure in File Explorer, but they cannot open folders and access the contents. Also, they cannot use the **Run** dialog box or the **Map Network Drive** dialog box to view the directories on these drives. The icons representing the specified drives still appear in File Explorer, but if users double-click the icons, a message appears explaining that a setting prevents the action. This setting does not prevent users from using programs to access local and network drives. It does not prevent users from using the Disk Management snap-in to view and change drive characteristics.
### MDM policy
Some of the MDM policies based on the [Policy configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider) affect all users on the system (i.e. system-wide).
Setting | Value | System-wide
@ -633,13 +598,14 @@ Start/DisableContextMenus | 1 - Context menus are hidden for Start apps | No
[WindowsLogon/DontDisplayNetworkSelectionUI](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-windowslogon#windowslogon-dontdisplaynetworkselectionui) | &lt;Enabled/&gt; | Yes
<span id="lnk-files" />
## Provision .lnk files using Windows Configuration Designer
First, create your desktop app's shortcut file by installing the app on a test device, using the default installation location. Right-click the installed application, and choose **Send to** > **Desktop (create shortcut)**. Rename the shortcut to `<appName>.lnk`
Next, create a batch file with two commands. If the desktop app is already installed on the target device, skip the first command for MSI install.
Next, create a batch file with two commands. If the desktop app is already installed on the target device, skip the first command for MSI install.
```
```PowerShell
msiexec /I "<appName>.msi" /qn /norestart
copy <appName>.lnk "%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\<appName>.lnk"
```

2
windows/configuration/start-secondary-tiles.md
View File

@ -64,7 +64,7 @@ In Windows 10, version 1703, by using the PowerShell cmdlet `export-StartLayoutE
## Export Start layout and assets
1. Follow the instructions in [Customize and export Start layout](customize-and-export-start-layout.md#bkmkcustomizestartscreen) to customize the Start screen on your test computer.
1. Follow the instructions in [Customize and export Start layout](customize-and-export-start-layout.md#customize-the-start-screen-on-your-test-computer) to customize the Start screen on your test computer.
2. Open Windows PowerShell as an administrator and enter the following command:
```

7
windows/deployment/update/windows-analytics-get-started.md
View File

@ -75,6 +75,12 @@ To enable data sharing, configure your proxy server to whitelist the following e
> [!IMPORTANT]
> For privacy and data integrity, Windows checks for a Microsoft SSL certificate when communicating with the diagnostic data endpoints. SSL interception and inspection aren't possible. To use Desktop Analytics, exclude these endpoints from SSL inspection.<!-- BUG 4647542 -->
>[!NOTE]
>Microsoft has a strong commitment to providing the tools and resources that put you in control of your privacy. As a result, Microsoft doesn't collect the following data from devices located in European countries (EEA and Switzerland):
>- Windows diagnostic data from Windows 8.1 devices
>- App usage data for Windows 7 devices
### Configuring endpoint access with SSL inspection
To ensure privacy and data integrity Windows checks for a Microsoft SSL certificate when communicating with the diagnostic data endpoints. Accordingly SSL interception and inspection is not possible. To use Windows Analytics services you should exclude the above endpoints from SSL inspection.
@ -205,3 +211,4 @@ Note that it is possible to intiate a full inventory scan on a device by calling
- CompatTelRunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun ent
For details on how to run these and how to check results, see the deployment script.

2
windows/deployment/upgrade/upgrade-readiness-get-started.md
View File

@ -26,7 +26,7 @@ You can use Upgrade Readiness to plan and manage your upgrade project end-to-end
Before you begin, consider reviewing the following helpful information:<BR>
- [Upgrade Readiness requirements](upgrade-readiness-requirements.md): Provides detailed requirements to use Upgrade Readiness.<BR>
- [Upgrade Readiness blog](https://aka.ms/blog/WindowsAnalytics): Contains announcements of new features and provides helpful tips for using Upgrade Readiness.
- [Upgrade Readiness blog](https://techcommunity.microsoft.com/t5/Windows-Analytics-Blog/bg-p/WindowsAnalyticsBlog): Contains announcements of new features and provides helpful tips for using Upgrade Readiness.
>If you are using System Center Configuration Manager, also check out information about how to integrate Upgrade Readiness with Configuration Manager: [Integrate Upgrade Readiness with System Center Configuration Manager](https://docs.microsoft.com/sccm/core/clients/manage/upgrade/upgrade-analytics).

