From 3f662258a223526aa140a70a003553c3fe984f68 Mon Sep 17 00:00:00 2001 From: Baard Hermansen Date: Mon, 14 Jan 2019 23:32:39 +0100 Subject: [PATCH 1/6] Update deploy-whats-new.md Updated version number under MDT section. Corrected several old links. --- windows/deployment/deploy-whats-new.md | 24 +++++++++--------------- 1 file changed, 9 insertions(+), 15 deletions(-) diff --git a/windows/deployment/deploy-whats-new.md b/windows/deployment/deploy-whats-new.md index e7d62d3cd1..d5093e7e10 100644 --- a/windows/deployment/deploy-whats-new.md +++ b/windows/deployment/deploy-whats-new.md @@ -20,7 +20,7 @@ author: greg-lindsay This topic provides an overview of new solutions and online content related to deploying Windows 10 in your organization. -- For an all-up overview of new features in Windows 10, see [What's new in Windows 10](https://technet.microsoft.com/itpro/windows/whats-new/index). +- For an all-up overview of new features in Windows 10, see [What's new in Windows 10](https://docs.microsoft.com/en-us/windows/whats-new/index). - For a detailed list of changes to Windows 10 ITPro TechNet library content, see [Online content change history](#online-content-change-history). ## Recent additions to this page @@ -37,12 +37,6 @@ Microsoft is [extending support](https://www.microsoft.com/microsoft-365/blog/20 ![Support lifecycle](images/support-cycle.png) -## Windows 10 servicing and support - -Microsoft is [extending support](https://www.microsoft.com/microsoft-365/blog/2018/09/06/helping-customers-shift-to-a-modern-desktop) for Windows 10 Enterprise and Windows 10 Education editions to 30 months from the version release date. This includes all past versions and future versions that are targeted for release in September (versions ending in 09, ex: 1809). Future releases that are targeted for release in March (versions ending in 03, ex: 1903) will continue to be supported for 18 months from their release date. All releases of Windows 10 Home, Windows 10 Pro, and Office 365 ProPlus will continue to be supported for 18 months (there is no change for these editions). These support policies are summarized in the table below. - -![Support lifecycle](images/support-cycle.png) - ## Windows 10 Enterprise upgrade Windows 10 version 1703 includes a Windows 10 Enterprise E3 and E5 benefit to Microsoft customers with Enterprise Agreements (EA) or Microsoft Products & Services Agreements (MPSA). These customers can now subscribe users to Windows 10 Enterprise E3 or E5 and activate their subscriptions on up to five devices. Virtual machines can also be activated. For more information, see [Windows 10 Enterprise Subscription Activation](windows-10-enterprise-subscription-activation.md). @@ -76,7 +70,7 @@ The development of Upgrade Readiness has been heavily influenced by input from t For more information about Upgrade Readiness, see the following topics: -- [Windows Analytics blog](https://blogs.technet.microsoft.com/upgradeanalytics/) +- [Windows Analytics blog](https://aka.ms/blog/WindowsAnalytics/) - [Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md) @@ -103,19 +97,19 @@ For more information, see [MBR2GPT.EXE](mbr-to-gpt.md). ### Microsoft Deployment Toolkit (MDT) -MDT build 8443 is available, including support for: -- Deployment and upgrade of Windows 10, version 1607 (including Enterprise LTSB and Education editions) and Windows Server 2016. -- The Windows ADK for Windows 10, version 1607. -- Integration with Configuration Manager version 1606. +MDT build 8450 is available, including support for: +- Deployment and upgrade of Windows 10, version 1709 (including Enterprise LTSB and Education editions) and Windows Server 2016. +- The Windows ADK for Windows 10, version 1809. +- Integration with Configuration Manager version 1806. -For more information about MDT, see the [MDT resource page](https://technet.microsoft.com/windows/dn475741). +For more information about MDT, see the [MDT resource page](https://docs.microsoft.com/en-us/sccm/mdt/). ### Windows Assessment and Deployment Kit (ADK) The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. See the following topics: -- [What's new in ADK kits and tools](https://msdn.microsoft.com/windows/hardware/commercialize/what-s-new-in-kits-and-tools) +- [What's new in ADK kits and tools](https://docs.microsoft.com/en-us/windows-hardware/get-started/what-s-new-in-kits-and-tools) - [Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md) @@ -151,7 +145,7 @@ The following topics provide a change history for Windows 10 ITPro TechNet libra [Overview of Windows as a service](update/waas-overview.md)
