deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-17 19:33:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'main' of github.com:MicrosoftDocs/windows-docs-pr into pm-7847341-bitlocker-refresh

Browse Source
This commit is contained in:
Paolo Matarazzo
2023-10-12 15:52:26 -04:00
parent 2a32b8e6a2 57a16d9b9d
commit 22686357ea
12 changed files with 146 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
education/windows/windows-11-se-overview.md
View File

@ -86,10 +86,13 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `Absolute Software Endpoint Agent` | 7.20.0.1 | `Win32` | `Absolute Software Corporation` |
| `AirSecure` | 8.0.0 | `Win32` | `AIR` |
| `Alertus Desktop` | 5.4.48.0 | `Win32` | `Alertus technologies` |
| `AristotleK12 Borderless Classroom ` | 3.0.11. | `Win32` | `Sergeant Laboratories` |
| `AristotleK12 Analytics ` | 10.0.6 | `Win32` | `Sergeant Laboratories` |
| `AristotleK12 Network filter` | 3.1.10 | `Win32` | `Sergeant Laboratories` |
| `Brave Browser` | 106.0.5249.119 | `Win32` | `Brave` |
| `Bulb Digital Portfolio` | 0.0.7.0 | `Store` | `Bulb` |
| `CA Secure Browser` | 14.0.0 | `Win32` | `Cambium Development` |
| `Cisco Umbrella` | 3.0.343.0 | `Win32` | `Cisco` |
| `CA Secure Browser` | 15.0.0 | `Win32` | `Cambium Development` |
| `Cisco Umbrella` | 3.0.466.0 | `Win32` | `Cisco` |
| `CKAuthenticator` | 3.6+ | `Win32` | `ContentKeeper` |
| `Class Policy` | 116.0.0 | `Win32` | `Class Policy` |
| `Classroom.cloud` | 1.40.0004 | `Win32` | `NetSupport` |
@ -97,7 +100,8 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `CoGat Secure Browser` | 11.0.0.19 | `Win32` | `Riverside Insights` |
| `ColorVeil` | 4.0.0.175 | `Win32` | `East-Tec` |
| `ContentKeeper Cloud` | 9.01.45 | `Win32` | `ContentKeeper Technologies` |
| `DigiExam` | 14.0.6 | `Win32` | `Digiexam` |
| `DigiExam` | 14.1.0 | `Win32` | `Digiexam` |
| `Digital Secure testing browser` | 15.0.0 | `Win32` | `Digiexam` |
| `Dragon Professional Individual` | 15.00.100 | `Win32` | `Nuance Communications` |
| `DRC INSIGHT Online Assessments` | 13.0.0.0 | `Store` | `Data recognition Corporation` |
| `Duo from Cisco` | 3.0.0 | `Win32` | `Cisco` |
@ -106,6 +110,8 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `EasyReader` | 10.0.4.498 | `Win32` | `Dolphin Computer Access` |
| `Easysense 2` | 1.32.0001 | `Win32` | `Data Harvest` |
| `Epson iProjection` | 3.31 | `Win32` | `Epson` |
| `ESET Endpoint Security` | 10.1.2046.0 | `Win32` | `ESET` |
| `ESET Remote Administrator Agent` | 10.0.1126.0 | `Win32` | `ESET` |
| `eTests` | 4.0.25 | `Win32` | `CASAS` |
| `Exam Writepad` | 23.2.4.2338 | `Win32` | `Sheldnet` |
| `FirstVoices Keyboard` | 15.0.270 | `Win32` | `SIL International` |
@ -117,22 +123,26 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `GuideConnect` | 1.24 | `Win32` | `Dolphin Computer Access` |
| `Illuminate Lockdown Browser` | 2.0.5 | `Win32` | `Illuminate Education` |
| `Immunet` | 7.5.8.21178 | `Win32` | `Immunet` |
| `Impero Backdrop Client` | 5.0.87 | `Win32` | `Impero Software` |
| `Impero Backdrop Client` | 5.0.151 | `Win32` | `Impero Software` |
| `IMT Lazarus` | 2.86.0 | `Win32` | `IMTLazarus` |
| `Inspiration 10` | 10.11 | `Win32` | `TechEdology Ltd` |
| `JAWS for Windows` | 2022.2112.24 | `Win32` | `Freedom Scientific` |
| `Kite Student Portal` | 9.0.0.0 | `Win32` | `Dynamic Learning Maps` |
| `Keyman` | 16.0.138 | `Win32` | `SIL International` |
| `Keyman` | 16.0.141 | `Win32` | `SIL International` |
| `Kortext` | 2.3.433.0 | `Store` | `Kortext` |
| `Kurzweil 3000 Assistive Learning` | 20.13.0000 | `Win32` | `Kurzweil Educational Systems` |
| `LanSchool Classic` | 9.1.0.46 | `Win32` | `Stoneware, Inc.` |
| `LanSchool Air` | 2.0.13312 | `Win32` | `Stoneware, Inc.` |
| `Lexibar` | 3.07.02 | `Win32` | `Lexibar` |
| `LGfL HomeProtect` | 8.3.44.11 | `Win32` | `LGFL` |
