mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-14 22:37:22 +00:00
Merge branch 'master' into siosulli-privacy-dpsw
This commit is contained in:
Sinead O'Sullivan
commit
2a7eeb4358
@ -172,11 +172,15 @@ If you want to disable this policy, use the following SyncML:
|
||||
</SyncBody>
|
||||
</SyncML>
|
||||
```
|
||||
|
||||
> [!NOTE]
|
||||
> Currently only used space encryption is supported when using this CSP.
|
||||
|
||||
<!--/Policy-->
|
||||
<!--Policy-->
|
||||
<a href="" id="encryptionmethodbydrivetype"></a>**EncryptionMethodByDriveType**
|
||||
<!--Description-->
|
||||
Allows you to set the default encryption method for each of the different drive types: operating system drives, fixed data drives, and removable data drives. Hidden, system, and recovery partitions are skipped from encryption. This setting is a direct mapping to the Bitlocker Group Policy "Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)".
|
||||
Allows you to set the default encryption method for each of the different drive types: operating system drives, fixed data drives, and removable data drives. Hidden, system, and recovery partitions are skipped from encryption. This setting is a direct mapping to the BitLocker Group Policy "Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)".
|
||||
<!--/Description-->
|
||||
<!--SupportedValues-->
|
||||
<table>
|
||||
@ -204,7 +208,7 @@ ADMX Info:
|
||||
<ul>
|
||||
<li>GP English name: <em>Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)</em></li>
|
||||
<li>GP name: <em>EncryptionMethodWithXts_Name</em></li>
|
||||
<li>GP path: <em>Windows Components/Bitlocker Drive Encryption</em></li>
|
||||
<li>GP path: <em>Windows Components/BitLocker Drive Encryption</em></li>
|
||||
<li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
|
||||
</ul>
|
||||
<!--/ADMXMapped-->
|
||||
@ -260,7 +264,7 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete.
|
||||
<!--Policy-->
|
||||
<a href="" id="systemdrivesrequirestartupauthentication"></a>**SystemDrivesRequireStartupAuthentication**
|
||||
<!--Description-->
|
||||
This setting is a direct mapping to the Bitlocker Group Policy "Require additional authentication at startup".
|
||||
This setting is a direct mapping to the BitLocker Group Policy "Require additional authentication at startup".
|
||||
<!--/Description-->
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
@ -289,7 +293,7 @@ ADMX Info:
|
||||
<ul>
|
||||
<li>GP English name: <em>Require additional authentication at startup</em></li>
|
||||
<li>GP name: <em>ConfigureAdvancedStartup_Name</em></li>
|
||||
<li>GP path: <em>Windows Components/Bitlocker Drive Encryption/Operating System Drives</em></li>
|
||||
<li>GP path: <em>Windows Components/BitLocker Drive Encryption/Operating System Drives</em></li>
|
||||
<li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
|
||||
</ul>
|
||||
<!--/ADMXMapped-->
|
||||
@ -368,7 +372,7 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete.
|
||||
<!--Policy-->
|
||||
<a href="" id="systemdrivesminimumpinlength"></a>**SystemDrivesMinimumPINLength**
|
||||
<!--Description-->
|
||||
This setting is a direct mapping to the Bitlocker Group Policy "Configure minimum PIN length for startup".
|
||||
This setting is a direct mapping to the BitLocker Group Policy "Configure minimum PIN length for startup".
|
||||
<!--/Description-->
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
@ -397,7 +401,7 @@ ADMX Info:
|
||||
<ul>
|
||||
<li>GP English name:<em>Configure minimum PIN length for startup</em></li>
|
||||
<li>GP name: <em>MinimumPINLength_Name</em></li>
|
||||
<li>GP path: <em>Windows Components/Bitlocker Drive Encryption/Operating System Drives</em></li>
|
||||
<li>GP path: <em>Windows Components/BitLocker Drive Encryption/Operating System Drives</em></li>
|
||||
<li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
|
||||
</ul>
|
||||
<!--/ADMXMapped-->
|
||||
@ -444,7 +448,7 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete.
|
||||
<!--Policy-->
|
||||
<a href="" id="systemdrivesrecoverymessage"></a>**SystemDrivesRecoveryMessage**
|
||||
<!--Description-->
|
||||
This setting is a direct mapping to the Bitlocker Group Policy "Configure pre-boot recovery message and URL"
|
||||
This setting is a direct mapping to the BitLocker Group Policy "Configure pre-boot recovery message and URL"
|
||||
(PrebootRecoveryInfo_Name).
