diff --git a/education/windows/windows-editions-for-education-customers.md b/education/windows/windows-editions-for-education-customers.md index 539c4da7fb..ed22802caa 100644 --- a/education/windows/windows-editions-for-education-customers.md +++ b/education/windows/windows-editions-for-education-customers.md @@ -7,7 +7,6 @@ ms.mktglfcycl: plan ms.sitesec: library ms.pagetype: edu author: CelesteDG -localizationpriority: high --- # Windows 10 editions for education customers diff --git a/windows/deploy/activate-using-active-directory-based-activation-client.md b/windows/deploy/activate-using-active-directory-based-activation-client.md index 2ccfe946be..a3dce6ef96 100644 --- a/windows/deploy/activate-using-active-directory-based-activation-client.md +++ b/windows/deploy/activate-using-active-directory-based-activation-client.md @@ -24,8 +24,8 @@ localizationpriority: high **Looking for retail activation?** - [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) -Active Directory-based activation is implemented as a role service that relies on AD DS to store activation objects. Active Directory-based activation requires that the forest schema be updated by adprep.exe on a computer running Windows Server 2012 R2 or Windows Server 2012, but after the schema is updated, older domain controllers can still activate clients. -Any domain-joined computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 with a GVLK will be activated automatically and transparently. They will stay activated as long as they remain members of the domain and maintain periodic contact with a domain controller. Activation takes place after the Licensing service starts. When this service starts, the computer contacts AD DS automatically, receives the activation object, and is activated without user intervention. +Active Directory-based activation is implemented as a role service that relies on AD DS to store activation objects. Active Directory-based activation requires that the forest schema be updated by adprep.exe on a computer running Windows Server 2012 or Windows Server 2012 R2, but after the schema is updated, older domain controllers can still activate clients. +Any domain-joined computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012, or Windows Server 2012 R2 with a GVLK will be activated automatically and transparently. They will stay activated as long as they remain members of the domain and maintain periodic contact with a domain controller. Activation takes place after the Licensing service starts. When this service starts, the computer contacts AD DS automatically, receives the activation object, and is activated without user intervention. To allow computers with GVLKs to activate themselves, use the Volume Activation Tools console in Windows Server 2012 R2 or the VAMT in earlier versions of Windows Server to create an object in the AD DS forest. You create this activation object by submitting a KMS host key to Microsoft, as shown in Figure 10. The process proceeds as follows: 1. Perform one of the following tasks: @@ -38,7 +38,7 @@ The process proceeds as follows: **Figure 10**. The Active Directory-based activation flow -For environments in which all computers are running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2, and they are joined to a domain, Active Directory-based activation is the best option for activating all client computers and servers, and you may be able to remove any KMS hosts from your environment. +For environments in which all computers are running Windows 10, Windows 8.1, Windows 8, Windows Server 2012, or Windows Server 2012 R2, and they are joined to a domain, Active Directory-based activation is the best option for activating all client computers and servers, and you may be able to remove any KMS hosts from your environment. If an environment will continue to contain earlier volume licensing operating systems and applications or if you have workgroup computers outside the domain, you need to maintain a KMS host to maintain activation status for earlier volume licensing editions of Windows and Office. Clients that are activated with Active Directory-based activation will maintain their activated state for up to 180 days since the last contact with the domain, but they will periodically attempt to reactivate before then and at the end of the 180day period. By default, this reactivation event occurs every seven days. When a reactivation event occurs, the client queries AD DS for the activation object. Client computers examine the activation object and compare it to the local edition as defined by the GVLK. If the object and GVLK match, reactivation occurs. If the AD DS object cannot be retrieved, client computers use KMS activation. If the computer is removed from the domain, when the computer or the Software Protection service is restarted, the operating system will change the status from activated to not activated, and the computer will try to activate with KMS. diff --git a/windows/deploy/add-a-windows-10-operating-system-image-using-configuration-manager.md b/windows/deploy/add-a-windows-10-operating-system-image-using-configuration-manager.md index 5a3eadbc33..8fb81af58a 100644 --- a/windows/deploy/add-a-windows-10-operating-system-image-using-configuration-manager.md +++ b/windows/deploy/add-a-windows-10-operating-system-image-using-configuration-manager.md @@ -5,6 +5,7 @@ ms.assetid: 77f769cc-1a47-4f36-8082-201cd77b8d3b keywords: image, deploy, distribute ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library author: mtniehaus --- diff --git a/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md b/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md index de701986b4..425d7331d5 100644 --- a/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md +++ b/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md @@ -4,6 +4,7 @@ description: In this topic, you will learn how to configure the Windows Preinsta ms.assetid: 97b3ea46-28d9-407e-8c42-ded2e45e8d5c keywords: deploy, task sequence ms.prod: w10 +localizationpriority: high ms.mktglfcycl: deploy ms.sitesec: library author: mtniehaus diff --git a/windows/deploy/assign-applications-using-roles-in-mdt-2013.md b/windows/deploy/assign-applications-using-roles-in-mdt-2013.md index 1319888616..a6e7d69377 100644 --- a/windows/deploy/assign-applications-using-roles-in-mdt-2013.md +++ b/windows/deploy/assign-applications-using-roles-in-mdt-2013.md @@ -5,6 +5,7 @@ ms.assetid: d82902e4-de9c-4bc4-afe0-41d649b83ce7 keywords: settings, database, deploy ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: mtniehaus diff --git a/windows/deploy/build-a-distributed-environment-for-windows-10-deployment.md b/windows/deploy/build-a-distributed-environment-for-windows-10-deployment.md index f015c71c1f..010284c04f 100644 --- a/windows/deploy/build-a-distributed-environment-for-windows-10-deployment.md +++ b/windows/deploy/build-a-distributed-environment-for-windows-10-deployment.md @@ -5,6 +5,7 @@ ms.assetid: a6cd5657-6a16-4fff-bfb4-44760902d00c keywords: replication, replicate, deploy, configure, remote ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: mtniehaus @@ -76,6 +77,7 @@ Setting up DFS-R for replication is a quick and straightforward process. You pre ![figure 3](images/mdt-10-fig03.png) Figure 3. Sharing the **E:\\MDTProduction folder** on MDT02. + ### Configure the deployment share When you have multiple deployment servers sharing the same content, you need to configure the Bootstrap.ini file with information about which server to connect to based on where the client is located. In MDT, that can be done by using the DefaultGateway property. @@ -146,6 +148,7 @@ Once the MDT01 and MDT02 servers are prepared, you are ready to configure the ac 1. In the **Staging** tab, set the quota to **20480 MB**. 2. In the **Advanced** tab, set the quota to **8192 MB**. In this scenario the size of the deployment share is known, but you might need to change the values for your environment. A good rule of thumb is to get the size of the 16 largest files and make sure they fit in the staging area. Here is a Windows PowerShell example that calculates the size of the 16 largest files in the E:\\MDTProduction deployment share: + ``` syntax (Get-ChildItem E:\MDTProduction -Recurse | Sort-Object Length -Descending | Select-Object -First 16 | Measure-Object -Property Length -Sum).Sum /1GB ``` diff --git a/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md b/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md index c1f827f3a7..9591616e9d 100644 --- a/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md +++ b/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md @@ -4,6 +4,7 @@ description: This topic describes how to configure a PXE server to load Windows keywords: upgrade, update, windows, windows 10, pxe, WinPE, image, wim ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: deploy author: greg-lindsay diff --git a/windows/deploy/configure-mdt-2013-for-userexit-scripts.md b/windows/deploy/configure-mdt-2013-for-userexit-scripts.md index a94bee6b7b..c95b0fc69e 100644 --- a/windows/deploy/configure-mdt-2013-for-userexit-scripts.md +++ b/windows/deploy/configure-mdt-2013-for-userexit-scripts.md @@ -5,6 +5,7 @@ ms.assetid: 29a421d1-12d2-414e-86dc-25b62f5238a7 keywords: rules, script ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: mtniehaus diff --git a/windows/deploy/configure-mdt-2013-settings.md b/windows/deploy/configure-mdt-2013-settings.md index ba84efd5c1..46c1e30220 100644 --- a/windows/deploy/configure-mdt-2013-settings.md +++ b/windows/deploy/configure-mdt-2013-settings.md @@ -5,6 +5,7 @@ ms.assetid: d3e1280c-3d1b-4fad-8ac4-b65dc711f122 keywords: customize, customization, deploy, features, tools ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: mtniehaus diff --git a/windows/deploy/configure-mdt-deployment-share-rules.md b/windows/deploy/configure-mdt-deployment-share-rules.md index 5eeadbbfd6..97a448f5da 100644 --- a/windows/deploy/configure-mdt-deployment-share-rules.md +++ b/windows/deploy/configure-mdt-deployment-share-rules.md @@ -5,6 +5,7 @@ ms.assetid: b5ce2360-33cc-4b14-b291-16f75797391b keywords: rules, configuration, automate, deploy ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: mtniehaus diff --git a/windows/deploy/create-a-custom-windows-pe-boot-image-with-configuration-manager.md b/windows/deploy/create-a-custom-windows-pe-boot-image-with-configuration-manager.md index a5cbfb7886..3d55bb7385 100644 --- a/windows/deploy/create-a-custom-windows-pe-boot-image-with-configuration-manager.md +++ b/windows/deploy/create-a-custom-windows-pe-boot-image-with-configuration-manager.md @@ -5,6 +5,7 @@ ms.assetid: b9e96974-324d-4fa4-b0ce-33cfc49c4809 keywords: tool, customize, deploy, boot image ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library author: mtniehaus --- diff --git a/windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md b/windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md index 0838ebde59..c00676a646 100644 --- a/windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md +++ b/windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md @@ -5,6 +5,7 @@ ms.assetid: 0b069bec-5be8-47c6-bf64-7a630f41ac98 keywords: deploy, upgrade, task sequence, install ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.pagetype: mdt ms.sitesec: library author: mtniehaus diff --git a/windows/deploy/create-a-windows-10-reference-image.md b/windows/deploy/create-a-windows-10-reference-image.md index 1f91fff47c..4954dd3dcd 100644 --- a/windows/deploy/create-a-windows-10-reference-image.md +++ b/windows/deploy/create-a-windows-10-reference-image.md @@ -5,6 +5,7 @@ ms.assetid: 9da2fb57-f2ff-4fce-a858-4ae4c237b5aa keywords: deploy, deployment, configure, customize, install, installation ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: mtniehaus @@ -164,6 +165,7 @@ You also can customize the Office installation using a Config.xml file. But we r If you need to add many applications, you can take advantage of the PowerShell support that MDT has. To start using PowerShell against the deployment share, you must first load the MDT PowerShell snap-in and then make the deployment share a PowerShell drive (PSDrive). 