| `Lightspeed Smart Agent` | 1.9.1 | `Win32` | `Lightspeed Systems` |
| `Lightspeed Filter Agent` | 2.3.4 | `Win32` | `Lightspeed Systems` |
| `MetaMoJi ClassRoom` | 3.12.4.0 | `Store` | `MetaMoJi Corporation` |
| `Microsoft Connect` | 10.0.22000.1 | `Store` | `Microsoft` |
| `Mozilla Firefox` | 105.0.0 | `Win32` | `Mozilla` |
| `Mobile Plans` | 5.1911.3171.0 | `Store` | `Microsoft Corporation` |
| `Lightspeed Digital` | 3.12.3.11 | `Win32` | `Lightspeed Systems` |
| `MetaMoJi ClassRoom` | 3.12.4.0 | `Store` | `MetaMoJi Corporation` |
| `Microsoft Connect` | 10.0.22000.1 | `Store` | `Microsoft` |
| `Mozilla Firefox` | 116.0.2 | `Win32` | `Mozilla` |
| `Mobile Plans` | 5.1911.3171.0 | `Store` | `Microsoft Corporation` |
| `Musescore` | 4.1.1.232071203 | `Win32` | `Musescore` |
| `NAPLAN` | 5.2.2 | `Win32` | `NAP` |
| `Netref Student` | 23.1.0 | `Win32` | `NetRef` |
| `NetSupport DNA` | 4.80.0000 | `Win32` | `NetSupport` |
@ -140,21 +150,23 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `NetSupport Notify` | 5.10.1.223 | `Win32` | `NetSupport` |
| `NetSupport School` | 14.00.0012 | `Win32` | `NetSupport` |
| `NextUp Talker` | 1.0.49 | `Win32` | `NextUp Technologies` |
| `NonVisual Desktop Access` | 2021.3.1 | `Win32` | `NV Access` |
| `Netsweeper Workstation Agent` | 4.50.54.54 | `Win32` | `Netsweeper` |
| `NonVisual Desktop Access` | 2023.1. | `Win32` | `NV Access` |
| `NWEA Secure Testing Browser` | 5.4.387.0 | `Win32` | `NWEA` |
| `PC Talker Neo` | 2209 | `Win32` | `Kochi System Development` |
| `PC Talker Neo Plus` | 2209 | `Win32` | `Kochi System Development` |
| `PaperCut` | 22.0.6 | `Win32` | `PaperCut Software International Pty Ltd` |
| `Pearson TestNav` | 1.11.3 | `Store` | `Pearson` |
| `Project Monarch Outlook` | 1.2022.2250001 | `Store` | `Microsoft` |
| `Pearson TestNav` | 1.11.3 | `Store` | `Pearson` |
| `Project Monarch Outlook` | 1.2023.831.400 | `Store` | `Microsoft` |
| `Questar Secure Browser` | 5.0.1.456 | `Win32` | `Questar, Inc` |
| `ReadAndWriteForWindows` | 12.0.74 | `Win32` | `Texthelp Ltd.` |
| `Remote Desktop client (MSRDC)` | 1.2.4240.0 | `Win32` | `Microsoft` |
| `ReadAndWriteForWindows` | 12.0.78 | `Win32` | `Texthelp Ltd.` |
| `Remote Desktop client (MSRDC)` | 1.2.4487.0 | `Win32` | `Microsoft` |
| `Remote Help` | 4.0.1.13 | `Win32` | `Microsoft` |
| `Respondus Lockdown Browser` | 2.0.9.03 | `Win32` | `Respondus` |
| `Safe Exam Browser` | 3.5.0.544 | `Win32` | `Safe Exam Browser` |
|`SchoolYear` | 3.4.21 | `Win32` |`SchoolYear` |
|`SchoolYear` | 3.5.4 | `Win32` |`SchoolYear` |
|`School Manager` | 3.6.8.1109 | `Win32` |`School Manager` |
|`Scratch` | 3.0 | `Win32` |`MIT` |
| `Senso.Cloud` | 2021.11.15.0 | `Win32` | `Senso.Cloud` |
| `Skoolnext` | 2.19 | `Win32` | `Skool.net` |
| `Smoothwall Monitor` | 2.9.2 | `Win32` | `Smoothwall Ltd` |
@ -162,11 +174,14 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `SuperNova Magnifier & Speech` | 21.03 | `Win32` | `Dolphin Computer Access` |
|`TX Secure Browser` | 15.0.0 | `Win32` | `Cambium Development` |
| `VitalSourceBookShelf` | 10.2.26.0 | `Win32` | `VitalSource Technologies Inc` |
|`WA Secure Browser` | 16.0.0 | `Win32` | `Cambium Development` |
| `Winbird` | 19 | `Win32` | `Winbird Co., Ltd.` |
| `WordQ` | 5.4.29 | `Win32` | `WordQ` |
| `Windows SEB` | 3.4.0 | `Win32` | `Illinois Stateboard of Education` |
| `Windows Notepad` | 12.0.78 | `Store` | `Microsoft Corporation` |
| `Zoom` | 5.12.8 (10232) | `Win32` | `Zoom` |
| `ZoomText Fusion` | 2023.2303.77.400 | `Win32` | `Freedom Scientific` |
| `ZoomText Magnifier/Reader` | 2023.2303.33.400 | `Win32` | `Freedom Scientific` |
| `ZoomText Fusion` | 2023.2307.7.400 | `Win32` | `Freedom Scientific` |
| `ZoomText Magnifier/Reader` | 2023.2307.29.400 | `Win32` | `Freedom Scientific` |
## Add your own applications

