Merge branch 'v-dihans-diagnosticlog-csp' of https://github.com/MicrosoftDocs/windows-docs-pr into v-dihans-diagnosticlog-csp

2025-06-18 11:53:37 +00:00 · 2021-05-20 12:41:37 -06:00
parent 1fa08ae6d3 43d9d4d75b
commit 208132b520
191 changed files with 200 additions and 5663 deletions
--- a/windows/deployment/planning/windows-10-deprecated-features.md
+++ b/windows/deployment/planning/windows-10-deprecated-features.md
@ -26,6 +26,7 @@ The features described below are no longer being actively developed, and might b

 |Feature    |  Details and mitigation  | Announced in version |
 | ----------- | --------------------- | ---- |
+| Internet Explorer (IE) 11 | The IE11 desktop application will end support for certain operating systems starting June 15, 2022. For more information, see [Internet Explorer 11](/lifecycle/products/internet-explorer-11). | 21H1 |
 | Personalization roaming | Roaming of Personalization settings (including wallpaper, slideshow, accent colors, and lock screen images) is no longer being developed and might be removed in a future release. | 21H1 |
 | Windows Management Instrumentation Command line (WMIC) tool. | The WMIC tool is deprecated in Windows 10, version 21H1 and the 21H1 semi-annual channel release of Windows Server. This tool is superseded by [Windows PowerShell for WMI](/powershell/scripting/learn/ps101/07-working-with-wmi). Note: This deprecation only applies to the [command-line management tool](/windows/win32/wmisdk/wmic). WMI itself is not affected. | 21H1 |
 | Timeline | Starting in July 2021, if you have your activity history synced across your devices through your Microsoft account (MSA), you'll no longer have the option to upload new activity in Timeline. See [Get help with timeline](https://support.microsoft.com/windows/get-help-with-timeline-febc28db-034c-d2b0-3bbe-79aa0c501039).| 20H2 |
--- a/windows/deployment/update/update-compliance-get-started.md
+++ b/windows/deployment/update/update-compliance-get-started.md
@ -30,6 +30,9 @@ After adding the solution to Azure and configuring devices, it could take up to

 ## Update Compliance prerequisites

+> [!IMPORTANT]
+> Update Compliance is a Windows service hosted in Azure that uses Windows diagnostic data. You should be aware that Update Compliance doesn't meet [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) requirements. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home). Update Compliance is available in the Azure Commercial cloud, but not available for GCC High or United States Department of Defense customers. 
+
 Before you begin the process to add Update Compliance to your Azure subscription, first ensure you can meet the prerequisites:

 - **Compatible Operating Systems and Editions**: Update Compliance works only with Windows 10 Professional, Education, and Enterprise editions. Update Compliance supports both the typical Windows 10 Enterprise edition, as well as [Windows 10 Enterprise multi-session](/azure/virtual-desktop/windows-10-multisession-faq). Update Compliance only provides data for the standard Desktop Windows 10 version and is not currently compatible with Windows Server, Surface Hub, IoT, etc.
--- a/windows/deployment/update/update-compliance-privacy.md
+++ b/windows/deployment/update/update-compliance-privacy.md
@ -23,6 +23,9 @@ Update Compliance is fully committed to privacy, centering on these tenets:
 - **Security:** Your data is protected with strong security and encryption.
 - **Trust:** Update Compliance supports the Online Services Terms.

+> [!IMPORTANT]
+> Update Compliance is a Windows service hosted in Azure that uses Windows diagnostic data. You should be aware that Update Compliance doesn't meet [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) requirements. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home). Update Compliance is available in the Azure Commercial cloud, but not available for GCC High or United States Department of Defense customers. 
+
 ## Data flow for Update Compliance