24
windows/deployment/windows-autopilot/troubleshooting.md
View File

@ -26,20 +26,20 @@ Windows Autopilot is designed to simplify all parts of the Windows device lifecy
Regardless of whether performing user-driven or self-deploying device deployments, the troubleshooting process is the mostly the same. It is useful to understand the flow for a specific device:
- Network connection established. This can be a wireless (Wi-fi) or wired (Ethernet) connection.
- Windows Autopilot profile downloaded. Whether using a wired connection or manually establishing a wireless connection, the Windows Autopilot profile will be downloaded from the Autopilot deployment service as soon as the network connection is in place.
- User authentication. When performing a user-driven deployment, the user will enter their Azure Active Directory credentials, which will be validated.
- Azure Active Directory join. For user-driven deployments, the device will be joined to Azure AD using the specified user credentials. For self-deploying scenarios, the device will be joined without specifying any user credentials.
- Automatic MDM enrollment. As part of the Azure AD join process, the device will enroll in the MDM service configured in Azure AD (e.g. Microsoft Intune).
- Settings are applied. If the [enrollment status page](enrollment-status.md) is configured, most settings will be applied while the enrollment status page is displayed. If not configured or available, settings will be applied after the user is signed in.
- Network connection established. This can be a wireless (Wi-fi) or wired (Ethernet) connection.
- Windows Autopilot profile downloaded. Whether using a wired connection or manually establishing a wireless connection, the Windows Autopilot profile will be downloaded from the Autopilot deployment service as soon as the network connection is in place.
- User authentication. When performing a user-driven deployment, the user will enter their Azure Active Directory credentials, which will be validated.
- Azure Active Directory join. For user-driven deployments, the device will be joined to Azure AD using the specified user credentials. For self-deploying scenarios, the device will be joined without specifying any user credentials.
- Automatic MDM enrollment. As part of the Azure AD join process, the device will enroll in the MDM service configured in Azure AD (e.g. Microsoft Intune).
- Settings are applied. If the [enrollment status page](enrollment-status.md) is configured, most settings will be applied while the enrollment status page is displayed. If not configured or available, settings will be applied after the user is signed in.
For troubleshooting, key activities to perform are:
- Configuration. Has Azure Active Directory and Microsoft Intune (or an equivalent MDM service) been configured as specified in [Windows Autopilot configuration requirements](windows-autopilot-requirements.md)?
- Network connectivity. Can the device access the services described in [Windows Autopilot networking requirements](windows-autopilot-requirements.md)?
- Autopilot OOBE behavior. Were only the expected out-of-box experience screens displayed? Was the Azure AD credentials page customized with organization-specific details as expected?
- Azure AD join issues. Was the device able to join Azure Active Directory?
- MDM enrollment issues. Was the device able to enroll in Microsoft Intune (or an equivalent MDM service)?
- Configuration. Has Azure Active Directory and Microsoft Intune (or an equivalent MDM service) been configured as specified in [Windows Autopilot configuration requirements](windows-autopilot-requirements.md)?
- Network connectivity. Can the device access the services described in [Windows Autopilot networking requirements](windows-autopilot-requirements.md)?
- Autopilot OOBE behavior. Were only the expected out-of-box experience screens displayed? Was the Azure AD credentials page customized with organization-specific details as expected?
- Azure AD join issues. Was the device able to join Azure Active Directory?
- MDM enrollment issues. Was the device able to enroll in Microsoft Intune (or an equivalent MDM service)?
## Troubleshooting Autopilot OOBE issues
@ -109,7 +109,7 @@ When a profile is downloaded depends on the version of Windows 10 that is runnin
| 1803 | The profile is downloaded as soon as possible. If wired, it is downloaded at the start of OOBE. If wireless, it is downloaded after the network connection page. |
| 1809 | The profile is downloaded as soon as possible (same as 1803), and again after each reboot. |
If you need to reboot a computer during OOBE:
If you need to reboot a computer during OOBE:
- Press Shift-F10 to open a command prompt.
- Enter **shutdown /r /t 0** to restart immediately, or **shutdown /s /t 0** to shutdown immediately.