8
store-for-business/microsoft-store-for-business-overview.md
View File

@ -106,7 +106,7 @@ Also, if your organization plans to use a management tool, you'll need to config
## Get apps and content
Once signed in to the Microsoft Store, you can browse and search for all products in the Store for Business and Education catalog. Some apps are free,and some apps charge a price. We're continuing to add more paid apps to the Store for Business and Education. Check back if you don't see the app that you're looking for. Currently, you can pay for apps with a credit card, and some items can be paid for with an invoice. We'll be adding more payment options over time.
Once signed in to the Microsoft Store, you can browse and search for all products in the Store for Business and Education catalog. Some apps are free, and some apps charge a price. We're continuing to add more paid apps to the Store for Business and Education. Check back if you don't see the app that you're looking for. Currently, you can pay for apps with a credit card, and some items can be paid for with an invoice. We'll be adding more payment options over time.
**App types** - These app types are supported in the Store for Business and Education:
@ -244,7 +244,6 @@ Store for Business and Education is currently available in these markets.
- Liechtenstein
- Lithuania
- Luxembourg
- Macedonia
- Madagascar
- Malawi
- Malaysia
@ -268,6 +267,7 @@ Store for Business and Education is currently available in these markets.
- New Zealand
- Nicaragua
- Nigeria
- North Macedonia
- Norway
- Oman
- Pakistan
@ -310,7 +310,7 @@ Store for Business and Education is currently available in these markets.
- Tonga
- Trinidad and Tobago
- Tunisia
- Turkey
- Türkiye
- Turks and Caicos Islands
- Uganda
- United Arab Emirates
@ -386,4 +386,4 @@ Developers in your organization, or ISVs can create content specific to your org
Once the app is in inventory, admins can choose how to distribute the app. ISVs creating apps through the dev center can make their apps available in Store for Business and Education. ISVs can opt-in their apps to make them available for offline licensing. Apps purchased in Store for Business and Education will work only on Windows 10.
For more information on line-of-business apps, see [Working with Line-of-Business apps](working-with-line-of-business-apps.md).
For more information on line-of-business apps, see [Working with Line-of-Business apps](working-with-line-of-business-apps.md).

8
windows/client-management/mdm-overview.md
View File

@ -31,7 +31,7 @@ Microsoft provides MDM security baselines that function like the Microsoft group
The MDM security baseline includes policies that cover the following areas:
- Microsoft inbox security technologies (not deprecated) such as BitLocker, Windows Defender SmartScreen, Exploit Guard, Microsoft Defender Antivirus, and Firewall
- Microsoft inbox security technologies (not deprecated) such as **BitLocker, Windows Defender SmartScreen, Exploit Guard, Microsoft Defender Antivirus,** and **Firewall**
- Restricting remote access to devices
- Setting credential requirements for passwords and PINs
- Restricting use of legacy technology
@ -66,6 +66,6 @@ No. Only one MDM is allowed.
| Entry | Description |
| --------------- | -------------------- |
| What is dmwappushsvc? | It's a Windows service that ships in Windows operating system as a part of the windows management platform. It's used internally by the operating system as a queue for categorizing and processing all Wireless Application Protocol (WAP) messages, which include Windows management messages, and Service Indication/Service Loading (SI/SL). The service also initiates and orchestrates management sync sessions with the MDM server. |
| What data is handled by dmwappushsvc? | It's a component handling the internal workings of the management platform and involved in processing messages that have been received by the device remotely for management. The messages in the queue are serviced by another component that is also part of the Windows management stack to process messages. The service also routes and authenticates WAP messages received by the device to internal OS components that process them further. This service doesn't send telemetry. |
| How do I turn if off? | The service can be stopped from the "Services" console on the device (Start > Run > services.msc) and locating *Device Management Wireless Application Protocol (WAP) Push message Routing Service*. However, since this service is a component part of the OS and required for the proper functioning of the device, we strongly recommend not to disable the service. Disabling this service causes your management to fail. |
| What is dmwappushsvc? | It's a Windows service that ships in the Windows operating system as a part of the Windows management platform. It's used internally by the operating system as a queue for categorizing and processing all Wireless Application Protocol (WAP) messages, which include Windows management messages, and Service Indication/Service Loading (SI/SL). The service also initiates and orchestrates management sync sessions with the MDM server. |
| What data is handled by dmwappushsvc? | It's a component handling the internal workings of the management platform and is involved in processing messages that have been received by the device remotely for management. The messages in the queue are serviced by another component that is also part of the Windows management stack to process messages. The service also routes and authenticates WAP messages received by the device to internal OS components that process them further. This service doesn't send telemetry. |
| How do I turn if off? | The service can be stopped from the "Services" console on the device (Start > Run > services.msc) and locating *Device Management Wireless Application Protocol (WAP) Push message Routing Service*. However, since this service is a component part of the OS and is required for the proper functioning of the device, we strongly recommend not to disable the service. Disabling this service causes your management to fail. |