 The data flow sequence is as follows:
@ -52,4 +55,4 @@ See related topics for additional background information on privacy and treatmen
 - [Diagnostic Data Viewer Overview](/windows/configuration/diagnostic-data-viewer-overview)
 - [Licensing Terms and Documentation](https://www.microsoftvolumelicensing.com/DocumentSearch.aspx?Mode=3&DocumentTypeId=31)
 - [Confidence in the trusted cloud](https://azure.microsoft.com/support/trust-center/)
- [Trust Center](https://www.microsoft.com/trustcenter)
+- [Trust Center](https://www.microsoft.com/trustcenter)
--- a/windows/security/identity-protection/smart-cards/smart-card-events.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-events.md
@ -97,7 +97,7 @@ The smart card reader device name is constructed in the form &lt;*VendorName*&gt
 | 607          | Reader object failed to start monitor thread:  %1        | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code             |
 | 608          | Reader monitor failed to create power down timer: %1     | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code             |
 | 609          | Reader monitor failed to create overlapped event:  %1    | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code             |
-| 610          | Smart Card Reader '%2' rejected IOCTL %3: %1  If this error persists, your smart card or reader may not be functioning correctly.%n%nCommand Header: %4 | The reader cannot successfully transmit the indicated IOCTL to the smart card. This can indicate hardware failure, but this error can also occur if a smart card or smart card reader is removed from the system while an operation is in progress.<br>%1 = Windows error code<br>%2 = Name of the smart card reader<br>%3 = IOCTL that was sent<br>%4 = First 4 bytes of the command sent to the smart card <br> These events are caused by legacy functionality in the smart card stack. It can be ignored if there is no noticeable failure in the smart card usage scenarios.|
+| 610          | Smart Card Reader '%2' rejected IOCTL %3: %1  If this error persists, your smart card or reader may not be functioning correctly.%n%nCommand Header: %4 | The reader cannot successfully transmit the indicated IOCTL to the smart card. This can indicate hardware failure, but this error can also occur if a smart card or smart card reader is removed from the system while an operation is in progress.<br>%1 = Windows error code<br>%2 = Name of the smart card reader<br>%3 = IOCTL that was sent<br>%4 = First 4 bytes of the command sent to the smart card <br> These events are caused by legacy functionality in the smart card stack. It can be ignored if there is no noticeable failure in the smart card usage scenarios. You might also see this error if your eSIM is recognized as a smartcard controller.|
 | 611          | Smart Card Reader initialization failed                  | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve this issue.   |
 | 612          | Reader insertion monitor error retry threshold reached:  %1                 | This occurs when a smart card reader fails several times to respond properly to the IOCTL, which indicates whether a smart card is present in the reader. The smart card reader is marked as defective, and it is not recognized by the service until it is removed from the computer and reinserted or until the computer is restarted.<br>%1 = Windows error code          |
 | 615          | Reader removal monitor error retry threshold reached:  %1                   | This occurs when a smart card reader fails several times to respond properly to the IOCTL, which indicates whether a smart card is present in the reader. The smart card reader is marked as defective, and it is not recognized by the service until it is removed from the computer and reinserted or until the computer is restarted.<br>%1 = Windows error code          |
--- a/windows/whats-new/whats-new-windows-10-version-1809.md
+++ b/windows/whats-new/whats-new-windows-10-version-1809.md
@ -45,7 +45,8 @@ To learn more about Autopilot self-deploying mode and to see step-by-step instru

 We’ve continued to work on the **Current threats** area in  [Virus & threat protection](/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection), which now displays all threats that need action. You can quickly take action on threats from this screen: 

-   ![Virus & threat protection settings](images/virus-and-threat-protection.png "Virus & threat protection settings")
+> [!div class="mx-imgBorder"]
+> ![Virus & threat protection settings](images/virus-and-threat-protection.png "Virus & threat protection settings")

 With controlled folder access you can help prevent ransomware and other destructive malware from changing your personal files. In some cases, apps that you normally use might be blocked from making changes to common folders like **Documents** and **Pictures**. We’ve made it easier for you to add apps that were recently blocked so you can keep using your device without turning off the feature altogether.

@ -76,10 +77,16 @@ For example, you can choose the XTS-AES 256 encryption algorithm, and have it ap
 To achieve this:

 1. Configure the [encryption method settings](/intune/endpoint-protection-windows-10#windows-encryption) in the Windows 10 Endpoint Protection profile to the desired encryption algorithm. 
+
 2. [Assign the policy](/intune/device-profile-assign) to your Autopilot device group. 
-    - **IMPORTANT**: The encryption policy must be assigned to **devices** in the group, not users.
+
+   > [!IMPORTANT]
+   > The encryption policy must be assigned to **devices** in the group, not users.
+
 3. Enable the Autopilot [Enrollment Status Page](/windows/deployment/windows-autopilot/enrollment-status) (ESP) for these devices. 
-    - **IMPORTANT**: If the ESP is not enabled, the policy will not apply before encryption starts.
+
+    > [!IMPORTANT]
+    > If the ESP is not enabled, the policy will not apply before encryption starts.

 For more information, see [Setting the BitLocker encryption algorithm for Autopilot devices](/windows/deployment/windows-autopilot/bitlocker).

@ -91,17 +98,27 @@ Additionally, users who are managed by enterprise policies will be able to check

 To try this:

-1. Go to**Windows Security** and select **App & browser control**.
+1. Go to **Windows Security** and select **App & browser control**.
+
 2. Under **Isolated browsing**, select **Install Windows Defender Application Guard**, then install and restart the device.
+
 3. Select **Change Application Guard** settings.
+
 4. Configure or check Application Guard settings.

