mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-18 20:03:40 +00:00
Merge branch 'master' into MDBranchPhase2bPoliciesSet3
This commit is contained in:
ManikaDhiman
@ -19,7 +19,7 @@ In this topic, you will learn how to use Microsoft Network Monitor 3.4, which is
|
||||
> [!NOTE]
|
||||
> Network Monitor is the archived protocol analyzer and is no longer under development. **Microsoft Message Analyzer** is the replacement for Network Monitor. For more details, see [Microsoft Message Analyzer Operating Guide](https://docs.microsoft.com/message-analyzer/microsoft-message-analyzer-operating-guide).
|
||||
|
||||
To get started, [download and run NM34_x64.exe](https://www.microsoft.com/download/details.aspx?id=4865). When you install Network Monitor, it installs its driver and hooks it to all the network adapters installed on the device. You can see the same on the adapter properties, as shown in the following image.
|
||||
To get started, [download Network Monitor tool](https://www.microsoft.com/download/details.aspx?id=4865). When you install Network Monitor, it installs its driver and hooks it to all the network adapters installed on the device. You can see the same on the adapter properties, as shown in the following image:
|
||||
|
||||
|
||||
|
||||
|
||||
@ -13,7 +13,7 @@ ms.author: deniseb
|
||||
ms.custom: nextgen
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.date: 12/08/2020
|
||||
ms.date: 12/11/2020
|
||||
---
|
||||
|
||||
# Microsoft Defender Antivirus compatibility
|
||||
@ -78,7 +78,7 @@ The following table summarizes the functionality and features that are available
|
||||
|
||||
- In Active mode, Microsoft Defender Antivirus is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files are scanned and threats remediated, and detection information are reported in your configuration tool (such as Configuration Manager or the Microsoft Defender Antivirus app on the machine itself).
|
||||
- In Passive mode, Microsoft Defender Antivirus is not used as the antivirus app, and threats are not remediated by Microsoft Defender Antivirus. Files are scanned and reports are provided for threat detections that are shared with the Microsoft Defender for Endpoint service. Therefore, you might encounter alerts in the Security Center console with Microsoft Defender Antivirus as a source, even when Microsoft Defender Antivirus is in Passive mode.
|
||||
- When [EDR in block mode](../microsoft-defender-atp/edr-in-block-mode.md) is turned on, Microsoft Defender Antivirus is not used as the primary antivirus solution, but can still detect and remediate malicious items.
|
||||
- When [EDR in block mode](../microsoft-defender-atp/edr-in-block-mode.md) is turned on and Microsoft Defender Antivirus is not used as the primary antivirus solution, it can still detect and remediate malicious items.
|
||||
- When disabled, Microsoft Defender Antivirus is not used as the antivirus app. Files are not scanned and threats are not remediated.
|
||||
|
||||
## Keep the following points in mind
|
||||
@ -104,4 +104,4 @@ If you uninstall the other product, and choose to use Microsoft Defender Antivir
|
||||
- [EDR in block mode](../microsoft-defender-atp/edr-in-block-mode.md)
|
||||
- [Configure Endpoint Protection](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-protection-configure)
|
||||
- [Configure Endpoint Protection on a standalone client](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-protection-configure-standalone-client)
|
||||
- [Learn about Microsoft 365 Endpoint data loss prevention](https://docs.microsoft.com/microsoft-365/compliance/endpoint-dlp-learn-about?view=o365-worldwide)
|
||||
- [Learn about Microsoft 365 Endpoint data loss prevention](https://docs.microsoft.com/microsoft-365/compliance/endpoint-dlp-learn-about)
|
||||
|
||||
@ -8,7 +8,7 @@ ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: denisebmsft
|
||||
ms.author: deniseb
|
||||
ms.date: 09/07/2020
|
||||
ms.date: 12/10/2020
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.custom: asr
|
||||
@ -32,21 +32,22 @@ If an employee goes to an untrusted site through either Microsoft Edge or Intern
|
||||
|
||||
Application Guard has been created to target several types of systems:
|
||||
|
||||
- **Enterprise desktops.** These desktops are domain-joined and managed by your organization. Configuration management is primarily done through Microsoft Endpoint Configuration Manager or Microsoft Intune. Employees typically have Standard User privileges and use a high-bandwidth, wired, corporate network.
|
||||
- **Enterprise desktops**. These desktops are domain-joined and managed by your organization. Configuration management is primarily done through Microsoft Endpoint Configuration Manager or Microsoft Intune. Employees typically have Standard User privileges and use a high-bandwidth, wired, corporate network.