2
windows/configuration/wcd/wcd-browser.md
View File

@ -85,7 +85,7 @@ Use *Default* to specify a name that matches one of the search providers you ent
Some countries/regions require specific, default search providers. The following table lists the applicable countries/regions and information for configuring the necessary search provider.
>[!NOTE]
>For Russia + Commonwealth of Independent States (CIS), the independent states consist of Russia, Ukraine, Georgia, The Republic of Azerbaijan, Republic Of Belarus, The Republic of Kazakhstan, The Kyrgyz Republic, The Republic of Moldova, The Republic of Tajikistan, The Republic of Armenia, Turkmenistan, The Republic of Uzbekistan, and Turkey.
>For Russia + Commonwealth of Independent States (CIS), the independent states consist of Russia, Ukraine, Georgia, The Republic of Azerbaijan, Republic Of Belarus, The Republic of Kazakhstan, The Kyrgyz Republic, The Republic of Moldova, The Republic of Tajikistan, The Republic of Armenia, Turkmenistan, The Republic of Uzbekistan, and Türkiye.

54
windows/deployment/volume-activation/install-vamt.md
View File

@ -1,13 +1,13 @@
---
title: Install VAMT (Windows 10)
description: Learn how to install Volume Activation Management Tool (VAMT) as part of the Windows Assessment and Deployment Kit (ADK) for Windows 10.
title: Install VAMT
description: Learn how to install Volume Activation Management Tool (VAMT) as part of the Windows Assessment and Deployment Kit (ADK) for Windows.
ms.reviewer: nganguly
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
author: frankroj
ms.localizationpriority: medium
ms.date: 11/07/2022
ms.date: 10/11/2023
ms.topic: article
ms.technology: itpro-fundamentals
---
@ -18,61 +18,63 @@ This article describes how to install the Volume Activation Management Tool (VAM
## Installing VAMT
You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for Windows 10.
You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for Windows.
>[!IMPORTANT]
>VAMT requires local administrator privileges on all managed computers in order to deposit confirmation IDs (CIDs), get the client products' license status, and install product keys. If VAMT is being used to manage products and product keys on the local host computer and you do not have administrator privileges, start VAMT with elevated privileges. For best results when using Active Directory-based activation, we recommend running VAMT while logged on as a domain administrator.
>
> VAMT requires local administrator privileges on all managed computers in order to deposit confirmation IDs (CIDs), get the client products' license status, and install product keys. If VAMT is being used to manage products and product keys on the local host computer and you don't have administrator privileges, start VAMT with elevated privileges. For best results when using Active Directory-based activation, we recommend running VAMT while logged on as a domain administrator.
>[!NOTE]
>The VAMT Microsoft Management Console snap-in ships as an x86 package.
>
> The VAMT Microsoft Management Console snap-in ships as an x86 package.
### Requirements
- [Windows Server with Desktop Experience](/windows-server/get-started/getting-started-with-server-with-desktop-experience), with internet access (for the main VAMT console) and all updates applied
- [Windows Server with Desktop Experience](/windows-server/get-started/getting-started-with-server-with-desktop-experience), with internet access (for the main VAMT console) and all updates applied.
- Latest version of the [Windows 10 ADK](/windows-hardware/get-started/adk-install)
- Latest version of the [Windows ADK](/windows-hardware/get-started/adk-install).
- Any supported [SQL Server Express](https://www.microsoft.com/sql-server/sql-server-editions-express) version, the latest is recommended
- Any supported [SQL Server Express](https://www.microsoft.com/sql-server/sql-server-downloads) version. The latest is recommended.
- Alternatively, any supported **full** SQL instance
- Alternatively, any supported **full** SQL instance.
### Install SQL Server Express / alternatively use any full SQL instance
1. Download and open the [SQL Server Express](https://www.microsoft.com/sql-server/sql-server-editions-express) package.
1. Download and open the [SQL Server Express](https://aka.ms/sqlexpress) package.
2. Select **Basic**.
1. Select **Basic**.
3. Accept the license terms.
1. Accept the license terms.
4. Enter an install location or use the default path, and then select **Install**.
1. Enter an install location or use the default path, and then select **Install**.
5. On the completion page, note the instance name for your installation, select **Close**, and then select **Yes**.
1. On the completion page, note the instance name for your installation, select **Close**, and then select **Yes**.
![In this example, the instance name is SQLEXPRESS01.](images/sql-instance.png)
![Screenshot that shows that in this example, the instance name is SQLEXPRESS01.](images/sql-instance.png)
### Install VAMT using the ADK
1. Download the latest version of [Windows 10 ADK](/windows-hardware/get-started/adk-install).