3
windows/deployment/windows-autopilot/white-glove.md
View File

@ -38,6 +38,9 @@ In addition to [Windows Autopilot requirements](windows-autopilot-requirements.m
- Physical devices that support TPM 2.0 and device attestation; virtual machines are not supported. The white glove provisioning process leverages Windows Autopilot self-deploying capabilities, hence the TPM 2.0 requirements.
- Physical devices with Ethernet connectivity; Wi-fi connectivity is not supported due to the requirement to choose a language, locale, and keyboard to make that Wi-fi connection; doing that in a pre-provisioning process could prevent the user from choosing their own language, locale, and keyboard when they receive the device.
>[!IMPORTANT]
>Because the OEM or vendor performs the white glove process, this <u>doesnt require access to an end-user's on-prem domain infrastructure</u>. This is unlike a typical hybrid Azure AD-joined scenario because rebooting the device is postponed. The device is resealed prior to the time when connectivity to a domain controller is expected, and the domain network is contacted when the device is unboxed on-prem by the end-user.
## Preparation
Devices slated for WG provisioning are registered for Autopilot via the normal registration process.

26
windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
View File

@ -9,7 +9,7 @@ ms.sitesec: library
ms.localizationpriority: medium
author: medgarmedgar
ms.author: v-medgar
ms.date: 3/1/2019
ms.date: 7/9/2019
---
# Manage connections from Windows operating system components to Microsoft services using Microsoft Intune MDM Server
@ -70,14 +70,15 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt
| 14. Offline maps | [AllowOfflineMapsDownloadOverMeteredConnection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-maps)|Allows the download and update of map data over metered connections. <br /> **Set to 0 (zero)**
| | [EnableOfflineMapsAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-maps#maps-enableofflinemapsautoupdate)|Disables the automatic download and update of map data. **Set to 0 (zero)**
| 15. OneDrive | [DisableOneDriveFileSync](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-disableonedrivefilesync)| Allows IT Admins to prevent apps and features from working with files on OneDrive. **Set to 1 (one)**
| 15.1 Injest the ADMX | To get the latest OneDrive ADMX file you need an up-to-date Windows 10 client. | The ADMX files are located under the following path: %LocalAppData%\Microsoft\OneDrive\ there's a folder with the current OneDrive build (e.g. "18.162.0812.0001").
| 15.2 Prevent Network Traffic before User SignIn | PreventNetworkTrafficPreUserSignIn | The OMA-URI value is: ./Device/Vendor/MSFT/Policy/Config/OneDriveNGSC\~Policy\~OneDriveNGSC/PreventNetworkTrafficPreUserSignIn
| 16. Preinstalled apps | N/A | N/A
| 17. Privacy settings | | Except for the Feedback & Diagnostics page, these settings must be configured for every user account that signs into the PC.
| 17.1 General | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | This policy setting controls the ability to send inking and typing data to Microsoft. **Set to 0 (zero)**
| 17.2 Location | [System/AllowLocation](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowlocation) | Specifies whether to allow app access to the Location service. **Set to 0 (zero)**
| 17.3 Camera | [Camera/AllowCamera](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-camera#camera-allowcamera) | Disables or enables the camera. **Set to 0 (zero)**
| 17.4 Microphone | [Privacy/LetAppsAccessMicrophone](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmicrophone) | Specifies whether Windows apps can access the microphone. **Set to 2 (two)**
| 17.5 Notifications | [Notifications/DisallowCloudNotification](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-notifications#notifications-disallowcloudnotification) | Turn off notifications network usage. **DO NOT TURN OFF WNS Notifications if you want manage your device(s) using Microsoft InTune**
| | [Privacy/LetAppsAccessNotifications](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessnotifications) | Specifies whether Windows apps can access notifications. **Set to 2 (two)**
