deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' into 4913040-nimishasatapathy-languagepackmanagement

Browse Source
This commit is contained in:
Daniel Simpson 2021-06-25 09:21:30 -07:00 committed by GitHub
commit 2b98ac0de1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
22 changed files with 634 additions and 186 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.openpublishing.publish.config.json
View File

@ -130,9 +130,9 @@
"template_folder": "_themes"
},
{
"docset_name": "SV",
"docset_name": "sv",
"build_source_folder": "windows/sv",
"build_output_subfolder": "SV",
"build_output_subfolder": "sv",
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],

7
.openpublishing.redirection.json
View File

@ -18919,6 +18919,11 @@
"source_path": "windows/security/threat-protection/device-control/device-control-report.md",
"redirect_url": "/microsoft-365/security/defender-endpoint/device-control-report",
"redirect_document_id": false
}
},
{
"source_path": "windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md",
"redirect_url": "/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows",
"redirect_document_id": false
}
]
}

2
windows/application-management/index.yml
View File

@ -5,7 +5,7 @@ summary: Learn about managing applications in Windows client, including how to r
metadata:
title: Windows application management # Required; page title displayed in search results. Include the brand. < 60 chars.
description: Learn about managing applications in Windows 10. # Required; article description that is displayed in search results. < 160 chars.
description: Learn about managing applications in Windows 10 and Windows 11. # Required; article description that is displayed in search results. < 160 chars.
services: windows-10
ms.service: windows-10 #Required; service per approved list. service slug assigned to your service by ACOM.
ms.subservice: subservice

73
windows/client-management/mdm/defender-csp.md
View File

@ -10,7 +10,7 @@ ms.prod: w10
ms.technology: windows
author: dansimp
ms.localizationpriority: medium
ms.date: 06/02/2021
ms.date: 06/23/2021
---
# Defender CSP
@ -59,6 +59,9 @@ Defender
--------TamperProtection (Added in Windows 10, version 1903)
--------EnableFileHashComputation (Added in Windows 10, version 1903)
--------SupportLogLocation (Added in the next major release of Windows 10)
--------PlatformUpdatesChannel (Added with the 4.18.2106.5 Defender platform release)
--------EngineUpdatesChannel (Added with the 4.18.2106.5 Defender platform release)
--------SignaturesUpdatesChannel (Added with the 4.18.2106.5 Defender platform release)
----Scan
----UpdateSignature
----OfflineScan (Added in Windows 10 version 1803)
@ -518,9 +521,75 @@ When enabled or disabled exists on the client and admin moves the setting to not
More details:
- [Microsoft Defender AV diagnostic data](/microsoft-365/security/defender-endpoint/collect-diagnostic-data)
- [Microsoft Defender Antivirus diagnostic data](/microsoft-365/security/defender-endpoint/collect-diagnostic-data)
- [Collect investigation package from devices](/microsoft-365/security/defender-endpoint/respond-machine-alerts#collect-investigation-package-from-devices)
<a href="" id="configuration-supportloglocation"></a>**Configuration/PlatformUpdatesChannel**
Enable this policy to specify when devices receive Microsoft Defender platform updates during the monthly gradual rollout.
Beta Channel: Devices set to this channel will be the first to receive new updates. Select Beta Channel to participate in identifying and reporting issues to Microsoft. Devices in the Windows Insider Program are subscribed to this channel by default. For use in (manual) test environments only and a limited number of devices.
Current Channel (Preview): Devices set to this channel will be offered updates earliest during the monthly gradual release cycle. Suggested for pre-production/validation environments.
Current Channel (Staged): Devices will be offered updates after the monthly gradual release cycle. Suggested to apply to a small, representative part of your production population (~10%).
Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%).
If you disable or do not configure this policy, the device will stay up to date automatically during the gradual release cycle. Suitable for most devices.
The data type is integer.
Supported operations are Add, Delete, Get, Replace.
Valid values are:
- 0: Not configured (Default)
- 1: Beta Channel - Prerelease
- 2: Current Channel (Preview)
- 3: Current Channel (Staged)
- 4: Current Channel (Broad)
<a href="" id="configuration-supportloglocation"></a>**Configuration/EngineUpdatesChannel**
Enable this policy to specify when devices receive Microsoft Defender engine updates during the monthly gradual rollout.
Beta Channel: Devices set to this channel will be the first to receive new updates. Select Beta Channel to participate in identifying and reporting issues to Microsoft. Devices in the Windows Insider Program are subscribed to this channel by default. For use in (manual) test environments only and a limited number of devices.
Current Channel (Preview): Devices set to this channel will be offered updates earliest during the monthly gradual release cycle. Suggested for pre-production/validation environments.
Current Channel (Staged): Devices will be offered updates after the monthly gradual release cycle. Suggested to apply to a small, representative part of your production population (~10%).
Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%).
If you disable or do not configure this policy, the device will stay up to date automatically during the gradual release cycle. Suitable for most devices.
The data type is integer.
Supported operations are Add, Delete, Get, Replace.
Valid values are:
- 0 - Not configured (Default)
- 1 - Beta Channel - Prerelease
- 2 - Current Channel (Preview)
- 3 - Current Channel (Staged)
- 4 - Current Channel (Broad)
<a href="" id="configuration-supportloglocation"></a>**Configuration/SignaturesUpdatesChannel**
Enable this policy to specify when devices receive daily Microsoft Defender definition updates during the daily gradual rollout.
Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%).
If you disable or do not configure this policy, the device will stay up to date automatically during the daily release cycle. Suitable for most devices.
The data type is integer.
Supported operations are Add, Delete, Get, Replace.
Valid Values are:
- 0: Not configured (Default)
- 3: Current Channel (Staged)
- 4: Current Channel (Broad)
<a href="" id="scan"></a>**Scan**
Node that can be used to start a Windows Defender scan on a device.

18
windows/deployment/TOC.yml
View File

@ -1,11 +1,11 @@
- name: Deploy and update Windows 10
- name: Deploy and update Windows client
href: index.yml
items:
- name: Get started
items:
- name: What's new
href: deploy-whats-new.md
- name: Windows 10 deployment scenarios
- name: Windows client deployment scenarios
href: windows-10-deployment-scenarios.md
- name: What is Windows as a service?
href: update/waas-quick-start.md
@ -33,6 +33,8 @@
- name: Plan
items:
- name: Plan for Windows 11
href: /windows/whats-new/windows-11-plan
- name: Create a deployment plan
href: update/create-deployment-plan.md
- name: Define readiness criteria
@ -67,6 +69,8 @@
- name: Prepare
items:
- name: Prepare for Windows 11
href: /windows/whats-new/windows-11-prepare
- name: Prepare to deploy Windows 10 updates
href: update/prepare-deploy-windows.md
- name: Evaluate and update infrastructure
@ -96,11 +100,11 @@
- name: Deploy
items:
- name: Deploy Windows 10
- name: Deploy Windows client
items:
- name: Deploy Windows 10 with Autopilot
- name: Deploy Windows client with Autopilot
href: windows-autopilot/index.yml
- name: Deploy Windows 10 with Configuration Manager
- name: Deploy Windows client with Configuration Manager
items:
- name: Deploy to a new device
href: deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md
@ -110,7 +114,7 @@
href: deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
- name: In-place upgrade
href: deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md
- name: Deploy Windows 10 with MDT
- name: Deploy Windows client with MDT
items:
- name: Deploy to a new device
href: deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
@ -263,6 +267,8 @@
items:
- name: How does Windows Update work?
href: update/how-windows-update-works.md
- name: Windows 10 upgrade paths
href: upgrade/windows-10-upgrade-paths.md
- name: Deploy Windows 10 with Microsoft 365
href: deploy-m365.md
- name: Understanding the Unified Update Platform