[Windows 10 deployment considerations](planning/windows-10-deployment-considerations.md) -
[Windows 10 release information](https://technet.microsoft.com/windows/release-info.aspx) +
[Windows 10 release information](https://docs.microsoft.com/en-us/windows/windows-10/release-information)
[Windows 10 Specifications & Systems Requirements](https://www.microsoft.com/en-us/windows/windows-10-specifications)
[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md)
[Windows 10 deployment tools](windows-deployment-scenarios-and-tools.md) From 266ccd765ea2e7ffc28b4d54295f8a2f38720545 Mon Sep 17 00:00:00 2001 From: Baard Hermansen Date: Thu, 24 Jan 2019 10:19:50 +0100 Subject: [PATCH 2/6] Update setupdiag.md Corrected spelling error. --- windows/deployment/upgrade/setupdiag.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/upgrade/setupdiag.md b/windows/deployment/upgrade/setupdiag.md index 53856948d2..8b8a90dcf1 100644 --- a/windows/deployment/upgrade/setupdiag.md +++ b/windows/deployment/upgrade/setupdiag.md @@ -42,7 +42,7 @@ To quickly use SetupDiag on your current computer: 8. Use Notepad to open the log file: **SetupDiagResults.log**. 9. Review the information that is displayed. If a rule was matched this can tell you why the computer failed to upgrade, and potentially how to fix the problem. See the [Text log sample](#text-log-sample) below. -For instructions on how to run the tool in offline more and with more advanced options, see the [Parameters](#parameters) and [Examples](#examples) sections below. +For instructions on how to run the tool in offline mode and with more advanced options, see the [Parameters](#parameters) and [Examples](#examples) sections below. The [Release notes](#release-notes) section at the bottom of this topic has information about recent updates to this tool. @@ -509,4 +509,4 @@ Refer to https://docs.microsoft.com/windows/deployment/upgrade/upgrade-error-cod ## Related topics -[Resolve Windows 10 upgrade errors: Technical information for IT Pros](https://docs.microsoft.com/windows/deployment/upgrade/resolve-windows-10-upgrade-errors) \ No newline at end of file +[Resolve Windows 10 upgrade errors: Technical information for IT Pros](https://docs.microsoft.com/windows/deployment/upgrade/resolve-windows-10-upgrade-errors) From 9641e7ce5e499aa5923ba040113b74b793696e66 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 24 Jan 2019 11:13:56 -0800 Subject: [PATCH 3/6] Minor change to grammar testing the public PR process --- windows/deployment/windows-autopilot/autopilot-faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/autopilot-faq.md b/windows/deployment/windows-autopilot/autopilot-faq.md index 0eefe9fc9f..ff486a9a3c 100644 --- a/windows/deployment/windows-autopilot/autopilot-faq.md +++ b/windows/deployment/windows-autopilot/autopilot-faq.md @@ -25,7 +25,7 @@ A [glossary](#glossary) of abbreviations used in this topic is provided at the e | Question | Answer | | --- | --- | -| In the Partner Center, does the Tenant ID need to be provided with every device file upload (to then allow the business customer to access their devices in MSfB)? | No. Providing the Tenant ID is a one-time entry in the Partner Center that can be re-used with future device uploads. | +| In the Partner Center, does the Tenant ID need to be provided with every device file upload? Is this needed to allow the business customer to access their devices in MSfB? | No. Providing the Tenant ID is a one-time entry in the Partner Center that can be re-used with future device uploads. | | How does the customer or tenant know that their devices are ready to be claimed in MSfB? | After the device file upload is completed in the Partner Center, the tenant can see the devices available for Windows Autopilot setup in MSfB. The OEM would need to advise the tenant to access MSfB. Auto-notification from MSfB to the tenant is being developed. | | Are there any restrictions if a business customer has registered devices in MSfB and later wants those devices to be managed by a CSP via the Partner Center? | The devices will need to be deleted in MSfB by the business customer before the CSP can upload and manage them in the Partner Center. | | Does Windows Autopilot support removing the option to enable a local administrator account? | Windows Autopilot doesn’t support removing the local admin account. However, it does support restricting the user performing AAD domain join in OOBE to a standard account (versus admin account by default).| From 8a4c5a139518af75bb6e88285aa22816454cccb0 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 25 Jan 2019 10:21:36 -0800 Subject: [PATCH 4/6] added OMA-URI paths --- .../mdm/policy-csp-defender.md | 25 ++++++++++++++++--- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index 3264fb41ea..0605b3bb03 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 01/25/2019 +ms.date: 01/26/2019 --- # Policy CSP - Defender @@ -1156,6 +1156,7 @@ Valid values: 0–100