| 17.5 Notifications | [Privacy/LetAppsAccessNotifications](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessnotifications) | Specifies whether Windows apps can access notifications. **Set to 2 (two)**
| | [Settings/AllowOnlineTips]( https://docs.microsoft.com/windows/client-management/mdm/policy-csp-settings#settings-allowonlinetips) | Enables or disables the retrieval of online tips and help for the Settings app. **Set to Disabled**
| 17.6 Speech, Inking, & Typing | [Privacy/AllowInputPersonalization](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | This policy specifies whether users on the device have the option to enable online speech recognition. **Set to 0 (zero)**
| | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection)| This policy setting controls the ability to send inking and typing data to Microsoft **Set to 0 (zero)**
@ -106,13 +107,30 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt
| | [Defender/SubmitSamplesConsent](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-submitsamplesconsent) | Stop sending file samples back to Microsoft. **Set to 2 (two)**
| 23.1 Windows Defender Smartscreen | [Browser/AllowSmartScreen](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) | Disable Windows Defender Smartscreen. **Set to 0 (zero)**
| 23.2 Windows Defender Smartscreen EnableAppInstallControl | [SmartScreen/EnableAppInstallControl](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol) | Controls whether users are allowed to install apps from places other than the Microsoft Store. **Set to 0 (zero)**
| 23.3 Windows Defender Potentially Unwanted Applications(PUA) Protection | [Defender/PUAProtection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-puaprotection) | Specifies the level of detection for potentially unwanted applications (PUAs). **Set to 1 (one)**
| 24. Windows Spotlight | [Experience/AllowWindowsSpotlight](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsspotlight) | Disable Windows Spotlight. **Set to 0 (zero)**
| 25. Microsoft Store | [ApplicationManagement/DisableStoreOriginatedApps](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-disablestoreoriginatedapps)| Boolean value that disables the launch of all apps from Microsoft Store that came pre-installed or were downloaded. **Set to 1 (one)**
| | [ApplicationManagement/AllowAppStoreAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowappstoreautoupdate)| Specifies whether automatic update of apps from Microsoft Store are allowed. **Set to 0 (zero)**
| 25.1 Apps for websites | [ApplicationDefaults/EnableAppUriHandlers](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationdefaults#applicationdefaults-enableappurihandlers) | This policy setting determines whether Windows supports web-to-app linking with app URI handlers. **Set to 0 (zero)**
| 26. Windows Update Delivery Optimization | | The following Delivery Optimization MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
| | [DeliveryOptimization/DODownloadMode](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodownloadmode)| Lets you choose where Delivery Optimization gets or sends updates and apps. **Set to 100 (one hundred)**
| 27. Windows Update | [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) | Control automatic updates. **Set to 5 (five)**
| 27. Windows Update | [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) | Control automatic updates. **Set to 5 (five)**
| 27.1 Windows Update Allow Update Service | [Update/AllowUpdateService](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-allowupdateservice) | Specifies whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. **Set to 0 (zero)**
| 27.2 Windows Update Service URL| [Update/UpdateServiceUrl](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-updateserviceurl) | Allows the device to check for updates from a WSUS server instead of Microsoft Update. **Set to String** with this Value:
<Replace>
<CmdID>$CmdID$</CmdID>
<Item>
<Meta>
<Format>chr</Format>
<Type>text/plain</Type>
</Meta>
<Target>
<LocURI>./Vendor/MSFT/Policy/Config/Update/UpdateServiceUrl</LocURI>
</Target>
<Data>http://abcd-srv:8530</Data>
</Item>
</Replace>
### <a href="" id="bkmk-mdm-whitelist"></a> Allowed traffic ("Whitelisted traffic") for Microsoft InTune / MDM configurations