1. On MDT01, log on as **CONTOSO\\Administrator**. 2. Import the snap-in and create the PSDrive by running the following commands in an elevated PowerShell prompt: + ``` syntax Import-Topic "C:\Program Files\Microsoft Deployment Toolkit\bin\MicrosoftDeploymentToolkit.psd1" New-PSDrive -Name "DS001" -PSProvider MDTProvider -Root "E:\MDTBuildLab" @@ -173,7 +175,9 @@ If you need to add many applications, you can take advantage of the PowerShell s In these steps we assume that you have downloaded Microsoft Visual C++ 2005 SP1 x86. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2005SP1x86. 1. On MDT01, log on as **CONTOSO\\Administrator**. + 2. Create the application by running the following commands in an elevated PowerShell prompt: + ``` syntax $ApplicationName = "Install - Microsoft Visual C++ 2005 SP1 - x86" $CommandLine = "vcredist_x86.exe /Q" @@ -187,6 +191,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2005 SP1 In these steps we assume that you have downloaded Microsoft Visual C++ 2005 SP1 x64. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2005SP1x64. 1. On MDT01, log on as **CONTOSO\\Administrator**. 2. Create the application by running the following commands in an elevated PowerShell prompt: + ``` syntax $ApplicationName = "Install - Microsoft Visual C++ 2005 SP1 - x64" $CommandLine = "vcredist_x64.exe /Q" @@ -200,6 +205,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2005 SP1 In these steps we assume that you have downloaded Microsoft Visual C++ 2008 SP1 x86. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2008SP1x86. 1. On MDT01, log on as **CONTOSO\\Administrator**. 2. Create the application by running the following commands in an elevated PowerShell prompt: + ``` syntax $ApplicationName = "Install - Microsoft Visual C++ 2008 SP1 - x86" $CommandLine = "vcredist_x86.exe /Q" @@ -213,6 +219,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2008 SP1 In these steps we assume that you have downloaded Microsoft Visual C++ 2008 SP1 x64. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2008SP1x64. 1. On MDT01, log on as **CONTOSO\\Administrator**. 2. Create the application by running the following commands in an elevated PowerShell prompt: + ``` syntax $ApplicationName = "Install - Microsoft Visual C++ 2008 SP1 - x64" $CommandLine = "vcredist_x64.exe /Q" @@ -226,6 +233,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2008 SP1 In these steps we assume that you have downloaded Microsoft Visual C++ 2010 SP1 x86. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2010SP1x86. 1. On MDT01, log on as **CONTOSO\\Administrator**. 2. Create the application by running the following commands in an elevated PowerShell prompt: + ``` syntax $ApplicationName = "Install - Microsoft Visual C++ 2010 SP1 - x86" $CommandLine = "vcredist_x86.exe /Q" @@ -239,6 +247,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2010 SP1 In these steps we assume that you have downloaded Microsoft Visual C++ 2010 SP1 x64. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2010SP1x64. 1. On MDT01, log on as **CONTOSO\\Administrator**. 2. Create the application by running the following commands in an elevated PowerShell prompt: + ``` syntax $ApplicationName = "Install - Microsoft Visual C++ 2010 SP1 - x64" $CommandLine = "vcredist_x64.exe /Q" @@ -252,6 +261,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2010 SP1 In these steps we assume that you have downloaded Microsoft Visual C++ 2012 Update 4 x86. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2012Ux86. 1. On MDT01, log on as **CONTOSO\\Administrator**. 2. Create the application by running the following commands in an elevated PowerShell prompt: + ``` syntax $ApplicationName = "Install - Microsoft Visual C++ 2012 Update 4 - x86" $CommandLine = "vcredist_x86.exe /Q" @@ -265,6 +275,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2012 Upda In these steps we assume that you have downloaded Microsoft Visual C++ 2012 Update 4 x64. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2012Ux64. 1. On MDT01, log on as **CONTOSO\\Administrator**. 2. Create the application by running the following commands in an elevated PowerShell prompt: + ``` syntax $ApplicationName = "Install - Microsoft Visual C++ 2012 Update 4 - x64" $CommandLine = "vcredist_x64.exe /Q" diff --git a/windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md b/windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md index 5dbd28f0c8..28f0c95e14 100644 --- a/windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md +++ b/windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md @@ -5,6 +5,7 @@ ms.assetid: 2dfb2f39-1597-4999-b4ec-b063e8a8c90c keywords: deployment, task sequence, custom, customize ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library author: mtniehaus --- diff --git a/windows/deploy/deploy-a-windows-10-image-using-mdt.md b/windows/deploy/deploy-a-windows-10-image-using-mdt.md index 62ff5ee44b..05f3667cb6 100644 --- a/windows/deploy/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deploy/deploy-a-windows-10-image-using-mdt.md @@ -5,6 +5,7 @@ ms.assetid: 1d70a3d8-1b1d-4051-b656-c0393a93f83c keywords: deployment, automate, tools, configure ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: mtniehaus @@ -304,6 +305,7 @@ In this section, you will learn how to configure the MDT Build Lab deployment sh 2. CustomSettings.ini 2. Right-click the **MDT Production** deployment share and select **Properties**. 3. Select the **Rules** tab and modify using the following information: + ``` syntax [Settings] Priority=Default @@ -340,6 +342,7 @@ In this section, you will learn how to configure the MDT Build Lab deployment sh SkipFinalSummary=NO ``` 4. Click **Edit Bootstrap.ini** and modify using the following information: + ``` syntax [Settings] Priority=Default diff --git a/windows/deploy/deploy-windows-10-using-pxe-and-configuration-manager.md b/windows/deploy/deploy-windows-10-using-pxe-and-configuration-manager.md index 2bc874cf8b..1a6a52fffb 100644 --- a/windows/deploy/deploy-windows-10-using-pxe-and-configuration-manager.md +++ b/windows/deploy/deploy-windows-10-using-pxe-and-configuration-manager.md @@ -5,6 +5,7 @@ ms.assetid: fb93f514-5b30-4f4b-99dc-58e6860009fa keywords: deployment, image, UEFI, task sequence ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library author: mtniehaus --- diff --git a/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md b/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md index b9624a46b9..37ca1c3630 100644 --- a/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md +++ b/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md @@ -4,6 +4,7 @@ description: If you have Microsoft System Center 2012 R2 Configuration Manager ms.assetid: eacd7b7b-dde0-423d-97cd-29bde9e8b363 keywords: deployment, custom, boot ms.prod: w10 +localizationpriority: high ms.mktglfcycl: deploy ms.sitesec: library author: mtniehaus diff --git a/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md b/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md index 3fc7913c52..3303550159 100644 --- a/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md +++ b/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md @@ -6,6 +6,7 @@ keywords: deploy, tools, configure, script ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library +localizationpriority: high author: mtniehaus ms.pagetype: mdt --- diff --git a/windows/deploy/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md b/windows/deploy/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md index 2ed9de7378..0cebb0c0b2 100644 --- a/windows/deploy/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md +++ b/windows/deploy/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md @@ -4,6 +4,7 @@ description: This topic walks you through the steps to finalize the configuratio ms.assetid: 38b55fa8-e717-4689-bd43-8348751d493e keywords: configure, deploy, upgrade ms.prod: w10 +localizationpriority: high ms.mktglfcycl: deploy ms.sitesec: library author: mtniehaus diff --git a/windows/deploy/get-started-with-the-microsoft-deployment-toolkit.md b/windows/deploy/get-started-with-the-microsoft-deployment-toolkit.md index 4ef176092a..33998a9cbe 100644 --- a/windows/deploy/get-started-with-the-microsoft-deployment-toolkit.md +++ b/windows/deploy/get-started-with-the-microsoft-deployment-toolkit.md @@ -5,6 +5,7 @@ ms.assetid: a256442c-be47-4bb9-a105-c831f58ce3ee keywords: deploy, image, feature, install, tools ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: mtniehaus diff --git a/windows/deploy/images/convert.png b/windows/deploy/images/convert.png new file mode 100644 index 0000000000..224e763bc0 Binary files /dev/null and b/windows/deploy/images/convert.png differ diff --git a/windows/deploy/images/download_vhd.png b/windows/deploy/images/download_vhd.png new file mode 100644 index 0000000000..248a512040 Binary files /dev/null and b/windows/deploy/images/download_vhd.png differ diff --git a/windows/deploy/images/installing-drivers.png b/windows/deploy/images/installing-drivers.png new file mode 100644 index 0000000000..22d7808fad Binary files /dev/null and b/windows/deploy/images/installing-drivers.png differ diff --git a/windows/deploy/images/svr_mgr2.png b/windows/deploy/images/svr_mgr2.png new file mode 100644 index 0000000000..dd2e6737c6 Binary files /dev/null and b/windows/deploy/images/svr_mgr2.png differ diff --git a/windows/deploy/integrate-configuration-manager-with-mdt-2013.md b/windows/deploy/integrate-configuration-manager-with-mdt-2013.md index 4a30f0f74c..85612562d9 100644 --- a/windows/deploy/integrate-configuration-manager-with-mdt-2013.md +++ b/windows/deploy/integrate-configuration-manager-with-mdt-2013.md @@ -5,6 +5,7 @@ ms.assetid: 3bd1cf92-81e5-48dc-b874-0f5d9472e5a5 ms.pagetype: mdt keywords: deploy, image, customize, task sequence ms.prod: w10 +localizationpriority: high ms.mktglfcycl: deploy ms.sitesec: library author: mtniehaus diff --git a/windows/deploy/key-features-in-mdt-2013.md b/windows/deploy/key-features-in-mdt-2013.md index 608ad3a059..0264a106c0 100644 --- a/windows/deploy/key-features-in-mdt-2013.md +++ b/windows/deploy/key-features-in-mdt-2013.md @@ -5,6 +5,7 @@ ms.assetid: 858e384f-e9db-4a93-9a8b-101a503e4868 keywords: deploy, feature, tools, upgrade, migrate, provisioning ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: mtniehaus diff --git a/windows/deploy/mdt-2013-lite-touch-components.md b/windows/deploy/mdt-2013-lite-touch-components.md index d51d5bece9..2234092338 100644 --- a/windows/deploy/mdt-2013-lite-touch-components.md +++ b/windows/deploy/mdt-2013-lite-touch-components.md @@ -5,6 +5,7 @@ ms.assetid: 7d6fc159-e338-439e-a2e6-1778d0da9089 keywords: deploy, install, deployment, boot, log, monitor ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: mtniehaus diff --git a/windows/deploy/monitor-windows-10-deployment-with-configuration-manager.md b/windows/deploy/monitor-windows-10-deployment-with-configuration-manager.md index 12aae5a28c..395beb960d 100644 --- a/windows/deploy/monitor-windows-10-deployment-with-configuration-manager.md +++ b/windows/deploy/monitor-windows-10-deployment-with-configuration-manager.md @@ -5,6 +5,7 @@ ms.assetid: 4863c6aa-6369-4171-8e1a-b052ca195fce keywords: deploy, upgrade ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library author: mtniehaus --- diff --git a/windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md b/windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md index 69e87bd76e..637b6aaaca 100644 --- a/windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md +++ b/windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md @@ -5,6 +5,7 @@ ms.assetid: 