|
||||
|
||||
- **Enterprise mobile laptops.** These laptops are domain-joined and managed by your organization. Configuration management is primarily done through Microsoft Endpoint Configuration Manager or Microsoft Intune. Employees typically have Standard User privileges and use a high-bandwidth, wireless, corporate network.
|
||||
- **Enterprise mobile laptops**. These laptops are domain-joined and managed by your organization. Configuration management is primarily done through Microsoft Endpoint Configuration Manager or Microsoft Intune. Employees typically have Standard User privileges and use a high-bandwidth, wireless, corporate network.
|
||||
|
||||
- **Bring your own device (BYOD) mobile laptops.** These personally-owned laptops are not domain-joined, but are managed by your organization through tools, such as Microsoft Intune. The employee is typically an admin on the device and uses a high-bandwidth wireless corporate network while at work and a comparable personal network while at home.
|
||||
- **Bring your own device (BYOD) mobile laptops**. These personally-owned laptops are not domain-joined, but are managed by your organization through tools, such as Microsoft Intune. The employee is typically an admin on the device and uses a high-bandwidth wireless corporate network while at work and a comparable personal network while at home.
|
||||
|
||||
- **Personal devices.** These personally-owned desktops or mobile laptops are not domain-joined or managed by an organization. The user is an admin on the device and uses a high-bandwidth wireless personal network while at home or a comparable public network while outside.
|
||||
- **Personal devices**. These personally-owned desktops or mobile laptops are not domain-joined or managed by an organization. The user is an admin on the device and uses a high-bandwidth wireless personal network while at home or a comparable public network while outside.
|
||||
|
||||
## Related articles
|
||||
|
||||
|Article |Description |
|
||||
|------|------------|
|
||||
|:------|:------------|
|
||||
|[System requirements for Microsoft Defender Application Guard](reqs-md-app-guard.md) |Specifies the prerequisites necessary to install and use Application Guard.|
|
||||
|[Prepare and install Microsoft Defender Application Guard](install-md-app-guard.md) |Provides instructions about determining which mode to use, either Standalone or Enterprise-managed, and how to install Application Guard in your organization.|
|
||||
|[Configure the Group Policy settings for Microsoft Defender Application Guard](configure-md-app-guard.md) |Provides info about the available Group Policy and MDM settings.|
|
||||
|[Testing scenarios using Microsoft Defender Application Guard in your business or organization](test-scenarios-md-app-guard.md)|Provides a list of suggested testing scenarios that you can use to test Application Guard in your organization.|
|
||||
| [Microsoft Defender Application Guard Extension for web browsers](md-app-guard-browser-extension.md) | Describes the Application Guard extension for Chrome and Firefox, including known issues, and a trouble-shooting guide |
|
||||
| [Microsoft Defender Application Guard Extension for web browsers](md-app-guard-browser-extension.md) | Describes the Application Guard extension for Chrome and Firefox, including known issues, and a troubleshooting guide |
|
||||
| [Microsoft Defender Application Guard for Microsoft Office](https://docs.microsoft.com/microsoft-365/security/office-365-security/install-app-guard) | Describes Application Guard for Microsoft Office, including minimum hardware requirements, configuration, and a troubleshooting guide |
|
||||
|[Frequently asked questions - Microsoft Defender Application Guard](faq-md-app-guard.md)|Provides answers to frequently asked questions about Application Guard features, integration with the Windows operating system, and general configuration.|
|
||||
|
||||
@ -15,7 +15,7 @@ ms.localizationpriority: medium
|
||||
ms.custom:
|
||||
- next-gen
|
||||
- edr
|
||||
ms.date: 08/21/2020
|
||||
ms.date: 12/10/2020
|
||||
ms.collection:
|
||||
- m365-security-compliance
|
||||
- m365initiative-defender-endpoint
|
||||
@ -39,7 +39,7 @@ EDR in block mode is also integrated with [threat & vulnerability management](ht
|
||||
:::image type="content" source="images/edrblockmode-TVMrecommendation.png" alt-text="recommendation to turn on EDR in block mode":::
|
||||
|
||||
> [!NOTE]
|
||||
> EDR in block mode is currently in preview, available to organizations who have opted in to receive **[preview features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/preview)**. To get the best protection, make sure to **[deploy Microsoft Defender for Endpoint baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline)**.
|
||||
> To get the best protection, make sure to **[deploy Microsoft Defender for Endpoint baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline)**.
