diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 63c4203814..4fc670ee82 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -15344,7 +15344,7 @@ }, { "source_path": "devices/surface/surface-dock-updater.md", - "redirect_url": "surface/surface-dock-firmware-update", + "redirect_url": "/surface/surface-dock-firmware-update", "redirect_document_id": true }, { diff --git a/devices/surface-hub/surface-hub-recovery-tool.md b/devices/surface-hub/surface-hub-recovery-tool.md index 7d21b8c921..75feb89fc2 100644 --- a/devices/surface-hub/surface-hub-recovery-tool.md +++ b/devices/surface-hub/surface-hub-recovery-tool.md @@ -20,8 +20,8 @@ The [Microsoft Surface Hub Recovery Tool](https://www.microsoft.com/download/det To re-image the Surface Hub SSD using the Recovery Tool, you'll need to remove the SSD from the Surface Hub, connect the drive to the USB-to-SATA cable, and then connect the cable to the desktop PC on which the Recovery Tool is installed. For more information on how to remove the existing drive from your Surface Hub, see [Surface Hub SSD replacement](surface-hub-ssd-replacement.md). ->[!IMPORTANT] ->Do not let the device go to sleep or interrupt the download of the image file. +> [!IMPORTANT] +> Do not let the device go to sleep or interrupt the download of the image file. If the tool is unsuccessful in reimaging your drive, please contact [Surface Hub Support](https://support.microsoft.com/help/4037644/surface-contact-surface-warranty-and-software-support). @@ -77,10 +77,7 @@ Install Surface Hub Recovery Tool on the host PC. 5. When the download is complete, the tool instructs you to connect an SSD drive. If the tool is unable to locate the attached drive, there is a good chance that the cable being used is not reporting the name of the SSD to Windows. The imaging tool must find the name of the drive as "LITEON L CH-128V2S USB Device" before it can continue. For more information on how to remove the existing drive from your Surface Hub, see [Surface Hub SSD replacement](surface-hub-ssd-replacement.md). - -~~~ -![Connect SSD](images/shrt-drive.png) -~~~ + ![Connect SSD](images/shrt-drive.png) 6. When the drive is recognized, click **Start** to begin the re-imaging process. On the warning that all data on the drive will be erased, click **OK**. diff --git a/devices/surface/TOC.md b/devices/surface/TOC.md index 8330f2a9f5..d402397000 100644 --- a/devices/surface/TOC.md +++ b/devices/surface/TOC.md @@ -40,7 +40,6 @@ ### [Surface firmware and driver updates](update.md) ### [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md) - ## Secure ### [Manage Surface UEFI settings](manage-surface-uefi-settings.md) ### [Advanced UEFI security features for Surface Pro 3](advanced-uefi-security-features-for-surface-pro-3.md) diff --git a/devices/surface/get-started.md b/devices/surface/get-started.md index 658d59d971..2ea4ff4188 100644 --- a/devices/surface/get-started.md +++ b/devices/surface/get-started.md @@ -66,7 +66,7 @@ Harness the power of Surface, Windows, and Office connected together through the

Manage

-

Optimizing Wi-Fi connectivity for Surface devices

+

Optimize Wi-Fi connectivity for Surface devices

Best practice power settings for Surface devices

Manage battery limit with UEFI

@@ -75,7 +75,6 @@ Harness the power of Surface, Windows, and Office connected together through the - -The data type is int. Supported operations are Get and Replace. Starting in Windows 10, version 1803, the Delete operation is also supported. +The data type is integer. Supported operations are Get and Replace. Starting in Windows 10, version 1803, the Delete operation is also supported. -**SetupScriptUrl** +**SetupScriptUrl** Address to the PAC script you want to use. The data type is string. Supported operations are Get and Replace. Starting in Windows 10, version 1803, the Delete operation is also supported. @@ -82,4 +82,55 @@ Valid values:
  • 1 - Do not use proxy server for local addresses
    • -The data type is int. Supported operations are Get and Replace. Starting in Windows 10, version 1803, the Delete operation is also supported. +The data type is integer. Supported operations are Get and Replace. Starting in Windows 10, version 1803, the Delete operation is also supported. + +# Configuration Example + +These generic code portions for the options **ProxySettingsPerUser**, **Autodetect**, and **SetupScriptURL** can be used for a specific operation, for example Replace. Only enter the portion of code needed in the **Replace** section. +```xml + + 1 + + + ./Vendor/MSFT/NetworkProxy/ProxySettingsPerUser + + + int + text/plain + + 0 + + +``` + +```xml + + 2 + + + ./Vendor/MSFT/NetworkProxy/AutoDetect + + + int + text/plain + + 1 + + +``` + +```xml + + 3 + + + ./Vendor/MSFT/NetworkProxy/SetupScriptUrl + + + chr + text/plain + + Insert the proxy PAC URL location here: + + +``` diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md index 09a9bad5ae..d6ed85073e 100644 --- a/windows/client-management/mdm/policy-csp-storage.md +++ b/windows/client-management/mdm/policy-csp-storage.md @@ -6,17 +6,13 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman -ms.date: 01/14/2019 +ms.date: 09/23/2019 ms.reviewer: manager: dansimp --- # Policy CSP - Storage -> [!WARNING] -> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. - -
    @@ -627,7 +623,10 @@ ADMX Info: -If you enable this policy setting, write access is denied to this removable storage class. If you disable or do not configure this policy setting, write access is allowed to this removable storage class. Note: To require that users write data to BitLocker-protected storage, enable the policy setting "Deny write access to drives not protected by BitLocker," which is located in "Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives." +If you enable this policy setting, write access is denied to this removable storage class. If you disable or do not configure this policy setting, write access is allowed to this removable storage class. + +> [!Note] +> To require that users write data to BitLocker-protected storage, enable the policy setting "Deny write access to drives not protected by BitLocker," which is located in "Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives." Supported values: - 0 - Disable @@ -647,7 +646,10 @@ ADMX Info: +Example for setting the device custom OMA-URI setting to enable this policy: +To deny write access to removable storage within Intune’s custom profile, set OMA-URI to ```.\[device|user]\vendor\msft\policy\[config|result]\Storage/RemovableDiskDenyWriteAccess```, Data type to Integer, and Value to 1. +See [Use custom settings for Windows 10 devices in Intune](https://docs.microsoft.com/en-us/intune/custom-settings-windows-10) for information on how to create custom profiles. diff --git a/windows/client-management/mdm/supl-csp.md b/windows/client-management/mdm/supl-csp.md index 09ea7f32d0..64077761f8 100644 --- a/windows/client-management/mdm/supl-csp.md +++ b/windows/client-management/mdm/supl-csp.md @@ -9,15 +9,15 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman -ms.date: 07/20/2018 +ms.date: 09/12/2019 --- # SUPL CSP > [!WARNING] -> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. -The SUPL configuration service provider is used to configure the location client, as shown in the following table. +The SUPL configuration service provider is used to configure the location client, as shown in the following table: @@ -51,7 +51,7 @@ The SUPL configuration service provider is used to configure the location client

  • MCC/MNC value pairs which are used to specify which networks' UUIC the SUPL account matches.

    • @@ -68,7 +68,7 @@ The following diagram shows the SUPL configuration service provider management o   -![supl csp (dm,cp)](images/provisioning-csp-supl-dmandcp.png) +![SUPL csp (dm,cp)](images/provisioning-csp-supl-dmandcp.png) @@ -86,7 +86,10 @@ If this value is not specified, the device infers the H-SLP address from the IMS For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters. **Version** -Optional. Determines the version of the SUPL protocol to use. For SUPL 1.0, set this value to `1`. For SUPL 2.0, set this value to `2`. The default is 1. +Optional. Determines the major version of the SUPL protocol to use. For SUPL 1.0.0, set this value to 1. For SUPL 2.0.0, set this value to 2. The default is 1. Refer to FullVersion to define the minor version and the service indicator. + +**FullVersion** +Added in the next major release of Windows 10. Optional. Determines the full version (X.Y.Z where X, Y, and Z are the major version, the minor version, and the service indicator, respectively) of the SUPL protocol to use. The default is 1.0.0. If FullVersion is defined, Version field is ignored. **MCCMNCPairs** Required. List all of the MCC and MNC pairs owned by the mobile operator. This list is used to verify that the UICC matches the network and SUPL can be used. When the UICC and network do not match, the device uses the default location service and does not use SUPL. @@ -295,7 +298,7 @@ Optional. Specifies the positioning method that the SUPL client will use for mob - + @@ -582,18 +585,6 @@ The following table shows the Microsoft custom elements that this configuration
      -

    • Address of the server—a mobile positioning center for non-trusted mode.

      • +

    • Address of the server — a mobile positioning center for non-trusted mode.

    • The positioning method used by the MPC for non-trusted mode.

    0

    None: The device uses the default positioning method. In this default mode, the GNSS obtains assistance (time injection, coarse position injection and ephemeris data) from the Microsoft Positioning Service.

    None: The device uses the default positioning method. In this default mode, the GNSS obtains assistance (time injection, coarse position injection, and ephemeris data) from the Microsoft Positioning Service.

    1

      - ## Related topics - -[Configuration service provider reference](configuration-service-provider-reference.md) - -  - -  - - - - - - +[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file diff --git a/windows/client-management/mdm/supl-ddf-file.md b/windows/client-management/mdm/supl-ddf-file.md index bf899e6c8e..e2b10b625a 100644 --- a/windows/client-management/mdm/supl-ddf-file.md +++ b/windows/client-management/mdm/supl-ddf-file.md @@ -15,13 +15,13 @@ ms.date: 07/20/2018 # SUPL DDF file > [!WARNING] -> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. -This topic shows the OMA DM device description framework (DDF) for the **SUPL** configuration service provider. +This topic shows the OMA DM device description framework (DDF) for the **SUPL** configuration service provider (CSP). Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). -The XML below is for Windows 10, version 1809. +The XML below is the DDF for the current version for this CSP. ```xml @@ -47,7 +47,7 @@ The XML below is for Windows 10, version 1809. - com.microsoft/1.1/MDM/SUPL + com.microsoft/1.2/MDM/SUPL @@ -159,7 +159,7 @@ The XML below is for Windows 10, version 1809. 1 - Optional. Determines the version of the SUPL protocol to use. For SUPL 1.0, set this value to 1. For SUPL 2.0, set this value to 2. The default is 1. + Optional. Determines the major version of the SUPL protocol to use. For SUPL 1.0.0, set this value to 1. For SUPL 2.0.0, set this value to 2. The default is 1. Refer to FullVersion to define the minor version and the service indicator. @@ -174,6 +174,29 @@ The XML below is for Windows 10, version 1809. + + FullVersion + + + + + + 1.0.0 + Optional. Determines the full version (X.Y.Z where X, Y, and Z are the major version, the minor version, and the service indicator, respectively) of the SUPL protocol to use. The default is 1.0.0. If FullVersion is defined, Version field is ignored. + + + + + + + + + + + text/plain + + + MCCMNCPairs diff --git a/windows/deployment/s-mode.md b/windows/deployment/s-mode.md index deb025fd32..3d5adb42f4 100644 --- a/windows/deployment/s-mode.md +++ b/windows/deployment/s-mode.md @@ -1,57 +1,59 @@ ---- -title: Windows 10 Pro in S mode -description: Overview of Windows 10 Pro/Enterprise in S mode. What is S mode for Enterprise customers? -keywords: Windows 10 S, S mode, Windows S mode, Windows 10 S mode, S-mode, system requirements, Overview, Windows 10 Pro in S mode, Windows 10 Enterprise in S mode, Windows 10 Pro/Enterprise in S mode -ms.mktglfcycl: deploy -ms.localizationpriority: medium -ms.prod: w10 -ms.sitesec: library -ms.pagetype: deploy -ms.date: 12/05/2018 -ms.reviewer: -manager: laurawi -ms.audience: itpro author: greg-lindsay -audience: itpro author: greg-lindsay -ms.topic: article ---- - -# Windows 10 in S mode - What is it? -S mode is an evolution of the S SKU introduced with Windows 10 April 2018 Update. It's a configuration that's available on all Windows Editions when enabled at the time of manufacturing. The edition of Windows can be upgrade at any time as shown below. However, the switch from S mode is a onetime switch and can only be undone by a wipe and reload of the OS. - -![Configuration and features of S mode](images/smodeconfig.png) - -## S mode key features -**Microsoft-verified security** - -With Windows 10 in S mode, you’ll find your favorite applications, such as Office, Evernote, and Spotify in the Microsoft Store where they’re Microsoft-verified for security. You can also feel secure when you’re online. Microsoft Edge, your default browser, gives you protection against phishing and socially engineered malware. - -**Performance that lasts** - -Start-ups are quick, and S mode is built to keep them that way. With Microsoft Edge as your browser, your online experience is fast and secure. Plus, you’ll enjoy a smooth, responsive experience, whether you’re streaming HD video, opening apps, or being productive on the go. - -**Choice and flexibility** - -Save your files to your favorite cloud, like OneDrive or Dropbox, and access them from any device you choose. Browse the Microsoft Store for thousands of apps, and if you don’t find exactly what you want, you can easily [switch out of S mode](https://docs.microsoft.com/windows/deployment/windows-10-pro-in-s-mode) to Windows 10 Home, Pro, or Enterprise editions at any time and search the web for more choices, as shown below. - -![Switching out of S mode flow chart](images/s-mode-flow-chart.png) - - -## Deployment - -Windows 10 in S mode is built for [modern management](https://docs.microsoft.com/windows/client-management/manage-windows-10-in-your-organization-modern-management) which means using [Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-10-autopilot). Windows Autopilot lets you deploy the device directly to a user without IT having to touch the physical device. Instead of manually deploying a custom image, Windows Autopilot will start with a generic PC that can only be used to join the company domain; policies are then deployed automatically through mobile device management to customize the device to the user and the desired environment. Devices are shipped in S mode; you can either keep them in S mode or use Windows Autopilot to switch the device out of S mode during the first run process or later using mobile device management, if desired. - -## Keep line of business apps functioning with Desktop Bridge - -Worried about your line of business apps not working in S mode? [Desktop Bridge](https://docs.microsoft.com/windows/uwp/porting/desktop-to-uwp-root) enables you to convert your line of business apps to a packaged app with UWP manifest. After testing and validating you can distribute the app through the Microsoft Store, making it ideal for Windows 10 in S mode. - -## Repackage Win32 apps into the MSIX format - -The [MSIX Packaging Tool](https://docs.microsoft.com/windows/application-management/msix-app-packaging-tool), available from the Microsoft Store, enables you to repackage existing Win32 applications to the MSIX format. You can run your desktop installers through this tool interactively and obtain an MSIX package that you can install on your device and upload to the Microsoft Store. This is another way to get your apps ready to run on Windows 10 in S mode. - - -## Related links - -- [Consumer applications for S mode](https://www.microsoft.com/windows/s-mode) -- [S mode devices](https://www.microsoft.com/windows/view-all-devices) -- [Windows Defender Application Control deployment guide](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide) -- [Windows Defender Advanced Threat Protection](https://www.microsoft.com/WindowsForBusiness/windows-atp) +--- +title: Windows 10 Pro in S mode +description: Overview of Windows 10 Pro/Enterprise in S mode. What is S mode for Enterprise customers? +keywords: Windows 10 S, S mode, Windows S mode, Windows 10 S mode, S-mode, system requirements, Overview, Windows 10 Pro in S mode, Windows 10 Enterprise in S mode, Windows 10 Pro/Enterprise in S mode +ms.mktglfcycl: deploy +ms.localizationpriority: medium +ms.prod: w10 +ms.sitesec: library +ms.pagetype: deploy +ms.date: 12/05/2018 +ms.reviewer: +manager: laurawi +ms.audience: itpro +author: greg-lindsay +audience: itpro +author: greg-lindsay +ms.topic: article +--- + +# Windows 10 in S mode - What is it? +S mode is an evolution of the S SKU introduced with Windows 10 April 2018 Update. It's a configuration that's available on all Windows Editions when enabled at the time of manufacturing. The edition of Windows can be upgrade at any time as shown below. However, the switch from S mode is a onetime switch and can only be undone by a wipe and reload of the OS. + +![Configuration and features of S mode](images/smodeconfig.png) + +## S mode key features +**Microsoft-verified security** + +With Windows 10 in S mode, you’ll find your favorite applications, such as Office, Evernote, and Spotify in the Microsoft Store where they’re Microsoft-verified for security. You can also feel secure when you’re online. Microsoft Edge, your default browser, gives you protection against phishing and socially engineered malware. + +**Performance that lasts** + +Start-ups are quick, and S mode is built to keep them that way. With Microsoft Edge as your browser, your online experience is fast and secure. Plus, you’ll enjoy a smooth, responsive experience, whether you’re streaming HD video, opening apps, or being productive on the go. + +**Choice and flexibility** + +Save your files to your favorite cloud, like OneDrive or Dropbox, and access them from any device you choose. Browse the Microsoft Store for thousands of apps, and if you don’t find exactly what you want, you can easily [switch out of S mode](https://docs.microsoft.com/windows/deployment/windows-10-pro-in-s-mode) to Windows 10 Home, Pro, or Enterprise editions at any time and search the web for more choices, as shown below. + +![Switching out of S mode flow chart](images/s-mode-flow-chart.png) + + +## Deployment + +Windows 10 in S mode is built for [modern management](https://docs.microsoft.com/windows/client-management/manage-windows-10-in-your-organization-modern-management) which means using [Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-10-autopilot). Windows Autopilot lets you deploy the device directly to a user without IT having to touch the physical device. Instead of manually deploying a custom image, Windows Autopilot will start with a generic PC that can only be used to join the company domain; policies are then deployed automatically through mobile device management to customize the device to the user and the desired environment. Devices are shipped in S mode; you can either keep them in S mode or use Windows Autopilot to switch the device out of S mode during the first run process or later using mobile device management, if desired. + +## Keep line of business apps functioning with Desktop Bridge + +Worried about your line of business apps not working in S mode? [Desktop Bridge](https://docs.microsoft.com/windows/uwp/porting/desktop-to-uwp-root) enables you to convert your line of business apps to a packaged app with UWP manifest. After testing and validating you can distribute the app through the Microsoft Store, making it ideal for Windows 10 in S mode. + +## Repackage Win32 apps into the MSIX format + +The [MSIX Packaging Tool](https://docs.microsoft.com/windows/application-management/msix-app-packaging-tool), available from the Microsoft Store, enables you to repackage existing Win32 applications to the MSIX format. You can run your desktop installers through this tool interactively and obtain an MSIX package that you can install on your device and upload to the Microsoft Store. This is another way to get your apps ready to run on Windows 10 in S mode. + + +## Related links + +- [Consumer applications for S mode](https://www.microsoft.com/windows/s-mode) +- [S mode devices](https://www.microsoft.com/windows/view-all-devices) +- [Windows Defender Application Control deployment guide](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide) +- [Windows Defender Advanced Threat Protection](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) diff --git a/windows/deployment/update/fod-and-lang-packs.md b/windows/deployment/update/fod-and-lang-packs.md index 9d1e2e68e3..8e8e208b29 100644 --- a/windows/deployment/update/fod-and-lang-packs.md +++ b/windows/deployment/update/fod-and-lang-packs.md @@ -6,7 +6,8 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: article ms.author: greglin -audience: itpro author: greg-lindsay +audience: itpro +author: greg-lindsay ms.localizationpriority: medium ms.date: 03/13/2019 ms.reviewer: @@ -17,10 +18,14 @@ ms.topic: article > Applies to: Windows 10 -As of Windows 10 version 1709, you cannot use Windows Server Update Services (WSUS) to host [Features on Demand](https://docs.microsoft.com/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities) (FOD) and language packs for Windows 10 clients locally. Instead, you can enforce a Group Policy setting that tells the clients to pull them directly from Windows Update. You can also host FOD and language packs on a network share, but starting with Windows 10 version 1809, FOD and language packs can only be installed from Windows Update. - -For Windows domain environments running WSUS or SCCM, change the **Specify settings for optional component installation and component repair** policy to enable downloading FOD and language packs from Windows Update. This setting is located in `Computer Configuration\Administrative Templates\System` in the Group Policy Editor. +As of Windows 10 version 1709, you can't use Windows Server Update Services (WSUS) to host [Features on Demand](https://docs.microsoft.com/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities) (FODs) locally. Starting with Windows 10 version 1803, language packs can no longer be hosted on WSUS. -Changing this policy does not affect how other updates are distributed. They continue to come from WSUS or SCCM as you have scheduled them. +The **Specify settings for optional component installation and component repair** policy, located under `Computer Configuration\Administrative Templates\System` in the Group Policy Editor, can be used to specify alternate ways to acquire FOD packages, language packages, and content for corruption repair. However, it’s important to note this policy only allows specifying one alternate location and behaves differently across OS versions. + +In Windows 10 version 1709 and 1803, changing the **Specify settings for optional component installation and component repair** policy to download content from Windows Update enables acquisition of FOD packages while also enabling corruption repair. Specifying a network location works for either, depending on the content is found at that location. Changing this policy on these OS versions does not influence how language packs are acquired. + +In Windows 10 version 1809 and beyond, changing the **Specify settings for optional component installation and component repair** policy also influences how language packs are acquired, however language packs can only be acquired directly from Windows Update. It’s currently not possible to acquire them from a network share. Specifying a network location works for FOD packages or corruption repair, depending on the content at that location. + +For all OS versions, changing the **Specify settings for optional component installation and component repair** policy does not affect how OS updates are distributed. They continue to come from WSUS or SCCM or other sources as you have scheduled them, even while optional content is sourced from Windows Update or a network location. Learn about other client management options, including using Group Policy and administrative templates, in [Manage clients in Windows 10](https://docs.microsoft.com/windows/client-management/). diff --git a/windows/deployment/windows-autopilot/existing-devices.md b/windows/deployment/windows-autopilot/existing-devices.md index 0e14ae0b89..e762a53ed9 100644 --- a/windows/deployment/windows-autopilot/existing-devices.md +++ b/windows/deployment/windows-autopilot/existing-devices.md @@ -1,315 +1,317 @@ ---- -title: Windows Autopilot for existing devices -description: Windows Autopilot deployment -keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune -ms.reviewer: mniehaus -manager: laurawi -ms.prod: w10 -ms.mktglfcycl: deploy -ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: deploy -audience: itpro author: greg-lindsay -ms.author: greglin -ms.collection: M365-modern-desktop -ms.topic: article ---- - -# Windows Autopilot for existing devices - -**Applies to: Windows 10** - -Modern desktop deployment with Windows Autopilot enables you to easily deploy the latest version of Windows 10 to your existing devices. The apps you need for work can be automatically installed. Your work profile is synchronized, so you can resume working right away. - -This topic describes how to convert Windows 7 or Windows 8.1 domain-joined computers to Windows 10 devices joined to either Azure Active Directory or Active Directory (Hybrid Azure AD Join) by using Windows Autopilot. - ->[!NOTE] ->Windows Autopilot for existing devices only supports user-driven Azure Active Directory and Hybrid Azure AD profiles. Self-deploying profiles are not supported. - -## Prerequisites - -- System Center Configuration Manager Current Branch (1806) OR System Center Configuration Manager Technical Preview (1808) -- The [Windows ADK](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) 1803 or later - - Note: Config Mgr 1806 or later is required to [support](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10#windows-10-adk) the Windows ADK 1809. -- Assigned Microsoft Intune Licenses -- Azure Active Directory Premium -- Windows 10 version 1809 or later imported into Config Mgr as an Operating System Image - -## Procedures - -### Configure the Enrollment Status Page (optional) - -If desired, you can set up an [enrollment status page](https://docs.microsoft.com/windows/deployment/windows-autopilot/enrollment-status) for Autopilot using Intune. - -To enable and configure the enrollment and status page: - -1. Open [Intune in the Azure portal](https://aka.ms/intuneportal). -2. Access **Intune > Device enrollment > Windows enrollment** and [Set up an enrollment status page](https://docs.microsoft.com/intune/windows-enrollment-status). -3. Access **Azure Active Directory > Mobility (MDM and MAM) > Microsoft Intune** and [Configure automatic MDM enrollment](https://docs.microsoft.com/sccm/mdm/deploy-use/enroll-hybrid-windows#enable-windows-10-automatic-enrollment) and configure the MDM user scope for some or all users. - -See the following examples. - -![enrollment status page](images/esp-config.png)