14
windows/deployment/deploy-whats-new.md
View File

@ -1,9 +1,9 @@
---
title: What's new in Windows 10 deployment
title: What's new in Windows client deployment
ms.reviewer:
manager: laurawi
ms.author: greglin
description: Use this article to learn about new solutions and online content related to deploying Windows 10 in your organization.
description: Use this article to learn about new solutions and online content related to deploying Windows in your organization.
keywords: deployment, automate, tools, configure, news
ms.mktglfcycl: deploy
ms.localizationpriority: medium
@ -16,19 +16,25 @@ ms.topic: article
ms.custom: seo-marvel-apr2020
---
# What's new in Windows 10 deployment
# What's new in Windows client deployment
**Applies to:**
- Windows 10
- Windows 11
## In this topic
This topic provides an overview of new solutions and online content related to deploying Windows 10 in your organization.
This topic provides an overview of new solutions and online content related to deploying Windows client in your organization.
- For an all-up overview of new features in Windows 10, see [What's new in Windows 10](/windows/whats-new/index).
## Latest news
Check out the following new articles about Windows 11:
- [Overview of Windows 11](/windows/whats-new/windows-11)
- [Plan for Windows 11](/windows/whats-new/windows-11-plan)
- [Prepare for Windows 11](/windows/whats-new/windows-11-prepare)
[SetupDiag](#setupdiag) is included with Windows 10, version 2004 and later.<br>
The [Windows ADK for Windows 10, version 2004](/windows-hardware/get-started/adk-install) is available.<br>
New capabilities are available for [Delivery Optimization](#delivery-optimization) and [Windows Update for Business](#windows-update-for-business).<br>

16
windows/deployment/index.yml
View File

@ -1,10 +1,10 @@
### YamlMime:Landing
title: Windows 10 deployment resources and documentation # < 60 chars
summary: Learn about deploying and keeping Windows 10 up to date. # < 160 chars
title: Windows client deployment resources and documentation # < 60 chars
summary: Learn about deploying and keeping Windows client devices up to date. # < 160 chars
metadata:
title: Windows 10 deployment resources and documentation # Required; page title displayed in search results. Include the brand. < 60 chars.
title: Windows client deployment resources and documentation # Required; page title displayed in search results. Include the brand. < 60 chars.
description: Learn about deploying Windows 10 and keeping it up to date in your organization. # Required; article description that is displayed in search results. < 160 chars.
services: windows-10
ms.service: windows-10 #Required; service per approved list. service slug assigned to your service by ACOM.
@ -13,7 +13,7 @@ metadata:
ms.collection: windows-10
author: greg-lindsay #Required; your GitHub user alias, with correct capitalization.
ms.author: greglin #Required; microsoft alias of author; optional team alias.
ms.date: 08/05/2020 #Required; mm/dd/yyyy format.
ms.date: 06/24/2021 #Required; mm/dd/yyyy format.
localization_priority: medium
# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
@ -40,7 +40,7 @@ landingContent:
linkLists:
- linkListType: how-to-guide
links:
- text: Prepare to deploy Windows 10 updates
- text: Prepare to deploy Windows updates
url: update/prepare-deploy-windows.md
- text: Prepare updates using Windows Update for Business
url: update/waas-manage-updates-wufb.md
@ -65,8 +65,10 @@ landingContent:
- linkListType: overview
links:
- text: What's new in Windows deployment
url: windows-10-deployment-scenarios.md
- text: Windows 10 deployment scenarios
url: deploy-whats-new.md
- text: Windows 11 overview
url: /windows/whats-new/windows-11.md
- text: Windows client deployment scenarios
url: windows-10-deployment-scenarios.md
- text: Basics of Windows updates, channels, and tools
url: update/get-started-updates-channels-tools.md

9
windows/hub/TOC.yml
View File

@ -1,8 +1,13 @@
- name: Windows 10
- name: Windows
href: index.yml
items:
- name: What's new
href: /windows/whats-new
expanded: true
items:
- name: What's new in Windows
href: /windows/whats-new
- name: Windows 11
href: /windows/whats-new/windows-11
- name: Release information
href: /windows/release-health
- name: Deployment

40
windows/hub/index.yml
View File

@ -1,11 +1,11 @@
### YamlMime:Landing
title: Windows 10 resources and documentation for IT Pros # < 60 chars
summary: Plan, deploy, secure, and manage devices running Windows 10. # < 160 chars
title: Windows client resources and documentation for IT Pros # < 60 chars
summary: Plan, deploy, secure, and manage devices running Windows 10 and Windows 11. # < 160 chars
metadata:
title: Windows 10 documentation for IT Pros # Required; page title displayed in search results. Include the brand. < 60 chars.
description: Evaluate, plan, deploy, secure and manage devices running Windows 10. # Required; article description that is displayed in search results. < 160 chars.
title: Windows client documentation for IT Pros # Required; page title displayed in search results. Include the brand. < 60 chars.
description: Evaluate, plan, deploy, secure, and manage devices running Windows 10 and Windows 11. # Required; article description that is displayed in search results. < 160 chars.
services: windows-10
ms.service: windows-10 #Required; service per approved list. service slug assigned to your service by ACOM.
ms.subservice: subservice
@ -13,7 +13,7 @@ metadata:
ms.collection: windows-10
author: greg-lindsay #Required; your GitHub user alias, with correct capitalization.
ms.author: greglin #Required; microsoft alias of author; optional team alias.
ms.date: 10/20/2020 #Required; mm/dd/yyyy format.
ms.date: 06/01/2020 #Required; mm/dd/yyyy format.
localization_priority: medium
# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
@ -26,13 +26,17 @@ landingContent:
linkLists:
- linkListType: overview
links:
- text: Windows 11 overview
url: /windows/whats-new/windows-11
- text: Windows 11 requirements
url: /windows/whats-new/windows-11-requirements
- text: Plan for Windows 11
url: /windows/whats-new/windows-11-plan
- text: Prepare for Windows 11
url: /windows/whats-new/windows-11-prepare
- text: What's new in Windows 10, version 21H1
url: /windows/whats-new/whats-new-windows-10-version-21H1
- text: What's new in Windows 10, version 20H2
url: /windows/whats-new/whats-new-windows-10-version-20H2
- text: What's new in Windows 10, version 2004
url: /windows/whats-new/whats-new-windows-10-version-2004
- text: Windows 10 release information
- text: Windows release information
url: /windows/release-health/release-information
# Card (optional)
@ -40,7 +44,7 @@ landingContent:
linkLists:
- linkListType: how-to-guide
links:
- text: Configure Windows 10
- text: Configure Windows
url: /windows/configuration/index
- text: Accessibility information for IT Pros
url: /windows/configuration/windows-10-accessibility-for-itpros
@ -54,13 +58,13 @@ landingContent:
linkLists:
- linkListType: deploy
links:
- text: Deploy and update Windows 10
- text: Deploy and update Windows
url: /windows/deployment/index
- text: Windows 10 deployment scenarios
- text: Windows deployment scenarios
url: /windows/deployment/windows-10-deployment-scenarios
- text: Create a deployment plan
url: /windows/deployment/update/create-deployment-plan
- text: Prepare to deploy Windows 10
- text: Prepare to deploy Windows client
url: /windows/deployment/update/prepare-deploy-windows
@ -69,7 +73,7 @@ landingContent:
linkLists:
- linkListType: how-to-guide
links:
- text: Windows 10 application management
- text: Windows application management
url: /windows/application-management/index
- text: Understand the different apps included in Windows 10
url: /windows/application-management/apps-in-windows-10
@ -83,9 +87,9 @@ landingContent:
linkLists:
- linkListType: how-to-guide
links:
- text: Windows 10 client management
- text: Windows client management
url: /windows/client-management/index
- text: Administrative tools in Windows 10
- text: Administrative tools
url: /windows/client-management/administrative-tools-in-windows-10
- text: Create mandatory user profiles
url: /windows/client-management/mandatory-user-profile
@ -97,7 +101,7 @@ landingContent:
linkLists:
- linkListType: how-to-guide
links:
- text: Windows 10 Enterprise Security
- text: Windows Enterprise Security
url: /windows/security/index
- text: Windows Privacy
url: /windows/privacy/index