13
windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
View File

@ -547,14 +547,7 @@ To turn off the Windows Mail app:
### <a href="" id="bkmk-microsoft-account"></a>12. Microsoft Account
To prevent communication to the Microsoft Account cloud authentication service. Many apps and system components that depend on Microsoft Account authentication may lose functionality. Some of them could be in unexpected ways. For example, Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See [Feature updates are not being offered while other updates are](https://docs.microsoft.com/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are).
- **Enable** the Group Policy: **Computer Configuration** &gt; **Windows Settings** &gt; **Security Settings** &gt; **Local Policies** &gt; **Security Options** &gt; **Accounts: Block Microsoft Accounts** and set it to **Users can't add Microsoft accounts**.
-or-
- Create a REG_DWORD registry setting named **NoConnectedUser** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System** with a **value of 3**.
Use the below setting to prevent communication to the Microsoft Account cloud authentication service. Many apps and system components that depend on Microsoft Account authentication may lose functionality. Some of them could be in unexpected ways. For example, Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See [Feature updates are not being offered while other updates are](https://docs.microsoft.com/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are).
To disable the Microsoft Account Sign-In Assistant:
@ -604,9 +597,9 @@ For a complete list of the Microsoft Edge policies, see [Available policies for
### <a href="" id="bkmk-ncsi"></a>14. Network Connection Status Indicator
Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to http://www.msftconnecttest.com/connecttest.txt to determine if the device can communicate with the Internet. For more info about NCSI, see [The Network Connection Status Icon](https://techcommunity.microsoft.com/t5/Networking-Blog/bg-p/NetworkingBlog).
Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to http://www.msftconnecttest.com/connecttest.txt to determine if the device can communicate with the Internet. See the [Microsoft Networking Blog](https://techcommunity.microsoft.com/t5/Networking-Blog/bg-p/NetworkingBlog) to learn more.
In versions of Windows 10 prior to Windows 10, version 1607 and Windows Server 2016, the URL was `http://www.msftncsi.com`.
In versions of Windows 10 prior to version 1607 and Windows Server 2016, the URL was `http://www.msftncsi.com/ncsi.txt`.
You can turn off NCSI by doing one of the following:

BIN
windows/release-information/cat-windows-docs-pr - Shortcut.lnk
View File

Binary file not shown.

10
windows/release-information/resolved-issues-windows-10-1507.yml
View File

@ -32,6 +32,7 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
<tr><td><div id='526msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.<br><br><a href = '#526msgdesc'>See details ></a></td><td>OS Build 10240.18244<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503291' target='_blank'>KB4503291</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507458' target='_blank'>KB4507458</a></td><td>July 09, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='423msg'></div><b>Unable to access some gov.uk websites</b><br>gov.uk websites that dont support “HSTS” may not be accessible<br><br><a href = '#423msgdesc'>See details ></a></td><td>OS Build 10240.18215<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499154' target='_blank'>KB4499154</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505051' target='_blank'>KB4505051</a></td><td>May 19, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='224msg'></div><b>MSXML6 may cause applications to stop responding </b><br>MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode(). <br><br><a href = '#224msgdesc'>See details ></a></td><td>OS Build 10240.18094<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480962' target='_blank'>KB4480962</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493475' target='_blank'>KB4493475</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='192msg'></div><b>Custom URI schemes may not start corresponding application</b><br>Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.<br><br><a href = '#192msgdesc'>See details ></a></td><td>OS Build 10240.18158<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489872' target='_blank'>KB4489872</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493475' target='_blank'>KB4493475</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
@ -52,6 +53,15 @@ sections:
<div>
</div>
"
- title: June 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='526msgdesc'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><div>When trying to expand, view, or create&nbsp;<strong>Custom Views&nbsp;</strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using&nbsp;<strong>Filter Current Log</strong>&nbsp;in the&nbsp;<strong>Action&nbsp;</strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4507458' target='_blank'>KB4507458</a>.</div><br><a href ='#526msg'>Back to top</a></td><td>OS Build 10240.18244<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503291' target='_blank'>KB4503291</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507458' target='_blank'>KB4507458</a></td><td>Resolved:<br>July 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 12, 2019 <br>11:11 AM PT</td></tr>
</table>
"
- title: May 2019
- items:
- type: markdown