    -![mdm](images/mdm-config.png) - -### Create the JSON file - ->[!TIP] ->To run the following commands on a computer running Windows Server 2012/2012 R2 or Windows 7/8.1, you must first download and install the [Windows Management Framework](https://www.microsoft.com/download/details.aspx?id=54616). - -1. On an Internet connected Windows PC or Server open an elevated Windows PowerShell command window -2. Enter the following lines to install the necessary modules - - #### Install required modules - - ```powershell - Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force - Install-Module AzureAD -Force - Install-Module WindowsAutopilotIntune -Force - ``` - -3. Enter the following lines and provide Intune administrative credentials - - In the following command, replace the example user principal name for Azure authentication (admin@M365x373186.onmicrosoft.com) with your user account. Be sure that the user account you specify has sufficient administrative rights. - - ```powershell - Connect-AutopilotIntune -user admin@M365x373186.onmicrosoft.com - ``` - The password for your account will be requested using a standard Azure AD form. Type your password and then click **Sign in**. -
    See the following example: - - ![Azure AD authentication](images/pwd.png) - - If this is the first time you’ve used the Intune Graph APIs, you’ll also be prompted to enable read and write permissions for Microsoft Intune PowerShell. To enable these permissions: - - Select **Consent on behalf or your organization** - - Click **Accept** - -4. Next, retrieve and display all the Autopilot profiles available in the specified Intune tenant in JSON format: - - #### Retrieve profiles in Autopilot for existing devices JSON format - - ```powershell - Get-AutopilotProfile | ConvertTo-AutopilotConfigurationJSON - ``` - - See the following sample output: (use the horizontal scroll bar at the bottom to view long lines) - 
    -    PS C:\> Get-AutopilotProfile | ConvertTo-AutopilotConfigurationJSON
-    {
-        "CloudAssignedTenantId":  "1537de22-988c-4e93-b8a5-83890f34a69b",
-        "CloudAssignedForcedEnrollment":  1,
-        "Version":  2049,
-        "Comment_File":  "Profile Autopilot Profile",
-        "CloudAssignedAadServerData":  "{\"ZeroTouchConfig\":{\"CloudAssignedTenantUpn\":\"\",\"ForcedEnrollment\":1,\"CloudAssignedTenantDomain\":\"M365x373186.onmicrosoft.com\"}}",
-        "CloudAssignedTenantDomain":  "M365x373186.onmicrosoft.com",
-        "CloudAssignedDomainJoinMethod":  0,
-        "CloudAssignedOobeConfig":  28,
-        "ZtdCorrelationId":  "7F9E6025-1E13-45F3-BF82-A3E8C5B59EAC"
-    }
    - - Each profile is encapsulated within braces **{ }**. In the previous example, a single profile is displayed. - - See the following table for a description of properties used in the JSON file. - - - | Property | Description | - |------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| - | Version (number, optional) | The version number that identifies the format of the JSON file. For Windows 10 1809, the version specified must be 2049. | - | CloudAssignedTenantId (guid, required) | The Azure Active Directory tenant ID that should be used. This is the GUID for the tenant, and can be found in properties of the tenant. The value should not include braces. | - | CloudAssignedTenantDomain (string, required) | The Azure Active Directory tenant name that should be used, e.g. tenant.onmicrosoft.com. | - | CloudAssignedOobeConfig (number, required) | This is a bitmap that shows which Autopilot settings were configured. Values include: SkipCortanaOptIn = 1, OobeUserNotLocalAdmin = 2, SkipExpressSettings = 4, SkipOemRegistration = 8, SkipEula = 16 | - | CloudAssignedDomainJoinMethod (number, required) | This property specifies whether the device should join Azure Active Directory or Active Directory (Hybrid Azure AD Join). Values include: Active AD Join = 0, Hybrid Azure AD Join = 1 | - | CloudAssignedForcedEnrollment (number, required) | Specifies that the device should require AAD Join and MDM enrollment.
    0 = not required, 1 = required. | - | ZtdCorrelationId (guid, required) | A unique GUID (without braces) that will be provided to Intune as part of the registration process. ZtdCorrelationId will be included in enrollment message as “OfflineAutoPilotEnrollmentCorrelator”. This attribute will be present only if the enrollment is taking place on a device registered with Zero Touch Provisioning via offline registration. | - | CloudAssignedAadServerData (encoded JSON string, required) | An embedded JSON string used for branding. It requires AAD corp branding enabled.
    Example value: "CloudAssignedAadServerData": "{\"ZeroTouchConfig\":{\"CloudAssignedTenantUpn\":\"\",\"CloudAssignedTenantDomain\":\"tenant.onmicrosoft.com\"}}" | - | CloudAssignedDeviceName (string, optional) | The name automatically assigned to the computer. This follows the naming pattern convention that can be configured in Intune as part of the Autopilot profile, or can specify an explicit name to use. | - - -5. The Autopilot profile must be saved as a JSON file in ASCII or ANSI format. Windows PowerShell defaults to Unicode format, so if you attempt to redirect output of the commands to a file, you must also specify the file format. For example, to save the file in ASCII format using Windows PowerShell, you can create a directory (ex: c:\Autopilot) and save the profile as shown below: (use the horizontal scroll bar at the bottom if needed to view the entire command string) - - ```powershell - Get-AutopilotProfile | ConvertTo-AutopilotConfigurationJSON | Out-File c:\Autopilot\AutopilotConfigurationFile.json -Encoding ASCII - ``` - **IMPORTANT**: The file name must be named **AutopilotConfigurationFile.json** in addition to being encoded as ASCII/ANSI. - - If preferred, you can save the profile to a text file and edit in Notepad. In Notepad, when you choose **Save as** you must select Save as type: **All Files** and choose ANSI from the drop-down list next to **Encoding**. See the following example. - - ![Notepad JSON](images/notepad.png) - - After saving the file, move the file to a location suitable as an SCCM package source. - - >[!IMPORTANT] - >Multiple JSON profile files can be used, but each must be named **AutopilotConfigurationFile.json** in order for OOBE to follow the Autopilot experience. The file also must be encoded as ANSI.

    **Saving the file with Unicode or UTF-8 encoding or saving it with a different file name will cause Windows 10 OOBE to not follow the Autopilot experience**.
    - - -### Create a package containing the JSON file - -1. In Configuration Manager, navigate to **\Software Library\Overview\Application Management\Packages** -2. On the ribbon, click **Create Package** -3. In the **Create Package and Program Wizard** enter the following **Package** and **Program Type** details:
    - - Name: **Autopilot for existing devices config** - - Select the **This package contains source files** checkbox - - Source folder: Click **Browse** and specify a UNC path containing the AutopilotConfigurationFile.json file. - - Click **OK** and then click **Next**. - - Program Type: **Do not create a program** -4. Click **Next** twice and then click **Close**. - -**NOTE**: If you change user-driven Autopilot profile settings in Intune at a later date, you must also update the JSON file and redistribute the associated Config Mgr package. - -### Create a target collection - ->[!NOTE] ->You can also choose to reuse an existing collection - -1. Navigate to **\Assets and Compliance\Overview\Device Collections** -2. On the ribbon, click **Create** and then click **Create Device Collection** -3. In the **Create Device Collection Wizard** enter the following **General** details: - - Name: **Autopilot for existing devices collection** - - Comment: (optional) - - Limiting collection: Click **Browse** and select **All Systems** - - >[!NOTE] - >You can optionally choose to use an alternative collection for the limiting collection. The device to be upgraded must be running the ConfigMgr agent in the collection that you select. - -4. Click **Next**, then enter the following **Membership Rules** details: - - Click **Add Rule** and specify either a direct or query based collection rule to add the target test Windows 7 devices to the new collection. - - For example, if the hostname of the computer to be wiped and reloaded is PC-01 and you wish to use Name as the attribute, click **Add Rule > Direct Rule > (wizard opens) > Next** and then enter **PC-01** next to **Value**. Click **Next** and then choose **PC-01** under **Resources**. See the following examples. - - ![Named resource1](images/pc-01a.png) - ![Named resource2](images/pc-01b.png) - -5. Continue creating the device collection with the default settings: - - Use incremental updates for this collection: not selected - - Schedule a full update on this collection: default - - Click **Next** twice and then click **Close** - -### Create an Autopilot for existing devices Task Sequence - ->[!TIP] ->The next procedure requires a boot image for Windows 10 1803 or later. Review your available boot images in the Configuration Manager conole under **Software Library\Overview\Operating Systems\Boot images** and verify that the **OS Version** is 10.0.17134.1 (Windows 10 version 1803) or later. - -1. In the Configuration Manager console, navigate to **\Software Library\Overview\Operating Systems\Task Sequences** -2. On the Home ribbon, click **Create Task Sequence** -3. Select **Install an existing image package** and then click **Next** -4. In the Create Task Sequence Wizard enter the following details: - - Task sequence name: **Autopilot for existing devices** - - Boot Image: Click **Browse** and select a Windows 10 boot image (1803 or later) - - Click **Next**, and then on the Install Windows page click **Browse** and select a Windows 10 **Image package** and **Image Index**, version 1803 or later. - - Select the **Partition and format the target computer before installing the operating system** checkbox. - - Select or clear **Configure task sequence for use with Bitlocker** checkbox. This is optional. - - Product Key and Server licensing mode: Optionally enter a product key and server licencing mode. - - Randomly generate the local administrator password and disable the account on all support platforms (recommended): Optional. - - Enable the account and specify the local administrator password: Optional. - - Click **Next**, and then on the Configure Network page choose **Join a workgroup** and specify a name (ex: workgroup) next to **Workgroup**. - - >[!IMPORTANT] - >The Autopilot for existing devices task sequence will run the **Prepare Windows for capture** action which calls the System Preparation Tool (syeprep). This action will fail if the target machine is joined to a domain. - -5. Click **Next** and then click **Next** again to accept the default settings on the Install Configuration Manager page. -6. On the State Migration page, enter the following details: - - Clear the **Capture user settings and files** checkbox. - - Clear the **Capture network settings** checkbox. - - Clear the **Capture Microsoft Windows settings** checkbox. - - Click **Next**. - - >[!NOTE] - >The Autopilot for existing devices task sequence will result in an Azure Active Directory Domain (AAD) joined device. The User State Migration Toolkit (USMT) does not support AAD joined or hybrid AAD joined devices. - -7. On the Include Updates page, choose one of the three available options. This selection is optional. -8. On the Install applications page, add applications if desired. This is optional. -9. Click **Next**, confirm settings, click **Next** and then click **Close**. -10. Right click on the Autopilot for existing devices task sequence and click **Edit**. -11. In the Task Sequence Editor under the **Install Operating System** group, click the **Apply Windows Settings** action. -12. Click **Add** then click **New Group**. -13. Change the group **Name** from **New Group** to **Autopilot for existing devices config**. -14. Click **Add**, point to **General**, then click **Run Command Line**. -15. Verify that the **Run Command Line** step is nested under the **Autopilot for existing devices config** group. -16. Change the **Name** to **Apply Autopilot for existing devices config file** and paste the following into the **Command line** text box, and then click **Apply**: - ``` - cmd.exe /c xcopy AutopilotConfigurationFile.json %OSDTargetSystemDrive%\windows\provisioning\Autopilot\ /c - ``` - - **AutopilotConfigurationFile.json** must be the name of the JSON file present in the Autopilot for existing devices package created earlier. - -17. In the **Apply Autopilot for existing devices config file** step, select the **Package** checkbox and then click **Browse**. -18. Select the **Autopilot for existing devices config** package created earlier and click **OK**. An example is displayed at the end of this section. -19. Under the **Setup Operating System** group, click the **Setup Windows and Configuration Manager** task. -20. Click **Add** and then click **New Group**. -21. Change **Name** from **New Group** to **Prepare Device for Autopilot** -22. Verify that the **Prepare Device for Autopilot** group is the very last step in the task sequence. Use the **Move Down** button if necessary. -23. With the **Prepare device for Autopilot** group selected, click **Add**, point to **Images** and then click **Prepare ConfigMgr Client for Capture**. -24. Add a second step by clicking **Add**, pointing to **Images**, and clicking **Prepare Windows for Capture**. Use the following settings in this step: - - Automatically build mass storage driver list: **Not selected** - - Do not reset activation flag: **Not selected** - - Shutdown the computer after running this action: **Optional** - - ![Autopilot task sequence](images/ap-ts-1.png) - -25. Click **OK** to close the Task Sequence Editor. - -### Deploy Content to Distribution Points - -Next, ensure that all content required for the task sequence is deployed to distribution points. - -1. Right click on the **Autopilot for existing devices** task sequence and click **Distribute Content**. -2. Click **Next**, **Review the content to distribute** and then click **Next**. -3. On the Specify the content distribution page click **Add** to specify either a **Distribution Point** or **Distribution Point Group**. -4. On the a Add Distribution Points or Add Distribution Point Groups wizard specify content destinations that will allow the JSON file to be retrieved when the task sequence is run. -5. When you are finished specifying content distribution, click **Next** twice then click **Close**. - -### Deploy the OS with Autopilot Task Sequence - -1. Right click on the **Autopilot for existing devices** task sequence and then click **Deploy**. -2. In the Deploy Software Wizard enter the following **General** and **Deployment Settings** details: - - Task Sequence: **Autopilot for existing devices**. - - Collection: Click **Browse** and then select **Autopilot for existing devices collection** (or another collection you prefer). - - Click **Next** to specify **Deployment Settings**. - - Action: **Install**. - - Purpose: **Available**. You can optionally select **Required** instead of **Available**. This is not recommended during the test owing to the potential impact of inadvertent configurations. - - Make available to the following: **Only Configuration Manager Clients**. Note: Choose the option here that is relevant for the context of your test. If the target client does not have the Configuration Manager agent or Windows installed, you will need to select an option that includes PXE or Boot Media. - - Click **Next** to specify **Scheduling** details. - - Schedule when this deployment will become available: Optional - - Schedule when this deployment will expire: Optional - - Click **Next** to specify **User Experience** details. - - Show Task Sequence progress: Selected. - - Software Installation: Not selected. - - System restart (if required to complete the installation): Not selected. - - Commit changed at deadline or during a maintenance windows (requires restart): Optional. - - Allow task sequence to be run for client on the Internet: Optional - - Click **Next** to specify **Alerts** details. - - Create a deployment alert when the threshold is higher than the following: Optional. - - Click **Next** to specify **Distribution Points** details. - - Deployment options: **Download content locally when needed by the running task sequence**. - - When no local distribution point is available use a remote distribution point: Optional. - - Allow clients to use distribution points from the default site boundary group: Optional. - - Click **Next**, confirm settings, click **Next**, and then click **Close**. - -### Complete the client installation process - -1. Open the Software Center on the target Windows 7 or Windows 8.1 client computer. You can do this by clicking Start and then typing **software** in the search box, or by typing the following at a Windows PowerShell or command prompt: - - ``` - C:\Windows\CCM\SCClient.exe - ``` - -2. In the software library, select **Autopilot for existing devices** and click **Install**. See the following example: - - ![Named resource2](images/sc.png) - ![Named resource2](images/sc1.png) - -The Task Sequence will download content, reboot, format the drives and install Windows 10. The device will then proceed to be prepared for Autopilot. Once the task sequence has completed the device will boot into OOBE and provide an Autopilot experience. - -![refresh-1](images/up-1.png) -![refresh-2](images/up-2.png) -![refresh-3](images/up-3.png) - ->[!NOTE] ->If joining devices to Active Directory (Hybrid Azure AD Join), it is necessary to create a Domain Join device configuration profile that is targeted to "All Devices" (since there is no Azure Active Directory device object for the computer to do group-based targeting). See [User-driven mode for hybrid Azure Active Directory join](https://docs.microsoft.com/windows/deployment/windows-autopilot/user-driven#user-driven-mode-for-hybrid-azure-active-directory-join) for more information. - -### Register the device for Windows Autopilot - -Devices provisioned through Autopilot will only receive the guided OOBE Autopilot experience on first boot. Once updated to Windows 10, the device should be registered to ensure a continued Autopilot experience in the event of PC reset. You can enable automatic registration for an assigned group using the **Convert all targeted devices to Autopilot** setting. For more information, see [Create an Autopilot deployment profile](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-deployment-profile). - -Also see [Adding devices to Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/add-devices). - -## Speeding up the deployment process - -To remove around 20 minutes from the deployment process, see Michael Niehaus's blog with instructions for [Speeding up Windows Autopilot for existing devices](https://blogs.technet.microsoft.com/mniehaus/2018/10/25/speeding-up-windows-autopilot-for-existing-devices/). +--- +title: Windows Autopilot for existing devices +description: Windows Autopilot deployment +keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune +ms.reviewer: mniehaus +manager: laurawi +ms.prod: w10 +ms.mktglfcycl: deploy +ms.localizationpriority: medium +ms.sitesec: library +ms.pagetype: deploy +audience: itpro +author: greg-lindsay +ms.author: greglin +ms.collection: M365-modern-desktop +ms.topic: article +--- + +# Windows Autopilot for existing devices + +**Applies to: Windows 10** + +Modern desktop deployment with Windows Autopilot enables you to easily deploy the latest version of Windows 10 to your existing devices. The apps you need for work can be automatically installed. Your work profile is synchronized, so you can resume working right away. + +This topic describes how to convert Windows 7 or Windows 8.1 domain-joined computers to Windows 10 devices joined to either Azure Active Directory or Active Directory (Hybrid Azure AD Join) by using Windows Autopilot. + +>[!NOTE] +>Windows Autopilot for existing devices only supports user-driven Azure Active Directory and Hybrid Azure AD profiles. Self-deploying profiles are not supported. + +## Prerequisites + +- System Center Configuration Manager Current Branch (1806) OR System Center Configuration Manager Technical Preview (1808) +- The [Windows ADK](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) 1803 or later + - Note: Config Mgr 1806 or later is required to [support](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10#windows-10-adk) the Windows ADK 1809. +- Assigned Microsoft Intune Licenses +- Azure Active Directory Premium +- Windows 10 version 1809 or later imported into Config Mgr as an Operating System Image + - **Important**: See [Known issues](known-issues.md) if you are using Windows 10 1903 with Configuration Manager’s built-in **Windows Autopilot existing device** task sequence template. Currently, one of the steps in this task sequence must be edited to work properly with Windows 10, version 1903. + +## Procedures + +### Configure the Enrollment Status Page (optional) + +If desired, you can set up an [enrollment status page](https://docs.microsoft.com/windows/deployment/windows-autopilot/enrollment-status) for Autopilot using Intune. + +To enable and configure the enrollment and status page: + +1. Open [Intune in the Azure portal](https://aka.ms/intuneportal). +2. Access **Intune > Device enrollment > Windows enrollment** and [Set up an enrollment status page](https://docs.microsoft.com/intune/windows-enrollment-status). +3. Access **Azure Active Directory > Mobility (MDM and MAM) > Microsoft Intune** and [Configure automatic MDM enrollment](https://docs.microsoft.com/sccm/mdm/deploy-use/enroll-hybrid-windows#enable-windows-10-automatic-enrollment) and configure the MDM user scope for some or all users. + +See the following examples. + +![enrollment status page](images/esp-config.png)