6
windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md
View File

@ -16,7 +16,7 @@ localizationpriority: medium
ms.date: 06/23/2021
ms.reviewer:
---
# Azure AD Joined Cloud Only Deployment
# Azure Active Directory join cloud only deployment
## Introduction
@ -59,9 +59,9 @@ However, not everyone uses Intune. The following method explains how to disable
1. Sign into the [Microsoft Endpoint Manager](https://endpoint.microsoft.com/) admin center.
2. Go to **Devices** > **Enrollment** > **Enroll devices** > **Windows enrollment** > **Windows Hello for Business**. The Windows Hello for Business pane opens.
3. Select from the following options for **Configure Windows Hello for Business**:
3. If you don't want to enable Windows Hello for Business during device enrollment, select **Disabled** for **Configure Windows Hello for Business**.
1. **Disabled**: If you don't want to enable Windows Hello for Business during device enrollment, select this option. When disabled, users cannot provision Windows Hello for Business. When set to Disabled, you can still configure the subsequent settings for Windows Hello for Business even though this policy won't enable Windows Hello for Business.
When disabled, users cannot provision Windows Hello for Business. When set to Disabled, you can still configure the subsequent settings for Windows Hello for Business even though this policy won't enable Windows Hello for Business.
> [!NOTE]
> This policy is only applied during new device enrollments. For currently enrolled devices, you can [set the same settings in a device configuration policy](hello-manage-in-organization.md).

88
windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md
View File

@ -1,88 +0,0 @@
---
title: How Windows Defender System Guard protect Windows 10 from firmware exploits
description: Windows Defender System Guard in Windows 10 uses a hardware-based root of trust to securely protect systems against firmware exploits.
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
ms.reviewer:
manager: dansimp
ms.author: deniseb
author: denisebmsft
search.appverid: met150
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
ms.date: 03/01/2019
ms.custom: asr
ms.technology: mde
---
# Windows Defender System Guard: How a hardware-based root of trust helps protect Windows 10
In order to protect critical resources such as the Windows authentication stack, single sign-on tokens, the Windows Hello biometric stack, and the Virtual Trusted Platform Module, a system's firmware and hardware must be trustworthy.
Windows Defender System Guard reorganizes the existing Windows 10 system integrity features under one roof and sets up the next set of investments in Windows security. It's designed to make these security guarantees:
- Protect and maintain the integrity of the system as it starts up
- Validate that system integrity has truly been maintained through local and remote attestation
## Maintaining the integrity of the system as it starts
### Static Root of Trust for Measurement (SRTM)
With Windows 7, one of the means attackers would use to persist and evade detection was to install what is often referred to as a bootkit or rootkit on the system.
This malicious software would start before Windows started, or during the boot process itself, enabling it to start with the highest level of privilege.
With Windows 10 running on modern hardware (that is, Windows 8-certified or greater) a hardware-based root of trust helps ensure that no unauthorized firmware or software (such as a bootkit) can start before the Windows bootloader.
This hardware-based root of trust comes from the devices Secure Boot feature, which is part of the Unified Extensible Firmware Interface (UEFI).
This technique of measuring the static early boot UEFI components is called the Static Root of Trust for Measurement (SRTM).
As there are thousands of PC vendors that produce numerous models with different UEFI BIOS versions, there becomes an incredibly large number of SRTM measurements upon bootup.
Two techniques exist to establish trust here—either maintain a list of known 'bad' SRTM measurements (also known as a block list), or a list of known 'good' SRTM measurements (also known as an allow list).
Each option has a drawback:
- A list of known 'bad' SRTM measurements allows a hacker to change just 1 bit in a component to create an entirely new SRTM hash that needs to be listed. This means that the SRTM flow is inherently brittle - a minor change can invalidate the entire chain of trust.
- A list of known 'good' SRTM measurements requires each new BIOS/PC combination measurement to be carefully added, which is slow.
In addition, a bug fix for UEFI code can take a long time to design, build, retest, validate, and redeploy.
### Secure Launch—the Dynamic Root of Trust for Measurement (DRTM)
Windows Defender System Guard Secure Launch, first introduced in Windows 10 version 1809, aims to alleviate these issues by leveraging a technology known as the Dynamic Root of Trust for Measurement (DRTM).
DRTM lets the system freely boot into untrusted code initially, but shortly after launches the system into a trusted state by taking control of all CPUs and forcing them down a well-known and measured code path.
This has the benefit of allowing untrusted early UEFI code to boot the system, but then being able to securely transition into a trusted and measured state.
![System Guard Secure Launch](images/system-guard-secure-launch.png)
Secure Launch simplifies management of SRTM measurements because the launch code is now unrelated to a specific hardware configuration. This means the number of valid code measurements is small, and future updates can be deployed more widely and quickly.
### System Management Mode (SMM) protection
System Management Mode (SMM) is a special-purpose CPU mode in x86 microcontrollers that handles power management, hardware configuration, thermal monitoring, and anything else the manufacturer deems useful.
Whenever one of these system operations is requested, a non-maskable interrupt (SMI) is invoked at runtime, which executes SMM code installed by the BIOS.
SMM code executes in the highest privilege level and is invisible to the OS, which makes it an attractive target for malicious activity. Even if System Guard Secure Launch is used to late launch, SMM code can potentially access hypervisor memory and change the hypervisor.
To defend against this, two techniques are used:
1. Paging protection to prevent inappropriate access to code and data
2. SMM hardware supervision and attestation
Paging protection can be implemented to lock certain code tables to be read-only to prevent tampering.
This prevents access to any memory that has not been specifically assigned.
A hardware-enforced processor feature known as a supervisor SMI handler can monitor the SMM and make sure it does not access any part of the address space that it is not supposed to.
SMM protection is built on top of the Secure Launch technology and requires it to function.
In the future, Windows 10 will also measure this SMI Handlers behavior and attest that no OS-owned memory has been tampered with.
## Validating platform integrity after Windows is running (run time)
While Windows Defender System Guard provides advanced protection that will help protect and maintain the integrity of the platform during boot and at run time, the reality is that we must apply an "assume breach" mentality to even our most sophisticated security technologies. We should be able to trust that the technologies are successfully doing their jobs, but we also need the ability to verify that they were successful in achieving their goals. When it comes to platform integrity, we cant just trust the platform, which potentially could be compromised, to self-attest to its security state. So Windows Defender System Guard includes a series of technologies that enable remote analysis of the devices integrity.
As Windows 10 boots, a series of integrity measurements are taken by Windows Defender System Guard using the devices Trusted Platform Module 2.0 (TPM 2.0). System Guard Secure Launch will not support earlier TPM versions, such as TPM 1.2. This process and data are hardware-isolated away from Windows to help ensure that the measurement data is not subject to the type of tampering that could happen if the platform was compromised. From here, the measurements can be used to determine the integrity of the devices firmware, hardware configuration state, and Windows boot-related components, just to name a few.
![Boot time integrity](images/windows-defender-system-guard-boot-time-integrity.png)
After the system boots, Windows Defender System Guard signs and seals these measurements using the TPM. Upon request, a management system like Intune or Microsoft Endpoint Manager can acquire them for remote analysis. If Windows Defender System Guard indicates that the device lacks integrity, the management system can take a series of actions, such as denying the device access to resources.