|
||||
|
||||
## What happens when something is detected?
|
||||
|
||||
@ -81,6 +81,10 @@ The following image shows an instance of unwanted software that was detected and
|
||||
|
||||
## Frequently asked questions
|
||||
|
||||
### Do I need to turn EDR in block mode on even when I have Microsoft Defender Antivirus running on devices?
|
||||
|
||||
We recommend keeping EDR in block mode on, whether Microsoft Defender Antivirus is running in passive mode or in active mode. EDR in block mode gives you an added layer of defense with Microsoft Defender for Endpoint. It allows Microsoft Defender for Endpoint to take actions based on post-breach behavioral EDR detections.
|
||||
|
||||
### Will EDR in block mode have any impact on a user's antivirus protection?
|
||||
|
||||
No. EDR in block mode does not affect third-party antivirus protection running on users' devices. EDR in block mode kicks in if the primary antivirus solution misses something, or if there is a post-breach detection. EDR in block mode works just like [Microsoft Defender Antivirus in passive mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility#functionality-and-features-available-in-each-state), with the additional steps of blocking and remediating malicious artifacts or behaviors that are detected.
|
||||
|
||||
@ -64,11 +64,11 @@ Defender for Endpoint for iOS enables admins to configure custom indicators on i
|
||||
|
||||
## Web Protection and VPN
|
||||
|
||||
By default, Defender for Endpoint for iOS includes and enables the web protection feature. [Web protection](web-protection-overview.md) helps to secure devices against web threats and protect users from phishing attacks. Defender for Endpoint for iOS uses a local VPN in order to provide this protection.
|
||||
By default, Defender for Endpoint for iOS includes and enables the web protection feature. [Web protection](web-protection-overview.md) helps to secure devices against web threats and protect users from phishing attacks. Defender for Endpoint for iOS uses a VPN in order to provide this protection. Please note this is a local VPN and unlike traditional VPN, network traffic is not sent outside the device.
|
||||
|
||||
While enabled by default, there might be some cases that require you to disable VPN. For example, you want to run some apps that do not work when a VPN is configured. In such cases, you can choose to disable VPN from the app on the device by following the steps below:
|
||||
|
||||
1. On your iOS device, open the **Settings** app and click or tap **VPN**.
|
||||
1. On your iOS device, open the **Settings** app, click or tap **General** and then **VPN**.
|
||||
1. Click or tap the "i" button for Microsoft Defender ATP.
|
||||
1. Toggle off **Connect On Demand** to disable VPN.
|
||||
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
# [Windows 10 Enterprise LTSC](index.md)
|
||||
## [What's new in Windows 10 Enterprise 2019 LTSC](whats-new-windows-10-2019.md)
|
||||
## [What's new in Windows 10 Enterprise 2016 LTSC](whats-new-windows-10-2016.md)
|
||||
## [What's new in Windows 10 Enterprise 2015 LTSC](whats-new-windows-10-2015.md)
|
||||
## [What's new in Windows 10 Enterprise LTSC 2019](whats-new-windows-10-2019.md)
|
||||
## [What's new in Windows 10 Enterprise LTSC 2016](whats-new-windows-10-2016.md)
|
||||
## [What's new in Windows 10 Enterprise LTSC 2015](whats-new-windows-10-2015.md)
|
||||
|
||||
@ -22,9 +22,9 @@ ms.topic: article
|
||||
|
||||
This topic provides links to articles with information about what's new in each release of Windows 10 Enterprise LTSC, and includes a short description of this servicing channel.
|
||||
|
||||
[What's New in Windows 10 Enterprise 2019 LTSC](whats-new-windows-10-2019.md)<br>
|
||||
[What's New in Windows 10 Enterprise 2016 LTSC](whats-new-windows-10-2016.md)<br>
|
||||
[What's New in Windows 10 Enterprise 2015 LTSC](whats-new-windows-10-2015.md)
|
||||
[What's New in Windows 10 Enterprise LTSC 2019](whats-new-windows-10-2019.md)<br>
|
||||
[What's New in Windows 10 Enterprise LTSC 2016](whats-new-windows-10-2016.md)<br>
|
||||
[What's New in Windows 10 Enterprise LTSC 2015](whats-new-windows-10-2015.md)
|
||||
|
||||
## The Long Term Servicing Channel (LTSC)
|
||||
|
||||
@ -32,9 +32,9 @@ The following table summarizes equivalent feature update versions of Windows 10
|
||||
|
||||
| LTSC release | Equivalent SAC release | Availability date |
|
||||
| --- | --- | --- |
|
||||
| Windows 10 Enterprise 2015 LTSC | Windows 10, Version 1507 | 7/29/2015 |
|
||||
| Windows 10 Enterprise 2016 LTSC | Windows 10, Version 1607 | 8/2/2016 |
|
||||
| Windows 10 Enterprise 2019 LTSC | Windows 10, Version 1809 | 11/13/2018 |
|
||||
| Windows 10 Enterprise LTSC 2015 | Windows 10, Version 1507 | 7/29/2015 |
|
||||
| Windows 10 Enterprise LTSC 2016 | Windows 10, Version 1607 | 8/2/2016 |
|
||||
| Windows 10 Enterprise LTSC 2019 | Windows 10, Version 1809 | 11/13/2018 |
|
||||
|
||||
>[!NOTE]
|
||||
>The Long Term Servicing Channel was previously called the Long Term Servicing Branch (LTSB). All references to LTSB are changed in this article to LTSC for consistency, even though the name of previous versions might still be displayed as LTSB.