    +![mdm](images/mdm-config.png) + +### Create the JSON file + +>[!TIP] +>To run the following commands on a computer running Windows Server 2012/2012 R2 or Windows 7/8.1, you must first download and install the [Windows Management Framework](https://www.microsoft.com/download/details.aspx?id=54616). + +1. On an Internet connected Windows PC or Server open an elevated Windows PowerShell command window +2. Enter the following lines to install the necessary modules + + #### Install required modules + + ```powershell + Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force + Install-Module AzureAD -Force + Install-Module WindowsAutopilotIntune -Force + ``` + +3. Enter the following lines and provide Intune administrative credentials + - In the following command, replace the example user principal name for Azure authentication (admin@M365x373186.onmicrosoft.com) with your user account. Be sure that the user account you specify has sufficient administrative rights. + + ```powershell + Connect-AutopilotIntune -user admin@M365x373186.onmicrosoft.com + ``` + The password for your account will be requested using a standard Azure AD form. Type your password and then click **Sign in**. +
    See the following example: + + ![Azure AD authentication](images/pwd.png) + + If this is the first time you’ve used the Intune Graph APIs, you’ll also be prompted to enable read and write permissions for Microsoft Intune PowerShell. To enable these permissions: + - Select **Consent on behalf or your organization** + - Click **Accept** + +4. Next, retrieve and display all the Autopilot profiles available in the specified Intune tenant in JSON format: + + #### Retrieve profiles in Autopilot for existing devices JSON format + + ```powershell + Get-AutopilotProfile | ConvertTo-AutopilotConfigurationJSON + ``` + + See the following sample output: (use the horizontal scroll bar at the bottom to view long lines) + 
    +    PS C:\> Get-AutopilotProfile | ConvertTo-AutopilotConfigurationJSON
+    {
+        "CloudAssignedTenantId":  "1537de22-988c-4e93-b8a5-83890f34a69b",
+        "CloudAssignedForcedEnrollment":  1,
+        "Version":  2049,
+        "Comment_File":  "Profile Autopilot Profile",
+        "CloudAssignedAadServerData":  "{\"ZeroTouchConfig\":{\"CloudAssignedTenantUpn\":\"\",\"ForcedEnrollment\":1,\"CloudAssignedTenantDomain\":\"M365x373186.onmicrosoft.com\"}}",
+        "CloudAssignedTenantDomain":  "M365x373186.onmicrosoft.com",
+        "CloudAssignedDomainJoinMethod":  0,
+        "CloudAssignedOobeConfig":  28,
+        "ZtdCorrelationId":  "7F9E6025-1E13-45F3-BF82-A3E8C5B59EAC"
+    }
    + + Each profile is encapsulated within braces **{ }**. In the previous example, a single profile is displayed. + + See the following table for a description of properties used in the JSON file. + + + | Property | Description | + |------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| + | Version (number, optional) | The version number that identifies the format of the JSON file. For Windows 10 1809, the version specified must be 2049. | + | CloudAssignedTenantId (guid, required) | The Azure Active Directory tenant ID that should be used. This is the GUID for the tenant, and can be found in properties of the tenant. The value should not include braces. | + | CloudAssignedTenantDomain (string, required) | The Azure Active Directory tenant name that should be used, e.g. tenant.onmicrosoft.com. | + | CloudAssignedOobeConfig (number, required) | This is a bitmap that shows which Autopilot settings were configured. Values include: SkipCortanaOptIn = 1, OobeUserNotLocalAdmin = 2, SkipExpressSettings = 4, SkipOemRegistration = 8, SkipEula = 16 | + | CloudAssignedDomainJoinMethod (number, required) | This property specifies whether the device should join Azure Active Directory or Active Directory (Hybrid Azure AD Join). Values include: Active AD Join = 0, Hybrid Azure AD Join = 1 | + | CloudAssignedForcedEnrollment (number, required) | Specifies that the device should require AAD Join and MDM enrollment.
    0 = not required, 1 = required. | + | ZtdCorrelationId (guid, required) | A unique GUID (without braces) that will be provided to Intune as part of the registration process. ZtdCorrelationId will be included in enrollment message as “OfflineAutoPilotEnrollmentCorrelator”. This attribute will be present only if the enrollment is taking place on a device registered with Zero Touch Provisioning via offline registration. | + | CloudAssignedAadServerData (encoded JSON string, required) | An embedded JSON string used for branding. It requires AAD corp branding enabled.
    Example value: "CloudAssignedAadServerData": "{\"ZeroTouchConfig\":{\"CloudAssignedTenantUpn\":\"\",\"CloudAssignedTenantDomain\":\"tenant.onmicrosoft.com\"}}" | + | CloudAssignedDeviceName (string, optional) | The name automatically assigned to the computer. This follows the naming pattern convention that can be configured in Intune as part of the Autopilot profile, or can specify an explicit name to use. | + + +5. The Autopilot profile must be saved as a JSON file in ASCII or ANSI format. Windows PowerShell defaults to Unicode format, so if you attempt to redirect output of the commands to a file, you must also specify the file format. For example, to save the file in ASCII format using Windows PowerShell, you can create a directory (ex: c:\Autopilot) and save the profile as shown below: (use the horizontal scroll bar at the bottom if needed to view the entire command string) + + ```powershell + Get-AutopilotProfile | ConvertTo-AutopilotConfigurationJSON | Out-File c:\Autopilot\AutopilotConfigurationFile.json -Encoding ASCII + ``` + **IMPORTANT**: The file name must be named **AutopilotConfigurationFile.json** in addition to being encoded as ASCII/ANSI. + + If preferred, you can save the profile to a text file and edit in Notepad. In Notepad, when you choose **Save as** you must select Save as type: **All Files** and choose ANSI from the drop-down list next to **Encoding**. See the following example. + + ![Notepad JSON](images/notepad.png) + + After saving the file, move the file to a location suitable as an SCCM package source. + + >[!IMPORTANT] + >Multiple JSON profile files can be used, but each must be named **AutopilotConfigurationFile.json** in order for OOBE to follow the Autopilot experience. The file also must be encoded as ANSI.

    **Saving the file with Unicode or UTF-8 encoding or saving it with a different file name will cause Windows 10 OOBE to not follow the Autopilot experience**.
    + + +### Create a package containing the JSON file + +1. In Configuration Manager, navigate to **\Software Library\Overview\Application Management\Packages** +2. On the ribbon, click **Create Package** +3. In the **Create Package and Program Wizard** enter the following **Package** and **Program Type** details:
    + - Name: **Autopilot for existing devices config** + - Select the **This package contains source files** checkbox + - Source folder: Click **Browse** and specify a UNC path containing the AutopilotConfigurationFile.json file. + - Click **OK** and then click **Next**. + - Program Type: **Do not create a program** +4. Click **Next** twice and then click **Close**. + +**NOTE**: If you change user-driven Autopilot profile settings in Intune at a later date, you must also update the JSON file and redistribute the associated Config Mgr package. + +### Create a target collection + +>[!NOTE] +>You can also choose to reuse an existing collection + +1. Navigate to **\Assets and Compliance\Overview\Device Collections** +2. On the ribbon, click **Create** and then click **Create Device Collection** +3. In the **Create Device Collection Wizard** enter the following **General** details: + - Name: **Autopilot for existing devices collection** + - Comment: (optional) + - Limiting collection: Click **Browse** and select **All Systems** + + >[!NOTE] + >You can optionally choose to use an alternative collection for the limiting collection. The device to be upgraded must be running the ConfigMgr agent in the collection that you select. + +4. Click **Next**, then enter the following **Membership Rules** details: + - Click **Add Rule** and specify either a direct or query based collection rule to add the target test Windows 7 devices to the new collection. + - For example, if the hostname of the computer to be wiped and reloaded is PC-01 and you wish to use Name as the attribute, click **Add Rule > Direct Rule > (wizard opens) > Next** and then enter **PC-01** next to **Value**. Click **Next** and then choose **PC-01** under **Resources**. See the following examples. + + ![Named resource1](images/pc-01a.png) + ![Named resource2](images/pc-01b.png) + +5. Continue creating the device collection with the default settings: + - Use incremental updates for this collection: not selected + - Schedule a full update on this collection: default + - Click **Next** twice and then click **Close** + +### Create an Autopilot for existing devices Task Sequence + +>[!TIP] +>The next procedure requires a boot image for Windows 10 1803 or later. Review your available boot images in the Configuration Manager conole under **Software Library\Overview\Operating Systems\Boot images** and verify that the **OS Version** is 10.0.17134.1 (Windows 10 version 1803) or later. + +1. In the Configuration Manager console, navigate to **\Software Library\Overview\Operating Systems\Task Sequences** +2. On the Home ribbon, click **Create Task Sequence** +3. Select **Install an existing image package** and then click **Next** +4. In the Create Task Sequence Wizard enter the following details: + - Task sequence name: **Autopilot for existing devices** + - Boot Image: Click **Browse** and select a Windows 10 boot image (1803 or later) + - Click **Next**, and then on the Install Windows page click **Browse** and select a Windows 10 **Image package** and **Image Index**, version 1803 or later. + - Select the **Partition and format the target computer before installing the operating system** checkbox. + - Select or clear **Configure task sequence for use with Bitlocker** checkbox. This is optional. + - Product Key and Server licensing mode: Optionally enter a product key and server licensing mode. + - Randomly generate the local administrator password and disable the account on all support platforms (recommended): Optional. + - Enable the account and specify the local administrator password: Optional. + - Click **Next**, and then on the Configure Network page choose **Join a workgroup** and specify a name (ex: workgroup) next to **Workgroup**. + + >[!IMPORTANT] + >The Autopilot for existing devices task sequence will run the **Prepare Windows for capture** action which calls the System Preparation Tool (syeprep). This action will fail if the target machine is joined to a domain. + +5. Click **Next** and then click **Next** again to accept the default settings on the Install Configuration Manager page. +6. On the State Migration page, enter the following details: + - Clear the **Capture user settings and files** checkbox. + - Clear the **Capture network settings** checkbox. + - Clear the **Capture Microsoft Windows settings** checkbox. + - Click **Next**. + + >[!NOTE] + >The Autopilot for existing devices task sequence will result in an Azure Active Directory Domain (AAD) joined device. The User State Migration Toolkit (USMT) does not support AAD joined or hybrid AAD joined devices. + +7. On the Include Updates page, choose one of the three available options. This selection is optional. +8. On the Install applications page, add applications if desired. This is optional. +9. Click **Next**, confirm settings, click **Next** and then click **Close**. +10. Right click on the Autopilot for existing devices task sequence and click **Edit**. +11. In the Task Sequence Editor under the **Install Operating System** group, click the **Apply Windows Settings** action. +12. Click **Add** then click **New Group**. +13. Change the group **Name** from **New Group** to **Autopilot for existing devices config**. +14. Click **Add**, point to **General**, then click **Run Command Line**. +15. Verify that the **Run Command Line** step is nested under the **Autopilot for existing devices config** group. +16. Change the **Name** to **Apply Autopilot for existing devices config file** and paste the following into the **Command line** text box, and then click **Apply**: + ``` + cmd.exe /c xcopy AutopilotConfigurationFile.json %OSDTargetSystemDrive%\windows\provisioning\Autopilot\ /c + ``` + - **AutopilotConfigurationFile.json** must be the name of the JSON file present in the Autopilot for existing devices package created earlier. + +17. In the **Apply Autopilot for existing devices config file** step, select the **Package** checkbox and then click **Browse**. +18. Select the **Autopilot for existing devices config** package created earlier and click **OK**. An example is displayed at the end of this section. +19. Under the **Setup Operating System** group, click the **Setup Windows and Configuration Manager** task. +20. Click **Add** and then click **New Group**. +21. Change **Name** from **New Group** to **Prepare Device for Autopilot** +22. Verify that the **Prepare Device for Autopilot** group is the very last step in the task sequence. Use the **Move Down** button if necessary. +23. With the **Prepare device for Autopilot** group selected, click **Add**, point to **Images** and then click **Prepare ConfigMgr Client for Capture**. +24. Add a second step by clicking **Add**, pointing to **Images**, and clicking **Prepare Windows for Capture**. Use the following settings in this step: + - Automatically build mass storage driver list: **Not selected** + - Do not reset activation flag: **Not selected** + - Shutdown the computer after running this action: **Optional** + + ![Autopilot task sequence](images/ap-ts-1.png) + +25. Click **OK** to close the Task Sequence Editor. + +### Deploy Content to Distribution Points + +Next, ensure that all content required for the task sequence is deployed to distribution points. + +1. Right click on the **Autopilot for existing devices** task sequence and click **Distribute Content**. +2. Click **Next**, **Review the content to distribute** and then click **Next**. +3. On the Specify the content distribution page click **Add** to specify either a **Distribution Point** or **Distribution Point Group**. +4. On the a Add Distribution Points or Add Distribution Point Groups wizard specify content destinations that will allow the JSON file to be retrieved when the task sequence is run. +5. When you are finished specifying content distribution, click **Next** twice then click **Close**. + +### Deploy the OS with Autopilot Task Sequence + +1. Right click on the **Autopilot for existing devices** task sequence and then click **Deploy**. +2. In the Deploy Software Wizard enter the following **General** and **Deployment Settings** details: + - Task Sequence: **Autopilot for existing devices**. + - Collection: Click **Browse** and then select **Autopilot for existing devices collection** (or another collection you prefer). + - Click **Next** to specify **Deployment Settings**. + - Action: **Install**. + - Purpose: **Available**. You can optionally select **Required** instead of **Available**. This is not recommended during the test owing to the potential impact of inadvertent configurations. + - Make available to the following: **Only Configuration Manager Clients**. Note: Choose the option here that is relevant for the context of your test. If the target client does not have the Configuration Manager agent or Windows installed, you will need to select an option that includes PXE or Boot Media. + - Click **Next** to specify **Scheduling** details. + - Schedule when this deployment will become available: Optional + - Schedule when this deployment will expire: Optional + - Click **Next** to specify **User Experience** details. + - Show Task Sequence progress: Selected. + - Software Installation: Not selected. + - System restart (if required to complete the installation): Not selected. + - Commit changed at deadline or during a maintenance windows (requires restart): Optional. + - Allow task sequence to be run for client on the Internet: Optional + - Click **Next** to specify **Alerts** details. + - Create a deployment alert when the threshold is higher than the following: Optional. + - Click **Next** to specify **Distribution Points** details. + - Deployment options: **Download content locally when needed by the running task sequence**. + - When no local distribution point is available use a remote distribution point: Optional. + - Allow clients to use distribution points from the default site boundary group: Optional. + - Click **Next**, confirm settings, click **Next**, and then click **Close**. + +### Complete the client installation process + +1. Open the Software Center on the target Windows 7 or Windows 8.1 client computer. You can do this by clicking Start and then typing **software** in the search box, or by typing the following at a Windows PowerShell or command prompt: + + ``` + C:\Windows\CCM\SCClient.exe + ``` + +2. In the software library, select **Autopilot for existing devices** and click **Install**. See the following example: + + ![Named resource2](images/sc.png) + ![Named resource2](images/sc1.png) + +The Task Sequence will download content, reboot, format the drives and install Windows 10. The device will then proceed to be prepared for Autopilot. Once the task sequence has completed the device will boot into OOBE and provide an Autopilot experience. + +![refresh-1](images/up-1.png) +![refresh-2](images/up-2.png) +![refresh-3](images/up-3.png) + +>[!NOTE] +>If joining devices to Active Directory (Hybrid Azure AD Join), it is necessary to create a Domain Join device configuration profile that is targeted to "All Devices" (since there is no Azure Active Directory device object for the computer to do group-based targeting). See [User-driven mode for hybrid Azure Active Directory join](https://docs.microsoft.com/windows/deployment/windows-autopilot/user-driven#user-driven-mode-for-hybrid-azure-active-directory-join) for more information. + +### Register the device for Windows Autopilot + +Devices provisioned through Autopilot will only receive the guided OOBE Autopilot experience on first boot. Once updated to Windows 10, the device should be registered to ensure a continued Autopilot experience in the event of PC reset. You can enable automatic registration for an assigned group using the **Convert all targeted devices to Autopilot** setting. For more information, see [Create an Autopilot deployment profile](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-deployment-profile). + +Also see [Adding devices to Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/add-devices). + +## Speeding up the deployment process + +To remove around 20 minutes from the deployment process, see Michael Niehaus's blog with instructions for [Speeding up Windows Autopilot for existing devices](https://blogs.technet.microsoft.com/mniehaus/2018/10/25/speeding-up-windows-autopilot-for-existing-devices/). diff --git a/windows/deployment/windows-autopilot/known-issues.md b/windows/deployment/windows-autopilot/known-issues.md index 9ba16cd6f9..b2de8f53ee 100644 --- a/windows/deployment/windows-autopilot/known-issues.md +++ b/windows/deployment/windows-autopilot/known-issues.md @@ -25,9 +25,15 @@ ms.topic: article - @@ -102,7 +101,6 @@ sections:
    IssueMore information -
    The following known issue will be resolved by installing the KB4517211 update, due to be released in late September 2019: - -- TPM attestation fails on Windows 10 1903 due to missing AKI extension in EK certificate. (An additional validation added in Windows 10 1903 to check that the TPM EK certs had the proper attributes according to the TCG specifications uncovered that a number of them don’t, so that validation will be removed). +
    Windows Autopilot for existing devices does not work for Windows 10, version 1903; you see screens that you've disabled in your Windows Autopilot profile, such as the Windows 10 License Agreement screen. +
     