1. Download the latest version of [Windows ADK](/windows-hardware/get-started/adk-install).
If an older version is already installed, it's recommended to uninstall the older ADK and install the latest version. Existing VAMT data is maintained in the VAMT database.
2. Enter an install location or use the default path, and then select **Next**.
1. Enter an install location or use the default path, and then select **Next**.
3. Select a privacy setting, and then select **Next**.
1. Select a privacy setting, and then select **Next**.
4. Accept the license terms.
1. Accept the license terms.
5. On the **Select the features you want to install** page, select **Volume Activation Management Tool (VAMT)**, and then select **Install**. If desired, you can select additional features to install as well.
1. On the **Select the features you want to install** page, select **Volume Activation Management Tool (VAMT)**, and then select **Install**. If desired, you can select additional features to install as well.
6. On the completion page, select **Close**.
1. On the completion page, select **Close**.
### Configure VAMT to connect to SQL Server Express or full SQL Server
1. Open **Volume Active Management Tool 3.1** from the Start menu.
1. In the Start Menu under, **Windows Kits**, **Volume Active Management Tool 3.1**.
2. Enter the server instance name (for a remote SQL use the FQDN) and a name for the database, select **Connect**, and then select **Yes** to create the database. See the following image for an example for SQL.
1. Enter the server instance name (for a remote SQL use the FQDN) and a name for the database, select **Connect**, and then select **Yes** to create the database. See the following image for an example for SQL.
![Server name is .\SQLEXPRESS and database name is VAMT.](images/vamt-db.png)
![Screenshot that shows that the Server name is .\SQLEXPRESS and database name is VAMT.](images/vamt-db.png)
For remote SQL Server, use `servername.yourdomain.com`.
@ -82,4 +84,4 @@ To uninstall VAMT using the **Programs and Features** Control Panel:
1. Open **Control Panel** and select **Programs and Features**.
2. Select **Assessment and Deployment Kit** from the list of installed programs and select **Change**. Follow the instructions in the Windows ADK installer to remove VAMT.
1. Select **Assessment and Deployment Kit** from the list of installed programs and select **Change**. Follow the instructions in the Windows ADK installer to remove VAMT.

14
windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-summary-dashboard.md
View File

@ -1,7 +1,7 @@
---
title: Windows feature update summary dashboard
description: Provides a broader view of the current Windows OS upgrade status for all devices registered with Windows Autopatch.
ms.date: 07/25/2023
ms.date: 10/11/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: how-to
@ -17,19 +17,19 @@ ms.collection:
# Windows feature update summary dashboard
The summary dashboard provides a broader view of the current Windows OS update status for all devices registered with Windows Autopatch.
The Summary dashboard provides a broader view of the current Windows OS update status for all devices registered with Windows Autopatch.
The first part of the summary dashboard provides you with an all-devices trend report where you can follow the deployment trends within your organization. You can view if updates were successfully installed, failing, in progress, not ready or have their Windows feature update paused.
The first part of the Summary dashboard provides you with an all-devices trend report where you can follow the deployment trends within your organization. You can view if updates were successfully installed, failing, in progress, not ready or have their Windows feature update paused.
**To view a generated summary dashboard for your Windows feature update deployments:**
**To view a generated Summary dashboard for your Windows feature update deployments:**
1. Go to the[Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Select**Reports**from the left navigation menu.
1. Under the**Windows Autopatch**section, select**Windows feature updates (preview)**.
1. Under the**Windows Autopatch**section, select**Windows feature updates**.
## Report information
The following information is available in the summary dashboard:
The following information is available in the Summary dashboard:
| Column name | Description |
| ----- | ----- |
@ -48,5 +48,5 @@ The following options are available:
| Option | Description |
| ----- | ----- |
| Refresh | The option to **Refresh** the summary dashboard is available at the top of the page. This process will ensure that the summary dashboard view is updated to the latest available dataset from within the last 24-hour period. |
| Refresh | The option to **Refresh** the Summary dashboard is available at the top of the page. This process ensures that the Summary dashboard view is updated to the latest available dataset from within the last 24-hour period. |
| Summary links | Each column represents the summary of included devices. Select the hyperlinked number to produce a filtered report in a new browser tab. |