2
windows/release-information/resolved-issues-windows-10-1607.yml
View File

@ -32,6 +32,7 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
<tr><td><div id='528msg'></div><b>Devices with Hyper-V enabled may receive BitLocker error 0xC0210000</b><br>Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000.<br><br><a href = '#528msgdesc'>See details ></a></td><td>OS Build 14393.2969<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494440' target='_blank'>KB4494440</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507460' target='_blank'>KB4507460</a></td><td>July 09, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='520msg'></div><b>Difficulty connecting to some iSCSI-based SANs</b><br>Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.<br><br><a href = '#520msgdesc'>See details ></a></td><td>OS Build 14393.2999<br><br>May 23, 2019<br><a href ='https://support.microsoft.com/help/4499177' target='_blank'>KB4499177</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4509475' target='_blank'>KB4509475</a></td><td>June 27, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='503msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.<br><br><a href = '#503msgdesc'>See details ></a></td><td>OS Build 14393.3025<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503294' target='_blank'>KB4503294</a></td><td>June 18, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='488msg'></div><b>Opening Internet Explorer 11 may fail</b><br>Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.<br><br><a href = '#488msgdesc'>See details ></a></td><td>OS Build 14393.2999<br><br>May 23, 2019<br><a href ='https://support.microsoft.com/help/4499177' target='_blank'>KB4499177</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>June 11, 2019 <br>10:00 AM PT</td></tr>
@ -80,6 +81,7 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='528msgdesc'></div><b>Devices with Hyper-V enabled may receive BitLocker error 0xC0210000</b><div>Some devices with Hyper-V enabled may enter BitLocker recovery mode and receive an error, \"0xC0210000\" after installing <a href='https://support.microsoft.com/help/4494440' target='_blank'>KB4494440</a> and restarting.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4507460' target='_blank'>KB4507460</a>.</div><br><a href ='#528msg'>Back to top</a></td><td>OS Build 14393.2969<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494440' target='_blank'>KB4494440</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507460' target='_blank'>KB4507460</a></td><td>Resolved:<br>July 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>May 21, 2019 <br>08:50 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='457msgdesc'></div><b>Update not showing as applicable through WSUS or SCCM or when manually installed</b><div><a href='https://support.microsoft.com/help/4494440' target='_blank'>KB4494440</a> or later updates may not show as applicable through WSUS or SCCM to the affected platforms. When manually installing the standalone update from Microsoft Update Catalog, it may fail to install with the error, \"The update is not applicable to your computer.\"</div><div><br></div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server 2016</li></ul><div></div><div><br></div><div><strong>Resolution: </strong>The servicing stack update (SSU) (<a href='https://support.microsoft.com/help/4498947' target='_blank'>KB4498947</a>) must be installed before installing the latest cumulative update (LCU). The&nbsp;LCU will not be reported as applicable until the SSU is installed.&nbsp;For more information, see&nbsp;<a href=\"https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates#why-should-servicing-stack-updates-be-installed-and-kept-up-to-date\" target=\"_blank\">Servicing stack updates</a>.</div><br><a href ='#457msg'>Back to top</a></td><td>OS Build 14393.2969<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494440' target='_blank'>KB4494440</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4498947' target='_blank'>KB4498947</a></td><td>Resolved:<br>May 14, 2019 <br>10:00 AM PT<br><br>Opened:<br>May 24, 2019 <br>04:20 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='423msgdesc'></div><b>Unable to access some gov.uk websites</b><div>After installing the May 14, 2019 update, some gov.uk websites that dont support HTTP Strict Transport Security&nbsp;(HSTS)&nbsp;may not be accessible through Internet Explorer 11 or Microsoft Edge.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703;Windows 10, version 1607; Windows 10, version 1507;Windows 8.1; Windows 7SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolution: </strong>We have released an \"optional, <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" target=\"_blank\">out-of-band</a>\" update for Windows 10 (<a href='https://support.microsoft.com/help/4505052' target='_blank'>KB4505052</a>) to resolve this issue. If you are affected, we recommend you apply this update by installing <a href='https://support.microsoft.com/help/4505052' target='_blank'>KB4505052</a> from Windows Update and then restarting your device.</div><div><br></div><div>This update will not be applied automatically. To download and install this update, go to <strong>Settings</strong> &gt; <strong>Update &amp; Security</strong> &gt; <strong>Windows Update</strong> and select <strong>Check for updates</strong>. To get the standalone package for <a href='https://support.microsoft.com/help/4505052' target='_blank'>KB4505052</a>, search for it in the&nbsp;<a href=\"http://www.catalog.update.microsoft.com/home.aspx\" target=\"_blank\">Microsoft Update Catalog</a>.</div><div>&nbsp;</div><br><a href ='#423msg'>Back to top</a></td><td>OS Build 14393.2969<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494440' target='_blank'>KB4494440</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505052' target='_blank'>KB4505052</a></td><td>Resolved:<br>May 19, 2019 <br>02:00 PM PT<br><br>Opened:<br>May 16, 2019 <br>01:57 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='379msgdesc'></div><b>Layout and cell size of Excel sheets may change when using MS UI Gothic </b><div>When using the <strong>MS UI Gothic</strong> or <strong>MS PGothic</strong> fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using <strong>MS</strong> <strong>UI Gothic</strong>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703;Windows 10, version 1607;Windows 10 Enterprise LTSC 2016; Windows 10, version 1507;Windows 10 Enterprise LTSB 2015;Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution</strong>: This issue has been resolved.</div><br><a href ='#379msg'>Back to top</a></td><td>OS Build 14393.2941<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493473' target='_blank'>KB4493473</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4494440' target='_blank'>KB4494440</a></td><td>Resolved:<br>May 14, 2019 <br>10:00 AM PT<br><br>Opened:<br>May 10, 2019 <br>10:35 AM PT</td></tr>