    +This happens because Windows 10, version 1903 deletes the AutopilotConfigurationFile.json file. +    		To fix this issue:
    1. Edit the Configuration Manager task sequence and disable the Prepare Windows for Capture step. +
    2. Add a new Run command line step that runs c:\windows\system32\sysprep\sysprep.exe /oobe /reboot.
    +More information +
    The following known issue will be resolved by installing the KB4517211 update, due to be released in late September 2019. +
     
    +TPM attestation fails on Windows 10 1903 due to missing AKI extension in EK certificate. (An additional validation added in Windows 10 1903 to check that the TPM EK certs had the proper attributes according to the TCG specifications uncovered that a number of them don’t, so that validation will be removed).     		Download and install the KB4517211 update.

    This update is currently pending release.
    The following known issues are resolved by installing the August 30, 2019 KB4512941 update (OS Build 18362.329): diff --git a/windows/privacy/gdpr-it-guidance.md b/windows/privacy/gdpr-it-guidance.md index f142ad0677..50d0770521 100644 --- a/windows/privacy/gdpr-it-guidance.md +++ b/windows/privacy/gdpr-it-guidance.md @@ -117,7 +117,7 @@ Diagnostic data is categorized into the levels "Security", "Basic", "Enhanced", ### Windows services where Microsoft is the processor under the GDPR -Most Windows 10 services are controller services in terms of the GDPR – for both Windows functional data and Windows diagnostic data. But there are a few Windows services where Microsoft is a processor for functional data under the GDPR, such as [Windows Analytics](https://www.microsoft.com/windowsforbusiness/windows-analytics) and [Windows Defender Advanced Threat Protection (ATP)](https://www.microsoft.com/windowsforbusiness/windows-atp). +Most Windows 10 services are controller services in terms of the GDPR – for both Windows functional data and Windows diagnostic data. But there are a few Windows services where Microsoft is a processor for functional data under the GDPR, such as [Windows Analytics](https://www.microsoft.com/windowsforbusiness/windows-analytics) and [Windows Defender Advanced Threat Protection (ATP)](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp). >[!NOTE] >Both Windows Analytics and Windows Defender ATP are subscription services for organizations. Some functionality requires a certain license (please see [Compare Windows 10 editions](https://www.microsoft.com/windowsforbusiness/compare)). @@ -137,7 +137,7 @@ As a result, in terms of the GDPR, the organization that has subscribed to Windo #### Windows Defender ATP -[Windows Defender ATP](https://www.microsoft.com/WindowsForBusiness/windows-atp) is cloud-based service that collects and analyzes usage data from an organization’s devices to detect security threats. Some of the data can contain personal data as defined by the GDPR. Enrolled devices transmit usage data to Microsoft datacenters, where that data is analyzed, processed, and stored. The security operations center (SOC) of the organization can view the analyzed data using the [Windows Defender ATP portal](https://securitycenter.windows.com/). +[Windows Defender ATP](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) is cloud-based service that collects and analyzes usage data from an organization’s devices to detect security threats. Some of the data can contain personal data as defined by the GDPR. Enrolled devices transmit usage data to Microsoft datacenters, where that data is analyzed, processed, and stored. The security operations center (SOC) of the organization can view the analyzed data using the [Windows Defender ATP portal](https://securitycenter.windows.com/). As a result, in terms of the GDPR, the organization that has subscribed to Windows Defender ATP is acting as the controller, while Microsoft is the processor for Windows Defender ATP. diff --git a/windows/release-information/resolved-issues-windows-10-1709.yml b/windows/release-information/resolved-issues-windows-10-1709.yml index b9fb594146..07fbc6a7b2 100644 --- a/windows/release-information/resolved-issues-windows-10-1709.yml +++ b/windows/release-information/resolved-issues-windows-10-1709.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -57,6 +58,15 @@ sections:
    " +- title: September 2019 +- items: + - type: markdown + text: " +
    SummaryOriginating updateStatusDate resolved
    IME may become unresponsive or have High CPU usage
    Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.

    See details >    		OS Build 16299.1387

    September 10, 2019
    KB4516066    		Resolved
    		September 19, 2019
    04:08 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 16299.1296

    July 16, 2019
    KB4507465    		Resolved
    KB4512516    		August 13, 2019
    10:00 AM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved
    KB4512494    		August 16, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Resolved
    KB4512494    		August 16, 2019
    02:00 PM PT
    + +
    DetailsOriginating updateStatusHistory
    IME may become unresponsive or have High CPU usage
    Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.


    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016

    Resolution: Due to security related changes in KB4516066, this issue may occur when Touch Keyboard and Handwriting Panel Service is not configured to its default startup type of Manual. To resolve the issue, perform the following steps:
    1. Select the Start button and type Services.
    2. Locate Touch Keyboard and Handwriting Panel Service and double click on it or long press and select Properties.
    3. Locate Startup type: and change it to Manual
    4. Select Ok
    5. The TabletInputService service is now in the default configuration and IME should work as expected.

    Back to top    		OS Build 16299.1387

    September 10, 2019
    KB4516066    		Resolved
    		Resolved:
    September 19, 2019
    04:08 PM PT

    Opened:
    September 13, 2019
    05:25 PM PT
    + " + - title: August 2019 - items: - type: markdown diff --git a/windows/release-information/resolved-issues-windows-10-1803.yml b/windows/release-information/resolved-issues-windows-10-1803.yml index a65cc10df5..678191535f 100644 --- a/windows/release-information/resolved-issues-windows-10-1803.yml +++ b/windows/release-information/resolved-issues-windows-10-1803.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -63,6 +64,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    IME may become unresponsive or have High CPU usage
    Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.

    See details >    		OS Build 17134.1006

    September 10, 2019
    KB4516058    		Resolved
    		September 19, 2019
    04:08 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 17134.915

    July 16, 2019
    KB4507466    		Resolved
    KB4512501    		August 13, 2019
    10:00 AM PT
    Notification issue: \"Your device is missing important security and quality fixes.\"
    Some users may have incorrectly received the notification \"Your device is missing important security and quality fixes.\"

    See details >    		N/A

    		Resolved
    		September 03, 2019
    12:32 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Resolved
    KB4512509    		August 19, 2019
    02:00 PM PT
    +
    DetailsOriginating updateStatusHistory
    IME may become unresponsive or have High CPU usage
    Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.


    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016

    Resolution: Due to security related changes in KB4516058, this issue may occur when Touch Keyboard and Handwriting Panel Service is not configured to its default startup type of Manual. To resolve the issue, perform the following steps:
    1. Select the Start button and type Services.
    2. Locate Touch Keyboard and Handwriting Panel Service and double click on it or long press and select Properties.
    3. Locate Startup type: and change it to Manual
    4. Select Ok
    5. The TabletInputService service is now in the default configuration and IME should work as expected.

    Back to top    		OS Build 17134.1006

    September 10, 2019
    KB4516058    		Resolved
    		Resolved:
    September 19, 2019
    04:08 PM PT

    Opened:
    September 13, 2019
    05:25 PM PT
    Notification issue: \"Your device is missing important security and quality fixes.\"
    Some users may have incorrectly received the notification \"Your device is missing important security and quality fixes\" in the Windows Update dialog and a red \"!\" in the task tray on the Windows Update tray icon. This notification is intended for devices that are 90 days or more out of date, but some users with installed updates released in June or July also saw this notification.

    Affected platforms:
    • Client: Windows 10, version 1803
    • Server: Windows Server, version 1803
    Resolution: This issue was resolved on the server side on August 30, 2019. Only devices that are out of date by 90 days or more should now see the notification. No action is required by the user to resolve this issue. If you are still seeing the \"Your device is missing important security and quality fixes\" notification, we recommend selecting Check for Updates in the Windows Update dialog. For instructions, see Update Windows 10. Microsoft always recommends trying to keep your devices up to date, as the monthly updates contain important security fixes. 

    Back to top    		N/A

    		Resolved
    		Resolved:
    September 03, 2019
    12:32 PM PT

    Opened:
    September 03, 2019
    12:32 PM PT
    " diff --git a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml index 829b497041..29d533154d 100644 --- a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml @@ -32,6 +32,8 @@ sections: - type: markdown text: " + + @@ -65,11 +67,21 @@ sections:
    " +- title: September 2019 +- items: + - type: markdown + text: " +
    SummaryOriginating updateStatusDate resolved
    Apps and scripts using the NetQueryDisplayInformation API may fail with error
    Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.

    See details >    		OS Build 17763.55

    October 09, 2018
    KB4464330    		Resolved
    KB4516077    		September 24, 2019
    10:00 AM PT
    IME may become unresponsive or have High CPU usage
    Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.

    See details >    		OS Build 17763.737

    September 10, 2019
    KB4512578    		Resolved
    		September 19, 2019
    04:08 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 17763.652

    July 22, 2019
    KB4505658    		Resolved
    KB4511553    		August 13, 2019
    10:00 AM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved
    KB4512534    		August 17, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 17763.678

    August 13, 2019
    KB4511553    		Resolved
    KB4512534    		August 17, 2019
    02:00 PM PT
    + +
    DetailsOriginating updateStatusHistory
    IME may become unresponsive or have High CPU usage
    Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.


    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016

    Resolution: Due to security related changes in KB4512578, this issue may occur when Touch Keyboard and Handwriting Panel Service is not configured to its default startup type of Manual. To resolve the issue, perform the following steps:
    1. Select the Start button and type Services.
    2. Locate Touch Keyboard and Handwriting Panel Service and double click on it or long press and select Properties.
    3. Locate Startup type: and change it to Manual
    4. Select Ok
    5. The TabletInputService service is now in the default configuration and IME should work as expected.

    Back to top    		OS Build 17763.737

    September 10, 2019
    KB4512578    		Resolved
    		Resolved:
    September 19, 2019
    04:08 PM PT

    Opened:
    September 13, 2019
    05:25 PM PT
    + " + - title: August 2019 - items: - type: markdown text: " +
    DetailsOriginating updateStatusHistory
    Apps and scripts using the NetQueryDisplayInformation API may fail with error
     Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

    Affected platforms:
    • Server: Windows Server 2019; Windows Server 2016
    Resolution: This issue was resolved in KB4516077.

    Back to top    		OS Build 17763.55

    October 09, 2018
    KB4464330    		Resolved
    KB4516077    		Resolved:
    September 24, 2019
    10:00 AM PT

    Opened:
    August 01, 2019
    05:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4511553, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4512534. This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512534 and install. For instructions, see Update Windows 10.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 17763.678

    August 13, 2019
    KB4511553    		Resolved
    KB4512534    		Resolved:
    August 17, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503327) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    diff --git a/windows/release-information/resolved-issues-windows-10-1903.yml b/windows/release-information/resolved-issues-windows-10-1903.yml index c2c7870398..5178fde6ad 100644 --- a/windows/release-information/resolved-issues-windows-10-1903.yml +++ b/windows/release-information/resolved-issues-windows-10-1903.yml @@ -32,6 +32,8 @@ sections: - type: markdown text: " + + @@ -66,6 +68,8 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    IME may become unresponsive or have High CPU usage
    Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.

    See details >    		OS Build 18362.356

    September 10, 2019
    KB4515384    		Resolved
    		September 19, 2019
    04:08 PM PT
    Some users report issues related to the Start menu and Windows Desktop Search
    Microsoft has received reports that a small number of users are having issues related to the Start menu and Windows Desktop Search.

    See details >    		OS Build 18362.356

    September 10, 2019
    KB4515384    		Resolved
    		September 19, 2019
    04:58 PM PT
    Screenshots and Snips have an unnatural orange tint
    Users have reported an orange tint on Screenshots and Snips with the Lenovo Vantage app installed

    See details >    		OS Build 18362.356

    September 10, 2019
    KB4516115    		Resolved External
    		September 11, 2019
    08:54 PM PT
    Windows Desktop Search may not return any results and may have high CPU usage
    Windows Desktop Search may not return any results and SearchUI.exe may have high CPU usage after installing KB4512941.

    See details >    		OS Build 18362.329

    August 30, 2019
    KB4512941    		Resolved
    KB4515384    		September 10, 2019
    10:00 AM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Resolved
    KB4512941    		August 30, 2019
    10:00 AM PT
    + +
    DetailsOriginating updateStatusHistory
    IME may become unresponsive or have High CPU usage
    Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.


    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016

    Resolution: Due to security related changes in KB4515384, this issue may occur when Touch Keyboard and Handwriting Panel Service is not configured to its default startup type of Manual. To resolve the issue, perform the following steps:
    1. Select the Start button and type Services.
    2. Locate Touch Keyboard and Handwriting Panel Service and double click on it or long press and select Properties.
    3. Locate Startup type: and change it to Manual
    4. Select Ok
    5. The TabletInputService service is now in the default configuration and IME should work as expected.

    Back to top    		OS Build 18362.356

    September 10, 2019
    KB4515384    		Resolved
    		Resolved:
    September 19, 2019
    04:08 PM PT

    Opened:
    September 13, 2019
    05:25 PM PT
    Some users report issues related to the Start menu and Windows Desktop Search
    Microsoft has received reports that a small number of users are having issues related to the Start menu and Windows Desktop Search.

    Affected platforms:
    • Client: Windows 10, version 1903
    Resolution: At this time, Microsoft has not found a Search or Start issue significantly impacting users originating from KB4515384. We will continue monitoring to ensure users have a high-quality experience when interacting with these areas. If you are currently having issues, we recommend you to take a moment to report it in via the Feedback Hub (Windows + F) then try the Windows 10 Troubleshoot settings (found in Settings). If you are having an issue with search, see Fix problems in Windows Search.

    Back to top    		OS Build 18362.356

    September 10, 2019
    KB4515384    		Resolved
    		Resolved:
    September 19, 2019
    04:58 PM PT

    Opened:
    September 11, 2019
    05:18 PM PT
    Screenshots and Snips have an unnatural orange tint
    When creating screenshots or using similar tools (such as Snipping Tool or Snip & Sketch), the resulting images may have an unnatural orange tint. This issue is caused by the Eye Care mode feature of Lenovo Vantage. This issue started on or around September 5, 2019. 

    Affected platforms:
    • Client: Windows 10, version 1903
    • Server: None
    Resolution: For guidance on this issue, see the Lenovo support article Screenshots and Snips have an unnatural orange tint. There is no update for Windows needed for this issue.

    Back to top    		OS Build 18362.356

    September 10, 2019
    KB4516115    		Resolved External
    		Last updated:
    September 11, 2019
    08:54 PM PT

    Opened:
    September 11, 2019
    08:54 PM PT
    Windows Desktop Search may not return any results and may have high CPU usage
    Microsoft is getting reports that a small number of users may not receive results when using Windows Desktop Search and may see high CPU usage from SearchUI.exe when searching after installing KB4512941. This issue is only encountered on devices in which searching the web from Windows Desktop Search has been disabled.

    Affected platforms:
    • Client: Windows 10, version 1903
    Resolution: This issue was resolved in KB4515384.

    Back to top    		OS Build 18362.329

    August 30, 2019
    KB4512941    		Resolved
    KB4515384    		Resolved:
    September 10, 2019
    10:00 AM PT

    Opened:
    September 04, 2019
    02:25 PM PT
    diff --git a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml index aa64a5bbb2..5ac6ed8257 100644 --- a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -59,6 +60,15 @@ sections:
    " +- title: September 2019 +- items: + - type: markdown + text: " +
    SummaryOriginating updateStatusDate resolved
    You may receive an error when opening or using the Toshiba Qosmio AV Center
    Toshiba Qosmio AV Center may error when opening and you may also receive an error in Event Log related to cryptnet.dll.

    See details >    		August 13, 2019
    KB4512506    		Resolved
    KB4516048    		September 24, 2019
    10:00 AM PT
    Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV
    Windows updates that are SHA-2 signed are not available with Symantec or Norton antivirus program installed

    See details >    		August 13, 2019
    KB4512506    		Resolved External
    		August 27, 2019
    02:29 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503292    		Resolved
    KB4512514    		August 17, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512506    		Resolved
    KB4517297    		August 16, 2019
    02:00 PM PT
    + +
    DetailsOriginating updateStatusHistory
    You may receive an error when opening or using the Toshiba Qosmio AV Center
    After installing KB4512506, you may receive an error when opening or using the Toshiba Qosmio AV Center. You may also receive an error in Event Log related to cryptnet.dll.