5103c418-0c61-414b-b93c-a8e8207d1226 keywords: deploy, system requirements ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: mtniehaus diff --git a/windows/deploy/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md b/windows/deploy/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md index d389eb884d..4f25bc9987 100644 --- a/windows/deploy/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md +++ b/windows/deploy/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md @@ -4,6 +4,7 @@ description: This topic will walk you through the process of integrating Microso ms.assetid: 06e3a221-31ef-47a5-b4da-3b927cb50d08 keywords: install, configure, deploy, deployment ms.prod: w10 +localizationpriority: high ms.mktglfcycl: deploy ms.sitesec: library author: mtniehaus diff --git a/windows/deploy/provision-pcs-with-apps-and-certificates.md b/windows/deploy/provision-pcs-with-apps-and-certificates.md index 783c3697b6..2a918f8202 100644 --- a/windows/deploy/provision-pcs-with-apps-and-certificates.md +++ b/windows/deploy/provision-pcs-with-apps-and-certificates.md @@ -76,9 +76,17 @@ Universal apps that you can distribute in the provisioning package can be line-o ![required frameworks for offline app package](images/uwp-dependencies.png) -5. For **DeviceContextAppLicense**, enter the **LicenseProductID**. In Windows Store for Business, you generate the license for the app on the app's download page. +5. For **DeviceContextAppLicense**, enter the **LicenseProductID**. - ![generate license for offline app](images/uwp-license.png) + - In Windows Store for Business, generate the unencoded license for the app on the app's download page, and change the extension of the license file from **.xml** to **.ms-windows-store-license**. + + ![generate license for offline app](images/uwp-license.png) + + - Open the license file and search for **LicenseID=** to get the GUID, enter the GUID in the **LicenseProductID** field and click **Add**. + +6. In the **Available customizations** pane, click the **LicenseProductId** that you just added. + +7. For **LicenseInstall**, click **Browse**, navigate to the license file that you renamed **.**ms-windows-store-license**, and select the license file. [Learn more about distributing offline apps from the Windows Store for Business.](../manage/distribute-offline-apps.md) diff --git a/windows/deploy/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deploy/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md index 68b0a74563..fe8e875c6b 100644 --- a/windows/deploy/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md +++ b/windows/deploy/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md @@ -5,6 +5,7 @@ ms.assetid: 57c81667-1019-4711-b3de-15ae9c5387c7 keywords: upgrade, install, installation, computer refresh ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library author: mtniehaus --- diff --git a/windows/deploy/refresh-a-windows-7-computer-with-windows-10.md b/windows/deploy/refresh-a-windows-7-computer-with-windows-10.md index ea05d6a281..450e831b33 100644 --- a/windows/deploy/refresh-a-windows-7-computer-with-windows-10.md +++ b/windows/deploy/refresh-a-windows-7-computer-with-windows-10.md @@ -5,6 +5,7 @@ ms.assetid: 2866fb3c-4909-4c25-b083-6fc1f7869f6f keywords: reinstallation, customize, template, script, restore ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: mtniehaus @@ -66,6 +67,7 @@ The custom USMT template is named MigContosoData.xml, and you can find it in the In order to use the custom MigContosoData.xml USMT template, you need to copy it to the MDT Production deployment share and update the CustomSettings.ini file. In these steps, we assume you have downloaded the MigContosoData.xml file. 1. Using File Explorer, copy the MigContosoData.xml file to the **E:\\MDTProduction\\Tools\\x64\\USMT5** folder. 2. Using Notepad, edit the E:\\MDTProduction\\Control\\CustomSettings.ini file. After the USMTMigFiles002=MigUser.xml line add the following line: + ``` syntax USMTMigFiles003=MigContosoData.xml ``` diff --git a/windows/deploy/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deploy/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md index b9f521531f..5691f94681 100644 --- a/windows/deploy/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md +++ b/windows/deploy/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md @@ -5,6 +5,7 @@ ms.assetid: 3c8a2d53-8f08-475f-923a-bca79ca8ac36 keywords: upgrade, install, installation, replace computer, setup ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library author: mtniehaus --- diff --git a/windows/deploy/replace-a-windows-7-computer-with-a-windows-10-computer.md b/windows/deploy/replace-a-windows-7-computer-with-a-windows-10-computer.md index a862edf501..e06bbac866 100644 --- a/windows/deploy/replace-a-windows-7-computer-with-a-windows-10-computer.md +++ b/windows/deploy/replace-a-windows-7-computer-with-a-windows-10-computer.md @@ -6,6 +6,7 @@ keywords: deploy, deployment, replace ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library +localizationpriority: high ms.pagetype: mdt author: mtniehaus --- diff --git a/windows/deploy/set-up-mdt-2013-for-bitlocker.md b/windows/deploy/set-up-mdt-2013-for-bitlocker.md index 6cfb4a8a57..71eb9b562a 100644 --- a/windows/deploy/set-up-mdt-2013-for-bitlocker.md +++ b/windows/deploy/set-up-mdt-2013-for-bitlocker.md @@ -5,6 +5,7 @@ description: keywords: disk, encryption, TPM, configure, secure, script ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: mtniehaus diff --git a/windows/deploy/simulate-a-windows-10-deployment-in-a-test-environment.md b/windows/deploy/simulate-a-windows-10-deployment-in-a-test-environment.md index 1f77bcb17d..3677031293 100644 --- a/windows/deploy/simulate-a-windows-10-deployment-in-a-test-environment.md +++ b/windows/deploy/simulate-a-windows-10-deployment-in-a-test-environment.md @@ -5,6 +5,7 @@ ms.assetid: 2de86c55-ced9-4078-b280-35e0329aea9c keywords: deploy, script ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: mtniehaus diff --git a/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md b/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md index 2a854e9a3b..1739910931 100644 --- a/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md +++ b/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md @@ -4,6 +4,7 @@ description: The simplest path to upgrade PCs currently running Windows 7, Wind ms.assetid: F8DF6191-0DB0-4EF5-A9B1-6A11D5DE4878 keywords: upgrade, update, task sequence, deploy ms.prod: w10 +localizationpriority: high ms.mktglfcycl: deploy author: mtniehaus --- diff --git a/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md b/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md index feaabb3fa4..a57de8573f 100644 --- a/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md +++ b/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md @@ -5,6 +5,7 @@ ms.assetid: B8993151-3C1E-4F22-93F4-2C5F2771A460 keywords: upgrade, update, task sequence, deploy ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: mtniehaus diff --git a/windows/deploy/upgrade-windows-phone-8-1-to-10.md b/windows/deploy/upgrade-windows-phone-8-1-to-10.md index f79c20d4ba..8270ef2a4e 100644 --- a/windows/deploy/upgrade-windows-phone-8-1-to-10.md +++ b/windows/deploy/upgrade-windows-phone-8-1-to-10.md @@ -4,6 +4,7 @@ description: This article describes how to upgrade eligible Windows Phone 8.1 de keywords: upgrade, update, windows, phone, windows 10, mdm, mobile ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: Jamiejdt diff --git a/windows/deploy/use-orchestrator-runbooks-with-mdt-2013.md b/windows/deploy/use-orchestrator-runbooks-with-mdt-2013.md index da3cbd9940..5e93439f0c 100644 --- a/windows/deploy/use-orchestrator-runbooks-with-mdt-2013.md +++ b/windows/deploy/use-orchestrator-runbooks-with-mdt-2013.md @@ -5,6 +5,7 @@ ms.assetid: 68302780-1f6f-4a9c-9407-b14371fdce3f keywords: web services, database ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: mtniehaus diff --git a/windows/deploy/use-the-mdt-database-to-stage-windows-10-deployment-information.md b/windows/deploy/use-the-mdt-database-to-stage-windows-10-deployment-information.md index 32208d3e25..38ae49c0e7 100644 --- a/windows/deploy/use-the-mdt-database-to-stage-windows-10-deployment-information.md +++ b/windows/deploy/use-the-mdt-database-to-stage-windows-10-deployment-information.md @@ -6,6 +6,7 @@ ms.pagetype: mdt keywords: database, permissions, settings, configure, deploy ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library author: mtniehaus --- diff --git a/windows/deploy/use-web-services-in-mdt-2013.md b/windows/deploy/use-web-services-in-mdt-2013.md index 2f6f9bf239..33f1c9a3a7 100644 --- a/windows/deploy/use-web-services-in-mdt-2013.md +++ b/windows/deploy/use-web-services-in-mdt-2013.md @@ -5,6 +5,7 @@ ms.assetid: 8f47535e-0551-4ccb-8f02-bb97539c6522 keywords: deploy, web apps ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.pagetype: mdt ms.sitesec: library author: mtniehaus diff --git a/windows/deploy/windows-10-deployment-scenarios.md b/windows/deploy/windows-10-deployment-scenarios.md index d3b797865f..b33db65cc8 100644 --- a/windows/deploy/windows-10-deployment-scenarios.md +++ b/windows/deploy/windows-10-deployment-scenarios.md @@ -5,6 +5,7 @@ ms.assetid: 7A29D546-52CC-482C-8870-8123C7DC04B5 keywords: upgrade, in-place, configuration, deploy ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library author: mtniehaus --- diff --git a/windows/deploy/windows-10-edition-upgrades.md b/windows/deploy/windows-10-edition-upgrades.md index 5ef0592258..5a17250306 100644 --- a/windows/deploy/windows-10-edition-upgrades.md +++ b/windows/deploy/windows-10-edition-upgrades.md @@ -4,6 +4,7 @@ description: With Windows 10, you can quickly upgrade from one edition of Windo ms.assetid: A7642E90-A3E7-4A25-8044-C4E402DC462A ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mobile author: greg-lindsay diff --git a/windows/deploy/windows-10-enterprise-e3-overview.md b/windows/deploy/windows-10-enterprise-e3-overview.md index c4a945e569..c3861f8fe5 100644 --- a/windows/deploy/windows-10-enterprise-e3-overview.md +++ b/windows/deploy/windows-10-enterprise-e3-overview.md @@ -4,6 +4,7 @@ description: Describes Windows 10 Enterprise E3, an offering that delivers, by s keywords: upgrade, update, task sequence, deploy ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library ms.pagetype: mdt author: greg-lindsay diff --git a/windows/deploy/windows-10-poc-mdt.md b/windows/deploy/windows-10-poc-mdt.md deleted file mode 100644 index 04cb2496e2..0000000000 --- a/windows/deploy/windows-10-poc-mdt.md +++ /dev/null @@ -1,28 +0,0 @@ ---- -title: Placeholder (Windows 10) -description: Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: deploy -author: greg-lindsay ---- - -# Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit - -**Applies to** - -- Windows 10 - -## In this guide - -## Related Topics - -  - -  - - - - - diff --git a/windows/deploy/windows-10-poc-sccm.md b/windows/deploy/windows-10-poc-sccm.md deleted file mode 100644 index 3e43d7c402..0000000000 --- a/windows/deploy/windows-10-poc-sccm.md +++ /dev/null @@ -1,28 +0,0 @@ ---- -title: Placeholder (Windows 10) -description: Deploy Windows 10 in a test lab using System Center Configuration Manager -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: deploy -author: greg-lindsay ---- - -# Deploy Windows 10 in a test lab using System Center Configuration Manager - -**Applies to** - -- Windows 10 - -## In this guide - -## Related Topics - -  - -  - - - - - diff --git a/windows/deploy/windows-10-upgrade-paths.md b/windows/deploy/windows-10-upgrade-paths.md index 7ee695086b..b6c196f4d1 100644 --- a/windows/deploy/windows-10-upgrade-paths.md +++ b/windows/deploy/windows-10-upgrade-paths.md @@ -4,6 +4,7 @@ description: You can upgrade to Windows 10 from a previous version of Windows if ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library +localizationpriority: high ms.pagetype: mobile author: greg-lindsay --- diff --git a/windows/deploy/windows-adk-scenarios-for-it-pros.md b/windows/deploy/windows-adk-scenarios-for-it-pros.md index 19c048877c..89c15460f6 100644 --- a/windows/deploy/windows-adk-scenarios-for-it-pros.md +++ b/windows/deploy/windows-adk-scenarios-for-it-pros.md @@ -4,6 +4,7 @@ description: The Windows Assessment and Deployment Kit (Windows ADK) contains to ms.assetid: FC4EB39B-29BA-4920-87C2-A00D711AE48B ms.prod: w10 ms.mktglfcycl: deploy +localizationpriority: high ms.sitesec: library author: greg-lindsay --- diff --git a/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md b/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md index 279966110f..1f2d6310fd 100644 --- a/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md +++ b/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- - redirect_url: https://technet.microsoft.com/en-au/itpro/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection + redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection --- # Additional Windows Defender ATP configuration settings -This page has been redirected to [Configure endpoints](https://technet.microsoft.com/en-au/itpro/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection) \ No newline at end of file +This page has been redirected to [Configure endpoints](https://technet.microsoft.com/itpro/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection) \ No newline at end of file diff --git a/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md b/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md index 4e5ae1d646..129b49f08e 100644 --- a/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md @@ -37,12 +37,12 @@ Assigning read only access rights requires adding the users to the “Security R Use the following steps to assign security roles: - Preparations: - - Install Azure PowerShell. For more information see, [How to install and configure Azure PowerShell](https://azure.microsoft.com/en-us/documentation/articles/powershell-install-configure/).
+ - Install Azure PowerShell. For more information see, [How to install and configure Azure PowerShell](https://azure.microsoft.com/documentation/articles/powershell-install-configure/).
> [!NOTE] > You need to run the PowerShell cmdlets in an elevated command-line. -- Connect to your Azure Active Directory. For more information see, [Connect-MsolService](https://msdn.microsoft.com/en-us/library/dn194123.aspx). +- Connect to your Azure Active Directory. For more information see, [Connect-MsolService](https://msdn.microsoft.com/library/dn194123.aspx). - For **read and write** access, assign users to the security administrator role by using the following command: ```text Add-MsolRoleMember -RoleName "Security Administrator" -RoleMemberEmailAddress "secadmin@Contoso.onmicrosoft.com" @@ -52,4 +52,4 @@ Add-MsolRoleMember -RoleName "Security Administrator" -RoleMemberEmailAddress "s Add-MsolRoleMember -RoleName "Security Reader" -RoleMemberEmailAddress “reader@Contoso.onmicrosoft.com” ``` -For more information see, [Manage Azure AD group and role membership](https://technet.microsoft.com/en-us/library/321d532e-407d-4e29-a00a-8afbe23008dd#BKMK_ManageGroups). +For more information see, [Manage Azure AD group and role membership](https://technet.microsoft.com/library/321d532e-407d-4e29-a00a-8afbe23008dd#BKMK_ManageGroups). diff --git a/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md b/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md index d4d9a55257..3f2fc5e488 100644 --- a/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md +++ b/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md @@ -146,7 +146,7 @@ To create a self-signed certificate, you can either use the New-SelfSignedCertif Windows PowerShell example: ```syntax -New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -Subject "CN=BitLocker Network Unlock certificate" -KeyUsage KeyEncipherment -KeyUsageProperty Decrypt -KeyLength 2048 -KeySpec KeyExchange -HashAlgorithm sha512 -TextExtension @("1.3.6.1.4.1.311.21.10={text}OID=1.3.6.1.4.1.311.67.1.1","2.5.29.37={text}1.3.6.1.4.1.311.67.1.1") +New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -Subject "CN=BitLocker Network Unlock certificate" -Provider "Microsoft Software Key Storage Provider" -KeyUsage KeyEncipherment -KeyUsageProperty Decrypt -KeyLength 2048 -HashAlgorithm sha512 -TextExtension @("1.3.6.1.4.1.311.21.10={text}OID=1.3.6.1.4.1.311.67.1.1","2.5.29.37={text}1.3.6.1.4.1.311.67.1.1") ``` Certreq example: @@ -164,7 +164,6 @@ Certreq example: KeyUsage="CERT_KEY_ENCIPHERMENT_KEY_USAGE" KeyUsageProperty="NCRYPT_ALLOW_DECRYPT_FLAG" KeyLength=2048 - Keyspec="AT_KEYEXCHANGE" SMIME=FALSE HashAlgorithm=sha512 [Extensions] diff --git a/windows/keep-secure/change-history-for-keep-windows-10-secure.md b/windows/keep-secure/change-history-for-keep-windows-10-secure.md index 4394da8ab8..5de6b76a7a 100644 --- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md +++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md @@ -12,6 +12,13 @@ author: brianlic-msft # Change history for Keep Windows 10 secure This topic lists new and updated topics in the [Keep Windows 10 secure](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md). +## September 2016 + +| New or changed topic | Description | +| --- | --- | +| [Implement Windows Hello for Business in your organization](implement-microsoft-passport-in-your-organization.md) | Clarified how convenience PIN works in Windows 10, version 1607, on domain-joined PCs | +| [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md) | Corrected certreq ezxample and added a new Windows PowerShell example for creating a self-signed certficate | + ## August 2016 |New or changed topic | Description | |----------------------|-------------| diff --git a/windows/keep-secure/configure-endpoints-gp-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-endpoints-gp-windows-defender-advanced-threat-protection.md index 6978b1a8f6..731d00b2c5 100644 --- a/windows/keep-secure/configure-endpoints-gp-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-endpoints-gp-windows-defender-advanced-threat-protection.md @@ -34,7 +34,7 @@ localizationpriority: high 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a folder called *OptionalParamsPolicy* and the file *WindowsDefenderATPOnboardingScript.cmd*. -3. Open the [Group Policy Management Console](https://technet.microsoft.com/en-us/library/cc731212.aspx) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**. +3. Open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**. 4. In the **Group Policy Management Editor**, go to **Computer configuration**, then **Preferences**, and then **Control panel settings**. @@ -61,7 +61,7 @@ You can use Group Policy (GP) to configure settings, such as settings for the sa b. Copy _AtpConfiguration.adml_ into _C:\\Windows\\PolicyDefinitions\\en-US_ -2. Open the [Group Policy Management Console](https://technet.microsoft.com/en-us/library/cc731212.aspx), right-click the GPO you want to configure and click **Edit**. +2. Open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the GPO you want to configure and click **Edit**. 3. In the **Group Policy Management Editor**, go to **Computer configuration**. @@ -88,7 +88,7 @@ For security reasons, the package used to offboard endpoints will expire 30 days 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*. -3. Open the [Group Policy Management Console](https://technet.microsoft.com/en-us/library/cc731212.aspx) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**. +3. Open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**. 4. In the **Group Policy Management Editor**, go to **Computer configuration,** then **Preferences**, and then **Control panel settings**. diff --git a/windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md index f667ac1b36..3b4fddffaf 100644 --- a/windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md @@ -23,11 +23,11 @@ localizationpriority: high You can use mobile device management (MDM) solutions to configure endpoints. Windows Defender ATP supports MDMs by providing OMA-URIs to create policies to manage endpoints. -For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/en-us/library/windows/hardware/mt723297(v=vs.85).aspx). +For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx). ## Configure endpoints using Microsoft Intune -For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/en-us/library/windows/hardware/mt723297(v=vs.85).aspx). +For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx). ### Onboard and monitor endpoints diff --git a/windows/keep-secure/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md index e7e9a27b13..8faa5dafdb 100644 --- a/windows/keep-secure/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md @@ -45,9 +45,9 @@ You can use System Center Configuration Manager’s existing functionality to cr 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATPOnboardingScript.cmd*. -3. Import the configuration package by following the steps in the [How to Create Packages and Programs in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682112.aspx#BKMK_Import) topic. +3. Import the configuration package by following the steps in the [How to Create Packages and Programs in Configuration Manager](https://technet.microsoft.com/library/gg682112.aspx#BKMK_Import) topic. -4. Deploy the package by following the steps in the [How to Deploy Packages and Programs in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682178.aspx) topic. +4. Deploy the package by following the steps in the [How to Deploy Packages and Programs in Configuration Manager](https://technet.microsoft.com/library/gg682178.aspx) topic. a. Choose a predefined device collection to deploy the package to. @@ -72,7 +72,7 @@ Possible values are: The default value in case the registry key doesn’t exist is 1. -For more information about System Center Configuration Manager Compliance see [Compliance Settings in Configuration Manager](https://technet.microsoft.com/en-us/library/gg681958.aspx). +For more information about System Center Configuration Manager Compliance see [Compliance Settings in Configuration Manager](https://technet.microsoft.com/library/gg681958.aspx). ### Offboard endpoints @@ -90,9 +90,9 @@ For security reasons, the package used to offboard endpoints will expire 30 days 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*. -3. Import the configuration package by following the steps in the [How to Create Packages and Programs in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682112.aspx#BKMK_Import) topic. +3. Import the configuration package by following the steps in the [How to Create Packages and Programs in Configuration Manager](https://technet.microsoft.com/library/gg682112.aspx#BKMK_Import) topic. -4. Deploy the package by following the steps in the [How to Deploy Packages and Programs in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682178.aspx) topic. +4. Deploy the package by following the steps in the [How to Deploy Packages and Programs in Configuration Manager](https://technet.microsoft.com/library/gg682178.aspx) topic. a. Choose a predefined device collection to deploy the package to. @@ -128,7 +128,7 @@ Path: “HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status” Name: “OnboardingState” Value: “1” ``` -For more information about System Center Configuration Manager Compliance see [Compliance Settings in Configuration Manager](https://technet.microsoft.com/en-us/library/gg681958.aspx). +For more information about System Center Configuration Manager Compliance see [Compliance Settings in Configuration Manager](https://technet.microsoft.com/library/gg681958.aspx). ## Related topics - [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md b/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md index a70c1c7836..8192f42f7f 100644 --- a/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md @@ -87,7 +87,7 @@ Threats are considered "active" if there is a very high probability that the mal Clicking on any of these categories will navigate to the [Machines view](investigate-machines-windows-defender-advanced-threat-protection.md), filtered by the appropriate category. This lets you see a detailed breakdown of which machines have active malware detections, and how many threats were detected per machine. > [!NOTE] -> The **Machines with active malware detections** tile will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/en-us/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product. +> The **Machines with active malware detections** tile will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product. ### Related topics - [View and organize the Windows Defender Advanced Threat Protection Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md b/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md index c921b59dc1..ad99762845 100644 --- a/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md @@ -24,7 +24,7 @@ localizationpriority: high This section covers some of the most frequently asked questions regarding privacy and data handling for Windows Defender ATP. > [!NOTE] -> This document explains the data storage and privacy details related to Windows Defender ATP. For more information related to Windows Defender ATP and other products and services like Windows Defender and Windows 10, see [Microsoft Privacy Statement](https://privacy.microsoft.com/en-us/privacystatement). See also [Windows 10 privacy FAQ](http://windows.microsoft.com/en-au/windows-10/windows-privacy-faq) for more information. +> This document explains the data storage and privacy details related to Windows Defender ATP. For more information related to Windows Defender ATP and other products and services like Windows Defender and Windows 10, see [Microsoft Privacy Statement](https://go.microsoft.com/fwlink/?linkid=827576). See also [Windows 10 privacy FAQ](https://go.microsoft.com/fwlink/?linkid=827577) for more information. ## What data does Windows Defender ATP collect? @@ -32,7 +32,7 @@ Microsoft will collect and store information from your configured endpoints in a Information collected includes code file data (such as file names, sizes, and hashes), process data (running processes, hashes), registry data, network connection data (host IPs and ports), and machine details (such as GUIDs, names, and the operating system version). -Microsoft stores this data securely in Microsoft Azure and maintains it in accordance with Microsoft privacy practices and [Microsoft Trust Center policies](https://azure.microsoft.com/en-us/support/trust-center/). +Microsoft stores this data securely in Microsoft Azure and maintains it in accordance with Microsoft privacy practices and [Microsoft Trust Center policies](https://go.microsoft.com/fwlink/?linkid=827578). Microsoft uses this data to: - Proactively identify indicators of attack (IOAs) in your organization diff --git a/windows/keep-secure/enlightened-microsoft-apps-and-wip.md b/windows/keep-secure/enlightened-microsoft-apps-and-wip.md index 353acce55b..9793cfc53f 100644 --- a/windows/keep-secure/enlightened-microsoft-apps-and-wip.md +++ b/windows/keep-secure/enlightened-microsoft-apps-and-wip.md @@ -62,7 +62,6 @@ You can add any or all of the enlightened Microsoft apps to your allowed apps li |Product name |App info | |-------------|---------| |Microsoft Edge |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.MicrosoftEdge
**App Type:** Universal app | -|IE11 |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** iexplore.exe
**App Type:** Desktop app | |Microsoft People |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.People
**App Type:** Universal app | |Word Mobile |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.Office.Word
**App Type:** Universal app | |Excel Mobile |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.Office.Excel
**App Type:** Universal app | @@ -71,8 +70,9 @@ You can add any or all of the enlightened Microsoft apps to your allowed apps li |Outlook Mail and Calendar |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** microsoft.windowscommunicationsapps
**App Type:** Universal app | |Microsoft Photos |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.Windows.Photos
**App Type:** Universal app | |Groove Music |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.ZuneMusic
**App Type:** Universal app | -|Microsoft OneDrive |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** onedrive.exe
**App Type:** Desktop app| -|Notepad |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** notepad.exe
**App Type:** Desktop app | -|Microsoft Paint |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** mspaint.exe
**App Type:** Desktop app | |Microsoft Movies & TV |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.ZuneVideo
**App Type:** Universal app | -|Microsoft Messaging |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.Messaging
**App Type:** Universal app | \ No newline at end of file +|Microsoft Messaging |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.Messaging
**App Type:** Universal app | +|IE11 |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Binary Name:** iexplore.exe
**App Type:** Desktop app | +|Microsoft OneDrive |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Binary Name:** onedrive.exe
**App Type:** Desktop app| +|Notepad |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Binary Name:** notepad.exe
**App Type:** Desktop app | +|Microsoft Paint |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Binary Name:** mspaint.exe
**App Type:** Desktop app | \ No newline at end of file diff --git a/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md b/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md index a4b75576ef..cdde9f9522 100644 --- a/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -You can review event IDs in the [Event Viewer](https://msdn.microsoft.com/en-US/library/aa745633(v=bts.10).aspx) on individual endpoints. +You can review event IDs in the [Event Viewer](https://msdn.microsoft.com/library/aa745633(v=bts.10).aspx) on individual endpoints. For example, if endpoints are not appearing in the **Machines view** list, you might need to look for event IDs on the endpoints. You can then use this table to determine further troubleshooting steps. diff --git a/windows/keep-secure/implement-microsoft-passport-in-your-organization.md b/windows/keep-secure/implement-microsoft-passport-in-your-organization.md index 23ecf47c6e..83ab70e1d8 100644 --- a/windows/keep-secure/implement-microsoft-passport-in-your-organization.md +++ b/windows/keep-secure/implement-microsoft-passport-in-your-organization.md @@ -20,7 +20,7 @@ localizationpriority: high You can create a Group Policy or mobile device management (MDM) policy that will implement Windows Hello on devices running Windows 10. >[!IMPORTANT] ->The Group Policy setting **Turn on PIN sign-in** does not apply to Windows Hello for Business. It still prevents or enables the creation of a convenience PIN for Windows 10. Use **Windows Hello for Business** policy settings to manage PINs. +>The Group Policy setting **Turn on PIN sign-in** does not apply to Windows Hello for Business. It still prevents or enables the creation of a convenience PIN for Windows 10, version 1507 and 1511. Beginning in version 1607, Windows Hello as a convenience PIN is disabled by default on all domain-joined computers. To enable a convenience PIN for Windows 10, version 1607, enable the Group Policy setting **Turn on convenience PIN sign-in**. Use **Windows Hello for Business** policy settings to manage PINs.   ## Group Policy settings for Windows Hello for Businness diff --git a/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md index ff296372d8..51e68f1fee 100644 --- a/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md @@ -67,7 +67,7 @@ In the file's page, **Submit for deep analysis** is enabled when the file is ava > [!NOTE] > Only files from Windows 10 can be automatically collected. -You can also manually submit a sample through the [Malware Protection Center Portal](https://www.microsoft.com/en-us/security/portal/submission/submit.aspx) if the file was not observed on a Windows 10 machine, and wait for **Submit for deep analysis** button to become available. +You can also manually submit a sample through the [Malware Protection Center Portal](https://www.microsoft.com/security/portal/submission/submit.aspx) if the file was not observed on a Windows 10 machine, and wait for **Submit for deep analysis** button to become available. > [!NOTE] > Due to backend processing flows in the Malware Protection Center Portal, there could be up to 10 minutes of latency between file submission and availability of the deep analysis feature in Windows Defender ATP. diff --git a/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md index 217e287455..fb34c03d1f 100644 --- a/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md @@ -40,7 +40,7 @@ The Machines view contains the following columns: - **Active malware detections** - the number of active malware detections reported by the machine > [!NOTE] -> The **Active alerts** and **Active malware detections** filter column will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/en-us/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product. +> The **Active alerts** and **Active malware detections** filter column will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product. Click any column header to sort the view in ascending or descending order. diff --git a/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md b/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md index a462835906..2f8775683c 100644 --- a/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md +++ b/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- - redirect_url: https://technet.microsoft.com/en-au/itpro/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection + redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection --- # Monitor the Windows Defender Advanced Threat Protection onboarding -This page has been redirected to [Configure endpoints](https://technet.microsoft.com/en-au/itpro/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection) \ No newline at end of file +This page has been redirected to [Configure endpoints](https://technet.microsoft.com/itpro/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection) \ No newline at end of file diff --git a/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md b/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md index f9a18be888..8c9f2086ff 100644 --- a/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md @@ -39,7 +39,7 @@ When you open the portal, you’ll see the main areas of the application: ![Windows Defender Advanced Threat Protection portal](images/portal-image.png) > [!NOTE] -> Malware related detections will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/en-us/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product. +> Malware related detections will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product. You can navigate through the portal using the menu options available in all sections. Refer to the following table for a description of each section. diff --git a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md index 6ad9ebb407..7e351ee5aa 100644 --- a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md @@ -86,9 +86,9 @@ If none of the event logs and troubleshooting steps work, download the Local scr Error Code Hex | Error Code Dec | Error Description | OMA-URI | Possible cause and troubleshooting steps :---|:---|:---|:---|:--- -0x87D1FDE8 | -2016281112 | Remediation failed | Onboarding
Offboarding | **Possible cause:** Onboarding or offboarding failed on a wrong blob: wrong signature or missing PreviousOrgIds fields.