 See the following example:

-![Security at a glance](images/1_AppBrowser.png "app and browser control")
-![Isolated browser](images/2_InstallWDAG.png "isolated browsing")
-![change WDAG settings](images/3_ChangeSettings.png "change settings")
-![view WDAG settings](images/4_ViewSettings.jpg "view settings")
+> [!div class="mx-imgBorder"]
+> ![Security at a glance](images/1_AppBrowser.png "app and browser control")
+
+> [!div class="mx-imgBorder"]
+> ![Isolated browser](images/2_InstallWDAG.png "isolated browsing")
+
+> [!div class="mx-imgBorder"]
+> ![change WDAG settings](images/3_ChangeSettings.png "change settings")
+
+> [!div class="mx-imgBorder"]
+> ![view WDAG settings](images/4_ViewSettings.jpg "view settings")

 ### Windows Security Center

@ -165,8 +182,11 @@ Onboard supported versions of Windows machines so that they can send sensor data
 Cloud clipboard helps users copy content between devices. It also manages the clipboard history so that you can paste your old copied data. You can access it by using **Windows+V**. Set up Cloud clipboard:

 1. Go to **Windows Settings** and select **Systems**.
+
 2. On the left menu, click on **Clipboard**.
+
 3. Turn on **Clipboard history**.
+
 4. Turn on **Sync across devices**. Chose whether or not to automatically sync copied text across your devices.

 ## Kiosk setup experience
@ -180,6 +200,7 @@ To use this feature, go to **Settings**, search for **assigned access**, and ope
 Microsoft Edge kiosk mode running in single-app assigned access has two kiosk types.

 1. **Digital / Interactive signage** that displays a specific website full-screen and runs InPrivate mode.
+
 2. **Public browsing** supports multi-tab browsing and runs InPrivate mode with minimal features available. Users cannot minimize, close, or open new Microsoft Edge windows or customize them using Microsoft Edge Settings. Users can clear browsing data and downloads, and restart Microsoft Edge by clicking **End session**. Administrators can configure Microsoft Edge to restart after a period of inactivity.

 ![single app assigned access](images/SingleApp_contosoHotel_inFrame@2x.png "single app assigned access")
@ -211,7 +232,9 @@ Do you have shared devices deployed in your work place? **Fast sign-in** enables

 **To enable fast sign-in:**
 1. Set up a shared or guest device with Windows 10, version 1809.
+
 2. Set the Policy CSP, and the Authentication and EnableFastFirstSignIn policies to enable fast sign-in.
+
 3. Sign-in to a shared PC with your account. You'll notice the difference!

    ![fast sign-in](images/fastsignin.png "fast sign-in")
@ -224,15 +247,19 @@ Do you have shared devices deployed in your work place? **Fast sign-in** enables
 >[!IMPORTANT]
 >This is a private preview feature and therefore not meant or recommended for production purposes.

-Until now, Windows logon only supported the use of identities federated to ADFS or other providers that support the WS-Fed protocol. We are introducing “web sign-in,” a new way of signing into your Windows PC. Web Sign-in enables Windows logon support for non-ADFS federated providers (e.g.SAML).
+Until now, Windows logon only supported the use of identities federated to ADFS or other providers that support the WS-Fed protocol. We are introducing **web sign-in**, a new way of signing into your Windows PC. Web sign-in enables Windows logon support for credentials not available on Windows (for example, Azure AD temporary access pass). Going forward, web sign-in will be restricted to only support Azure AD temporary access pass. 

 **To try out web sign-in:**
 1. Azure AD Join your Windows 10 PC. (Web sign-in is only supported on Azure AD Joined PCs).
-2. Set the Policy CSP, and the Authentication and EnableWebSignIn polices to enable web sign-in. 
-3. On the lock screen, select web sign-in under sign-in options.
-4. Click the “Sign in” button to continue.

-    ![Web sign-in](images/websignin.png "web sign-in")
+2. Set the Policy CSP, and the Authentication and EnableWebSignIn polices to enable web sign-in. 
+
+3. On the lock screen, select web sign-in under sign-in options.
+
+4. Click the **Sign in** button to continue.
+
+   > [!div class="mx-imgBorder"]
+   > ![Web sign-in](images/websignin.png "web sign-in")

 >[!NOTE]
 >This is a private preview feature and therefore not meant or recommended for production purposes.
@ -243,7 +270,8 @@ Android phone users, you can finally stop emailing yourself photos. With Your Ph

 For iPhone users, **Your Phone** app also helps you to link your phone to your PC. Surf the web on your phone, then send the webpage instantly to your computer to continue what you’re doing–-read, watch, or browse-- with all the benefits of a bigger screen. 

-![your phone](images/your-phone.png "your phone")
+> [!div class="mx-imgBorder"]
+> ![your phone](images/your-phone.png "your phone")

 The desktop pin takes you directly to the **Your Phone** app for quicker access to your phone’s content. You can also go through the all apps list in Start, or use the Windows key and search for **Your Phone**. 

@ -267,4 +295,4 @@ See the following example:

 ![Enter your credentials](images/RDPwBioTime.png "Windows Hello")
 ![Enter your credentials](images/RDPwBio2.png "Windows Hello personal")
-![Microsoft Hyper-V Server 2016](images/hyper-v.png "Microsoft Hyper-V Server 2016")
+![Microsoft Hyper-V Server 2016](images/hyper-v.png "Microsoft Hyper-V Server 2016")