5
windows/sv/TOC.yml
View File

@ -1,2 +1,5 @@
- name: Index
href: index.md
href: index.md

2
windows/sv/breadcrumb/toc.yml
View File

@ -1,3 +1,3 @@
- name: Docs
tocHref: /
topicHref: /
topicHref: /

4
windows/sv/docfx.json
View File

@ -39,13 +39,13 @@
"overwrite": [],
"externalReference": [],
"globalMetadata": {
"breadcrumb_path": "/windows/sv/breadcrumb/toc.json",
"breadcrumb_path": "/windows/windows-11/breadcrumb/toc.json",
"extendBreadcrumb": true,
"feedback_system": "None"
},
"fileMetadata": {},
"template": [],
"dest": "SV",
"dest": "windows-11",
"markdownEngineName": "markdig"
}
}

15
windows/sv/index.md
View File

@ -1,16 +1,11 @@
---
title: No title
description: No description
keywords: ["Windows 10"]
title: SV
description: SV
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
audience: itpro
manager: laurawi
ms.topic: article
author: greg-lindsay
ms.author: greglin
manager: laurawi
ms.localizationpriority: high
ms.topic: article
---
# _
# .

40
windows/whats-new/TOC.yml
View File

@ -1,19 +1,33 @@
- name: What's new in Windows 10
- name: What's new in Windows
href: index.yml
- name: What's new in Windows 10, version 21H1
href: whats-new-windows-10-version-21H1.md
- name: What's new in Windows 10, version 20H2
href: whats-new-windows-10-version-20H2.md
- name: What's new in Windows 10, version 2004
href: whats-new-windows-10-version-2004.md
- name: What's new in Windows 10, version 1909
href: whats-new-windows-10-version-1909.md
- name: What's new in Windows 10, version 1903
href: whats-new-windows-10-version-1903.md
- name: What's new in Windows 10, version 1809
href: whats-new-windows-10-version-1809.md
- name: Windows 11
expanded: true
items:
- name: Windows 11 overview
href: windows-11.md
- name: Windows 11 requirements
href: windows-11-requirements.md
- name: Plan for Windows 11
href: windows-11-plan.md
- name: Prepare for Windows 11
href: windows-11-prepare.md
- name: Windows 10
expanded: true
items:
- name: What's new in Windows 10, version 21H1
href: whats-new-windows-10-version-21H1.md
- name: What's new in Windows 10, version 20H2
href: whats-new-windows-10-version-20H2.md
- name: What's new in Windows 10, version 2004
href: whats-new-windows-10-version-2004.md
- name: What's new in Windows 10, version 1909
href: whats-new-windows-10-version-1909.md
- name: What's new in Windows 10, version 1903
href: whats-new-windows-10-version-1903.md
- name: Previous versions
items:
- name: What's new in Windows 10, version 1809
href: whats-new-windows-10-version-1809.md
- name: What's new in Windows 10, version 1803
href: whats-new-windows-10-version-1803.md
- name: What's new in Windows 10, version 1709

11
windows/whats-new/docfx.json
View File

@ -3,8 +3,8 @@
"content": [
{
"files": [
"**/*.md",
"**/*.yml"
"**/**/*.md",
"**/**/*.yml"
],
"exclude": [
"**/obj/**",
@ -19,9 +19,9 @@
"resource": [
{
"files": [
"**/*.png",
"**/*.jpg",
"**/*.gif"
"**/**/*.png",
"**/**/*.jpg",
"**/**/*.gif"
],
"exclude": [
"**/obj/**",
@ -34,7 +34,6 @@
"globalMetadata": {
"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
"uhfHeaderId": "MSDocsHeader-M365-IT",
"ms.technology": "windows",
"ms.topic": "article",
"audience": "ITPro",
"feedback_system": "GitHub",

42
windows/whats-new/index.yml
View File

@ -1,11 +1,11 @@
### YamlMime:Landing
title: What's new in Windows 10 # < 60 chars
summary: Find out about new features and capabilities in the latest release of Windows 10. # < 160 chars
title: What's new in Windows # < 60 chars
summary: Find out about new features and capabilities in the latest release of Windows 10 and Windows 11. # < 160 chars
metadata:
title: What's new in Windows 10 # Required; page title displayed in search results. Include the brand. < 60 chars.
description: Find out about new features and capabilities in the latest release of Windows 10. # Required; article description that is displayed in search results. < 160 chars.
title: What's new in Windows # Required; page title displayed in search results. Include the brand. < 60 chars.
description: Find out about new features and capabilities in the latest release of Windows 10 and Windows 11. # Required; article description that is displayed in search results. < 160 chars.
services: windows-10
ms.service: windows-10 #Required; service per approved list. service slug assigned to your service by ACOM.
ms.subservice: subservice
@ -13,7 +13,7 @@ metadata:
ms.collection: windows-10
author: greg-lindsay #Required; your GitHub user alias, with correct capitalization.
ms.author: greglin #Required; microsoft alias of author; optional team alias.
ms.date: 02/09/2021 #Required; mm/dd/yyyy format.
ms.date: 06/24/2021 #Required; mm/dd/yyyy format.
localization_priority: medium
# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
@ -22,7 +22,21 @@ landingContent:
# Cards and links should be based on top customer tasks or top subjects
# Start card title with a verb
# Card (optional)
- title: What's new in Windows 10
- title: Windows 11
linkLists:
- linkListType: overview
links:
- text: Windows 11 overview
url: windows-11.md
- text: Windows 11 requirements
url: windows-11-requirements.md
- text: Plan for Windows 11
url: windows-11-plan.md
- text: Prepare for Windows 11
url: windows-11-prepare.md
- title: Windows 10
linkLists:
- linkListType: overview
links:
@ -36,8 +50,6 @@ landingContent:
url: whats-new-windows-10-version-1909.md
- text: What's new in Windows 10, version 1903
url: whats-new-windows-10-version-1903.md
- text: What's new in Windows 10, version 1809
url: whats-new-windows-10-version-1809.md
# Card (optional)
@ -45,11 +57,11 @@ landingContent:
linkLists:
- linkListType: overview
links:
- text: Windows 10 release information
- text: Windows release information
url: /windows/release-health/release-information
- text: Windows 10 release health dashboard
- text: Windows release health dashboard
url: /windows/release-information/
- text: Windows 10 update history
- text: Windows update history
url: https://support.microsoft.com/topic/windows-10-update-history-7dd3071a-3906-fa2c-c342-f7f86728a6e3
- text: Windows 10 features were no longer developing
url: /windows/deployment/planning/windows-10-deprecated-features
@ -57,13 +69,5 @@ landingContent:
url: /windows/deployment/planning/windows-10-removed-features
- text: Compare Windows 10 Editions
url: https://go.microsoft.com/fwlink/p/?LinkId=690485
# Card (optional)
- title: See also
linkLists:
- linkListType: overview
links:
- text: Windows 10 Enterprise LTSC
url: ltsc/index.md
- text: Edit an existing topic using the Edit link
url: contribute-to-a-topic.md