**Troubleshooting steps:**
Check the event IDs in the [View agent onboarding errors in the endpoint event log](#view-agent-onboarding-errors-in-the-endpoint-event-log) section.

Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/en-us/library/windows/hardware/mt632120%28v=vs.85%29.aspx). +0x87D1FDE8 | -2016281112 | Remediation failed | Onboarding
Offboarding | **Possible cause:** Onboarding or offboarding failed on a wrong blob: wrong signature or missing PreviousOrgIds fields.

**Troubleshooting steps:**
Check the event IDs in the [View agent onboarding errors in the endpoint event log](#view-agent-onboarding-errors-in-the-endpoint-event-log) section.

Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/library/windows/hardware/mt632120%28v=vs.85%29.aspx). | | | Onboarding
Offboarding
SampleSharing | **Possible cause:** Windows Defender ATP Policy registry key does not exist or the OMA DM client doesn't have permissions to write to it.

**Troubleshooting steps:** Ensure that the following registry key exists: ```HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection```.

If it doesn't exist, open an elevated command and add the key. - | | | SenseIsRunning
OnboardingState
OrgId | **Possible cause:** An attempt to remediate by read-only property. Onboarding has failed.

**Troubleshooting steps:** Check the troubleshooting steps in [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](#troubleshoot-windows-defender-advanced-threat-protection-onboarding-issues).

Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/en-us/library/windows/hardware/mt632120%28v=vs.85%29.aspx). + | | | SenseIsRunning
OnboardingState
OrgId | **Possible cause:** An attempt to remediate by read-only property. Onboarding has failed.

**Troubleshooting steps:** Check the troubleshooting steps in [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](#troubleshoot-windows-defender-advanced-threat-protection-onboarding-issues).

Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/library/windows/hardware/mt632120%28v=vs.85%29.aspx). | | | All | **Possible cause:** Attempt to deploy Windows Defender ATP on non-supported SKU/Platform, particularly Holographic SKU.

Currently is supported platforms: Enterprise, Education, and Professional.
Server is not supported. 0x87D101A9 | -2016345687 |Syncml(425): The requested command failed because the sender does not have adequate access control permissions (ACL) on the recipient. | All | **Possible cause:** Attempt to deploy Windows Defender ATP on non-supported SKU/Platform, particularly Holographic SKU.