|
||||
<!--/Description-->
|
||||
<!--SupportedSKUs-->
|
||||
@ -474,7 +478,7 @@ ADMX Info:
|
||||
<ul>
|
||||
<li>GP English name: <em>Configure pre-boot recovery message and URL</em></li>
|
||||
<li>GP name: <em>PrebootRecoveryInfo_Name</em></li>
|
||||
<li>GP path: <em>Windows Components/Bitlocker Drive Encryption/Operating System Drives</em></li>
|
||||
<li>GP path: <em>Windows Components/BitLocker Drive Encryption/Operating System Drives</em></li>
|
||||
<li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
|
||||
</ul>
|
||||
<!--/ADMXMapped-->
|
||||
@ -534,7 +538,7 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete.
|
||||
<!--Policy-->
|
||||
<a href="" id="systemdrivesrecoveryoptions"></a>**SystemDrivesRecoveryOptions**
|
||||
<!--Description-->
|
||||
This setting is a direct mapping to the Bitlocker Group Policy "Choose how BitLocker-protected operating system drives can be recovered" (OSRecoveryUsage_Name).
|
||||
This setting is a direct mapping to the BitLocker Group Policy "Choose how BitLocker-protected operating system drives can be recovered" (OSRecoveryUsage_Name).
|
||||
<!--/Description-->
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
@ -563,7 +567,7 @@ ADMX Info:
|
||||
<ul>
|
||||
<li>GP English name: <em>Choose how BitLocker-protected operating system drives can be recovered</em></li>
|
||||
<li>GP name: <em>OSRecoveryUsage_Name</em></li>
|
||||
<li>GP path: <em>Windows Components/Bitlocker Drive Encryption/Operating System Drives</em></li>
|
||||
<li>GP path: <em>Windows Components/BitLocker Drive Encryption/Operating System Drives</em></li>
|
||||
<li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
|
||||
</ul>
|
||||
<!--/ADMXMapped-->
|
||||
@ -631,7 +635,7 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete.
|
||||
<!--Policy-->
|
||||
<a href="" id="fixeddrivesrecoveryoptions"></a>**FixedDrivesRecoveryOptions**
|
||||
<!--Description-->
|
||||
This setting is a direct mapping to the Bitlocker Group Policy "Choose how BitLocker-protected fixed drives can be recovered" ().
|
||||
This setting is a direct mapping to the BitLocker Group Policy "Choose how BitLocker-protected fixed drives can be recovered" ().
|
||||
<!--/Description-->
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
@ -660,7 +664,7 @@ ADMX Info:
|
||||
<ul>
|
||||
<li>GP English name: <em>Choose how BitLocker-protected fixed drives can be recovered</em></li>
|
||||
<li>GP name: <em>FDVRecoveryUsage_Name</em></li>
|
||||
<li>GP path: <em>Windows Components/Bitlocker Drive Encryption/Fixed Drives</em></li>
|
||||
<li>GP path: <em>Windows Components/BitLocker Drive Encryption/Fixed Drives</em></li>
|
||||
<li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
|
||||
</ul>
|
||||
<!--/ADMXMapped-->
|
||||
@ -737,7 +741,7 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete.
|
||||
<!--Policy-->
|
||||
<a href="" id="fixeddrivesrequireencryption"></a>**FixedDrivesRequireEncryption**
|
||||
<!--Description-->
|
||||
This setting is a direct mapping to the Bitlocker Group Policy "Deny write access to fixed drives not protected by BitLocker" (FDVDenyWriteAccess_Name).
|
||||
This setting is a direct mapping to the BitLocker Group Policy "Deny write access to fixed drives not protected by BitLocker" (FDVDenyWriteAccess_Name).
|
||||
<!--/Description-->
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
@ -766,7 +770,7 @@ ADMX Info:
|
||||
<ul>
|
||||
<li>GP English name: <em>Deny write access to fixed drives not protected by BitLocker</em></li>
|
||||
<li>GP name: <em>FDVDenyWriteAccess_Name</em></li>
|
||||
<li>GP path: <em>Windows Components/Bitlocker Drive Encryption/Fixed Drives</em></li>
|
||||
<li>GP path: <em>Windows Components/BitLocker Drive Encryption/Fixed Drives</em></li>
|
||||
<li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
|
||||
</ul>
|
||||
<!--/ADMXMapped-->
|
||||
@ -806,7 +810,7 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete.
|
||||
<!--Policy-->
|
||||
<a href="" id="removabledrivesrequireencryption"></a>**RemovableDrivesRequireEncryption**
|
||||
<!--Description-->
|
||||
This setting is a direct mapping to the Bitlocker Group Policy "Deny write access to removable drives not protected by BitLocker" (RDVDenyWriteAccess_Name).
|
||||
This setting is a direct mapping to the BitLocker Group Policy "Deny write access to removable drives not protected by BitLocker" (RDVDenyWriteAccess_Name).