+ This policy setting allows you to manage whether a check for new virus and spyware definitions will occur before running a scan. @@ -1170,6 +1171,8 @@ Supported values: - 0 (default) - Disabled - 1 - Enabled +OMA-URI Path: ./Vendor/MSFT/Policy/Config/Defender/CheckForSignaturesBeforeRunningScan + ADMX Info: @@ -1547,6 +1550,8 @@ Supported values: - 0 - Disabled - 1 - Enabled (default) +OMA-URI Path: ./Vendor/MSFT/Policy/Config/Defender/DisableCatchupFullScan + ADMX Info: @@ -1606,9 +1611,9 @@ ADMX Info: -This policy setting allows you to configure catch-up scans for scheduled quick scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time. +This policy setting allows you to configure catch-up scans for scheduled quick scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time. -If you enable this setting, catch-up scans for scheduled quick scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will be no catch-up scan run. +If you enable this setting, catch-up scans for scheduled quick scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will be no catch-up scan run. If you disable or do not configure this setting, catch-up scans for scheduled quick scans will be turned off. @@ -1617,6 +1622,8 @@ Supported values: - 0 - Disabled - 1 - Enabled (default) +OMA-URI Path: ./Vendor/MSFT/Policy/Config/Defender/DisableCatchupQuickScan + ADMX Info: @@ -2463,6 +2470,8 @@ If you enable this setting, definition update sources will be contacted in the o If you disable or do not configure this setting, definition update sources will be contacted in a default order. +OMA-URI Path: ./Vendor/MSFT/Policy/Config/Defender/SignatureUpdateFallbackOrder + ADMX Info: @@ -2522,12 +2531,18 @@ ADMX Info: -This policy setting allows you to configure UNC file share sources for downloading definition updates. Sources will be contacted in the order specified. The value of this setting should be entered as a pipe-separated string enumerating the definition update sources. For example: "{\\unc1 | \\unc2 }". The list is empty by default. +This policy setting allows you to configure UNC file share sources for downloading definition updates. Sources will be contacted in the order specified. The value of this setting should be entered as a pipe-separated string enumerating the definition update sources. + +For example: \\unc1\Signatures | \\unc2\Signatures + +The list is empty by default. If you enable this setting, the specified sources will be contacted for definition updates. Once definition updates have been successfully downloaded from one specified source, the remaining sources in the list will not be contacted. If you disable or do not configure this setting, the list will remain empty by default and no sources will be contacted. +OMA-URI Path: ./Vendor/MSFT/Policy/Config/Defender/SignatureUpdateFileSharesSources + ADMX Info: @@ -2598,6 +2613,8 @@ A value of 0 means no check for new signatures, a value of 1 means to check ever The default value is 8. +OMA-URI Path: ./Vendor/MSFT/Policy/Config/Defender/SignatureUpdateInterval + ADMX Info: From 36c52ec59052902f6d9f572672a26eeb0d3ffeee Mon Sep 17 00:00:00 2001 From: Geoff <34522990+GeoffFromMSFT@users.noreply.github.com> Date: Fri, 25 Jan 2019 10:22:53 -0800 Subject: [PATCH 5/6] Update hololens-provisioning.md --- devices/hololens/hololens-provisioning.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/devices/hololens/hololens-provisioning.md b/devices/hololens/hololens-provisioning.md index 00a7436e23..21f851e4dd 100644 --- a/devices/hololens/hololens-provisioning.md +++ b/devices/hololens/hololens-provisioning.md @@ -72,8 +72,8 @@ Use the Windows Configuration Designer tool to create a provisioning package. - - + + From fd39dcfc86d46ba5f949eb29d52657e431f342a8 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Fri, 25 Jan 2019 10:33:14 -0800 Subject: [PATCH 6/6] minor copy edit --- devices/hololens/hololens-provisioning.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens-provisioning.md b/devices/hololens/hololens-provisioning.md index 21f851e4dd..3ef1fa581c 100644 --- a/devices/hololens/hololens-provisioning.md +++ b/devices/hololens/hololens-provisioning.md @@ -73,7 +73,7 @@ Use the Windows Configuration Designer tool to create a provisioning package.
![step one](images/one.png)![set up device](images/set-up-device.png)