8
windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-summary-dashboard.md
View File

@ -1,7 +1,7 @@
---
title: Windows quality update summary dashboard
description: Provides a summary view of the current update status for all devices enrolled into Windows Autopatch with Autopatch groups
ms.date: 07/25/2023
ms.date: 10/04/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: how-to
@ -17,7 +17,7 @@ ms.collection:
# Windows quality update summary dashboard
The summary dashboard provides a summary view of the current update status for all devices enrolled into Windows Autopatch.
The Summary dashboard provides a summary view of the current update status for all devices enrolled into Windows Autopatch.
**To view the current update status for all your enrolled devices:**
@ -29,7 +29,7 @@ The summary dashboard provides a summary view of the current update status for a
## Report information
The following information is available in the summary dashboard:
The following information is available in the Summary dashboard:
| Column name | Description |
| ----- | ----- |
@ -47,5 +47,5 @@ The following options are available:
| Option | Description |
| ----- | ----- |
| Refresh | The option to **Refresh** the summary dashboard is available at the top of the page. This process will ensure that the summary dashboard view is updated to the latest available dataset from within the last 24-hour period. |
| Refresh | The option to **Refresh** the Summary dashboard is available at the top of the page. This process ensures that the Summary dashboard view is updated to the latest available dataset from within the last 24-hour period. |
| Summary links | Each column represents the summary of included devices. Select the hyperlinked number to produce a filtered report in a new browser tab. |

2
windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md
View File

@ -70,7 +70,7 @@ To register the applications, follow these steps:
:::column span="3":::
3. Review the permissions requested by the *Microsoft Pin Reset Service Production* application and select **Accept** to confirm consent to both applications to access your organization.
>[!NOTE]
>After accepance, the redirect page will show a blank page. This is a known behavior.
>After acceptance, the redirect page will show a blank page. This is a known behavior.
:::column-end:::
:::column span="1":::
:::image type="content" alt-text="Screenshot showing the PIN reset service permissions final page." source="images/pinreset/pin-reset-service-prompt-2.png" lightbox="images/pinreset/pin-reset-service-prompt-2.png" border="true":::

4
windows/security/identity-protection/hello-for-business/hello-identity-verification.md
View File

@ -1,5 +1,5 @@
---
ms.date: 07/05/2023
ms.date: 10/09/2023
title: Windows Hello for Business Deployment Prerequisite Overview
description: Overview of all the different infrastructure requirements for Windows Hello for Business deployment models
ms.topic: overview
@ -37,7 +37,7 @@ The table shows the minimum requirements for each deployment. For key trust in a
| **Certificate Authority**| Not required |Any supported Windows Server versions | Any supported Windows Server versions | Any supported Windows Server versions |
| **AD FS Version** | Not required | Not required | Any supported Windows Server versions | Any supported Windows Server versions |
| **MFA Requirement** | Azure MFA, or<br/>AD FS w/Azure MFA adapter, or<br/>AD FS w/Azure MFA Server adapter, or<br/>AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or<br/>AD FS w/Azure MFA adapter, or<br/>AD FS w/Azure MFA Server adapter, or<br/>AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or<br/>AD FS w/Azure MFA adapter, or<br/>AD FS w/Azure MFA Server adapter, or<br/>AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or<br/>AD FS w/Azure MFA adapter, or<br/>AD FS w/Azure MFA Server adapter, or<br/>AD FS w/3rd Party MFA Adapter |
| **Azure AD Connect** | Not required | Required | Required | Required |
| **Azure AD Connect** | Not required. It's recommended to use [Microsoft Entra Connect cloud sync](/azure/active-directory/hybrid/cloud-sync/what-is-cloud-sync) | Required | Required | Required |
| **Azure AD License** | Azure AD Premium, optional | Azure AD Premium, optional | Azure AD Premium, needed for device write-back | Azure AD Premium, optional. Intune license required |
## On-premises Deployments