122
windows/whats-new/windows-11-plan.md Normal file
View File

@ -0,0 +1,122 @@
---
title: Plan for Windows 11
description: Windows 11 deployment planning, IT Pro content.
keywords: ["get started", "windows 11", "plan"]
ms.prod: w11
ms.mktglfcycl: deploy
ms.sitesec: library
author: greg-lindsay
ms.author: greglin
ms.date: 06/24/2021
ms.reviewer:
manager: laurawi
ms.localizationpriority: high
ms.topic: article
---
# Plan for Windows 11
**Applies to**
- Windows 11
## Deployment planning
This article provides guidance to help you plan for Windows 11 in your organization.
Since Windows 11 is built on the same foundation as Windows 10, you can use the same deployment capabilities, scenarios, and tools—as well as the same basic deployment strategy that you use today for Windows 10. You will need to review and update your servicing strategy to adjust for changes in [Servicing and support](#servicing-and-support) for Windows 11.
At a high level, this strategy should include the following steps:
- [Create a deployment plan](/windows/deployment/update/create-deployment-plan)
- [Define readiness criteria](/windows/deployment/update/plan-define-readiness)
- [Evaluate infrastructure and tools](/windows/deployment/update/eval-infra-tools)
- [Determine application readiness](/windows/deployment/update/plan-determine-app-readiness)
- [Define your servicing strategy](/windows/deployment/update/plan-define-strategy)
If you are looking for ways to optimize your approach to deploying Windows 11, or if deploying a new version of an operating system is not a familiar process for you, some items to consider are provided below.
## Determine eligibility
As a first step, you will need to know which of your current devices meet the Windows 11 hardware requirements. Most devices purchased in the last 18-24 months will be compatible with Windows 11. Verify that your device meets or exceeds [Windows 11 requirements](windows-11-requirements.md) to ensure it is compatible.
Microsoft is currently developing analysis tools to help you evaluate your devices against the Windows 11 hardware requirements. When Windows 11 reaches general availability, end-users running Windows 10 Home, Pro, and Pro for Workstations will be able to use the **PC Health Check** app to determine their eligibility for Windows 11. end-users running Windows 10 Enterprise and Education editions should rely on their IT administrators to let them know when they are eligible for the upgrade.
Enterprise organizations looking to evaluate device readiness in their environments can expect this capability to be integrated into existing Microsoft tools, such as Endpoint analytics and Update Compliance. This capability will be available when Windows 11 is generally available. Microsoft is also working with software publishing partners to facilitate adding Windows 11 device support into their solutions.
## Windows 11 availability
The availability of Windows 11 will vary according to a device's hardware and whether the device receives updates directly, or from a management solution that is maintained by an IT administrator.
##### Managed devices
Managed devices are devices that are under organization control. Managed devices include those managed by Microsoft Intune, Microsoft Endpoint Configuration Manager, or other endpoint management solutions.
If you manage devices on behalf of your organization, you will be able to upgrade eligible devices to Windows 11 using your existing deployment and management tools at no cost when the upgrade reaches general availability. Organizations that use Windows Update for Business will have added benefits, such as:
- Ensuring that devices that don't meet the minimum hardware requirements are not automatically offered the Windows 11 upgrade.
- Additional insight into safeguard holds. While safeguard holds will function for Windows 11 devices just as they do for Windows 10 today, administrators using Windows Update for Business will have access to information on which safeguard holds are preventing individual devices from taking the upgrade to Windows 11.
> [!NOTE]
> If you use Windows Update for Business to manage feature update deployments today, you will need to leverage the **Target Version** policy rather than **Feature Update deferrals** to move from Windows 10 to Windows 11. Deferrals are great for quality updates or to move to newer version of the same product (from example, from Windows 10, version 20H2 to 21H1), but they cannot migrate a device between products (from Windows 10 to Windows 11). <br>
> Also, Windows 11 has a new End User License Agreement. If you are deploying with Windows Update for Business **Target Version** or with Windows Server Update Services, you are accepting this new End User License Agreement on behalf of the end-users within your organization.
##### Unmanaged devices
Unmanaged devices are devices that are not managed by an IT administrator on behalf of an organization. For operating system (OS) deployment, these devices are not subject to organizational policies that manage upgrades or updates.
Windows 11 will be offered to eligible Windows 10 devices beginning later in the 2021 calendar year. Messaging on new devices will vary by PC manufacturer, but users will see labels such as **This PC will upgrade to Windows 11 once available** on products that are available for purchase.
The Windows 11 upgrade will be available initially on eligible, unmanaged devices to users who manually seek the upgrade through Windows Update. As with all Windows Update managed devices, the **Windows Update Settings** page will confirm when a device is eligible, and users can upgrade if they choose to.
Just like Windows 10, the machine learning based [intelligent rollout](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/using-machine-learning-to-improve-the-windows-10-update/ba-p/877860) process will be used when rolling out upgrades. Machine learning uses a combination of testing, close partner engagement, feedback, diagnostic data, and real-life insights to manage quality. This process improves the update experience, and ensures that devices first nominated for updates are the devices likely to have a seamless experience. Devices that might have compatibility issues with the upgrade get the benefit of resolving these issues before the upgrade is offered.
## Windows 11 readiness considerations
The recommended method to determine if your infrastructure, deployment processes, and management tools are ready for Windows 11 is to join the [Windows Insider Program for Business](https://insider.windows.com/for-business). As a participant in the [Release Preview Channel](/windows-insider/business/validate-Release-Preview-Channel), you can validate that your devices and applications work as expected, and explore new features.
As you plan your endpoint management strategy for Windows 11, consider moving to cloud-based mobile device management (MDM), such as [Microsoft Intune](/mem/intune/fundamentals/what-is-intune). If a cloud-only approach isn't right for your organization just yet, you can still modernize and streamline essential pieces of your endpoint management strategy as follows:
- Create a [cloud management gateway](/mem/configmgr/core/clients/manage/cmg/overview) (CMG) to manage Configuration Manager clients over the internet.
- Attach your existing Configuration Management estate to the cloud with [tenant attach](/mem/configmgr/tenant-attach/device-sync-actions) so you can manage all devices from within the Microsoft Endpoint Manager admin center.
- Use [co-management](/mem/configmgr/comanage/overview) to concurrently manage devices using both Configuration Manager and Microsoft Intune. This allows you to take advantage of cloud-powered capabilities like [Conditional Access](/azure/active-directory/conditional-access/overview).
For more information on the benefits of these approaches, see [Cloud Attach Your Future: The Big 3](https://techcommunity.microsoft.com/t5/configuration-manager-blog/cloud-attach-your-future-part-ii-quot-the-big-3-quot/ba-p/1750664).
The introduction of Windows 11 is also a good time to review your hardware refresh plans and prioritize eligible devices to ensure an optimal experience for your users.
## Servicing and support
Along with end-user experience and security improvements, Windows 11 introduces enhancements to Microsoft's servicing approach based on your suggestions and feedback.
**Quality updates**: Windows 11 and Windows 10 devices will receive regular monthly quality updates to provide security updates and bug fixes.
**Feature updates**: Microsoft will provide a single Windows 11 feature update annually, targeted for release in the second half of each calendar year.
**Lifecycle**:
- Home, Pro, Pro for Workstations, and Pro for Education editions of Windows 11 will receive 24 months of support from the general availability date.
- Enterprise and Education editions of Windows 11 will be supported for 36 months from the general availability date.
When Windows 11 reaches general availability, a consolidated Windows 11 update history will be available on support.microsoft.com, similar to what is [available today for Windows 10](https://support.microsoft.com/topic/windows-10-update-history-1b6aac92-bf01-42b5-b158-f80c6d93eb11). Similarly, the [Windows release health](/windows/release-health/) hub will offer quick access to Windows 11 servicing announcements, known issues, and safeguard holds.
It is important that organizations have adequate time to plan for Windows 11. Microsoft also recognizes that many organizations will have a mix of Windows 11 and Windows 10 devices across their ecosystem. Devices on in-service versions of Windows 10 will continue to receive monthly Windows 10 security updates through 2025, as well as incremental improvements to Windows 10 to support ongoing Microsoft 365 deployments. For more information, see the [Windows 10 release information](/windows/release-health/release-information) page, which offers information about the Windows 10 Semi-Annual Channel and Long-term Servicing Channel (LTSC) releases.
## Application compatibility
Microsoft's compatibility promise for Windows 10 is maintained for Windows 11. Data from the App Assure program shows that Windows 10 compatibility rates are over 99.7% for enterprise organizations, including line of business (LOB) apps. Microsoft remains committed to ensuring that the apps you rely upon continue to work as expected when you upgrade. Windows 11 is subject to the same app compatibility validation requirements that are in place for Windows 10 today, for both feature and quality updates.
#### App Assure and Test Base for Microsoft 365
If you run into compatibility issues or want to ensure that your organization's applications are compatible from day one, App Assure and Test Base for Microsoft 365 can help.
**App Assure**: With enrollment in the [App Assure](/windows/compatibility/app-assure) service, any app compatibility issues that you find with Windows 11 can be resolved. Microsoft will help you remedy application issues at no cost. Since 2018, App Assure has evaluated almost 800,000 apps, and subscriptions are free for eligible customers with 150+ seats.
**Test Base for Microsoft 365**: For software publishers, systems integrators, and IT administrators, [Test Base for Microsoft 365](https://aka.ms/testbase) (currently in private preview) is a service that allows you to validate your apps across a variety of Windows feature and quality updates and environments in a Microsoft-managed Azure environment. Enterprise organizations can also nominate their software publishers for participation by completing a short form.
You might already be using App Assure and Test Base in your Windows 10 environment. Both of these tools will continue to function with Windows 11.
## Next steps
[Prepare for Windows 11](windows-11-prepare.md)
## Also see
[Plan to deploy updates for Windows 10 and Microsoft 365 Apps](/learn/modules/windows-plan/)