    Affected platforms:
    • Client: Windows 7 SP1
    Resolution: This issue was resolved in KB4516048.

    Back to top    		August 13, 2019
    KB4512506    		Resolved
    KB4516048    		Resolved:
    September 24, 2019
    10:00 AM PT

    Opened:
    September 10, 2019
    09:48 AM PT
    + " + - title: August 2019 - items: - type: markdown diff --git a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml index 6255d324e1..16abec6cc8 100644 --- a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -46,7 +47,6 @@ sections: - @@ -60,6 +60,15 @@ sections:
    " +- title: September 2019 +- items: + - type: markdown + text: " +
    SummaryOriginating updateStatusDate resolved
    Windows RT 8.1 devices may have issues opening Internet Explorer 11
    On Windows RT 8.1 devices, Internet Explorer 11 may not open and you may receive an error.

    See details >    		September 10, 2019
    KB4516067    		Resolved
    KB4516041    		September 24, 2019
    10:00 AM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503276    		Resolved
    KB4512478    		August 17, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512488    		Resolved
    KB4517298    		August 16, 2019
    02:00 PM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493446    		Resolved External
    		August 13, 2019
    06:59 PM PT
    System may be unresponsive after restart if Avira antivirus software installed
    Devices with Avira antivirus software installed may become unresponsive upon restart.

    See details >    		April 09, 2019
    KB4493446    		Resolved
    		May 14, 2019
    01:21 PM PT
    Embedded objects may display incorrectly
    Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

    See details >    		February 12, 2019
    KB4487000    		Resolved
    KB4493446    		April 09, 2019
    10:00 AM PT
    Devices may not respond at login or Welcome screen if running certain Avast software
    Devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software may become unresponsive after restart.

    See details >    		April 09, 2019
    KB4493446    		Resolved
    		April 25, 2019
    02:00 PM PT
    Devices with winsock kernel client may receive error
    Devices with a winsock kernel client may receive D1, FC, and other errors.

    See details >    		March 12, 2019
    KB4489881    		Resolved
    KB4489893    		March 19, 2019
    10:00 AM PT
    Custom URI schemes may not start corresponding application
    Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

    See details >    		March 12, 2019
    KB4489881    		Resolved
    KB4493446    		April 09, 2019
    10:00 AM PT
    MSXML6 may cause applications to stop responding.
    MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

    See details >    		January 08, 2019
    KB4480963    		Resolved
    KB4493446    		April 09, 2019
    10:00 AM PT
    Internet Explorer 11 authentication issue with multiple concurrent logons
    Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

    See details >    		January 08, 2019
    KB4480963    		Resolved
    KB4493446    		April 09, 2019
    10:00 AM PT
    + +
    DetailsOriginating updateStatusHistory
    Windows RT 8.1 devices may have issues opening Internet Explorer 11
    On Windows 8.1 RT devices, Internet Explorer 11 may not open and you may receive the error, \"C:\\Program Files\\Internet Explorer\\iexplore.exe: A certificate was explicitly revoked by its issuer.\"


    Affected platforms:
    • Client: Windows RT 8.1
    Resolution: This issue was resolved in KB4516041.

    Back to top    		September 10, 2019
    KB4516067    		Resolved
    KB4516041    		Resolved:
    September 24, 2019
    10:00 AM PT

    Opened:
    September 13, 2019
    05:25 PM PT
    + " + - title: August 2019 - items: - type: markdown @@ -118,7 +127,6 @@ sections: text: " -
    DetailsOriginating updateStatusHistory
    Issue using PXE to start a device from WDS
    After installing KB4489881, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.

    Affected platforms: 
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1 
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012 
    Resolution: This issue was resolved in KB4503276.

    Back to top    		March 12, 2019
    KB4489881    		Resolved
    KB4503276    		Resolved:
    June 11, 2019
    10:00 AM PT

    Opened:
    March 12, 2019
    10:00 AM PT
    Devices with winsock kernel client may receive error
    After installing KB4489881, devices with a winsock kernel client may receive D1, FC, and other errors. Additionally, systems that run the Skype for Business or Lync Server Edge Transport role may be affected by this issue.

    Affected platforms: 
    • Client: Windows 8.1 
    • Server: Windows Server 2012 R2 
    Resolution: This issue is resolved in KB4489893.

    Back to top    		March 12, 2019
    KB4489881    		Resolved
    KB4489893    		Resolved:
    March 19, 2019
    10:00 AM PT

    Opened:
    March 12, 2019
    10:00 AM PT
    Custom URI schemes may not start corresponding application
    After installing KB4489881, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer.

    Affected platforms: 
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1 
    Resolution: This issue is resolved in KB4493446.

    Back to top    		March 12, 2019
    KB4489881    		Resolved
    KB4493446    		Resolved:
    April 09, 2019
    10:00 AM PT

    Opened:
    March 12, 2019
    10:00 AM PT
    " diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml index f2f699cd5b..0d1188c730 100644 --- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml +++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml @@ -63,7 +63,6 @@ sections:
    IME may become unresponsive or have High CPU usage
    Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.

    See details >    		OS Build 14393.3204

    September 10, 2019
    KB4516044    		Resolved
    		September 17, 2019
    04:47 PM PT
    Apps and scripts using the NetQueryDisplayInformation API may fail with error
    Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.

    See details >    		OS Build 14393.3053

    June 18, 2019
    KB4503294    		Resolved
    KB4516044    		September 10, 2019
    10:00 AM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 14393.3115

    July 16, 2019
    KB4507459    		Resolved
    KB4512517    		August 13, 2019
    10:00 AM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Resolved
    KB4512495    		August 17, 2019
    02:00 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

    See details >    		OS Build 14393.2724

    January 08, 2019
    KB4480961    		Mitigated
    		April 25, 2019
    02:00 PM PT
    Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM
    Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.

    See details >    		OS Build 14393.2608

    November 13, 2018
    KB4467691    		Mitigated
    		February 19, 2019
    10:00 AM PT
    Cluster service may fail if the minimum password length is set to greater than 14
    The cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the Group Policy “Minimum Password Length” is configured with greater than 14 characters.

    See details >    		OS Build 14393.2639

    November 27, 2018
    KB4467684    		Mitigated
    		April 25, 2019
    02:00 PM PT
    -
    DetailsOriginating updateStatusHistory
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507459. Devices that are domain controllers or domain members are both affected.

    To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

    Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
    HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
    Resolution: This issue was resolved in KB4512517 and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903 or Windows Server, version 1903.

    Back to top    		OS Build 14393.3115

    July 16, 2019
    KB4507459    		Resolved
    KB4512517    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    July 25, 2019
    06:10 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503267 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Resolution: This issue was resolved in KB4512495.

    Back to top    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Resolved
    KB4512495    		Resolved:
    August 17, 2019
    02:00 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    " diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml index 9bd26e7699..736fe704a3 100644 --- a/windows/release-information/status-windows-10-1709.yml +++ b/windows/release-information/status-windows-10-1709.yml @@ -60,9 +60,8 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + -
    SummaryOriginating updateStatusLast updated
    IME may become unresponsive or have High CPU usage
    Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.

    See details >    		OS Build 16299.1387

    September 10, 2019
    KB4516066    		Mitigated
    		September 16, 2019
    05:36 PM PT
    IME may become unresponsive or have High CPU usage
    Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.

    See details >    		OS Build 16299.1387

    September 10, 2019
    KB4516066    		Resolved
    		September 19, 2019
    04:08 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 16299.1296

    July 16, 2019
    KB4507465    		Resolved
    KB4512516    		August 13, 2019
    10:00 AM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved
    KB4512494    		August 16, 2019
    02:00 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

    See details >    		OS Build 16299.904

    January 08, 2019
    KB4480978    		Mitigated
    		April 25, 2019
    02:00 PM PT
    " @@ -79,7 +78,7 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    IME may become unresponsive or have High CPU usage
    Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.


    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016

    Workaround: To mitigate the issue, perform the following steps:
    1. Select the Start button and type Services.
    2. Locate Touch Keyboard and Handwriting Panel Service and double click on it or long press and select Properties.
    3. Locate Startup type: and change it to Manual
    4. Select Ok
    5. The TabletInputService service is now in the default configuration and IME should work as expected.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 16299.1387

    September 10, 2019
    KB4516066    		Mitigated
    		Last updated:
    September 16, 2019
    05:36 PM PT

    Opened:
    September 13, 2019
    05:25 PM PT
    IME may become unresponsive or have High CPU usage
    Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.


    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016

    Resolution: Due to security related changes in KB4516066, this issue may occur when Touch Keyboard and Handwriting Panel Service is not configured to its default startup type of Manual. To resolve the issue, perform the following steps:
    1. Select the Start button and type Services.
    2. Locate Touch Keyboard and Handwriting Panel Service and double click on it or long press and select Properties.
    3. Locate Startup type: and change it to Manual
    4. Select Ok
    5. The TabletInputService service is now in the default configuration and IME should work as expected.

    Back to top    		OS Build 16299.1387

    September 10, 2019
    KB4516066    		Resolved
    		Resolved:
    September 19, 2019
    04:08 PM PT

    Opened:
    September 13, 2019
    05:25 PM PT
    " @@ -90,7 +89,6 @@ sections: -
    DetailsOriginating updateStatusHistory
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507465. Devices that are domain controllers or domain members are both affected.

    To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

    Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
    HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
    Resolution: This issue was resolved in KB4512516 and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903 or Windows Server, version 1903.

    Back to top    		OS Build 16299.1296

    July 16, 2019
    KB4507465    		Resolved
    KB4512516    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    July 25, 2019
    06:10 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503284 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Resolution: This issue was resolved in KB4512494.

    Back to top    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved
    KB4512494    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    " diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml index a6be94d23c..d5c98d427e 100644 --- a/windows/release-information/status-windows-10-1803.yml +++ b/windows/release-information/status-windows-10-1803.yml @@ -65,12 +65,10 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + - -
    SummaryOriginating updateStatusLast updated
    IME may become unresponsive or have High CPU usage
    Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.

    See details >    		OS Build 17134.1006

    September 10, 2019
    KB4516058    		Mitigated
    		September 16, 2019
    05:36 PM PT
    IME may become unresponsive or have High CPU usage
    Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.

    See details >    		OS Build 17134.1006

    September 10, 2019
    KB4516058    		Resolved
    		September 19, 2019
    04:08 PM PT
    Windows Mixed Reality Portal users may intermittently receive a 15-5 error code
    You may receive a 15-5 error code in Windows Mixed Reality Portal and your headset may not respond to \"wake up\" from sleep.

    See details >    		OS Build 17134.950

    August 13, 2019
    KB4512501    		Mitigated
    		September 11, 2019
    05:32 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 17134.915

    July 16, 2019
    KB4507466    		Resolved
    KB4512501    		August 13, 2019
    10:00 AM PT
    Notification issue: \"Your device is missing important security and quality fixes.\"
    Some users may have incorrectly received the notification \"Your device is missing important security and quality fixes.\"

    See details >    		N/A

    		Resolved
    		September 03, 2019
    12:32 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Resolved
    KB4512509    		August 19, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 17134.950

    August 13, 2019
    KB4512501    		Resolved
    KB4512509    		August 19, 2019
    02:00 PM PT
    Startup to a black screen after installing updates
    Your device may startup to a black screen during the first logon after installing updates.

    See details >    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Mitigated
    		June 14, 2019
    04:41 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

    See details >    		OS Build 17134.523

    January 08, 2019
    KB4480966    		Mitigated
    		April 25, 2019
    02:00 PM PT
    @@ -88,21 +86,12 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    IME may become unresponsive or have High CPU usage
    Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.


    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016

    Workaround: To mitigate the issue, perform the following steps:
    1. Select the Start button and type Services.
    2. Locate Touch Keyboard and Handwriting Panel Service and double click on it or long press and select Properties.
    3. Locate Startup type: and change it to Manual
    4. Select Ok
    5. The TabletInputService service is now in the default configuration and IME should work as expected.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 17134.1006

    September 10, 2019
    KB4516058    		Mitigated
    		Last updated:
    September 16, 2019
    05:36 PM PT

    Opened:
    September 13, 2019
    05:25 PM PT
    IME may become unresponsive or have High CPU usage
    Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.


    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016

    Resolution: Due to security related changes in KB4516058, this issue may occur when Touch Keyboard and Handwriting Panel Service is not configured to its default startup type of Manual. To resolve the issue, perform the following steps:
    1. Select the Start button and type Services.
    2. Locate Touch Keyboard and Handwriting Panel Service and double click on it or long press and select Properties.
    3. Locate Startup type: and change it to Manual
    4. Select Ok
    5. The TabletInputService service is now in the default configuration and IME should work as expected.

    Back to top    		OS Build 17134.1006

    September 10, 2019
    KB4516058    		Resolved
    		Resolved:
    September 19, 2019
    04:08 PM PT

    Opened:
    September 13, 2019
    05:25 PM PT
    Windows Mixed Reality Portal users may intermittently receive a 15-5 error code
    After installing KB4512501, Windows Mixed Reality Portal users may intermittently receive a 15-5 error code. In some cases, Windows Mixed Reality Portal may report that the headset is sleeping and pressing “Wake up” may appear to produce no action.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10, version 1803
    Workaround: To mitigate the issue, use the following steps:
    1. Close the Windows Mixed Reality Portal, if it is running.
    2. Open Task Manager by selecting the Start button and typing Task Manager.
    3. In Task Manager under the Processes tab, right click or long press on “Windows Explorer” and select restart.
    4. You can now open the Windows Mixed Reality Portal.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 17134.950

    August 13, 2019
    KB4512501    		Mitigated
    		Last updated:
    September 11, 2019
    05:32 PM PT

    Opened:
    September 11, 2019
    05:32 PM PT
    Notification issue: \"Your device is missing important security and quality fixes.\"
    Some users may have incorrectly received the notification \"Your device is missing important security and quality fixes\" in the Windows Update dialog and a red \"!\" in the task tray on the Windows Update tray icon. This notification is intended for devices that are 90 days or more out of date, but some users with installed updates released in June or July also saw this notification.

    Affected platforms:
    • Client: Windows 10, version 1803
    • Server: Windows Server, version 1803
    Resolution: This issue was resolved on the server side on August 30, 2019. Only devices that are out of date by 90 days or more should now see the notification. No action is required by the user to resolve this issue. If you are still seeing the \"Your device is missing important security and quality fixes\" notification, we recommend selecting Check for Updates in the Windows Update dialog. For instructions, see Update Windows 10. Microsoft always recommends trying to keep your devices up to date, as the monthly updates contain important security fixes. 

    Back to top    		N/A

    		Resolved
    		Resolved:
    September 03, 2019
    12:32 PM PT

    Opened:
    September 03, 2019
    12:32 PM PT
    " -- title: August 2019 -- items: - - type: markdown - text: " - - -
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512501, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4512509. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512509 and install. For instructions, see Update Windows 10.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 17134.950

    August 13, 2019
    KB4512501    		Resolved
    KB4512509    		Resolved:
    August 19, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    - " - - title: July 2019 - items: - type: markdown @@ -110,7 +99,6 @@ sections: -
    DetailsOriginating updateStatusHistory
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507466. Devices that are domain controllers or domain members are both affected.

    To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

    Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
    HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
    Resolution: This issue was resolved in KB4512501 and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903 or Windows Server, version 1903.

    Back to top    		OS Build 17134.915

    July 16, 2019
    KB4507466    		Resolved
    KB4512501    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    July 25, 2019
    06:10 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503286 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Resolution: This issue was resolved in KB4512509.

    Back to top    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Resolved
    KB4512509    		Resolved:
    August 19, 2019
    02:00 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    " diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index f32d6b5f10..157e975b35 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -64,11 +64,10 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + + - - @@ -87,7 +86,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    IME may become unresponsive or have High CPU usage
    Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.

    See details >    		OS Build 17763.737

    September 10, 2019
    KB4512578    		Mitigated
    		September 16, 2019
    05:36 PM PT
    Apps and scripts using the NetQueryDisplayInformation API may fail with error
    Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.

    See details >    		OS Build 17763.55

    October 09, 2018
    KB4464330    		Resolved
    KB4516077    		September 24, 2019
    10:00 AM PT
    IME may become unresponsive or have High CPU usage
    Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.

    See details >    		OS Build 17763.737

    September 10, 2019
    KB4512578    		Resolved
    		September 19, 2019
    04:08 PM PT
    Windows Mixed Reality Portal users may intermittently receive a 15-5 error code
    You may receive a 15-5 error code in Windows Mixed Reality Portal and your headset may not respond to \"wake up\" from sleep.

    See details >    		OS Build 17763.678

    August 13, 2019
    KB4511553    		Mitigated
    		September 11, 2019
    05:32 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 17763.652

    July 22, 2019
    KB4505658    		Resolved
    KB4511553    		August 13, 2019
    10:00 AM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved
    KB4512534    		August 17, 2019
    02:00 PM PT
    Apps and scripts using the NetQueryDisplayInformation API may fail with error
    Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.

    See details >    		OS Build 17763.55

    October 09, 2018
    KB4464330    		Investigating
    		August 01, 2019
    05:00 PM PT
    Startup to a black screen after installing updates
    Your device may startup to a black screen during the first logon after installing updates.

    See details >    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Mitigated
    		June 14, 2019
    04:41 PM PT
    Devices with some Asian language packs installed may receive an error
    After installing the KB4493509 devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_F

    See details >    		OS Build 17763.437

    April 09, 2019
    KB4493509    		Mitigated
    		May 03, 2019
    10:59 AM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

    See details >    		OS Build 17763.253

    January 08, 2019
    KB4480116    		Mitigated
    		April 09, 2019
    10:00 AM PT
    - +
    DetailsOriginating updateStatusHistory
    IME may become unresponsive or have High CPU usage
    Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.


    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016

    Workaround: To mitigate the issue, perform the following steps:
    1. Select the Start button and type Services.
    2. Locate Touch Keyboard and Handwriting Panel Service and double click on it or long press and select Properties.
    3. Locate Startup type: and change it to Manual
    4. Select Ok
    5. The TabletInputService service is now in the default configuration and IME should work as expected.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 17763.737

    September 10, 2019
    KB4512578    		Mitigated
    		Last updated:
    September 16, 2019
    05:36 PM PT

    Opened:
    September 13, 2019
    05:25 PM PT
    IME may become unresponsive or have High CPU usage
    Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.


    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016

    Resolution: Due to security related changes in KB4512578, this issue may occur when Touch Keyboard and Handwriting Panel Service is not configured to its default startup type of Manual. To resolve the issue, perform the following steps:
    1. Select the Start button and type Services.
    2. Locate Touch Keyboard and Handwriting Panel Service and double click on it or long press and select Properties.
    3. Locate Startup type: and change it to Manual
    4. Select Ok
    5. The TabletInputService service is now in the default configuration and IME should work as expected.