Browse to and select the enterprise license file to upgrade the HoloLens edition.

You can also toggle **Yes** or **No** to hide parts of the first experience.

Select a region and timezone in which the device will be used. 		![Select enterprise licence file and configure OOBE](images/set-up-device-details.png)
![step two](images/two.png) ![set up network](images/set-up-network.png)

Toggle **On** or **Off** for wireless network connectivity. If you select **On**, enter the SSID, the network type (**Open** or **WPA2-Personal**), and (if **WPA2-Personal**) the password for the wireless network.		![Enter network SSID and type](images/set-up-network-details-desktop.png)
![step one](images/one.png)![set up device](images/set-up-device.png)

Browse to and select the enterprise license file to upgrade the HoloLens edition.

You can also toggle **Yes** or **No** to hide parts of the first experience.

To setup the device without the need to connect to a Wi-Fi network, toggle **Skip Wi-Fi setup** to **On**.

Select a region and timezone in which the device will be used. 		![Select enterprise licence file and configure OOBE](images/set-up-device-details.png)
![step two](images/two.png) ![set up network](images/set-up-network.png)

In this section, you can pre-enter the details of the Wi-Fi wireless network the device should automatically connect to. To do this, select **On**, enter the SSID, the network type (**Open** or **WPA2-Personal**), and (if **WPA2-Personal**) the password for the wireless network.		![Enter network SSID and type](images/set-up-network-details-desktop.png)
![step three](images/three.png) ![account management](images/account-management.png)

You can enroll the device in Azure Active Directory, or create a local account on the device

Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](https://docs.microsoft.com/azure/active-directory/active-directory-azureadjoin-setup). The **maximum number of devices per user** setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 30 days from the date you get the token). Click **Get bulk token**. In the **Let's get you signed in** window, enter an account that has permissions to join a device to Azure AD, and then the password. Click **Accept** to give Windows Configuration Designer the necessary permissions.

To create a local account, select that option and enter a user name and password.

**Important:** (For Windows 10, version 1607 only) If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in. 		![join Azure AD or create a local account](images/account-management-details.png)
![step four](images/four.png) ![add certificates](images/add-certificates.png)

To provision the device with a certificate, click **Add a certificate**. Enter a name for the certificate, and then browse to and select the certificate to be used.		![add a certificate](images/add-certificates-details.png)
![step five](images/five.png) ![Developer Setup](images/developer-setup.png)

Toggle **Yes** or **No** to enable Developer Mode on the HoloLens. [Learn more about Developer Mode.](https://docs.microsoft.com/windows/uwp/get-started/enable-your-device-for-development#developer-mode)		![Enable Developer Mode](images/developer-setup-details.png)
- +
![step one](images/one.png)![set up device](images/set-up-device.png)

Browse to and select the enterprise license file to upgrade the HoloLens edition.

You can also toggle **Yes** or **No** to hide parts of the first experience.

To setup the device without the need to connect to a Wi-Fi network, toggle **Skip Wi-Fi setup** to **On**.

Select a region and timezone in which the device will be used. 		![Select enterprise licence file and configure OOBE](images/set-up-device-details.png)
![step two](images/two.png) ![set up network](images/set-up-network.png)

In this section, you can pre-enter the details of the Wi-Fi wireless network the device should automatically connect to. To do this, select **On**, enter the SSID, the network type (**Open** or **WPA2-Personal**), and (if **WPA2-Personal**) the password for the wireless network.		![Enter network SSID and type](images/set-up-network-details-desktop.png)
![step two](images/two.png) ![set up network](images/set-up-network.png)

In this section, you can enter the details of the Wi-Fi wireless network that the device should connect to automatically. To do this, select **On**, enter the SSID, the network type (**Open** or **WPA2-Personal**), and (if **WPA2-Personal**) the password for the wireless network.		![Enter network SSID and type](images/set-up-network-details-desktop.png)
![step three](images/three.png) ![account management](images/account-management.png)

You can enroll the device in Azure Active Directory, or create a local account on the device

Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](https://docs.microsoft.com/azure/active-directory/active-directory-azureadjoin-setup). The **maximum number of devices per user** setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 30 days from the date you get the token). Click **Get bulk token**. In the **Let's get you signed in** window, enter an account that has permissions to join a device to Azure AD, and then the password. Click **Accept** to give Windows Configuration Designer the necessary permissions.

To create a local account, select that option and enter a user name and password.

**Important:** (For Windows 10, version 1607 only) If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in. 		![join Azure AD or create a local account](images/account-management-details.png)
![step four](images/four.png) ![add certificates](images/add-certificates.png)

To provision the device with a certificate, click **Add a certificate**. Enter a name for the certificate, and then browse to and select the certificate to be used.		![add a certificate](images/add-certificates-details.png)
![step five](images/five.png) ![Developer Setup](images/developer-setup.png)

Toggle **Yes** or **No** to enable Developer Mode on the HoloLens. [Learn more about Developer Mode.](https://docs.microsoft.com/windows/uwp/get-started/enable-your-device-for-development#developer-mode)		![Enable Developer Mode](images/developer-setup-details.png)