126
windows/whats-new/windows-11-prepare.md Normal file
View File

@ -0,0 +1,126 @@
---
title: Prepare for Windows 11
description: Prepare your infrastructure and tools to deploy Windows 11, IT Pro content.
keywords: ["get started", "windows 11"]
ms.prod: w11
ms.mktglfcycl: deploy
ms.sitesec: library
author: greg-lindsay
ms.author: greglin
ms.date: 06/24/2021
ms.reviewer:
manager: laurawi
ms.localizationpriority: high
ms.topic: article
---
# Prepare for Windows 11
**Applies to**
- Windows 11
Windows 10 and Windows 11 are designed to coexist, so that you can use the same familiar tools and process to manage both operating systems. Using a single management infrastructure that supports common applications across both Windows 10 and Windows 11 helps to simplify the migration process. You can analyze endpoints, determine application compatibility, and manage Windows 11 deployments in the same way that you do with Windows 10.
After you evaluate your hardware to see if it meets [requirements](windows-11-requirements.md) for Windows 11, it's a good time to review your deployment infrastructure, tools, and overall endpoint and update management processes and look for opportunities to simplify and optimize. This article provides some helpful guidance to accomplish these tasks.
## Infrastructure and tools
The tools that you use for core workloads during Windows 10 deployments can still be used for Windows 11. A few nuanced differences are described below.
> [!IMPORTANT]
> Be sure to check with the providers of any non-Microsoft solutions that you use. Verify compatibility of these tools with Windows 11, particularly if they provide security or data loss prevention capabilities.
#### On-premises solutions
- If you use Windows Server Update Service (WSUS), you will need to sync the new **Windows 11** product category. After you sync the product category, you will see Windows 11 offered as an option. If you would like to validate Windows 11 prior to release, you can sync the **Windows Insider Pre-release** category as well.
> [!NOTE]
> During deployment, you will be prompted to agree to the End User License Agreement on behalf of your users. Additionally, you will not see an x86 option because Windows 11 is not supported on 32-bit architecture.
- If you use Microsoft Endpoint Configuration Manager, you can sync the new **Windows 11** product category and begin upgrading eligible devices. If you would like to validate Windows 11 prior to release, you can sync the **Windows Insider Pre-release** category as well.
> [!NOTE]
> Configuration Manager will prompt you to accept the End User License Agreement on behalf of the users in your organization.
#### Cloud-based solutions
- If you use Windows Update for Business Group Policy or Configuration Service Provider (CSP) policies, you will need to use the **Target Version** capability rather than feature update deferrals to upgrade from Windows 10 to Windows 11. Feature update deferrals are great to move to newer versions of your current product (for example, Windows 10, version 20H2 to 21H1), but do not enable you to move between products (Windows 10 to Windows 11).
- Quality update deferrals will continue to work the same across both Windows 10 and Windows 11. This is true regardless of which management tool you use to configure Windows Update for Business policies.
- If you use Microsoft Intune and have a Microsoft 365 E3 license, you will be able to use feature update deployments to easily update devices from one release of Windows 10 to another, or to upgrade Windows 10 devices to Windows 11. You can also continue using the same update experience controls to manage Windows 10 and Windows 11.
## Cloud-based management
If you arent already taking advantage of cloud-based management capabilities, like those available in [Microsoft Endpoint Manager](/mem/endpoint-manager-overview), it's worth considering. In addition to consolidating device management and endpoint security into a single platform, Microsoft Endpoint Manager can better support the diverse bring-your-own-device (BYOD) ecosystem that is increasingly the norm with hybrid work scenarios. It can also enable you to track your progress against compliance and business objectives, while protecting end-user privacy.
The following are some common use cases and the corresponding Microsoft Endpoint Manager capabilities that support them:
- **Provision and pre-configure new Windows 11 devices**: [Windows Autopilot](/mem/autopilot/windows-autopilot) enables you to deploy new Windows 11 devices in a “business-ready” state that includes your desired applications, settings, and policies. It can also be used to change the edition of Windows. For example, you can upgrade from Pro to Enterprise edition and gain the use of advanced features.
- **Configure rules and control settings for users, apps, and devices**: When you enroll devices in [Microsoft Intune](/mem/intune/fundamentals/what-is-intune), administrators have full control over apps, settings, features, and security for both Windows 11 and Windows 10. You can also use app protection policies to require multi-factor authentication (MFA) for specific apps.
- **Streamline device management for frontline, remote, and onsite workers**: Introduced with Windows 10, [cloud configuration](/mem/intune/fundamentals/cloud-configuration) is a standard, easy-to-manage, device configuration that is cloud-optimized for users with specific workflow needs. It can be deployed to devices running the Pro, Enterprise, and Education editions of Windows 11 by using Microsoft Endpoint Manager.
If you are exclusively using an on-premises device management solution (for example, Configuration Manager), you can still use the [cloud management gateway](/mem/configmgr/core/clients/manage/cmg/overview), enable [tenant attach](/mem/configmgr/tenant-attach/device-sync-actions), or enable [co-management](/mem/configmgr/comanage/overview) with Microsoft Intune. These solutions can make it easier to keep devices secure and up-to-date.
## Review servicing approach and policies
Every organization will transition to Windows 11 at its own pace. Microsoft is committed to supporting you through your migration to Windows 11, whether you are a fast adopter or will make the transition over the coming months or years.
When you think of operating system updates as an ongoing process, you will automatically improve your ability to deploy updates. This approach enables you to stay current with less effort, and less impact on productivity. To begin, think about how you roll out Windows feature updates today: which devices, and at what pace.
Next, craft a deployment plan for Windows 11 that includes deployment groups, rings, users, or devices. There are no absolute rules for exactly how many rings to have for your deployments, but a common structure is:
- Preview (first or canary): Planning and development
- Limited (fast or early adopters): Pilot and validation
- Broad (users or critical): Wide deployment
For detailed information, see [Create a deployment plan](/windows/deployment/update/create-deployment-plan).
#### Review policies
Review deployment-related policies, taking into consideration your organization's security objectives, update compliance deadlines, and device activity. Apply changes where you can gain a clear improvement, particularly with regard to the speed of the update process or security.
#### Validate apps and infrastructure
To validate that your apps, infrastructure, and deployment processes are ready for Windows 11, join the [Windows Insider Program for Business](https://insider.windows.com/for-business-getting-started), and opt in to the [Release Preview Channel](/windows-insider/business/validate-Release-Preview-Channel).
If you use Windows Server Update Services, you can deploy directly from the Windows Insider Pre-release category using one of the following processes:
- Set **Manage Preview Builds** to **Release Preview** in Windows Update for Business.
- Leverage Azure Virtual Desktop and Azure Marketplace images.
- Download and deploy ISOs from Microsofts Windows Insider Program ISO Download page.