    Back to top    		OS Build 17763.737

    September 10, 2019
    KB4512578    		Resolved
    		Resolved:
    September 19, 2019
    04:08 PM PT

    Opened:
    September 13, 2019
    05:25 PM PT
    Windows Mixed Reality Portal users may intermittently receive a 15-5 error code
    After installing KB4511553, Windows Mixed Reality Portal users may intermittently receive a 15-5 error code. In some cases, Windows Mixed Reality Portal may report that the headset is sleeping and pressing “Wake up” may appear to produce no action.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10, version 1803
    Workaround: To mitigate the issue, use the following steps:
    1. Close the Windows Mixed Reality Portal, if it is running.
    2. Open Task Manager by selecting the Start button and typing Task Manager.
    3. In Task Manager under the Processes tab, right click or long press on “Windows Explorer” and select restart.
    4. You can now open the Windows Mixed Reality Portal.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 17763.678

    August 13, 2019
    KB4511553    		Mitigated
    		Last updated:
    September 11, 2019
    05:32 PM PT

    Opened:
    September 11, 2019
    05:32 PM PT
    " @@ -97,7 +96,7 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    Apps and scripts using the NetQueryDisplayInformation API may fail with error
     Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

    Affected platforms:
    • Server: Windows Server 2019; Windows Server 2016
    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 17763.55

    October 09, 2018
    KB4464330    		Investigating
    		Last updated:
    August 01, 2019
    05:00 PM PT

    Opened:
    August 01, 2019
    05:00 PM PT
    Apps and scripts using the NetQueryDisplayInformation API may fail with error
     Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

    Affected platforms:
    • Server: Windows Server 2019; Windows Server 2016
    Resolution: This issue was resolved in KB4516077.

    Back to top    		OS Build 17763.55

    October 09, 2018
    KB4464330    		Resolved
    KB4516077    		Resolved:
    September 24, 2019
    10:00 AM PT

    Opened:
    August 01, 2019
    05:00 PM PT
    " @@ -108,7 +107,6 @@ sections: -
    DetailsOriginating updateStatusHistory
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4505658. Devices that are domain controllers or domain members are both affected.

    To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

    Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
    HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
    Resolution: This issue was resolved in KB4511553 and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903 or Windows Server, version 1903.

    Back to top    		OS Build 17763.652

    July 22, 2019
    KB4505658    		Resolved
    KB4511553    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    July 25, 2019
    06:10 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503327 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Resolution: This issue was resolved in KB4512534.

    Back to top    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved
    KB4512534    		Resolved:
    August 17, 2019
    02:00 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    " diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml index d7af320a1c..a6705b085d 100644 --- a/windows/release-information/status-windows-10-1903.yml +++ b/windows/release-information/status-windows-10-1903.yml @@ -65,9 +65,9 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + + - @@ -99,9 +99,9 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    IME may become unresponsive or have High CPU usage
    Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.

    See details >    		OS Build 18362.356

    September 10, 2019
    KB4515384    		Mitigated
    		September 16, 2019
    05:36 PM PT
    IME may become unresponsive or have High CPU usage
    Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.

    See details >    		OS Build 18362.356

    September 10, 2019
    KB4515384    		Resolved
    		September 19, 2019
    04:08 PM PT
    Some users report issues related to the Start menu and Windows Desktop Search
    Microsoft has received reports that a small number of users are having issues related to the Start menu and Windows Desktop Search.

    See details >    		OS Build 18362.356

    September 10, 2019
    KB4515384    		Resolved
    		September 19, 2019
    04:58 PM PT
    Safeguard on certain devices with some Intel and Broadcom Wi-Fi adapters
    Microsoft and NEC have found incompatibility issues with some devices with Intel Centrino 6205/6235 and Broadcom 802.11ac Wi-Fi cards when running Windows 10, version 1903.

    See details >    		N/A

    		Mitigated
    		September 13, 2019
    05:25 PM PT
    Some users report issues related to the Start menu and Windows Desktop Search
    Microsoft has received reports that a small number of users are having issues related to the Start menu and Windows Desktop Search.

    See details >    		OS Build 18362.356

    September 10, 2019
    KB4515384    		Investigating
    		September 13, 2019
    05:35 PM PT
    Audio in games is quiet or different than expected
    Microsoft has received reports that audio in certain games is quieter or different than expected.

    See details >    		OS Build 18362.356

    September 10, 2019
    KB4515384    		Mitigated
    		September 13, 2019
    05:25 PM PT
    Screenshots and Snips have an unnatural orange tint
    Users have reported an orange tint on Screenshots and Snips with the Lenovo Vantage app installed

    See details >    		OS Build 18362.356

    September 10, 2019
    KB4516115    		Resolved External
    		September 11, 2019
    08:54 PM PT
    Windows Desktop Search may not return any results and may have high CPU usage
    Windows Desktop Search may not return any results and SearchUI.exe may have high CPU usage after installing KB4512941.

    See details >    		OS Build 18362.329

    August 30, 2019
    KB4512941    		Resolved
    KB4515384    		September 10, 2019
    10:00 AM PT
    - + + - diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml index 02b0c3aa47..a3fe4bad82 100644 --- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml @@ -60,9 +60,8 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    DetailsOriginating updateStatusHistory
    IME may become unresponsive or have High CPU usage
    Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.


    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016

    Workaround: To mitigate the issue, perform the following steps:
    1. Select the Start button and type Services.
    2. Locate Touch Keyboard and Handwriting Panel Service and double click on it or long press and select Properties.
    3. Locate Startup type: and change it to Manual
    4. Select Ok
    5. The TabletInputService service is now in the default configuration and IME should work as expected.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 18362.356

    September 10, 2019
    KB4515384    		Mitigated
    		Last updated:
    September 16, 2019
    05:36 PM PT

    Opened:
    September 13, 2019
    05:25 PM PT
    IME may become unresponsive or have High CPU usage
    Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.


    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016

    Resolution: Due to security related changes in KB4515384, this issue may occur when Touch Keyboard and Handwriting Panel Service is not configured to its default startup type of Manual. To resolve the issue, perform the following steps:
    1. Select the Start button and type Services.
    2. Locate Touch Keyboard and Handwriting Panel Service and double click on it or long press and select Properties.
    3. Locate Startup type: and change it to Manual
    4. Select Ok
    5. The TabletInputService service is now in the default configuration and IME should work as expected.

    Back to top    		OS Build 18362.356

    September 10, 2019
    KB4515384    		Resolved
    		Resolved:
    September 19, 2019
    04:08 PM PT

    Opened:
    September 13, 2019
    05:25 PM PT
    Some users report issues related to the Start menu and Windows Desktop Search
    Microsoft has received reports that a small number of users are having issues related to the Start menu and Windows Desktop Search.

    Affected platforms:
    • Client: Windows 10, version 1903
    Resolution: At this time, Microsoft has not found a Search or Start issue significantly impacting users originating from KB4515384. We will continue monitoring to ensure users have a high-quality experience when interacting with these areas. If you are currently having issues, we recommend you to take a moment to report it in via the Feedback Hub (Windows + F) then try the Windows 10 Troubleshoot settings (found in Settings). If you are having an issue with search, see Fix problems in Windows Search.

    Back to top    		OS Build 18362.356

    September 10, 2019
    KB4515384    		Resolved
    		Resolved:
    September 19, 2019
    04:58 PM PT

    Opened:
    September 11, 2019
    05:18 PM PT
    Safeguard on certain devices with some Intel and Broadcom Wi-Fi adapters
    Microsoft and NEC have found incompatibility issues with Intel Centrino 6205/6235 and Broadcom 802.11ac Wi-Fi cards when running Windows 10, version 1903 on specific models of NEC devices. If these devices are updated to Windows 10, version 1903, they will no longer be able to use any Wi-Fi connections. The Wi-Fi driver may have a yellow exclamation point in device manager. The task tray icon for networking may show the icon for no internet and Network & Internet settings may not show any Wi-Fi networks.

    To safeguard your update experience, we have applied a compatibility hold on the affected devices from being offered Windows 10, version 1903.

    Affected platforms:
    • Client: Windows 10, version 1903
    Workaround: If you are using an affected device and you have already installed Windows 10, version 1903, you can mitigate the issue disabling then re-enabling the Wi-Fi adapter in Device Manager. You should now be able to use Wi-Fi until your next reboot.

    Next steps: Microsoft and NEC are working on a resolution and will provide an update in an upcoming release.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Back to top    		N/A

    		Mitigated
    		Last updated:
    September 13, 2019
    05:25 PM PT

    Opened:
    September 13, 2019
    05:25 PM PT
    Some users report issues related to the Start menu and Windows Desktop Search
    Microsoft has received reports that a small number of users are having issues related to the Start menu and Windows Desktop Search.

    Affected platforms:
    • Client: Windows 10, version 1903
    Next steps: We are presently investigating and will provide an update when more information is available.

    Note As a first step with any issue you may encounter, we recommend you refer to our troubleshooting support guides. If you are having an issue with search, see Fix problems in Windows Search.

    Back to top    		OS Build 18362.356

    September 10, 2019
    KB4515384    		Investigating
    		Last updated:
    September 13, 2019
    05:35 PM PT

    Opened:
    September 11, 2019
    05:18 PM PT
    Audio in games is quiet or different than expected
    Microsoft has received reports that audio in certain games is quieter or different than expected. At the request of some of our audio partners, we implemented a compatibility change that enabled certain games to query support and render multi-channel audio. Due to customer feedback, we are reverting this change as some games and some devices are not rendering multi-channel audio as expected. This may result in games sounding different than customers are used to and may have missing channels.

    Affected platforms:
    • Client: Windows 10, version 1903
    Workaround: To mitigate the issue, open settings in the impacted game and disable multi-channel audio, if this option is available. You can also search in the Windows Control Panel for 3rd party audio device control panels and disable Multi-channel audio or Virtual Surround Sound, if these options are available.  

    Next steps: We are working on a resolution and estimates a solution will be available in late September.

    Back to top    		OS Build 18362.356

    September 10, 2019
    KB4515384    		Mitigated
    		Last updated:
    September 13, 2019
    05:25 PM PT

    Opened:
    September 13, 2019
    05:25 PM PT
    Screenshots and Snips have an unnatural orange tint
    When creating screenshots or using similar tools (such as Snipping Tool or Snip & Sketch), the resulting images may have an unnatural orange tint. This issue is caused by the Eye Care mode feature of Lenovo Vantage. This issue started on or around September 5, 2019. 

    Affected platforms:
    • Client: Windows 10, version 1903
    • Server: None
    Resolution: For guidance on this issue, see the Lenovo support article Screenshots and Snips have an unnatural orange tint. There is no update for Windows needed for this issue.

    Back to top    		OS Build 18362.356

    September 10, 2019
    KB4516115    		Resolved External
    		Last updated:
    September 11, 2019
    08:54 PM PT

    Opened:
    September 11, 2019
    08:54 PM PT
    Windows Desktop Search may not return any results and may have high CPU usage
    Microsoft is getting reports that a small number of users may not receive results when using Windows Desktop Search and may see high CPU usage from SearchUI.exe when searching after installing KB4512941. This issue is only encountered on devices in which searching the web from Windows Desktop Search has been disabled.

    Affected platforms:
    • Client: Windows 10, version 1903
    Resolution: This issue was resolved in KB4515384.

    Back to top    		OS Build 18362.329

    August 30, 2019
    KB4512941    		Resolved
    KB4515384    		Resolved:
    September 10, 2019
    10:00 AM PT

    Opened:
    September 04, 2019
    02:25 PM PT
    - + -
    SummaryOriginating updateStatusLast updated
    You may receive an error when opening or using the Toshiba Qosmio AV Center
    Toshiba Qosmio AV Center may error when opening and you may also receive an error in Event Log related to cryptnet.dll.

    See details >    		August 13, 2019
    KB4512506    		Investigating
    		September 13, 2019
    04:25 PM PT
    You may receive an error when opening or using the Toshiba Qosmio AV Center
    Toshiba Qosmio AV Center may error when opening and you may also receive an error in Event Log related to cryptnet.dll.

    See details >    		August 13, 2019
    KB4512506    		Resolved
    KB4516048    		September 24, 2019
    10:00 AM PT
    Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV
    Windows updates that are SHA-2 signed are not available with Symantec or Norton antivirus program installed

    See details >    		August 13, 2019
    KB4512506    		Resolved External
    		August 27, 2019
    02:29 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503292    		Resolved
    KB4512514    		August 17, 2019
    02:00 PM PT
    IA64 and x64 devices may fail to start after installing updates
    After installing updates released on or after August 13, 2019, IA64 and x64 devices using EFI Boot may fail to start.

    See details >    		August 13, 2019
    KB4512506    		Mitigated
    		August 17, 2019
    12:59 PM PT
    " @@ -79,7 +78,7 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    You may receive an error when opening or using the Toshiba Qosmio AV Center
    After installing KB4512506, you may receive an error when opening or using the Toshiba Qosmio AV Center. You may also receive an error in Event Log related to cryptnet.dll.

    Affected platforms:
    • Client: Windows 7 SP1
    Next steps: Microsoft is working with Dynabook to resolve this issue and estimate a solution will be available late September.

    Back to top    		August 13, 2019
    KB4512506    		Investigating
    		Last updated:
    September 13, 2019
    04:25 PM PT

    Opened:
    September 10, 2019
    09:48 AM PT
    You may receive an error when opening or using the Toshiba Qosmio AV Center
    After installing KB4512506, you may receive an error when opening or using the Toshiba Qosmio AV Center. You may also receive an error in Event Log related to cryptnet.dll.

    Affected platforms:
    • Client: Windows 7 SP1
    Resolution: This issue was resolved in KB4516048.

    Back to top    		August 13, 2019
    KB4512506    		Resolved
    KB4516048    		Resolved:
    September 24, 2019
    10:00 AM PT

    Opened:
    September 10, 2019
    09:48 AM PT
    " @@ -92,12 +91,3 @@ sections:
    IA64 and x64 devices may fail to start after installing updates
    IA64 devices (in any configuration) and x64 devices using EFI boot that were provisioned after the July 9th updates and/or skipped the recommended update (KB3133977), may fail to start with the following error:
    \"File: \\Windows\\system32\\winload.efi
    Status: 0xc0000428
    Info: Windows cannot verify the digital signature for this file.\"

    Affected platforms:
    • Client: Windows 7 SP1
    • Server: Windows Server 2008 R2 SP1
    Take Action: To resolve this issue please follow the steps outlined in the SHA-2 support FAQ article for error code 0xc0000428.

    Back to topAugust 13, 2019
    KB4512506Mitigated
    Last updated:
    August 17, 2019
    12:59 PM PT

    Opened:
    August 13, 2019
    08:34 AM PT " - -- title: July 2019 -- items: - - type: markdown - text: " - - -
    DetailsOriginating updateStatusHistory
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503292 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Resolution: This issue was resolved in KB4512514.

    Back to top    		June 11, 2019
    KB4503292    		Resolved
    KB4512514    		Resolved:
    August 17, 2019
    02:00 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    - " diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml index 57124dd060..10f5e9dea3 100644 --- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml @@ -60,8 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - - +
    SummaryOriginating updateStatusLast updated
    Windows RT 8.1 devices may have issues opening Internet Explorer 11
    On Windows RT 8.1 devices, Internet Explorer 11 may not open and you may receive an error.

    See details >    		September 10, 2019
    KB4516067    		Investigating
    		September 13, 2019
    05:25 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503276    		Resolved
    KB4512478    		August 17, 2019
    02:00 PM PT
    Windows RT 8.1 devices may have issues opening Internet Explorer 11
    On Windows RT 8.1 devices, Internet Explorer 11 may not open and you may receive an error.

    See details >    		September 10, 2019
    KB4516067    		Resolved
    KB4516041    		September 24, 2019
    10:00 AM PT
    Japanese IME doesn't show the new Japanese Era name as a text input option
    If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

    See details >    		April 25, 2019
    KB4493443    		Mitigated
    		May 15, 2019
    05:53 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”.

    See details >    		January 08, 2019
    KB4480963    		Mitigated
    		April 25, 2019
    02:00 PM PT
    @@ -79,16 +78,7 @@ sections: - type: markdown text: " - -
    DetailsOriginating updateStatusHistory
    Windows RT 8.1 devices may have issues opening Internet Explorer 11
    On Windows 8.1 RT devices, Internet Explorer 11 may not open and you may receive the error, \"C:\\Program Files\\Internet Explorer\\iexplore.exe: A certificate was explicitly revoked by its issuer.\"


    Affected platforms:
    • Client: Windows RT 8.1
    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		September 10, 2019
    KB4516067    		Investigating
    		Last updated:
    September 13, 2019
    05:25 PM PT

    Opened:
    September 13, 2019
    05:25 PM PT
    - " - -- title: July 2019 -- items: - - type: markdown - text: " - - +
    DetailsOriginating updateStatusHistory
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503276 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Resolution: This issue was resolved in KB4512478.

    Back to top    		June 11, 2019
    KB4503276    		Resolved
    KB4512478    		Resolved:
    August 17, 2019
    02:00 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    Windows RT 8.1 devices may have issues opening Internet Explorer 11
    On Windows 8.1 RT devices, Internet Explorer 11 may not open and you may receive the error, \"C:\\Program Files\\Internet Explorer\\iexplore.exe: A certificate was explicitly revoked by its issuer.\"


    Affected platforms:
    • Client: Windows RT 8.1
    Resolution: This issue was resolved in KB4516041.

    Back to top    		September 10, 2019
    KB4516067    		Resolved
    KB4516041    		Resolved:
    September 24, 2019
    10:00 AM PT

    Opened:
    September 13, 2019
    05:25 PM PT
    " diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml index 92caeeca25..344715f1b3 100644 --- a/windows/release-information/status-windows-server-2008-sp2.yml +++ b/windows/release-information/status-windows-server-2008-sp2.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - +
    SummaryOriginating updateStatusLast updated
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503273    		Resolved
    KB4512499    		August 17, 2019
    02:00 PM PT
    Issues manually installing updates by double-clicking the .msu file
    You may encounter issues manually installing updates by double-clicking the .msu file and may receive an error.

    See details >    		September 10, 2019
    KB4474419    		Mitigated
    KB4474419    		September 24, 2019
    08:17 AM PT
    " @@ -71,11 +71,11 @@ sections:
    " -- title: July 2019 +- title: September 2019 - items: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503273 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Resolution: This issue was resolved in KB4512499.

    Back to top    		June 11, 2019
    KB4503273    		Resolved
    KB4512499    		Resolved:
    August 17, 2019
    02:00 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    Issues manually installing updates by double-clicking the .msu file
    After installing the SHA-2 update (KB4474419) released on September 10, 2019, you may encounter issues manually installing updates by double-clicking on the .msu file and may receive the error, \"Installer encountered an error: 0x80073afc. The resource loader failed to find MUI file.\"

    Affected platforms:
    • Server: Windows Server 2008 SP2
    Workaround: Open a command prompt and use the following command (replacing <msu location> with the actual location and filename of the update): wusa.exe <msu location> /quiet

    Resolution: This issue is resolved in KB4474419 released September 23, 2019. Currently, this version is only available from the Microsoft Update Catalog. To resolve this issue, you will need to manually download the package and use the workaround above to install it.

    Next steps: We estimate a solution will be available in mid-October on Windows Update and Windows Server Update Services (WSUS).