2
windows/release-information/resolved-issues-windows-10-1703.yml
View File

@ -32,6 +32,7 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
<tr><td><div id='528msg'></div><b>Devices with Hyper-V enabled may receive BitLocker error 0xC0210000</b><br>Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000.<br><br><a href = '#528msgdesc'>See details ></a></td><td>OS Build 15063.1805<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499181' target='_blank'>KB4499181</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507450' target='_blank'>KB4507450</a></td><td>July 09, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='520msg'></div><b>Difficulty connecting to some iSCSI-based SANs</b><br>Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.<br><br><a href = '#520msgdesc'>See details ></a></td><td>OS Build 15063.1839<br><br>May 28, 2019<br><a href ='https://support.microsoft.com/help/4499162' target='_blank'>KB4499162</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4509476' target='_blank'>KB4509476</a></td><td>June 26, 2019 <br>04:00 PM PT</td></tr>
<tr><td><div id='503msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.<br><br><a href = '#503msgdesc'>See details ></a></td><td>OS Build 15063.1868<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503279' target='_blank'>KB4503279</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503289' target='_blank'>KB4503289</a></td><td>June 18, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='488msg'></div><b>Opening Internet Explorer 11 may fail</b><br>Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.<br><br><a href = '#488msgdesc'>See details ></a></td><td>OS Build 15063.1839<br><br>May 28, 2019<br><a href ='https://support.microsoft.com/help/4499162' target='_blank'>KB4499162</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503279' target='_blank'>KB4503279</a></td><td>June 11, 2019 <br>10:00 AM PT</td></tr>
@ -75,6 +76,7 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='528msgdesc'></div><b>Devices with Hyper-V enabled may receive BitLocker error 0xC0210000</b><div>Some devices with Hyper-V enabled may enter BitLocker recovery mode and receive an error, \"0xC0210000\" after installing <a href='https://support.microsoft.com/help/4499181' target='_blank'>KB4499181</a> and restarting.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4507450' target='_blank'>KB4507450</a>.</div><br><a href ='#528msg'>Back to top</a></td><td>OS Build 15063.1805<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499181' target='_blank'>KB4499181</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507450' target='_blank'>KB4507450</a></td><td>Resolved:<br>July 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>May 21, 2019 <br>08:50 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='423msgdesc'></div><b>Unable to access some gov.uk websites</b><div>After installing the May 14, 2019 update, some gov.uk websites that dont support HTTP Strict Transport Security&nbsp;(HSTS)&nbsp;may not be accessible through Internet Explorer 11 or Microsoft Edge.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703;Windows 10, version 1607; Windows 10, version 1507;Windows 8.1; Windows 7SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolution: </strong>We have released an \"optional, <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" target=\"_blank\">out-of-band</a>\" update for Windows 10 (<a href='https://support.microsoft.com/help/4505055' target='_blank'>KB4505055</a>) to resolve this issue. If you are affected, we recommend you apply this update by installing <a href='https://support.microsoft.com/help/4505055' target='_blank'>KB4505055</a> from Windows Update and then restarting your device.</div><div><br></div><div>This update will not be applied automatically. To download and install this update, go to <strong>Settings</strong> &gt; <strong>Update &amp; Security</strong> &gt; <strong>Windows Update</strong> and select <strong>Check for updates</strong>. To get the standalone package for <a href='https://support.microsoft.com/help/4505055' target='_blank'>KB4505055</a>, search for it in the&nbsp;<a href=\"http://www.catalog.update.microsoft.com/home.aspx\" target=\"_blank\">Microsoft Update Catalog</a>.</div><div>&nbsp;</div><br><a href ='#423msg'>Back to top</a></td><td>OS Build 15063.1805<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499181' target='_blank'>KB4499181</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505055' target='_blank'>KB4505055</a></td><td>Resolved:<br>May 19, 2019 <br>02:00 PM PT<br><br>Opened:<br>May 16, 2019 <br>01:57 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='379msgdesc'></div><b>Layout and cell size of Excel sheets may change when using MS UI Gothic </b><div>When using the <strong>MS UI Gothic</strong> or <strong>MS PGothic</strong> fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using <strong>MS</strong> <strong>UI Gothic</strong>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703;Windows 10, version 1607;Windows 10 Enterprise LTSC 2016; Windows 10, version 1507;Windows 10 Enterprise LTSB 2015;Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution</strong>: This issue has been resolved.</div><br><a href ='#379msg'>Back to top</a></td><td>OS Build 15063.1784<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493436' target='_blank'>KB4493436</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499181' target='_blank'>KB4499181</a></td><td>Resolved:<br>May 14, 2019 <br>10:00 AM PT<br><br>Opened:<br>May 10, 2019 <br>10:35 AM PT</td></tr>
</table>