|
||||
|
||||
@ -1,10 +1,10 @@
|
||||
---
|
||||
title: What's new in Windows 10 Enterprise 2015 LTSC
|
||||
title: What's new in Windows 10 Enterprise LTSC 2015
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
ms.author: greglin
|
||||
description: New and updated IT Pro content about new features in Windows 10 Enterprise 2015 LTSC (also known as Windows 10 Enterprise 2015 LTSB).
|
||||
keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise 2015 LTSC"]
|
||||
description: New and updated IT Pro content about new features in Windows 10 Enterprise LTSC 2015 (also known as Windows 10 Enterprise 2015 LTSB).
|
||||
keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise LTSC 2015"]
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
@ -14,15 +14,15 @@ ms.localizationpriority: low
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# What's new in Windows 10 Enterprise 2015 LTSC
|
||||
# What's new in Windows 10 Enterprise LTSC 2015
|
||||
|
||||
**Applies to**
|
||||
- Windows 10 Enterprise 2015 LTSC
|
||||
- Windows 10 Enterprise LTSC 2015
|
||||
|
||||
This article lists new and updated features and content that are of interest to IT Pros for Windows 10 Enterprise 2015 LTSC (LTSB). For a brief description of the LTSC servicing channel, see [Windows 10 Enterprise LTSC](index.md).
|
||||
This article lists new and updated features and content that are of interest to IT Pros for Windows 10 Enterprise LTSC 2015 (LTSB). For a brief description of the LTSC servicing channel, see [Windows 10 Enterprise LTSC](index.md).
|
||||
|
||||
>[!NOTE]
|
||||
>Features in Windows 10 Enterprise 2015 LTSC are equivalent to [Windows 10, version 1507](../whats-new-windows-10-version-1507-and-1511.md).
|
||||
>Features in Windows 10 Enterprise LTSC 2015 are equivalent to [Windows 10, version 1507](../whats-new-windows-10-version-1507-and-1511.md).
|
||||
|
||||
## Deployment
|
||||
|
||||
|
||||
@ -1,10 +1,10 @@
|
||||
---
|
||||
title: What's new in Windows 10 Enterprise 2016 LTSC
|
||||
title: What's new in Windows 10 Enterprise LTSC 2016
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
ms.author: greglin
|
||||
description: New and updated IT Pro content about new features in Windows 10 Enterprise 2016 LTSC (also known as Windows 10 Enterprise 2016 LTSB).
|
||||
keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise 2016 LTSC"]
|
||||
description: New and updated IT Pro content about new features in Windows 10 Enterprise LTSC 2016 (also known as Windows 10 Enterprise 2016 LTSB).
|
||||
keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise LTSC 2016"]
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
@ -14,15 +14,15 @@ ms.localizationpriority: low
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# What's new in Windows 10 Enterprise 2016 LTSC
|
||||
# What's new in Windows 10 Enterprise LTSC 2016
|
||||
|
||||
**Applies to**
|
||||
- Windows 10 Enterprise 2016 LTSC
|
||||
- Windows 10 Enterprise LTSC 2016
|
||||
|
||||
This article lists new and updated features and content that are of interest to IT Pros for Windows 10 Enterprise 2016 LTSC (LTSB), compared to Windows 10 Enterprise 2015 LTSC (LTSB). For a brief description of the LTSC servicing channel, see [Windows 10 Enterprise LTSC](index.md).
|
||||
This article lists new and updated features and content that are of interest to IT Pros for Windows 10 Enterprise LTSC 2016 (LTSB), compared to Windows 10 Enterprise LTSC 2015 (LTSB). For a brief description of the LTSC servicing channel, see [Windows 10 Enterprise LTSC](index.md).
|
||||
|
||||
>[!NOTE]
|
||||
>Features in Windows 10 Enterprise 2016 LTSC are equivalent to Windows 10, version 1607.
|
||||
>Features in Windows 10 Enterprise LTSC 2016 are equivalent to Windows 10, version 1607.