Currently is supported platforms: Enterprise, Education, and Professional. diff --git a/windows/keep-secure/windows-defender-advanced-threat-protection.md b/windows/keep-secure/windows-defender-advanced-threat-protection.md index 9e4092ef6a..4d3345f8a1 100644 --- a/windows/keep-secure/windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/windows-defender-advanced-threat-protection.md @@ -20,7 +20,7 @@ localizationpriority: high - Windows 10 Pro - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) ->For more info about Windows 10 Enterprise Edition features and functionality, see [Windows 10 Enterprise edition](https://www.microsoft.com/en-us/WindowsForBusiness/buy). +>For more info about Windows 10 Enterprise Edition features and functionality, see [Windows 10 Enterprise edition](https://www.microsoft.com/WindowsForBusiness/buy). Windows Defender Advanced Threat Protection (Windows Defender ATP) is a security service that enables enterprise customers to detect, investigate, and respond to advanced threats on their networks. diff --git a/windows/manage/appv-application-publishing-and-client-interaction.md b/windows/manage/appv-application-publishing-and-client-interaction.md index ca6912ebd6..140600ffd6 100644 --- a/windows/manage/appv-application-publishing-and-client-interaction.md +++ b/windows/manage/appv-application-publishing-and-client-interaction.md @@ -245,7 +245,7 @@ Before an application can access the package registry data, the App-V Client mus When a new package is added to the App-V Client, a copy of the REGISTRY.DAT file from the package is created at `%ProgramData%\Microsoft\AppV\Client\VREG\{Version GUID}.dat`. The name of the file is the version GUID with the .DAT extension. The reason this copy is made is to ensure that the actual hive file in the package is never in use, which would prevent the removal of the package at a later time. -**Registry.dat from Package Store ** > **%ProgramData%\Microsoft\AppV\Client\Vreg\{VersionGuid}.dat** +**Registry.dat from Package Store** > **%ProgramData%\Microsoft\AppV\Client\Vreg\\{VersionGuid}.dat**   When the first application from the package is launched on the client, the client stages or copies the contents out of the hive file, re-creating the package registry data in an alternate location `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\Packages\PackageGuid\Versions\VersionGuid\REGISTRY`. The staged registry data has two distinct types of machine data and user data. Machine data is shared across all users on the machine. User data is staged for each user to a userspecific location `HKCU\Software\Microsoft\AppV\Client\Packages\PackageGuid\Registry\User`. The machine data is ultimately removed at package removal time, and the user data is removed on a user unpublish operation. @@ -387,7 +387,7 @@ Packages can be explicitly loaded using the Windows PowerShell `Mount-AppVClient ### Streaming packages -The App-V Client can be configured to change the default behavior of streaming. All streaming policies are stored under the following registry key: `HKEY_LOCAL_MAcHINE\Software\Microsoft\AppV\Client\Streaming`. Policies are set using the Windows PowerShell cmdlet `Set-AppvClientConfiguration`. The following policies apply to Streaming: +The App-V Client can be configured to change the default behavior of streaming. All streaming policies are stored under the following registry key: `HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Streaming`. Policies are set using the Windows PowerShell cmdlet `Set-AppvClientConfiguration`. The following policies apply to Streaming: @@ -485,8 +485,8 @@ App-V registry roaming falls into two scenarios, as shown in the following table
--++ @@ -499,8 +499,8 @@ App-V registry roaming falls into two scenarios, as shown in the following table @@ -513,8 +513,8 @@ App-V registry roaming falls into two scenarios, as shown in the following table

In this scenario, these settings are not roamed with normal operating system roaming configurations, and the resulting registry keys and values are stored in the following location:

@@ -532,21 +532,21 @@ The following table shows local and roaming locations, when folder redirection h | VFS directory in package | Mapped location of backing store | | - | - | -| ProgramFilesX86 | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\ProgramFilesX86 | -| SystemX86 | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\SystemX86 | -| Windows | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\Windows | -| appv\_ROOT | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\appv_ROOT| -| AppData | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\AppData | +| ProgramFilesX86 | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\<GUID>\ProgramFilesX86 | +| SystemX86 | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\<GUID>\SystemX86 | +| Windows | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\<GUID>\Windows | +| appv\_ROOT | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\<GUID>\appv_ROOT| +| AppData | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\<GUID>\AppData | The following table shows local and roaming locations, when folder redirection has been implemented for %AppData%, and the location has been redirected (typically to a network location). | VFS directory in package | Mapped location of backing store | | - | - | -| ProgramFilesX86 | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\ProgramFilesX86 | -| SystemX86 | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\SystemX86 | -| Windows | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\Windows | -| appv_ROOT | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\appv\_ROOT | -| AppData | \\Fileserver\users\Local\roaming\Microsoft\AppV\Client\VFS\\AppData | +| ProgramFilesX86 | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\<GUID>\ProgramFilesX86 | +| SystemX86 | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\<GUID>\SystemX86 | +| Windows | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\<GUID>\Windows | +| appv_ROOT | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\<GUID>\appv\_ROOT | +| AppData | \\Fileserver\users\Local\roaming\Microsoft\AppV\Client\VFS\\<GUID>\AppData |   The current App-V Client VFS driver cannot write to network locations, so the App-V Client detects the presence of folder redirection and copies the data on the local drive during publishing and when the virtual environment starts. After the user closes the App-V application and the App-V Client closes the virtual environment, the local storage of the VFS AppData is copied back to the network, enabling roaming to additional machines, where the process will be repeated. The detailed steps of the processes are: @@ -602,11 +602,7 @@ In an App-V Full Infrastructure, after applications are sequenced they are manag This document focuses on App-V Full Infrastructure solutions. For specific information on App-V Integration with Configuration Manager 2012, see [Integrating Virtual Application Management with App-V 5 and Configuration Manager 2012 SP1](https://www.microsoft.com/en-us/download/details.aspx?id=38177). -The App-V application lifecycle tasks are triggered at user login (default), machine startup, or as background timed operations. The settings for the App-V Client operations, including Publishing Servers, refresh intervals, package script enablement, and others, are configured during setup of the client or post-setup with Windows PowerShell commands. See [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md) or use Windows PowerShell: - -``` syntax -get-command *appv* -``` +The App-V application lifecycle tasks are triggered at user login (default), machine startup, or as background timed operations. The settings for the App-V Client operations, including Publishing Servers, refresh intervals, package script enablement, and others, are configured (after the client is enabled) with Windows PowerShell commands. See [App-V Client Configuration Settings: Windows PowerShell](appv-client-configuration-settings.md#app-v-client-configuration-settings-windows-powershell). ### Publishing refresh diff --git a/windows/manage/appv-performance-guidance.md b/windows/manage/appv-performance-guidance.md index 5c2f1c51a3..e0a277bf9c 100644 --- a/windows/manage/appv-performance-guidance.md +++ b/windows/manage/appv-performance-guidance.md @@ -29,15 +29,12 @@ You should read and understand the following information before reading this doc **Note**   Some terms used in this document may have different meanings depending on external source and context. For more information about terms used in this document followed by an asterisk * review the [Application Virtualization Performance Guidance Terminology](#bkmk-terms1) section of this document. -  - Finally, this document will provide you with the information to configure the computer running App-V client and the environment for optimal performance. Optimize your virtual application packages for performance using the sequencer, and to understand how to use User Experience Virtualization (UE-V) or other user environment management technologies to provide the optimal user experience with App-V in both Remote Desktop Services (RDS) and non-persistent virtual desktop infrastructure (VDI). To help determine what information is relevant to your environment you should review each section’s brief overview and applicability checklist. ## App-V in stateful\* non-persistent deployments - This section provides information about an approach that helps ensure a user will have access to all virtual applications within seconds after logging in. This is achieved by uniquely addressing the often long-running App-V publishing refresh. As you will discover the basis of the approach, the fastest publishing refresh, is one that doesn’t have to actually do anything. A number of conditions must be met and steps followed to provide the optimal user experience. Use the information in the following section for more information: @@ -125,7 +122,7 @@ IT Administration   -### Usage Scenario +### Usage Scenarios As you review the two scenarios, keep in mind that these approach the extremes. Based on your usage requirements, you may choose to apply these steps to a subset of users, virtual application packages, or both. @@ -143,9 +140,9 @@ As you review the two scenarios, keep in mind that these approach the extremes. +

The following describes many performance improvements in stateful non-persistent deployments. For more information, see [Sequencing Steps to Optimize Packages for Publishing Performance](#sequencing-steps-to-optimize-packages-for-publishing-performance) later in this topic.

+

The impact of this alteration is detailed in the [User Experience Walk-through](#bkmk-uewt) section of this document.

Applications that are run as standard users

When a standard user launches an App-V application, both HKLM and HKCU for App-V applications are stored in the HKCU hive on the machine. This presents as two distinct paths:

    -

  • HKLM: HKCU\SOFTWARE\Classes\AppV\Client\Packages\{PkgGUID}\REGISTRY\MACHINE\SOFTWARE

    • -

  • HKCU: HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\{PkgGUID}\REGISTRY\USER\{UserSID}\SOFTWARE

    • +

  • HKLM: HKCU\SOFTWARE\Classes\AppV\Client\Packages\\{PkgGUID}\REGISTRY\MACHINE\SOFTWARE

    • +

  • HKCU: HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\\{PkgGUID}\REGISTRY\USER\{UserSID}\SOFTWARE

The locations are enabled for roaming based on the operating system settings.