59
windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
View File

@ -29,17 +29,66 @@ To complete these procedures, you must be a member of the Domain Administrators
3. The default path for the log is **%windir%\\system32\\logfiles\\firewall\\pfirewall.log**. If you want to change this path, clear the **Not configured** check box and type the path to the new location, or click **Browse** to select a file location.
>**Important:**  The location you specify must have permissions assigned that permit the Windows Defender Firewall service to write to the log file.
> [!IMPORTANT]
> The location you specify must have permissions assigned that permit the Windows Defender Firewall service to write to the log file.
4. The default maximum file size for the log is 4,096 kilobytes (KB). If you want to change this size, clear the **Not configured** check box, and type in the new size in KB, or use the up and down arrows to select a size. The file won't grow beyond this size; when the limit is reached, old log entries are deleted to make room for the newly created ones.
5. The default maximum file size for the log is 4,096 kilobytes (KB). If you want to change this size, clear the **Not configured** check box, and type in the new size in KB, or use the up and down arrows to select a size. The file won't grow beyond this size; when the limit is reached, old log entries are deleted to make room for the newly created ones.
5. No logging occurs until you set one of following two options:
6. No logging occurs until you set one of following two options:
- To create a log entry when Windows Defender Firewall drops an incoming network packet, change **Log dropped packets** to **Yes**.
- To create a log entry when Windows Defender Firewall allows an inbound connection, change **Log successful connections** to **Yes**.
6. Click **OK** twice.
7. Click **OK** twice.
### Troubleshoot if the log file is not created or modified
Sometimes the Windows Firewall log files aren't created, or the events aren't written to the log files. Some examples when this condition might occur include:
- missing permissions for the Windows Defender Firewall Service (MpsSvc) on the folder or on the log files
- you want to store the log files in a different folder and the permissions were removed, or haven't been set automatically
- if firewall logging is configured via policy settings, it can happen that
- the log folder in the default location `%windir%\System32\LogFiles\firewall` doesn't exist
- the log folder in a custom path doesn't exist
In both cases, you must create the folder manually or via script, and add the permissions for MpsSvc
If firewall logging is configured via Group Policy only, it also can happen that the `firewall` folder is not created in the default location `%windir%\System32\LogFiles\`. The same can happen if a custom path to a non-existent folder is configured via Group Policy. In this case, create the folder manually or via script and add the permissions for MPSSVC.
```PowerShell
New-Item -ItemType Directory -Path $env:windir\System32\LogFiles\Firewall
```
Verify if MpsSvc has *FullControl* on the folder and the files.
From an elevated PowerShell session, use the following commands, ensuring to use the correct path:
```PowerShell
$LogPath = Join-Path -path $env:windir -ChildPath "System32\LogFiles\Firewall"
(Get-ACL -Path $LogPath).Access | Format-Table IdentityReference,FileSystemRights,AccessControlType,IsInherited,InheritanceFlags -AutoSize
```
The output should show `NT SERVICE\mpssvc` having *FullControl*:
```PowerShell
IdentityReference FileSystemRights AccessControlType IsInherited InheritanceFlags
----------------- ---------------- ----------------- ----------- ----------------
NT AUTHORITY\SYSTEM FullControl Allow False ObjectInherit
BUILTIN\Administrators FullControl Allow False ObjectInherit
NT SERVICE\mpssvc FullControl Allow False ObjectInherit
```
If not, add *FullControl* permissions for mpssvc to the folder, subfolders and files. Make sure to use the correct path.
```PowerShell
$LogPath = Join-Path -path $env:windir -ChildPath "System32\LogFiles\Firewall"
$ACL = get-acl -Path $LogPath
$ACL.SetAccessRuleProtection($true, $false)
$RULE = New-Object System.Security.AccessControl.FileSystemAccessRule ("NT SERVICE\mpssvc","FullControl","ContainerInherit,ObjectInherit","None","Allow")
$ACL.AddAccessRule($RULE)
```
Restart the device to restart the Windows Defender Firewall Service.
### Troubleshoot Slow Log Ingestion
### Troubleshooting Slow Log Ingestion
If logs are slow to appear in Sentinel, you can turn down the log file size. Just beware that this downsizing will result in more resource usage due to the increased resource usage for log rotation.