|
||||
|
||||
## Deployment
|
||||
|
||||
@ -71,7 +71,7 @@ Isolated User Mode is now included with Hyper-V so you don't have to install it
|
||||
|
||||
When Windows 10 first shipped, it included Microsoft Passport and Windows Hello, which worked together to provide multi-factor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the Windows Hello name in this version of Windows 10. Customers who have already deployed Microsoft Passport for Work will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics.
|
||||
|
||||
Additional changes for Windows Hello in Windows 10 Enterprise 2016 LTSC:
|
||||
Additional changes for Windows Hello in Windows 10 Enterprise LTSC 2016:
|
||||
|
||||
- Personal (Microsoft account) and corporate (Active Directory or Azure AD) accounts use a single container for keys.
|
||||
- Group Policy settings for managing Windows Hello for Business are now available for both **User Configuration** and **Computer Configuration**.
|
||||
|
||||
@ -1,10 +1,10 @@
|
||||
---
|
||||
title: What's new in Windows 10 Enterprise 2019 LTSC
|
||||
title: What's new in Windows 10 Enterprise LTSC 2019
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
ms.author: greglin
|
||||
description: New and updated IT Pro content about new features in Windows 10 Enterprise 2019 LTSC (also known as Windows 10 Enterprise 2019 LTSB).
|
||||
keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise 2019 LTSC"]
|
||||
description: New and updated IT Pro content about new features in Windows 10 Enterprise LTSC 2019 (also known as Windows 10 Enterprise 2019 LTSB).
|
||||
keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise LTSC 2019"]
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
@ -13,15 +13,15 @@ ms.localizationpriority: low
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# What's new in Windows 10 Enterprise 2019 LTSC
|
||||
# What's new in Windows 10 Enterprise LTSC 2019
|
||||
|
||||
**Applies to**
|
||||
- Windows 10 Enterprise 2019 LTSC
|
||||
- Windows 10 Enterprise LTSC 2019
|
||||
|
||||
This article lists new and updated features and content that are of interest to IT Pros for Windows 10 Enterprise 2019 LTSC, compared to Windows 10 Enterprise 2016 LTSC (LTSB). For a brief description of the LTSC servicing channel and associated support, see [Windows 10 Enterprise LTSC](index.md).
|
||||
This article lists new and updated features and content that are of interest to IT Pros for Windows 10 Enterprise LTSC 2019, compared to Windows 10 Enterprise LTSC 2016 (LTSB). For a brief description of the LTSC servicing channel and associated support, see [Windows 10 Enterprise LTSC](index.md).
|
||||
|
||||
>[!NOTE]
|
||||
>Features in Windows 10 Enterprise 2019 LTSC are equivalent to Windows 10, version 1809.
|
||||
>Features in Windows 10 Enterprise LTSC 2019 are equivalent to Windows 10, version 1809.
|
||||
|
||||
Windows 10 Enterprise LTSC 2019 builds on Windows 10 Pro, version 1809 adding premium features designed to address the needs of large and mid-size organizations (including large academic institutions), such as:
|
||||
- Advanced protection against modern security threats
|
||||
@ -85,7 +85,7 @@ Endpoint detection and response is improved. Enterprise customers can now take a
|
||||
|
||||
Some of the highlights of the new library include [Evaluation guide for Microsoft Defender AV](/windows/threat-protection/microsoft-defender-antivirus//evaluate-microsoft-defender-antivirus) and [Deployment guide for Microsoft Defender AV in a virtual desktop infrastructure environment](/windows/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus).
|
||||
|
||||
New features for Microsoft Defender AV in Windows 10 Enterprise 2019 LTSC include:
|
||||
New features for Microsoft Defender AV in Windows 10 Enterprise LTSC 2019 include:
|
||||
- [Updates to how the Block at First Sight feature can be configured](/windows/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus)
|
||||
- [The ability to specify the level of cloud-protection](/windows/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus)
|
||||
- [Microsoft Defender Antivirus protection in the Windows Defender Security Center app](/windows/threat-protection/microsoft-defender-antivirus/windows-defender-security-center-antivirus)
|
||||
@ -239,7 +239,7 @@ WSC now includes the Fluent Design System elements you know and love. You’ll a
|
||||
The security setting [**Interactive logon: Display user information when the session is locked**](/windows/device-security/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked) has been updated to work in conjunction with the **Privacy** setting in **Settings** > **Accounts** > **Sign-in options**.
|
||||
|
||||
A new security policy setting
|
||||
[**Interactive logon: Don't display username at sign-in**](/windows/device-security/security-policy-settings/interactive-logon-dont-display-username-at-sign-in) has been introduced in Windows 10 Enterprise 2019 LTSC. This security policy setting determines whether the username is displayed during sign in. It works in conjunction with the **Privacy** setting in **Settings** > **Accounts** > **Sign-in options**. The setting only affects the **Other user** tile.