|
||||
<!--/Description-->
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
@ -835,7 +839,7 @@ ADMX Info:
|
||||
<ul>
|
||||
<li>GP English name: <em>Deny write access to removable drives not protected by BitLocker</em></li>
|
||||
<li>GP name: <em>RDVDenyWriteAccess_Name</em></li>
|
||||
<li>GP path: <em>Windows Components/Bitlocker Drive Encryption/Removeable Drives</em></li>
|
||||
<li>GP path: <em>Windows Components/BitLocker Drive Encryption/Removeable Drives</em></li>
|
||||
<li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
|
||||
</ul>
|
||||
<!--/ADMXMapped-->
|
||||
|
||||
@ -25,6 +25,10 @@ eUICCs
|
||||
--------IsActive
|
||||
--------PPR1Allowed
|
||||
--------PPR1AlreadySet
|
||||
--------DownloadServers
|
||||
------------ServerName
|
||||
----------------DiscoveryState
|
||||
----------------AutoEnable
|
||||
--------Profiles
|
||||
------------ICCID
|
||||
----------------ServerName
|
||||
|
||||
@ -103,9 +103,9 @@ For Microsoft customers that do not have EA or MPSA, you can obtain Windows 10 E
|
||||
|
||||
If devices are running Windows 7 or Windows 8.1, see [New Windows 10 upgrade benefits for Windows Cloud Subscriptions in CSP](https://www.microsoft.com/en-us/microsoft-365/blog/2017/01/19/new-windows-10-upgrade-benefits-windows-cloud-subscriptions-csp/)
|
||||
|
||||
#### Multi-factor authentication
|
||||
#### Multifactor authentication
|
||||
|
||||
An issue has been identified with Hybrid Azure AD joined devices that have enabled [multi-factor authentication](/azure/active-directory/authentication/howto-mfa-getstarted) (MFA). If a user signs into a device using their Active Directory account and MFA is enabled, the device will not successfully upgrade to their Windows Enterprise subscription.
|
||||
An issue has been identified with Hybrid Azure AD joined devices that have enabled [multifactor authentication](/azure/active-directory/authentication/howto-mfa-getstarted) (MFA). If a user signs into a device using their Active Directory account and MFA is enabled, the device will not successfully upgrade to their Windows Enterprise subscription.
|
||||
|
||||
To resolve this issue:
|
||||
|
||||
@ -226,7 +226,8 @@ When you have the required Azure AD subscription, group-based licensing is the p
|
||||
|
||||
If you are running Windows 10, version 1803 or later, Subscription Activation will automatically pull the firmware-embedded Windows 10 activation key and activate the underlying Pro License. The license will then step-up to Windows 10 Enterprise using Subscription Activation. This automatically migrates your devices from KMS or MAK activated Enterprise to Subscription activated Enterprise.
|
||||
|
||||
Caution: Firmware-embedded Windows 10 activation happens automatically only when we go through OOBE(Out Of Box Experience)
|
||||
> [!CAUTION]
|
||||
> Firmware-embedded Windows 10 activation happens automatically only when we go through OOBE (Out Of Box Experience).
|
||||
|
||||
If you are using Windows 10, version 1607, 1703, or 1709 and have already deployed Windows 10 Enterprise, but you want to move away from depending on KMS servers and MAK keys for Windows client machines, you can seamlessly transition as long as the computer has been activated with a firmware-embedded Windows 10 Pro product key.
|
||||
|
||||
|
||||
@ -38,7 +38,9 @@ To install or upgrade to Windows 11, devices must meet the following minimum har
|
||||
- Internet connection: Internet connectivity is necessary to perform updates, and to download and use some features.
|
||||
- Windows 11 Home edition requires an Internet connection and a Microsoft Account to complete device setup on first use.
|
||||
|
||||
\* There might be additional requirements over time for updates, and to enable specific features within the operating system. For more information, see [Keeping Windows 11 up-to-date](https://www.microsoft.com/windows/windows-11-specifications). Also see [Update on Windows 11 minimum system requirements](https://blogs.windows.com/windows-insider/2021/06/28/update-on-windows-11-minimum-system-requirements/).
|
||||
\* There might be additional requirements over time for updates, and to enable specific features within the operating system. For more information, see [Windows 11 specifications](https://www.microsoft.com/windows/windows-11-specifications).
|
||||
|
||||
Also see [Update on Windows 11 minimum system requirements](https://blogs.windows.com/windows-insider/2021/06/28/update-on-windows-11-minimum-system-requirements/).
|
||||
|
||||
For information about tools to evaluate readiness, see [Determine eligibility](windows-11-plan.md#determine-eligibility).
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user