4
windows/release-information/status-windows-10-1507.yml
View File

@ -60,8 +60,8 @@ sections:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='496msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.<br><br><a href = '#496msgdesc'>See details ></a></td><td>OS Build 10240.18244<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503291' target='_blank'>KB4503291</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>June 13, 2019 <br>02:21 PM PT</td></tr>
<tr><td><div id='323msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".<br><br><a href = '#323msgdesc'>See details ></a></td><td>OS Build 10240.18094<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480962' target='_blank'>KB4480962</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='526msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.<br><br><a href = '#526msgdesc'>See details ></a></td><td>OS Build 10240.18244<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503291' target='_blank'>KB4503291</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507458' target='_blank'>KB4507458</a></td><td>July 09, 2019 <br>10:00 AM PT</td></tr>
</table>
"
@ -77,7 +77,7 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='496msgdesc'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><div>When trying to expand, view, or create&nbsp;<strong>Custom Views&nbsp;</strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using&nbsp;<strong>Filter Current Log</strong>&nbsp;in the&nbsp;<strong>Action&nbsp;</strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Workaround:</strong> To mitigate this issue, see <a href=\"https://support.microsoft.com/help/4508640\" target=\"_blank\">KB4508640</a>.</div><div><br></div><div><strong>Next steps: </strong>We are working on a resolution and estimate a solution will be available in late June.</div><br><a href ='#496msg'>Back to top</a></td><td>OS Build 10240.18244<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503291' target='_blank'>KB4503291</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>June 13, 2019 <br>02:21 PM PT<br><br>Opened:<br>June 12, 2019 <br>11:11 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='526msgdesc'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><div>When trying to expand, view, or create&nbsp;<strong>Custom Views&nbsp;</strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using&nbsp;<strong>Filter Current Log</strong>&nbsp;in the&nbsp;<strong>Action&nbsp;</strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4507458' target='_blank'>KB4507458</a>.</div><br><a href ='#526msg'>Back to top</a></td><td>OS Build 10240.18244<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503291' target='_blank'>KB4503291</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507458' target='_blank'>KB4507458</a></td><td>Resolved:<br>July 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 12, 2019 <br>11:11 AM PT</td></tr>
</table>
"

Some files were not shown because too many files have changed in this diff Show More