|
||||
[**Interactive logon: Don't display username at sign-in**](/windows/device-security/security-policy-settings/interactive-logon-dont-display-username-at-sign-in) has been introduced in Windows 10 Enterprise LTSC 2019. This security policy setting determines whether the username is displayed during sign in. It works in conjunction with the **Privacy** setting in **Settings** > **Accounts** > **Sign-in options**. The setting only affects the **Other user** tile.
|
||||
|
||||
#### Windows 10 in S mode
|
||||
|
||||
@ -251,7 +251,7 @@ We’ve continued to work on the **Current threats** area in [Virus & threat pr
|
||||
|
||||
### Windows Autopilot
|
||||
|
||||
[Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot) is a deployment tool introduced with Windows 10, version 1709 and is also available for Windows 10 Enterprise 2019 LTSC (and later versions). Windows Autopilot provides a modern device lifecycle management service powered by the cloud to deliver a zero touch experience for deploying Windows 10.
|
||||
[Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot) is a deployment tool introduced with Windows 10, version 1709 and is also available for Windows 10 Enterprise LTSC 2019 (and later versions). Windows Autopilot provides a modern device lifecycle management service powered by the cloud to deliver a zero touch experience for deploying Windows 10.
|
||||
|
||||
Windows Autopilot is currently available with Surface, Dell, HP, and Lenovo. Other OEM partners such as Panasonic, and Acer will support Autopilot soon. Check the [Windows IT Pro Blog](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog) or this article for updated information.
|
||||
|
||||
@ -265,7 +265,7 @@ IT Pros can use Autopilot Reset to quickly remove personal files, apps, and sett
|
||||
|
||||
### MBR2GPT.EXE
|
||||
|
||||
MBR2GPT.EXE is a new command-line tool introduced with Windows 10, version 1703 and also available in Windows 10 Enterprise 2019 LTSC (and later versions). MBR2GPT converts a disk from Master Boot Record (MBR) to GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS).
|
||||
MBR2GPT.EXE is a new command-line tool introduced with Windows 10, version 1703 and also available in Windows 10 Enterprise LTSC 2019 (and later versions). MBR2GPT converts a disk from Master Boot Record (MBR) to GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS).
|
||||
|
||||
The GPT partition format is newer and enables the use of larger and more disk partitions. It also provides added data reliability, supports additional partition types, and enables faster boot and shutdown speeds. If you convert the system disk on a computer from MBR to GPT, you must also configure the computer to boot in UEFI mode, so make sure that your device supports UEFI before attempting to convert the system disk.
|
||||
|
||||
@ -293,7 +293,7 @@ For more information, see [DISM operating system uninstall command-line options]
|
||||
You can now run your own custom actions or scripts in parallel with Windows Setup. Setup will also migrate your scripts to next feature release, so you only need to add them once.
|
||||
|
||||
Prerequisites:
|
||||
- Windows 10, version 1803 or Windows 10 Enterprise 2019 LTSC, or later.
|
||||
- Windows 10, version 1803 or Windows 10 Enterprise LTSC 2019, or later.
|
||||
- Windows 10 Enterprise or Pro
|
||||
|
||||
For more information, see [Run custom actions during feature update](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-enable-custom-actions).
|
||||
@ -332,7 +332,7 @@ SetupDiag works by searching Windows Setup log files. When searching log files,
|
||||
If you have shared devices deployed in your work place, **Fast sign-in** enables users to sign in to a [shared Windows 10 PC](https://docs.microsoft.com/windows/configuration/set-up-shared-or-guest-pc) in a flash!
|
||||
|
||||
**To enable fast sign-in:**
|
||||
1. Set up a shared or guest device with Windows 10, version 1809 or Windows 10 Enterprise 2019 LTSC.
|
||||
1. Set up a shared or guest device with Windows 10, version 1809 or Windows 10 Enterprise LTSC 2019.
|
||||
2. Set the Policy CSP, and the **Authentication** and **EnableFastFirstSignIn** policies to enable fast sign-in.
|
||||
3. Sign-in to a shared PC with your account. You'll notice the difference!
|
||||
|
||||
@ -428,7 +428,7 @@ The following new Group Policy and mobile device management (MDM) settings are a
|
||||
|
||||
### Start and taskbar layout
|
||||
|
||||
Previously, the customized taskbar could only be deployed using Group Policy or provisioning packages. Windows 10 Enterprise 2019 LTSC adds support for customized taskbars to [MDM](/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management).