    Back to top    		September 10, 2019
    KB4474419    		Mitigated
    KB4474419    		Last updated:
    September 24, 2019
    08:17 AM PT

    Opened:
    September 20, 2019
    04:57 PM PT
    " diff --git a/windows/release-information/status-windows-server-2012.yml b/windows/release-information/status-windows-server-2012.yml index 53d71fb08e..c62be0f298 100644 --- a/windows/release-information/status-windows-server-2012.yml +++ b/windows/release-information/status-windows-server-2012.yml @@ -60,7 +60,6 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    -
    SummaryOriginating updateStatusLast updated
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503285    		Resolved
    KB4512512    		August 17, 2019
    02:00 PM PT
    Japanese IME doesn't show the new Japanese Era name as a text input option
    If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

    See details >    		April 25, 2019
    KB4493462    		Mitigated
    		May 15, 2019
    05:53 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”.

    See details >    		January 08, 2019
    KB4480975    		Mitigated
    		April 25, 2019
    02:00 PM PT
    @@ -73,15 +72,6 @@ sections:
    " -- title: July 2019 -- items: - - type: markdown - text: " - - -
    DetailsOriginating updateStatusHistory
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503285 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Resolution: This issue was resolved in KB4512512.

    Back to top    		June 11, 2019
    KB4503285    		Resolved
    KB4512512    		Resolved:
    August 17, 2019
    02:00 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    - " - - title: May 2019 - items: - type: markdown diff --git a/windows/release-information/windows-message-center.yml b/windows/release-information/windows-message-center.yml index 531c4806b0..e9cda8004c 100644 --- a/windows/release-information/windows-message-center.yml +++ b/windows/release-information/windows-message-center.yml @@ -50,6 +50,10 @@ sections: text: " + + + + diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 9ed84238d0..eaedfb4d15 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -121,7 +121,7 @@ #### [Custom detections]() ##### [Understand custom detection rules](microsoft-defender-atp/overview-custom-detections.md) -##### [Create custom detections rules](microsoft-defender-atp/custom-detection-rules.md) +##### [Create and manage custom detections rules](microsoft-defender-atp/custom-detection-rules.md) ### [Management and APIs]() #### [Overview of management and APIs](microsoft-defender-atp/management-apis.md) @@ -303,6 +303,7 @@ ### [Microsoft Defender Advanced Threat Protection for Mac](windows-defender-antivirus/microsoft-defender-atp-mac.md) +#### [What's New in Microsoft Defender ATP for Mac](windows-defender-antivirus/microsoft-defender-atp-mac-whatsnew.md) #### [Deploy Microsoft Defender Advanced Threat Protection for Mac]() ##### [Microsoft Intune-based deployment](windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md) ##### [JAMF-based deployment](windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md) diff --git a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md index 9bd0cfef19..792be1c6c8 100644 --- a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md +++ b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md @@ -18,7 +18,7 @@ search.appverid: met150 # Top scoring in industry tests -Microsoft Defender Advanced Threat Protection ([Microsoft Defender ATP](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=cx-docs-avreports)) technologies consistently achieve high scores in independent tests, demonstrating the strength of its enterprise threat protection capabilities. Microsoft aims to be transparent about these test scores. This page summarizes the results and provides analysis. +Microsoft Defender Advanced Threat Protection ([Microsoft Defender ATP](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=cx-docs-avreports)) technologies consistently achieve high scores in independent tests, demonstrating the strength of its enterprise threat protection capabilities. Microsoft aims to be transparent about these test scores. This page summarizes the results and provides analysis. ## Next generation protection @@ -96,4 +96,4 @@ It is important to remember that Microsoft sees a wider and broader set of threa The capabilities within [Microsoft Defender ATP](https://www.microsoft.com/windowsforbusiness?ocid=cx-docs-avreports) provide [additional layers of protection](https://cloudblogs.microsoft.com/microsoftsecure/2017/12/11/detonating-a-bad-rabbit-windows-defender-antivirus-and-layered-machine-learning-defenses?ocid=cx-docs-avreports) that are not factored into industry antivirus tests, and address some of the latest and most sophisticated threats. Isolating AV from the rest of Microsoft Defender ATP creates a partial picture of how our security stack operates in the real world. For example, attack surface reduction and endpoint detection & response capabilities can help prevent malware from getting onto devices in the first place. We have proven that [Microsoft Defender ATP components catch samples](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA?ocid=cx-docs-avreports) that Windows Defender Antivirus missed in these industry tests, which is more representative of how effectively our security suite protects customers in the real world. -Using independent tests, customers can view one aspect of their security suite but can't assess the complete protection of all the security features. Microsoft is highly engaged in working with several independent testers to evolve security testing to focus on the end-to-end security stack. In the meantime, customers can evaluate Microsoft Defender Advanced Threat Protection in their own networks by signing up for a [90-day trial of Microsoft Defender ATP](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=cx-docs-avreports), or [enabling Preview features on existing tenants](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection?ocid=cx-docs-avreports). +Using independent tests, customers can view one aspect of their security suite but can't assess the complete protection of all the security features. Microsoft is highly engaged in working with several independent testers to evolve security testing to focus on the end-to-end security stack. In the meantime, customers can evaluate Microsoft Defender Advanced Threat Protection in their own networks by signing up for a [90-day trial of Microsoft Defender ATP](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=cx-docs-avreports), or [enabling Preview features on existing tenants](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection?ocid=cx-docs-avreports). diff --git a/windows/security/threat-protection/intelligence/understanding-malware.md b/windows/security/threat-protection/intelligence/understanding-malware.md index 2486a1e427..c28ab7c0e4 100644 --- a/windows/security/threat-protection/intelligence/understanding-malware.md +++ b/windows/security/threat-protection/intelligence/understanding-malware.md @@ -21,7 +21,7 @@ Malware is a term used to describe malicious applications and code that can caus Cybercriminals that distribute malware are often motivated by money and will use infected computers to launch attacks, obtain banking credentials, collect information that can be sold, sell access to computing resources, or extort payment from victims. -As criminals become more sophisticated with their attacks, Microsoft is here to help. Windows 10 is the most secure version of Windows yet and includes many features to help protect you whether you're at home, at work, or on the go. With Microsoft Defender Advanced Threat Protection ([Microsoft Defender ATP](https://www.microsoft.com/WindowsForBusiness/windows-atp)), businesses can stay protected with next-generation protection and other security capabilities. +As criminals become more sophisticated with their attacks, Microsoft is here to help. Windows 10 is the most secure version of Windows yet and includes many features to help protect you whether you're at home, at work, or on the go. With Microsoft Defender Advanced Threat Protection ([Microsoft Defender ATP](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp)), businesses can stay protected with next-generation protection and other security capabilities. For good general tips, check out the [prevent malware infection](prevent-malware-infection.md) topic. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md index 55e9157bfa..85ea675b5d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md @@ -22,7 +22,7 @@ ms.topic: article **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedfeats-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedfeats-abovefoldlink) Depending on the Microsoft security products that you use, some advanced features might be available for you to integrate Microsoft Defender ATP with. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md index 11138ccab3..e8fd745ba1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md @@ -24,7 +24,7 @@ ms.date: 07/24/2019 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) The AlertEvents table in the Advanced hunting schema contains information about alerts on Microsoft Defender Security Center. Use this reference to construct queries that return information from the table. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md index 918e31047d..75465b34a5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md @@ -24,7 +24,7 @@ ms.date: 04/24/2018 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-bestpractices-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-bestpractices-abovefoldlink) ## Performance best practices The following best practices serve as a guideline of query performance best practices and for you to get faster results and be able to run complex queries. @@ -93,4 +93,4 @@ ProcessCreationEvents | where CanonicalCommandLine contains "stop" and CanonicalCommandLine contains "MpsSvc" ``` ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-bestpractices-belowfoldlink) \ No newline at end of file +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-bestpractices-belowfoldlink) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md index 2f8d8b5394..2b414ee047 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md @@ -24,7 +24,7 @@ ms.date: 07/24/2019 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) The FileCreationEvents table in the Advanced hunting schema contains information about file creation, modification, and other file system events. Use this reference to construct queries that return information from the table. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md index aabe8804ca..160e833850 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md @@ -24,7 +24,7 @@ ms.date: 07/24/2019 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) The ImageLoadEvents table in the Advanced hunting schema contains information about DLL loading events. Use this reference to construct queries that return information from the table. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md index 90d2fe815e..c5279cdd3d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md @@ -24,7 +24,7 @@ ms.date: 07/24/2019 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) The LogonEvents table in the Advanced hunting schema contains information about user logons and other authentication events. Use this reference to construct queries that return information from the table. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md index 5ac8eced92..abe7b49af5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md @@ -24,7 +24,7 @@ ms.date: 07/24/2019 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) The MachineInfo table in the Advanced hunting schema contains information about machines in the organization, including OS version, active users, and computer name. Use this reference to construct queries that return information from the table. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md index cb1ff3f42a..717019c475 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md @@ -24,7 +24,7 @@ ms.date: 07/24/2019 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) The MachineNetworkInfo table in the Advanced hunting schema contains information about networking configuration of machines, including network adapters, IP and MAC addresses, and connected networks or domains. Use this reference to construct queries that return information from the table. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md index 34eb98af98..deeef6fd8a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md @@ -24,7 +24,7 @@ ms.date: 07/24/2019 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) The MiscEvents table in the Advanced hunting schema contains information about multiple event types, including events triggered by security controls, such as Windows Defender Antivirus and exploit protection. Use this reference to construct queries that return information from the table. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md index 29cce6edf3..9427ce74c8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md @@ -24,7 +24,7 @@ ms.date: 07/24/2019 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) The NetworkCommunicationEvents table in the Advanced hunting schema contains information about network connections and related events. Use this reference to construct queries that return information from the table. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md index ff4bcab4b7..43a0651a0f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md @@ -24,7 +24,7 @@ ms.date: 07/24/2019 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) The ProcessCreationEvents table in the Advanced hunting schema contains information about process creation and related events. Use this reference to construct queries that return information from the table. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md index a0d1dd41a1..140286d974 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md @@ -24,7 +24,7 @@ ms.date: 07/24/2019 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) ## Advanced hunting table reference diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md index dcf2cf5422..3099373d13 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md @@ -24,7 +24,7 @@ ms.date: 07/24/2019 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) The RegistryEvents table in the Advanced hunting schema contains information about the creation and modification of registry entries. Use this reference to construct queries that return information from the table. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md index 7c51f049ba..9ce09a700b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md @@ -20,7 +20,7 @@ ms.date: 08/15/2018 # Query data using Advanced hunting in Microsoft Defender ATP ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink) To get you started in querying your data, you can use the Basic or Advanced query examples, which have some preloaded queries to help you understand the basic query syntax. @@ -146,7 +146,7 @@ The filter selections will resolve as an additional query term and the results w Check out the [Advanced hunting repository](https://github.com/Microsoft/WindowsDefenderATP-Hunting-Queries). Contribute and use example queries shared by our customers. ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhunting-belowfoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-belowfoldlink) ## Related topic - [Advanced hunting reference](advanced-hunting-reference.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md index fe3c249332..9d9bea3f59 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md +++ b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md @@ -23,7 +23,7 @@ ms.date: 04/24/2018 **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-alertsq-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-alertsq-abovefoldlink) The **Alerts queue** shows a list of alerts that were flagged from machines in your network. By default, the queue displays alerts seen in the last 30 days in a grouped view, with the most recent alerts showing at the top of the list, helping you see the most recent alerts first. @@ -84,9 +84,10 @@ The table below lists the current categories and how they generally map to previ | Persistence | Installation, Persistence | Creating autostart extensibility points (ASEPs) to remain active and survive system restarts | | Privilege escalation | PrivilegeEscalation | Obtaining higher permission levels for code by running it in the context of a privileged process or account | | Ransomware | Ransomware | Malware that encrypts files and extorts payment to restore access | -| Suspicious activity | General, None, NotApplicable, EnterprisePolicy, SuspiciousNetworkTraffic | Atypicaly activity that could be malware activity or part of an attack | +| Suspicious activity | General, None, NotApplicable, EnterprisePolicy, SuspiciousNetworkTraffic | Atypical activity that could be malware activity or part of an attack | | Unwanted software | UnwantedSoftware | Low-reputation apps and apps that impact productivity and the user experience; detected as potentially unwanted applications (PUAs) | + ### Status You can choose to limit the list of alerts based on their status. @@ -115,6 +116,11 @@ If you have specific machine groups that you're interested in checking the alert ### Associated threat Use this filter to focus on alerts that are related to high profile threats. You can see the full list of high-profile threats in [Threat analytics](threat-analytics.md). + + + + + ## Related topics - [Manage Microsoft Defender Advanced Threat Protection alerts](manage-alerts.md) - [Investigate Microsoft Defender Advanced Threat Protection alerts](investigate-alerts.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md b/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md index b4aec2ce09..82dfc632fd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md @@ -21,7 +21,7 @@ ms.topic: article **Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) ## Get Alerts using a simple PowerShell script diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md b/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md index 4af26a7805..03274e47b8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md @@ -21,7 +21,7 @@ ms.topic: article **Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) Automating security procedures is a standard requirement for every modern Security Operations Center. The lack of professional Cyber defenders, forces SOC to work in the most efficient way and automation is a must. MS flow supports different connectors that were built exactly for that. You can build an end-to-end procedure automation within few minutes. diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md b/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md index 979340a3ca..3b57273926 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md @@ -23,7 +23,7 @@ ms.topic: article - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-apiportalmapping-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-apiportalmapping-abovefoldlink) Understand what data fields are exposed as part of the detections API and how they map to Microsoft Defender Security Center. diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md b/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md index 4c582017dc..2eaa43daee 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md @@ -21,7 +21,7 @@ ms.topic: article **Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) In this section you will learn create a Power BI report on top of Microsoft Defender ATP APIs. diff --git a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md index 84db47e022..425ad57ee8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md +++ b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md @@ -22,7 +22,7 @@ ms.topic: conceptual **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) Microsoft Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Microsoft Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code). diff --git a/windows/security/threat-protection/microsoft-defender-atp/assign-portal-access.md b/windows/security/threat-protection/microsoft-defender-atp/assign-portal-access.md index 0924219800..4329883752 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/assign-portal-access.md +++ b/windows/security/threat-protection/microsoft-defender-atp/assign-portal-access.md @@ -25,7 +25,7 @@ ms.date: 11/28/2018 - Office 365 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) Microsoft Defender ATP supports two ways to manage permissions: diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-simulations.md b/windows/security/threat-protection/microsoft-defender-atp/attack-simulations.md index f39d0ddd2f..ce50cf47b1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-simulations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-simulations.md @@ -24,7 +24,7 @@ ms.date: 11/20/2018 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-attacksimulations-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-attacksimulations-abovefoldlink) >[!TIP] >- Learn about the latest enhancements in Microsoft Defender ATP: [What's new in Microsoft Defender ATP](https://cloudblogs.microsoft.com/microsoftsecure/2018/11/15/whats-new-in-windows-defender-atp/). @@ -58,7 +58,7 @@ Read the walkthrough document provided with each attack scenario. Each document > Simulation files or scripts mimic attack activity but are actually benign and will not harm or compromise the test machine. > > -> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-attacksimulations-belowfoldlink) +> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-attacksimulations-belowfoldlink) ## Related topics diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md index 0d2841c46b..00a8b85828 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md @@ -19,7 +19,7 @@ ms.topic: conceptual # Overview of Automated investigations ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automated-investigations-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-automated-investigations-abovefoldlink) The Microsoft Defender ATP service has a wide breadth of visibility on multiple machines. With this kind of optics, the service generates a multitude of alerts. The volume of alerts generated can be challenging for a typical security operations team to individually address. diff --git a/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md b/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md index 6cad0006a9..b735ec5aa0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md @@ -23,7 +23,7 @@ ms.topic: article - Azure Active Directory - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-basicaccess-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-basicaccess-abovefoldlink) Refer to the instructions below to use basic permissions management. diff --git a/windows/security/threat-protection/microsoft-defender-atp/check-sensor-status.md b/windows/security/threat-protection/microsoft-defender-atp/check-sensor-status.md index 6fcd846c60..3666eb4a2a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/check-sensor-status.md +++ b/windows/security/threat-protection/microsoft-defender-atp/check-sensor-status.md @@ -23,7 +23,7 @@ ms.date: 04/24/2018 **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-checksensor-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-checksensor-abovefoldlink) The sensor health tile is found on the Security Operations dashboard. This tile provides information on the individual machine’s ability to provide sensor data and communicate with the Microsoft Defender ATP service. It reports how many machines require attention and helps you identify problematic machines and take action to correct known issues. diff --git a/windows/security/threat-protection/microsoft-defender-atp/conditional-access.md b/windows/security/threat-protection/microsoft-defender-atp/conditional-access.md index eb36f604f9..9049705849 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/conditional-access.md +++ b/windows/security/threat-protection/microsoft-defender-atp/conditional-access.md @@ -24,7 +24,7 @@ ms.topic: article ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-conditionalaccess-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-conditionalaccess-abovefoldlink) Conditional Access is a capability that helps you better protect your users and enterprise information by making sure that only secure devices have access to applications. diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md b/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md index 65f1d888f8..0b7d271c77 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md @@ -26,7 +26,7 @@ ms.topic: article ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configurearcsight-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configurearcsight-abovefoldlink) You'll need to install and configure some files and tools to use HP ArcSight so that it can pull Microsoft Defender ATP detections. diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md b/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md index 97cc98af49..944a823a64 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md @@ -104,4 +104,4 @@ Take the following steps to enable Conditional Access: For more information, see [Enable Microsoft Defender ATP with Conditional Access in Intune](https://docs.microsoft.com/intune/advanced-threat-protection). ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-conditionalaccess-belowfoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-conditionalaccess-belowfoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md b/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md index e0e025ebc9..35c6a3a37d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md @@ -23,7 +23,7 @@ ms.topic: article - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-emailconfig-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-emailconfig-abovefoldlink) You can configure Microsoft Defender ATP to send email notifications to specified recipients for new alerts. This feature enables you to identify a group of individuals who will immediately be informed and can act on alerts based on their severity. diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md index 914b140411..fafeee5fd2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md @@ -29,7 +29,7 @@ ms.date: 04/24/2018 ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsgp-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointsgp-abovefoldlink) > [!NOTE] diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md index 9710f0d825..cc02d11893 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md @@ -25,7 +25,7 @@ ms.date: 12/06/2018 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsmdm-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointsmdm-abovefoldlink) You can use mobile device management (MDM) solutions to configure machines. Microsoft Defender ATP supports MDMs by providing OMA-URIs to create policies to manage machines. diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md index b5ebde69de..7da16a125c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md @@ -8,6 +8,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security +ms.author macaparas author: mjcaparas ms.localizationpriority: medium manager: dansimp @@ -24,7 +25,7 @@ ms.topic: article - Linux - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-nonwindows-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-nonwindows-abovefoldlink) @@ -67,4 +68,4 @@ You'll need to take the following steps to onboard non-Windows machines: - [Onboard Windows 10 machines](configure-endpoints.md) - [Onboard servers](configure-server-endpoints.md) - [Configure proxy and Internet connectivity settings](configure-proxy-internet.md) -- [Troubleshooting Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md) \ No newline at end of file +- [Troubleshooting Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md index ab167bc4fd..60b3f33af2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md @@ -28,7 +28,7 @@ ms.date: 12/11/2018 ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointssccm-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointssccm-abovefoldlink) ## Onboard Windows 10 machines using System Center Configuration Manager (current branch) version 1606 diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md index 6c658e6d81..f290c1d7b3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md @@ -27,7 +27,7 @@ ms.topic: article ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsscript-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointsscript-abovefoldlink) You can also manually onboard individual machines to Microsoft Defender ATP. You might want to do this first when testing the service before you commit to onboarding all machines in your network. diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md index 19a1f29ebd..b268c9db63 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md @@ -25,7 +25,7 @@ ms.date: 04/24/2018 ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configvdi-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configvdi-abovefoldlink) ## Onboard non-persistent virtual desktop infrastructure (VDI) machines diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md index f7fccc3f2b..bff2f62710 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md @@ -45,4 +45,4 @@ Topic | Description [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi.md) | Learn how to use the configuration package to configure VDI machines. ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpoints-belowfoldlink) \ No newline at end of file +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpoints-belowfoldlink) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md index bd168aac8b..3974d3dc84 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md @@ -22,7 +22,7 @@ ms.topic: article **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink) Each onboarded machine adds an additional endpoint detection and response (EDR) sensor and increases visibility over breach activity in your network. Onboarding also ensures that a machine can be checked for vulnerable components as well security configuration issues and can receive critical remediation actions during attacks. @@ -59,7 +59,7 @@ From the device compliance page, create a configuration profile specifically for For more information, [read about using Intune device configuration profiles to onboard machines to Microsoft Defender ATP](https://docs.microsoft.com/en-us/intune/advanced-threat-protection#onboard-devices-by-using-a-configuration-profile). ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink) # Related topics - [Ensure your machines are configured properly](configure-machines.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md index 90713b48a1..c51725fb99 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md @@ -22,7 +22,7 @@ ms.topic: article **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink) Security baselines ensure that security features are configured according to guidance from both security experts and expert Windows system administrators. When deployed, the Microsoft Defender ATP security baseline sets Microsoft Defender ATP security controls to provide optimal protection. @@ -95,7 +95,7 @@ Machine configuration management monitors baseline compliance only of Windows 10 >[!TIP] >Security baselines on Intune provide a convenient way to comprehensively secure and protect your machines. [Learn more about security baselines on Intune](https://docs.microsoft.com/intune/security-baselines). ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink) # Related topics - [Ensure your machines are configured properly](configure-machines.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md index 3c6d45957a..463aa8e967 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md @@ -22,7 +22,7 @@ ms.topic: conceptual **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink) With properly configured machines, you can boost overall resilience against threats and enhance your capability to detect and respond to attacks. Security configuration management helps ensure that your machines: @@ -76,4 +76,4 @@ Topic | Description [Increase compliance to the Microsoft Defender ATP security baseline](configure-machines-security-baseline.md) | Track baseline compliance and noncompliance. Deploy the security baseline to more Intune-managed machines. [Optimize ASR rule deployment and detections](configure-machines-asr.md) | Review rule deployment and tweak detections using impact analysis tools in Microsoft 365 security center. ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink) \ No newline at end of file +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md b/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md index 7738dedb9f..33c9d7d4d1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md @@ -26,7 +26,7 @@ ms.date: 09/03/2018 - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-mssp-support-abovefoldlink) +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink) [!include[Prerelease information](prerelease.md)] diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md index ec708627ca..7e89edf437 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md @@ -28,7 +28,7 @@ ms.topic: article - Windows Server, 2019 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configserver-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configserver-abovefoldlink) Microsoft Defender ATP extends support to also include the Windows Server operating system, providing advanced attack detection and investigation capabilities, seamlessly through the Microsoft Defender Security Center console. diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md b/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md index 44e2fdd28e..521fbb5621 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md @@ -24,7 +24,7 @@ ms.date: 10/16/2017 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configuresiem-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresiem-abovefoldlink) ## Pull detections using security information and events management (SIEM) tools diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md b/windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md index fd61b88ec1..fd5efbf9ea 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md @@ -26,7 +26,7 @@ ms.topic: article ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configuresplunk-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresplunk-abovefoldlink) You'll need to configure Splunk so that it can pull Microsoft Defender ATP detections. @@ -40,19 +40,19 @@ You'll need to configure Splunk so that it can pull Microsoft Defender ATP detec - Make sure you have enabled the **SIEM integration** feature from the **Settings** menu. For more information, see [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md) - Have the details file you saved from enabling the **SIEM integration** feature ready. You'll need to get the following values: - - OAuth 2 Token refresh URL - - OAuth 2 Client ID - - OAuth 2 Client secret + - Tenant ID + - Client ID + - Client Secret + - Resource URL -- Have the refresh token that you generated from the SIEM integration feature ready. ## Configure Splunk 1. Login in to Splunk. -2. Click **Search & Reporting**, then **Settings** > **Data inputs**. +2. Go to **Settings** > **Data inputs**. -3. Click **REST** under **Local inputs**. +3. Select **Windows Defender ATP alerts** under **Local inputs**. NOTE: This input will only appear after you install the [Windows Defender ATP Modular Inputs TA](https://splunkbase.splunk.com/app/4128/). @@ -71,55 +71,30 @@ You'll need to configure Splunk so that it can pull Microsoft Defender ATP detec - + + + + + + + - - + + - - + + - - + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + +
    MessageDate
    Status update: September 2019 Windows \"C\" optional release available
    The September 2019 optional monthly “C” release for all supported versions of Windows is now available. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. Follow @WindowsUpdate for the latest on the availability of this release.
    		September 24, 2019
    08:10 AM PT
    Plan for change: Windows Media Center Electronic Program Guide retiring in January 2020
    Starting in January 2020, Microsoft is retiring its Electronic Program Guide (EPG) service for all versions of Windows Media Center. To continue receiving TV Program Guide information on your Windows Media Center, you’ll need to configure an alternate TV listing provider.
    		September 24, 2019
    08:00 AM PT
    Advisory: Scripting Engine Memory Corruption Vulnerability (CVE-2019-1367)
    On September 23, 2019, Microsoft released a security update to address a remote code execution vulnerability in the way the scripting engine handles objects in memory in Internet Explorer. An attacker who successfully exploited the vulnerability could gain the same user permissions as the current user. For example, if a user is logged on with administrative rights, an attacker could take control of an affected system and install programs; view, change, or delete data; or create new accounts with full user rights. Alternatively, an attacker could host a specially crafted website targeting Internet Explorer and then entice a user to open web page or a malicious document attached to an e-mail. For more information about the vulnerability, see the Microsoft Security Guide CVE-2019-1367 | Scripting Engine Memory Corruption Vulnerability
     