Regardless of the method you choose, you have the benefit of free Microsoft support when validating pre-release builds. Free support is available to any commercial customer deploying Windows 10 or Windows 11 Preview Builds, once they become available through the Windows Insider Program.
#### Analytics and assessment tools
If you use Microsoft Endpoint Manager and have onboarded devices to Endpoint analytics, you will have access to a hardware readiness assessment later this year. This tool enables you to quickly identify which of your managed devices are eligible for the Windows 11 upgrade.
## Prepare a pilot deployment
A pilot deployment is a proof of concept that rolls out an upgrade to a select number of devices in production, before deploying it broadly across the organization.
At a high level, the tasks involved are:
1. Assign a group of users or devices to receive the upgrade.
2. Implement baseline updates.
3. Implement operational updates.
4. Validate the deployment process.
5. Deploy the upgrade to devices.
6. Test and support the pilot devices.
7. Determine broad deployment readiness based on the results of the pilot.
## End-user readiness
Do not overlook the importance of end-user readiness to deliver an effective, enterprise-wide deployment of Windows 11. Windows 11 has a familiar design, but your users will see several enhancements to the overall user interface. They will also need to adapt to changes in menus and settings pages. Therefore, consider the following tasks to prepare users and your IT support staff Windows 11:
- Create a communications schedule to ensure that you provide the right message at the right time to the right groups of users, based on when they will see the changes.
- Draft concise emails that inform users of what changes they can expect to see. Offer tips on how to use or customize their experience. Include information about support and help desk options.
- Update help desk manuals with screenshots of the new user interface, the out-of-box experience for new devices, and the upgrade experience for existing devices.
## Learn more
See the [Stay current with Windows 10 and Microsoft 365 Apps](/learn/paths/m365-stay-current/) learning path on Microsoft Learn.
- The learning path was created for Windows 10, but the basic principles and tasks outlined for the plan, prepare, and deploy phases also apply to your deployment of Windows 11.
## See also
[Plan for Windows 11](windows-11-plan.md)<br>
[Windows help & learning](https://support.microsoft.com/windows)

90
windows/whats-new/windows-11-requirements.md Normal file
View File

@ -0,0 +1,90 @@
---
title: Windows 11 requirements
description: Hardware requirements to deploy Windows 11
ms.reviewer:
manager: laurawi
ms.audience: itpro
author: greg-lindsay
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: medium
audience: itpro
ms.topic: article
ms.custom: seo-marvel-apr2020
---
# Windows 11 requirements
**Applies to**
- Windows 11
This article lists the system requirements for Windows 11. Windows 11 is also supported on a virtual machine (VM).
## Hardware requirements
To install or upgrade to Windows 11, devices must meet the following minimum hardware requirements:
- Processor: 1 gigahertz (GHz) or faster with two or more cores on a [compatible 64-bit processor](https://aka.ms/CPUlist) or system on a chip (SoC).
- RAM: 4 gigabytes (GB) or greater.
- Storage: 64 GB\* or greater available storage is required to install Windows 11.
- Additional storage space might be required to download updates and enable specific features.
- Graphics card: Compatible with DirectX 12 or later, with a WDDM 2.0 driver.
- System firmware: UEFI, Secure Boot capable.
- TPM: [Trusted Platform Module](/windows/security/information-protection/tpm/trusted-platform-module-overview) (TPM) version 2.0.
- Display: High definition (720p) display, 9" or greater monitor, 8 bits per color channel.
- Internet connection: Internet connectivity is necessary to perform updates, and to download and use some features.
- Windows 11 Home edition requires an Internet connection and a Microsoft Account to complete device setup on first use.
\* There might be additional requirements over time for updates, and to enable specific features within the operating system. For more information, see [Keeping Windows 11 up-to-date](https://www.microsoft.com/windows/windows-10-specifications#primaryR5).
For information about tools to evaluate readiness, see [Determine eligibility](windows-11-plan.md#determine-eligibility).
## Operating system requirements
For the best Windows 11 upgrade experience, eligible devices should be running Windows 10, version 20H1 or later.
> [!NOTE]
> S mode is only supported on the Home edition of Windows 11.
> If you are running a different edition of Windows in S mode, you will need to first [switch out of S mode](/windows/deployment/windows-10-pro-in-s-mode) prior to upgrading.<br>&nbsp;<br>
> Switching a device out of Windows 10 in S mode also requires internet connectivity. If you switch out of S mode, you cannot switch back to S mode later.
## Feature-specific requirements
Some features in Windows 11 have requirements beyond those listed above. See the following list of features and associated requirements.
- **5G support**: requires 5G capable modem.
- **Auto HDR**: requires an HDR monitor.
- **BitLocker to Go**: requires a USB flash drive. This feature is available in Windows Pro and above editions.
- **Client Hyper-V**: requires a processor with second-level address translation (SLAT) capabilities. This feature is available in Windows Pro editions and above.
- **Cortana**: requires a microphone and speaker and is currently available on Windows 11 for Australia, Brazil, Canada, China, France, Germany, India, Italy, Japan, Mexico, Spain, United Kingdom, and United States.
- **DirectStorage**: requires an NVMe SSD to store and run games that use the Standard NVM Express Controller driver and a DirectX12 GPU with Shader Model 6.0 support.
- **DirectX 12 Ultimate**: available with supported games and graphics chips.
- **Presence**: requires sensor that can detect human distance from device or intent to interact with device.
- **Intelligent Video Conferencing**: requires video camera, microphone, and speaker (audio output)
- **Multiple Voice Assistant**: requires a microphone and speaker.
- **Snap**: three-column layouts require a screen that is 1920 effective pixels or greater in width.
- **Mute** and **unmute**: from Taskbar requires video camera, microphone, and speaker (audio output). App must be compatible with feature to enable global mute/unmute.
- **Spatial Sound**: requires supporting hardware and software.
- **Microsoft Teams**: requires video camera, microphone, and speaker (audio output).
- **Touch**: requires a screen or monitor that supports multi-touch.
- **Two-factor authentication**: requires use of PIN, biometric (fingerprint reader or illuminated infrared camera), or a phone with Wi-Fi or Bluetooth capabilities.
- **Voice Typing**: requires a PC with a microphone.
- **Wake on Voice**: requires Modern Standby power model and microphone.
- **Wi-Fi 6E**: requires new WLAN IHV hardware and driver and a Wi-Fi 6E capable AP/router.
- **Windows Hello**: requires a camera configured for near infrared (IR) imaging or fingerprint reader for biometric authentication. Devices without biometric sensors can use Windows Hello with a PIN or portable Microsoft compatible security key. For more information, see [IT tools to support Windows 10, version 21H1](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/it-tools-to-support-windows-10-version-21h1/ba-p/2365103).
- **Windows Projection**: requires a display adapter that supports Windows Display Driver Model (WDDM) 2.0 and a Wi-Fi adapter that supports Wi-Fi Direct.
- **Xbox app**: requires an Xbox Live account, which is not available in all regions. Please go to the Xbox Live Countries and Regions page for the most up-to-date information on availability. Some features in the Xbox app will require an active [Xbox Game Pass](https://www.xbox.com/xbox-game-pass) subscription.
## Next steps
[Plan for Windows 11](windows-11-plan.md)<br>
[Prepare for Windows 11](windows-11-prepare.md)
## See also
[Windows 11 overview](windows-11.md)