|
||||
Previously, the customized taskbar could only be deployed using Group Policy or provisioning packages. Windows 10 Enterprise LTSC 2019 adds support for customized taskbars to [MDM](/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management).
|
||||
|
||||
[Additional MDM policy settings are available for Start and taskbar layout](/windows/configuration/windows-10-start-layout-options-and-policies). New MDM policy settings include:
|
||||
|
||||
@ -467,7 +467,7 @@ You can now register your Azure AD domains to the Windows Insider Program. For m
|
||||
|
||||
### Optimize update delivery
|
||||
|
||||
With changes delivered in Windows 10 Enterprise 2019 LTSC, [Express updates](/windows/deployment/update/waas-optimize-windows-10-updates#express-update-delivery) are now fully supported with Microsoft Endpoint Configuration Manager, starting with version 1702 of Configuration Manager, as well as with other third-party updating and management products that [implement this new functionality](https://technet.microsoft.com/windows-server-docs/management/windows-server-update-services/deploy/express-update-delivery-isv-support). This is in addition to current Express support on Windows Update, Windows Update for Business and WSUS.
|
||||
With changes delivered in Windows 10 Enterprise LTSC 2019, [Express updates](/windows/deployment/update/waas-optimize-windows-10-updates#express-update-delivery) are now fully supported with Microsoft Endpoint Configuration Manager, starting with version 1702 of Configuration Manager, as well as with other third-party updating and management products that [implement this new functionality](https://technet.microsoft.com/windows-server-docs/management/windows-server-update-services/deploy/express-update-delivery-isv-support). This is in addition to current Express support on Windows Update, Windows Update for Business and WSUS.
|
||||
|
||||
>[!NOTE]
|
||||
> The above changes can be made available to Windows 10, version 1607, by installing the April 2017 cumulative update.
|
||||
@ -485,15 +485,15 @@ To check out all the details, see [Configure Delivery Optimization for Windows 1
|
||||
|
||||
### Uninstalled in-box apps no longer automatically reinstall
|
||||
|
||||
Starting with Windows 10 Enterprise 2019 LTSC, in-box apps that were uninstalled by the user won't automatically reinstall as part of the feature update installation process.
|
||||
Starting with Windows 10 Enterprise LTSC 2019, in-box apps that were uninstalled by the user won't automatically reinstall as part of the feature update installation process.
|
||||
|
||||
Additionally, apps de-provisioned by admins on Windows 10 Enterprise 2019 LTSC machines will stay de-provisioned after future feature update installations. This will not apply to the update from Windows 10 Enterprise 2016 LTSC (or earlier) to Windows 10 Enterprise 2019 LTSC.
|
||||
Additionally, apps de-provisioned by admins on Windows 10 Enterprise LTSC 2019 machines will stay de-provisioned after future feature update installations. This will not apply to the update from Windows 10 Enterprise LTSC 2016 (or earlier) to Windows 10 Enterprise LTSC 2019.
|
||||
|
||||
## Management
|
||||
|
||||
### New MDM capabilities
|
||||
|
||||
Windows 10 Enterprise 2019 LTSC adds many new [configuration service providers (CSPs)](/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers) that provide new capabilities for managing Windows 10 devices using MDM or provisioning packages. Among other things, these CSPs enable you to configure a few hundred of the most useful Group Policy settings via MDM - see [Policy CSP - ADMX-backed policies](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-admx-backed).
|
||||
Windows 10 Enterprise LTSC 2019 adds many new [configuration service providers (CSPs)](/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers) that provide new capabilities for managing Windows 10 devices using MDM or provisioning packages. Among other things, these CSPs enable you to configure a few hundred of the most useful Group Policy settings via MDM - see [Policy CSP - ADMX-backed policies](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-admx-backed).
|
||||
|
||||
Some of the other new CSPs are:
|
||||
|
||||
@ -519,17 +519,17 @@ Multiple new configuration items are also added. For more information, see [What
|
||||
|
||||
### Mobile application management support for Windows 10
|
||||
|
||||
The Windows version of mobile application management (MAM) is a lightweight solution for managing company data access and security on personal devices. MAM support is built into Windows on top of Windows Information Protection (WIP), starting in Windows 10 Enterprise 2019 LTSC.
|
||||
The Windows version of mobile application management (MAM) is a lightweight solution for managing company data access and security on personal devices. MAM support is built into Windows on top of Windows Information Protection (WIP), starting in Windows 10 Enterprise LTSC 2019.
|
||||
|
||||
For more info, see [Implement server-side support for mobile application management on Windows](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/implement-server-side-mobile-application-management).