To provide the most optimal user experience, this approach leverages the capabilities of a UPM solution and requires additional image preparation and can incur some additional image management overhead.

-

The following describes many performance improvements in stateful non-persistent deployments. For more information, see the Sequencing Steps to Optimize Packages for Publishing Performance and reference to App-V Sequencing Guide in the See Also section of this document.

The general expectations of the previous scenario still apply here. However, keep in mind that VM images are typically stored in very costly arrays; a slight alteration has been made to the approach. Do not pre-configure user-targeted virtual application packages in the base image.

-

The impact of this alteration is detailed in the User Experience Walkthrough section of this document.
@@ -443,13 +440,11 @@ In a non-persistent environment, it is unlikely these pended operations will be The following section contains lists with information about Microsoft documentation and downloads that may be useful when optimizing your environment for performance. -**.NET NGEN Blog and Script (Highly Recommended)** + -About NGEN technology +**.NET NGEN Blog (Highly Recommended)** -- [How to speed up NGEN optimaztion](http://blogs.msdn.com/b/dotnet/archive/2013/08/06/wondering-why-mscorsvw-exe-has-high-cpu-usage-you-can-speed-it-up.aspx) - -- [Script](http://aka.ms/DrainNGenQueue) +- [How to speed up NGEN optimization](http://blogs.msdn.com/b/dotnet/archive/2013/08/06/wondering-why-mscorsvw-exe-has-high-cpu-usage-you-can-speed-it-up.aspx) **Windows Server and Server Roles** @@ -483,7 +478,6 @@ Server Performance Tuning Guidelines for ## Sequencing Steps to Optimize Packages for Publishing Performance - Several App-V features facilitate new scenarios or enable new customer deployment scenarios. These following features can impact the performance of the publishing and launch operations. @@ -504,7 +498,7 @@ Several App-V features facilitate new scenarios or enable new customer deploymen - - - + + diff --git a/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md b/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md index 7d798edb80..4c4e2e0cfb 100644 --- a/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md +++ b/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md @@ -300,11 +300,63 @@ Alternatively, you can turn on Shell Launcher using the Deployment Image Servici Modify the following PowerShell script as appropriate. The comments in the sample script explain the purpose of each section and tell you where you will want to change the script for your purposes. Save your script with the extension .ps1, open Windows PowerShell as administrator, and run the script on the kiosk device. ``` +# Check if shell launcher license is enabled +function Check-ShellLauncherLicenseEnabled +{ + [string]$source = @" +using System; +using System.Runtime.InteropServices; + +static class CheckShellLauncherLicense +{ + const int S_OK = 0; + + public static bool IsShellLauncherLicenseEnabled() + { + int enabled = 0; + + if (NativeMethods.SLGetWindowsInformationDWORD("EmbeddedFeature-ShellLauncher-Enabled", out enabled) != S_OK) { + enabled = 0; + } + + return (enabled != 0); + } + + static class NativeMethods + { + [DllImport("Slc.dll")] + internal static extern int SLGetWindowsInformationDWORD([MarshalAs(UnmanagedType.LPWStr)]string valueName, out int value); + } + +} +"@ + + $type = Add-Type -TypeDefinition $source -PassThru + + return $type[0]::IsShellLauncherLicenseEnabled() +} + +[bool]$result = $false + +$result = Check-ShellLauncherLicenseEnabled +"`nShell Launcher license enabled is set to " + $result +if (-not($result)) +{ + "`nThis device doesn't have required license to use Shell Launcher" + exit +} + $COMPUTER = "localhost" $NAMESPACE = "root\standardcimv2\embedded" # Create a handle to the class instance so we can call the static methods. -$ShellLauncherClass = [wmiclass]"\\$COMPUTER\${NAMESPACE}:WESL_UserSetting" +try { + $ShellLauncherClass = [wmiclass]"\\$COMPUTER\${NAMESPACE}:WESL_UserSetting" + } catch [Exception] { + write-host $_.Exception.Message; + write-host "Make sure Shell Launcher feature is enabled" + exit + } # This well-known security identifier (SID) corresponds to the BUILTIN\Administrators group. @@ -319,7 +371,7 @@ function Get-UsernameSID($AccountName) { $NTUserSID = $NTUserObject.Translate([System.Security.Principal.SecurityIdentifier]) return $NTUserSID.Value - + } # Get the SID for a user account named "Cashier". Rename "Cashier" to an existing account on your system to test this script. diff --git a/windows/plan/windows-10-compatibility.md b/windows/plan/windows-10-compatibility.md index 066ce7b427..013a715282 100644 --- a/windows/plan/windows-10-compatibility.md +++ b/windows/plan/windows-10-compatibility.md @@ -6,6 +6,7 @@ keywords: deploy, upgrade, update, appcompat ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat +localizationpriority: high ms.sitesec: library author: mtniehaus --- diff --git a/windows/plan/windows-10-deployment-considerations.md b/windows/plan/windows-10-deployment-considerations.md index a787c083ac..9c2cb27ef4 100644 --- a/windows/plan/windows-10-deployment-considerations.md +++ b/windows/plan/windows-10-deployment-considerations.md @@ -4,6 +4,7 @@ description: There are new deployment options in Windows 10 that help you simpl ms.assetid: A8DD6B37-1E11-4CD6-B588-92C2404219FE keywords: deploy, upgrade, update, in-place ms.prod: w10 +localizationpriority: high ms.mktglfcycl: plan ms.sitesec: library author: mtniehaus diff --git a/windows/plan/windows-10-infrastructure-requirements.md b/windows/plan/windows-10-infrastructure-requirements.md index f6893cb6e2..be533cabf2 100644 --- a/windows/plan/windows-10-infrastructure-requirements.md +++ b/windows/plan/windows-10-infrastructure-requirements.md @@ -5,6 +5,7 @@ ms.assetid: B0FA27D9-A206-4E35-9AE6-74E70748BE64 keywords: deploy, upgrade, update, hardware ms.prod: w10 ms.mktglfcycl: plan +localizationpriority: high ms.sitesec: library author: mtniehaus ---

No Feature Block 1 (FB1, also known as Primary FB)

No FB1 means the application will launch immediately and stream fault (application requires file, DLL and must pull down over the network) during launch.If there are network limitations, FB1 will:

+

No FB1 means the application will launch immediately and stream fault (application requires file, DLL and must pull down over the network) during launch. If there are network limitations, FB1 will:

  • Reduce the number of stream faults and network bandwidth used when you launch an application for the first time.

  • Delay launch until the entire FB1 has been streamed.

    • diff --git a/windows/manage/change-history-for-manage-and-update-windows-10.md b/windows/manage/change-history-for-manage-and-update-windows-10.md index 001afc958e..371cdedb8d 100644 --- a/windows/manage/change-history-for-manage-and-update-windows-10.md +++ b/windows/manage/change-history-for-manage-and-update-windows-10.md @@ -16,7 +16,9 @@ This topic lists new and updated topics in the [Manage and update Windows 10](in | New or changed topic | Description | | --- | --- | +| [Lockdown features from Windows Embedded 8.1 Industry](lockdown-features-windows-10.md) | Added Group Policy setting to replace Gesture Filter | | [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Added content for Windows Server 2016 | +| [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) | Updated the script for setting a custom shell using Shell Launcher. | ## August 2016 @@ -100,7 +102,7 @@ The topics in this library have been updated for Windows 10, version 1607 (also | ---|---| | [Cortana integration in your business or enterprise](manage-cortana-in-enterprise.md) | New | | [Manage Wi-Fi Sense in your company](manage-wifi-sense-in-enterprise.md) | New | -|[Customize Windows 10 Start with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) | New | +| [Customize Windows 10 Start with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) | New | ## November 2015 diff --git a/windows/manage/lockdown-features-windows-10.md b/windows/manage/lockdown-features-windows-10.md index 8a5219e4bb..c6eaa7e68d 100644 --- a/windows/manage/lockdown-features-windows-10.md +++ b/windows/manage/lockdown-features-windows-10.md @@ -96,8 +96,8 @@ Many of the lockdown features available in Windows Embedded 8.1 Industry have be

[Gesture Filter](https://go.microsoft.com/fwlink/p/?LinkId=626672): block swipes from top, left, and right edges of screen

[Assigned Access](https://go.microsoft.com/fwlink/p/?LinkId=626608)

The capabilities of Gesture Filter have been consolidated into Assigned Access for Windows 10. In Windows 8.1, gestures provided the ability to close an app, to switch apps, and to reach the Charms. For Windows 10, Charms have been removed, and blocking the closing or switching of apps is part of Assigned Access.

MDM and Group Policy

In Windows 8.1, gestures provided the ability to close an app, to switch apps, and to reach the Charms. In Windows 10, Charms have been removed. In Windows 10, version 1607, you can block swipes using the [Allow edge swipe](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962(v=vs.85).aspx#LockDown_AllowEdgeSwipe) policy.

[Custom Logon]( https://go.microsoft.com/fwlink/p/?LinkId=626759): suppress Windows UI elements during Windows sign-on, sign-off, and shutdown