86
windows/whats-new/windows-11.md Normal file
View File

@ -0,0 +1,86 @@
---
title: Windows 11 overview
description: Overview of Windows 11
ms.assetid: E9E2DED5-DBA7-4300-B411-BA0FD39BE18C
ms.reviewer:
manager: laurawi
ms.audience: itpro
author: greg-lindsay
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: medium
audience: itpro
ms.topic: article
ms.custom: seo-marvel-apr2020
---
# Windows 11 overview
**Applies to**
- Windows 11
This article provides an introduction to Windows 11, and answers some frequently asked questions.
Also see the following articles to learn more about Windows 11:
- [Windows 11 requirements](windows-11-requirements.md): Requirements to deploy Windows 11.
- [Plan for Windows 11](windows-11-plan.md): Information to help you plan for Windows 11 in your organization.
- [Prepare for Windows 11](windows-11-prepare.md): Procedures to ensure readiness to deploy Windows 11.
## Introduction
Windows 11 is the next evolution of Windows; it is the most significant update to the Windows operating system since Windows 10. It offers many innovations focused on enhancing end-user productivity in a fresh experience that is flexible and fluid. Windows 11 is designed to support today's hybrid work environment, and intended to be the most reliable, secure, connected, and performant Windows operating system ever.
Windows 11 is built on the same foundation as Windows 10, so the investments you have made in tools for update and device management are carried forward. Windows 11 also sustains the application compatibility promise made with Windows 10, supplemented by programs like App Assure. For Microsoft 365 customers seeking further assistance, FastTrack will continue to be available to support your efforts to adopt Windows 11.
## How to get Windows 11
Windows 11 will be delivered as an upgrade to eligible devices running Windows 10, beginning later in the 2021 calendar year. Windows 11 will also be available on eligible new devices.
For administrators managing devices on behalf of their organization, Windows 11 will be available through the same, familiar channels that you use today for Windows 10 feature updates. You will be able to use existing deployment and management tools, such as Windows Update for Business, Microsoft Endpoint Manager, and Windows Autopilot. For more information, see [Plan for Windows 11](windows-11-plan.md).
For devices that are not managed by an organization, the Windows 11 upgrade will be offered to eligible Windows 10 devices through Windows Update using Microsoft's intelligent rollout process to ensure a smooth upgrade experience.
For more information about device eligibility, see [Windows 11 requirements](windows-11-requirements.md).
If you are interested in testing Windows 11 before general availability, you can join the [Windows Insider Program](https://insider.windows.com) or [Windows Insider Program for Business](https://insider.windows.com/for-business). You can also preview Windows 11 by enabling pre-release Windows 10 feature updates in [Microsoft Endpoint Configuration Manager](/mem/configmgr/core/servers/manage/pre-release-features) or [Windows Server Update Services](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/publishing-pre-release-windows-10-feature-updates-to-wsus/ba-p/845054) (WSUS).
## Before you begin
The following sections provide a quick summary of licensing, compatibility, management, and servicing considerations to help you get started with Windows 11.
#### Licensing
There are no unique licensing requirements for Windows 11 beyond what is required for Windows 10 devices.
Microsoft 365 licenses that include Windows 10 licenses will permit you to run Windows 11 on supported devices. If you have a volume license, it will equally cover Windows 11 and Windows 10 devices before and after upgrade.
#### Compatibility
Most accessories and associated drivers that work with Windows 10 are expected to work with Windows 11. Check with your accessory manufacturer for specific details.
Windows 11 preserves the application compatibility promise made with Windows 10, and does not require changes to existing support processes or tooling to sustain the currency of applications and devices. Microsoft 365 customers can continue to use programs such as App Assure and FastTrack to support IT efforts to adopt and maintain Windows 11. For more information, see [Application compatibility](windows-11-plan.md#application-compatibility).
#### Familiar processes
Windows 11 is built on the same foundation as Windows 10. Typically, you can use the same tools and solutions you use today to deploy, manage, and secure Windows 11. Your current management tools and processes will also work to manage monthly quality updates for both Windows 10 and Windows 11.
> [!IMPORTANT]
> Check with the providers of any non-Microsoft security and management solutions that you use to ensure compatibility with Windows 11, particularly those providing security or data loss prevention capabilities.
For more information, see [Prepare for Windows 11](windows-11-prepare.md).
#### Servicing Windows 11
Like Windows 10, Windows 11 will receive monthly quality updates. However, it will have a new feature update cadence. Windows 11 feature updates will be released once per year.
When Windows 11 reaches general availability, important servicing-related announcements and information about known issues and safeguard holds can be found on the [Windows release health](https://aka.ms/windowsreleasehealth) hub. Monthly release notes will also be available from a consolidated Windows 11 update history page at that time. For more information, see [Servicing and support](windows-11-plan.md#servicing-and-support).
## Next steps
[Windows 11 requirements](windows-11-requirements.md)<br>
[Plan for Windows 11](windows-11-plan.md)<br>
[Prepare for Windows 11](windows-11-prepare.md)