|
||||
|
||||
### MDM diagnostics
|
||||
|
||||
In Windows 10 Enterprise 2019 LTSC, we continue our work to improve the diagnostic experience for modern management. By introducing auto-logging for mobile devices, Windows will automatically collect logs when encountering an error in MDM, eliminating the need to have always-on logging for memory-constrained devices. Additionally, we are introducing [Microsoft Message Analyzer](https://www.microsoft.com/download/details.aspx?id=44226) as an additional tool to help Support personnel quickly reduce issues to their root cause, while saving time and cost.
|
||||
In Windows 10 Enterprise LTSC 2019, we continue our work to improve the diagnostic experience for modern management. By introducing auto-logging for mobile devices, Windows will automatically collect logs when encountering an error in MDM, eliminating the need to have always-on logging for memory-constrained devices. Additionally, we are introducing [Microsoft Message Analyzer](https://www.microsoft.com/download/details.aspx?id=44226) as an additional tool to help Support personnel quickly reduce issues to their root cause, while saving time and cost.
|
||||
|
||||
### Application Virtualization for Windows (App-V)
|
||||
|
||||
Previous versions of the Microsoft Application Virtualization Sequencer (App-V Sequencer) have required you to manually create your sequencing environment. Windows 10 Enterprise 2019 LTSC introduces two new PowerShell cmdlets, New-AppVSequencerVM and Connect-AppvSequencerVM, which automatically create your sequencing environment for you, including provisioning your virtual machine. Additionally, the App-V Sequencer has been updated to let you sequence or update multiple apps at the same time, while automatically capturing and storing your customizations as an App-V project template (.appvt) file, and letting you use PowerShell or Group Policy settings to automatically cleanup your unpublished packages after a device restart.
|
||||
Previous versions of the Microsoft Application Virtualization Sequencer (App-V Sequencer) have required you to manually create your sequencing environment. Windows 10 Enterprise LTSC 2019 introduces two new PowerShell cmdlets, New-AppVSequencerVM and Connect-AppvSequencerVM, which automatically create your sequencing environment for you, including provisioning your virtual machine. Additionally, the App-V Sequencer has been updated to let you sequence or update multiple apps at the same time, while automatically capturing and storing your customizations as an App-V project template (.appvt) file, and letting you use PowerShell or Group Policy settings to automatically cleanup your unpublished packages after a device restart.
|
||||
|
||||
For more info, see the following topics:
|
||||
- [Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)](/windows/application-management/app-v/appv-auto-provision-a-vm)
|
||||
@ -546,7 +546,7 @@ Learn more about the diagnostic data that's collected at the Basic level and som
|
||||
|
||||
### Group Policy spreadsheet
|
||||
|
||||
Learn about the new Group Policies that were added in Windows 10 Enterprise 2019 LTSC.
|
||||
Learn about the new Group Policies that were added in Windows 10 Enterprise LTSC 2019.
|
||||
|
||||
- [Group Policy Settings Reference for Windows and Windows Server](https://www.microsoft.com/download/details.aspx?id=25250)
|
||||
|
||||
@ -579,9 +579,9 @@ Miracast over Infrastructure offers a number of benefits:
|
||||
|
||||
Enabling Miracast over Infrastructure:
|
||||
|
||||
If you have a device that has been updated to Windows 10 Enterprise 2019 LTSC, then you automatically have this new feature. To take advantage of it in your environment, you need to ensure the following is true within your deployment:
|
||||
If you have a device that has been updated to Windows 10 Enterprise LTSC 2019, then you automatically have this new feature. To take advantage of it in your environment, you need to ensure the following is true within your deployment:
|
||||
|
||||
- The device (PC, phone, or Surface Hub) needs to be running Windows 10, version 1703, Windows 10 Enterprise 2019 LTSC, or a later OS.
|
||||
- The device (PC, phone, or Surface Hub) needs to be running Windows 10, version 1703, Windows 10 Enterprise LTSC 2019, or a later OS.
|
||||
- A Windows PC or Surface Hub can act as a Miracast over Infrastructure *receiver*. A Windows PC or phone can act as a Miracast over Infrastructure *source*.
|
||||
- As a Miracast receiver, the PC or Surface Hub must be connected to your enterprise network via either Ethernet or a secure Wi-Fi connection (e.g. using either WPA2-PSK or WPA2-Enterprise security). If the Hub is connected to an open Wi-Fi connection, Miracast over Infrastructure will disable itself.
|
||||
- As a Miracast source, the PC or phone must be connected to the same enterprise network via Ethernet or a secure Wi-Fi connection.
|
||||
|
||||
Reference in New Issue
Block a user