    Mitigation for this vulnerability is available from the Microsoft Security Update Guide. For the best protection, we recommend you apply the latest Windows updates and follow security best practices and do not open attachments or documents from an untrusted source. For more information about the vulnerability, see the Microsoft Security Guide: CVE-2019-1367 | Scripting Engine Memory Corruption Vulnerability
    		September 22, 2019
    11:00 AM PT
    Status of September 2019 “C” release
    The optional monthly “C” release for September 2019 for all supported versions of Windows and Windows Server prior to Windows 10, version 1903 and Windows Server, version 1903 will be available in the near term. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. Follow @WindowsUpdate for the latest on the availability of this release.
    		September 19, 2019
    04:11 PM PT
    Plan for change: End of service reminders for Windows 10, versions 1703 and 1803
    The Enterprise and Education editions of Windows 10, version 1703 (the Creators Update) will reach end of service on October 8, 2019. The Home, Pro, Pro for Workstations, and IoT Core editions of Windows 10, version 1803 (the April 2018 Update) will reach end of service on November 12, 2019. We recommend that you update devices running these versions and editions to the latest version of Windows 10—Windows 10, version 1903—as soon as possible to help keep them protected and your environments secure.
    		September 13, 2019
    03:23 PM PT
    September 2019 security update available for all supported versions of Windows
    The September 2019 security update release, referred to as our “B” release, is now available for Windows 10, version 1903 and all supported versions of Windows. We recommend that you install these updates promptly. To be informed about the latest updates and releases, follow us on Twitter @WindowsUpdate.
    		September 10, 2019
    09:34 AM PT
    Status update: Windows 10, version 1903 \"D\" optional release available August 30th
    The August optional monthly “D” release for Windows 10, version 1903 is now available. Follow @WindowsUpdate for the latest on the availability of this release.
    		August 30, 2019
    08:00 AM PT
    Value
    Endpoint URLNameName for the Data Input
    Login URLURL to authenticate the azure app (Default : https://login.microsoftonline.com)
    Endpoint Depending on the location of your datacenter, select any of the following URL:

    For EU: https://wdatp-alertexporter-eu.securitycenter.windows.com/api/alerts

    For US:https://wdatp-alertexporter-us.securitycenter.windows.com/api/alerts

    For UK:https://wdatp-alertexporter-uk.securitycenter.windows.com/api/alerts
    HTTP MethodGETTenant IDAzure Tenant ID
    Authentication Typeoauth2ResourceValue from the SIEM integration feature page
    OAuth 2 Access tokenUse the value that you generated when you enabled the SIEM integration feature.

    NOTE: The access token expires after an hour.     		Client IDValue from the SIEM integration feature page
    OAuth 2 Refresh TokenUse the value that you generated when you enabled the SIEM integration feature.
    OAuth 2 Token Refresh URLUse the value from the details file you saved when you enabled the SIEM integration feature.
    OAuth 2 Client IDUse the value from the details file you saved when you enabled the SIEM integration feature.
    OAuth 2 Client SecretUse the value from the details file you saved when you enabled the SIEM integration feature.
    Response typeJson
    Response HandlerJSONArrayHandler
    Polling IntervalNumber of seconds that Splunk will ping the Microsoft Defender ATP machine. Accepted values are in seconds.
    Set sourcetypeManual
    Source type_jsonClient SecretValue from the SIEM integration feature page
    @@ -133,20 +108,20 @@ Use the solution explorer to view detections in Splunk. 2. Select **New**. 3. Enter the following details: - - Destination app: Select Search & Reporting (search) - - Search name: Enter a name for the query - Search: Enter a query, for example:
    - `source="rest://windows atp alerts"|spath|table*` + `sourcetype="wdatp:alerts" |spath|table*` + - App: Add-on for Windows Defender (TA_Windows-defender) Other values are optional and can be left with the default values. + 4. Click **Save**. The query is saved in the list of searches. 5. Find the query you saved in the list and click **Run**. The results are displayed based on your query. >[!TIP] -> To mininimize Detection duplications, you can use the following query: ->```source="rest://windows atp alerts" | spath | dedup _raw | table *``` +> To minimize Detection duplications, you can use the following query: +>```source="rest://wdatp:alerts" | spath | dedup _raw | table *``` ## Related topics - [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md index 9561fe831c..0af9f2e7a8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md @@ -1,16 +1,16 @@ --- -title: Create custom detection rules in Microsoft Defender ATP +title: Create and manage custom detection rules in Microsoft Defender ATP ms.reviewer: -description: Learn how to create custom detections rules based on advanced hunting queries -keywords: create custom detections, detections, advanced hunting, hunt, detect, query +description: Learn how to create and manage custom detections rules based on advanced hunting queries +keywords: custom detections, create, manage, alerts, edit, run on demand, frequency, interval, detection rules, advanced hunting, hunt, query, response actions, mdatp, microsoft defender atp search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: macapara -author: mjcaparas +ms.author: lomayor +author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro @@ -19,53 +19,86 @@ ms.topic: article --- -# Create custom detections rules +# Create and manage custom detections rules **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Create custom detection rules from [Advanced hunting](overview-hunting.md) queries to automatically check for threat indicators and generate alerts whenever these indicators are found. +Custom detection rules built from [Advanced hunting](overview-hunting.md) queries let you proactively monitor various events and system states, including suspected breach activity and misconfigured machines. The queries run every 24 hours, generating alerts and taking response actions whenever there are matches. >[!NOTE] ->To create and manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission. For the detection rule to work properly and create alerts, the query must return in each row a set of MachineId, ReportId, EventTime which match to an actual event in advanced hunting. +>To create and manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission. -1. In the navigation pane, select **Advanced hunting**. +## Create a custom detection rule +### 1. Prepare the query. -2. Select an existing query that you'd like to base the monitor on or create a new query. +In Microsoft Defender Security Center, go to **Advanced hunting** and select an existing query or create a new query. When using an new query, run the query to identify errors and understand possible results. -3. Select **Create detection rule**. +>[!NOTE] +>To use a query for a custom detection rule, the query must return the `EventTime`, `MachineId`, and `ReportId` columns in the results. Queries that don’t use the `project` operator to customize results usually return these common columns. -4. Specify the alert details: +### 2. Create new rule and provide alert details. - - Alert title - - Severity - - Category - - Description - - Recommended actions +With the query in the query editor, select **Create detection rule** and specify the following alert details: -5. Click **Create**. +- **Alert title** +- **Severity** +- **Category** +- **Description** +- **Recommended actions** -> [!TIP] -> TIP #1: Running the query for the first time before saving it can help you find any mistakes or errors and give you a preview of the data you can expect to be returned.
    -> When a new detection rule is created, it will run for the first time (it might take a few minutes) and raise any alerts created by this rule. After that, the rule will automatically run every 24 hours.
    -> TIP #2: Since the detection automatically runs every 24 hours, it's best to query data in the last 24 hours. +For more information about these alert details, [read about managing alerts](manage-alerts.md). + +### 3. Specify actions on files or machines. +Your custom detection rule can automatically take actions on files or machines that are returned by the query. + +#### Actions on machines +These actions are applied to machines in the `MachineId` column of the query results: +- **Isolate machine** — applies full network isolation, preventing the machine from connecting to any application or service, except for the Microsoft Defender ATP service. [Learn more about machine isolation](respond-machine-alerts.md#isolate-machines-from-the-network) +- **Collect investigation package** — collects machine information in a ZIP file. [Learn more about the investigation package](respond-machine-alerts.md#collect-investigation-package-from-machines) +- **Run antivirus scan** — performs a full Windows Defender Antivirus scan on the machine +- **Initiate investigation** — initiates an [automated investigation](automated-investigations.md) on the machine + +#### Actions on files +These actions are applied to files in the `SHA1` or the `InitiatingProcessSHA1` column of the query results: +- **Allow/Block** — automatically adds the file to your [custom indicator list](manage-indicators.md) so that it is always allowed to run or blocked from running. You can set the scope of this action so that it is taken only on selected machine groups. This scope is independent of the scope of the rule. +- **Quarantine file** — deletes the file from its current location and places a copy in quarantine + +### 4. Click **Create** to save and turn on the rule. +When saved, the custom detection rule immediately runs. It runs again every 24 hours to check for matches, generate alerts, and take response actions. ## Manage existing custom detection rules -View existing rules in your network, see the last results of each rule, navigate to view all alerts that were created by each rule. You can also modify existing rules. +In **Settings** > **Custom detections**, you can view the list of existing custom detection rules, check their previous runs, and review the alerts they have triggered. You can also run a rule on demand and modify it. -1. In the navigation pane, select **Settings** > **Custom detections**. You'll see all the detections created in the system. +### View existing rules -2. Select one of the rules to take any of the following actions: - - Open related alerts - See all the alerts that were raised based to this rule - - Run - Run the selected detection immediately. +To view all existing custom detection rules, navigate to **Settings** > **Custom detections**. The page lists all the rules with the following run information: - > [!NOTE] - > The next run for the query will be in 24 hours after the last run. - - - Edit - Modify the settings of the rule. - - Modify query - View and edit the query itself. - - Turn off - Stop the query from running. - - Delete +- **Last run** — when a rule was last run to check for query matches and generate alerts +- **Last run status** — whether a rule ran successfully +- **Next run** — the next scheduled run +- **Status** — whether a rule has been turned on or off +### View rule details, modify rule, and run rule + +To view comprehensive information about a custom detection rule, select the name of rule from the list of rules in **Settings** > **Custom detections**. This opens a page about the custom detection rule with the following information: + +- General information about the rule, including the details of the alert, run status, and scope +- List of triggered alerts +- List of triggered actions + +![Custom detection rule page](images/atp-custom-detection-rule-details.png)
    +*Custom detection rule page* + +You can also take the following actions on the rule from this page: + +- **Run** — run the rule immediately. This also resets the interval for the next run. +- **Edit** — modify the rule without changing the query +- **Modify query** — edit the query in Advanced hunting +- **Turn on** / **Turn off** — enable the rule or stop it from running +- **Delete** — turn off the rule and remove it + +>[!TIP] +>To quickly view information and take action on an item in a table, use the selection column [✓] at the left of the table. ## Related topic - [Custom detections overview](overview-custom-detections.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-ti-api.md b/windows/security/threat-protection/microsoft-defender-atp/custom-ti-api.md index 0a42682bb7..90dbd0efc5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-ti-api.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-ti-api.md @@ -25,7 +25,7 @@ ms.topic: article - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-customti-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-customti-abovefoldlink) You can define custom alert definitions and indicators of compromise (IOC) using the threat intelligence API. Creating custom threat intelligence alerts allows you to generate specific alerts that are applicable to your organization. diff --git a/windows/security/threat-protection/microsoft-defender-atp/data-retention-settings.md b/windows/security/threat-protection/microsoft-defender-atp/data-retention-settings.md index 0a4d585b53..1c3591492a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/data-retention-settings.md +++ b/windows/security/threat-protection/microsoft-defender-atp/data-retention-settings.md @@ -26,7 +26,7 @@ ms.date: 04/24/2018 ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-gensettings-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-gensettings-abovefoldlink) During the onboarding process, a wizard takes you through the general settings of Microsoft Defender ATP. After onboarding, you might want to update the data retention settings. diff --git a/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md index a16de0a429..f59264a083 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md @@ -92,4 +92,4 @@ By providing customers with compliant, independently-verified services, Microsof For more information on the Microsoft Defender ATP ISO certification reports, see [Microsoft Trust Center](https://www.microsoft.com/trustcenter/compliance/iso-iec-27001). ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-datastorage-belowfoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-datastorage-belowfoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md b/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md index 42ef196d91..a8b1269d9c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md @@ -28,7 +28,7 @@ ms.date: 04/24/2018 ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-defendercompat-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-defendercompat-abovefoldlink) The Microsoft Defender Advanced Threat Protection agent depends on Windows Defender Antivirus for some capabilities such as file scanning. diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration.md b/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration.md index 3fbbd36ff6..f27473d081 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration.md @@ -23,7 +23,7 @@ ms.topic: article - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-enablesiem-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-enablesiem-abovefoldlink) Enable security information and event management (SIEM) integration so you can pull detections from Microsoft Defender Security Center using your SIEM solution or by connecting directly to the detections REST API. diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md index ee4f4e583c..2278aa052c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md @@ -22,7 +22,7 @@ ms.topic: conceptual [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) is a unified platform for preventative protection, post-breach detection, automated investigation, and response. -You can evaluate Microsoft Defender Advanced Threat Protection in your organization by [starting your free trial](https://www.microsoft.com/WindowsForBusiness/windows-atp). +You can evaluate Microsoft Defender Advanced Threat Protection in your organization by [starting your free trial](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp). You can also evaluate the different security capabilities in Microsoft Defender ATP by using the following instructions. diff --git a/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md b/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md index 0875478e90..2fe02c746b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md +++ b/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md @@ -342,7 +342,7 @@ See