10
windows/whats-new/deprecated-features-resources.md
View File

@ -1,7 +1,7 @@
---
title: Resources for deprecated features in the Windows client
description: Resources and details for deprecated features in the Windows client.
ms.date: 08/01/2023
ms.date: 10/09/2023
ms.prod: windows-client
ms.technology: itpro-fundamentals
ms.localizationpriority: medium
@ -21,6 +21,10 @@ appliesto:
This article provides additional resources about [deprecated features for Windows client](deprecated-features.md) that may be needed by IT professionals. The following information is provided to help IT professionals plan for the removal of deprecated features:
## VBScript
VBScript will be available as a [feature on demand](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities) before being retired in future Windows releases. Initially, the VBScript feature on demand will be preinstalled to allow for uninterrupted use while you prepare for the retirement of VBScript.
## TLS versions 1.0 and 1.1 disablement resources
Over the past several years, internet standards and regulatory bodies have [deprecated or disallowed](https://www.ietf.org/rfc/rfc8996.html) TLS versions 1.0 and 1.1 due to various security issues. Starting in Windows 11 Insider Preview builds for September 2023 and continuing in future Windows OS releases, TLS 1.0 and 1.1 are disabled by default. This change increases the security posture of Windows customers and encourages modern protocol adoption. For organizations that need to use these versions, there's an option to re-enable TLS 1.0 or TLS 1.1.
@ -69,11 +73,11 @@ Re-enabling TLS 1.0 or TLS 1.1 on machines should only be done as a last resort,
The [Microsoft Support Diagnostic Tool (MSDT)](/windows-server/administration/windows-commands/msdt) gathers diagnostic data for analysis by support professionals. MSDT is the engine used to run legacy Windows built-in troubleshooters. There are currently 28 built-in troubleshooters for MSDT. Half of the built-in troubleshooters have already been [redirected](#redirected-msdt-troubleshooters) to the Get Help platform, while the other half will be [retired](#retired-msdt-troubleshooters).
If you're using MSDT to run [custom troubleshooting packages](/previous-versions/windows/desktop/wintt/package-schema), it will be available as a [Feature on Demand](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities) before the tool is fully retired in 2025. This change will allow you to continue to use MSDT to run custom troubleshooting packages while transitioning to a new platform. [Contact Microsoft support](https://support.microsoft.com/contactus) for Windows if you require additional assistance.
If you're using MSDT to run [custom troubleshooting packages](/previous-versions/windows/desktop/wintt/package-schema), it will be available as a [feature on demand](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities) before the tool is fully retired in 2025. This change allows you to continue to use MSDT to run custom troubleshooting packages while transitioning to a new platform. [Contact Microsoft support](https://support.microsoft.com/contactus) for Windows if you require more assistance.
### Redirected MSDT troubleshooters
The following troubleshooters will automatically be redirected when you access them from **Start** > **Settings** > **System** > **Troubleshoot**:
The following troubleshooters are automatically redirected when you access them from **Start** > **Settings** > **System** > **Troubleshoot**:
- Background Intelligent Transfer Service (BITS)
- Bluetooth

3
windows/whats-new/deprecated-features.md
View File

@ -1,7 +1,7 @@
---
title: Deprecated features in the Windows client
description: Review the list of features that Microsoft is no longer actively developing in Windows 10 and Windows 11.
ms.date: 09/01/2023
ms.date: 10/09/2023
ms.prod: windows-client
ms.technology: itpro-fundamentals
ms.localizationpriority: medium
@ -36,6 +36,7 @@ The features in this article are no longer being actively developed, and might b
|Feature | Details and mitigation | Deprecation announced |
| ----------- | --------------------- | ---- |
| VBScript <!--7954828--> | VBScript is being deprecated. In future releases of Windows, VBScript will be available as a feature on demand before its removal from the operating system. For more information, see [Resources for deprecated features](deprecated-features-resources.md#vbscript). | October 2023 |
| WordPad | WordPad is no longer being updated and will be removed in a future release of Windows. We recommend Microsoft Word for rich text documents like .doc and .rtf and Windows Notepad for plain text documents like .txt. | September 1, 2023 |
| AllJoyn | Microsoft's implementation of AllJoyn which included the [Windows.Devices.AllJoyn API namespace](/uwp/api/windows.devices.alljoyn), a [Win32 API](/windows/win32/api/_alljoyn/), a [management configuration service provider (CSP)](/windows/client-management/mdm/alljoynmanagement-csp), and an [Alljoyn Router Service](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#alljoyn-router-service) has been deprecated. [AllJoyn](https://openconnectivity.org/technology/reference-implementation/alljoyn/), sponsored by AllSeen Alliance, was an open source discovery and communication protocol for Internet of Things scenarios such as turning on/off lights or reading temperatures.AllSeen Alliance promoted the AllJoyn project from 2013 until 2016 when it merged with the Open Connectivity Foundation (OCF), the sponsors of [Iotivity.org](https://iotivity.org/), another protocol for Internet of Things scenarios. Customers should refer to the [Iotivity.org](https://iotivity.org/) website for alternatives such as [Iotivity Lite](https://github.com/iotivity/iotivity-lite) or [Iotivity](https://github.com/iotivity/iotivity). | August 17, 2023 |
| TLS 1.0 and 1.1 | Over the past several years, internet standards and regulatory bodies have [deprecated or disallowed](https://www.ietf.org/rfc/rfc8996.html) TLS versions 1.0 and 1.1 due to various security issues. Starting in Windows 11 Insider Preview builds for September 2023 and continuing in future Windows OS releases, TLS 1.0 and 1.1 will be disabled by default. This change increases the security posture of Windows customers and encourages modern protocol adoption. For organizations that need to use these versions, there's an option to re-enable TLS 1.0 or TLS 1.1. For more information, see [Resources for deprecated features](deprecated-features-resources.md). | August 1, 2023|