Merge pull request #1458 from MicrosoftDocs/master

Publish 10/29/2019 3:33 PM PST
2025-05-14 14:27:22 +00:00 · 2019-10-29 16:03:53 -07:00 · 2019-10-29 16:03:53 -07:00 · 2cf5cad4d1
commit 2cf5cad4d1
parent ee99205d24 49390ab4cb
17 changed files with 75 additions and 31 deletions
--- a/browsers/edge/docfx.json
+++ b/browsers/edge/docfx.json
@ -34,9 +34,7 @@
      "ms.topic": "article",
      "manager": "laurawi",
      "ms.prod": "edge",
-      "feedback_system": "GitHub",
-      "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
-      "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
+      "feedback_system": "None",
      "_op_documentIdPathDepotMapping": {
        "./": {
          "depot_name": "Win.microsoft-edge",
--- a/browsers/internet-explorer/docfx.json
+++ b/browsers/internet-explorer/docfx.json
@ -30,9 +30,7 @@
      "ms.topic": "article",
      "manager": "laurawi",
      "ms.date": "04/05/2017",
-      "feedback_system": "GitHub",
-      "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
-      "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
+      "feedback_system": "None",
      "_op_documentIdPathDepotMapping": {
        "./": {
          "depot_name": "Win.internet-explorer",
--- a/devices/hololens/hololens2-hardware.md
+++ b/devices/hololens/hololens2-hardware.md
@ -75,6 +75,15 @@ Microsoft HoloLens 2 is an untethered holographic computer.  It refines the holo
 | Bluetooth | 5.0 |
 | USB | USB Type-C |

+### Power
+
+|   |   |
+| - | - |
+| Battery Life | 2-3 hours of active use. Up to 2 weeks of standby time. |
+| Battery technology | [Lithium batteries](https://www.microsoft.com/download/details.aspx?id=43388) |
+| Charging behavior | Fully functional when charging |
+| Cooling type | Passively cooled (no fans) |
+
 ### Fit

 |   |   |
--- a/education/docfx.json
+++ b/education/docfx.json
@ -32,9 +32,7 @@
      "audience": "ITPro",
      "breadcrumb_path": "/education/breadcrumb/toc.json",
      "ms.date": "05/09/2017",
-      "feedback_system": "GitHub",
-      "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
-      "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
+      "feedback_system": "None",
      "_op_documentIdPathDepotMapping": {
        "./": {
          "depot_name": "Win.education",
--- a/smb/docfx.json
+++ b/smb/docfx.json
@ -30,9 +30,7 @@
    "externalReference": [],
    "globalMetadata": {
      "breadcrumb_path": "/windows/smb/breadcrumb/toc.json",
-      "feedback_system": "GitHub",
-      "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
-      "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
+      "feedback_system": "None",
      "_op_documentIdPathDepotMapping": {
        "./": {
          "depot_name": "TechNet.smb",
--- a/store-for-business/docfx.json
+++ b/store-for-business/docfx.json
@ -40,9 +40,7 @@
      "searchScope": [
        "Store"
      ],
-      "feedback_system": "GitHub",
-      "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
-      "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
+      "feedback_system": "None",
      "_op_documentIdPathDepotMapping": {
        "./": {
          "depot_name": "MSDN.store-for-business",
--- a/windows/application-management/docfx.json
+++ b/windows/application-management/docfx.json
@ -36,9 +36,7 @@
      "audience": "ITPro",
      "ms.topic": "article",
      "ms.author": "elizapo",
-      "feedback_system": "GitHub",
-      "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
-      "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
+      "feedback_system": "None",
      "_op_documentIdPathDepotMapping": {
        "./": {
          "depot_name": "MSDN.win-app-management",
--- a/windows/client-management/mdm/images/custom-profile-prevent-device-instance-ids.png
+++ b/windows/client-management/mdm/images/custom-profile-prevent-device-instance-ids.png
--- a/windows/client-management/mdm/policy-csp-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md
@ -777,7 +777,7 @@ ADMX Info:

 <!--/SupportedValues-->
 <!--Example-->
-To enable this policy, use the following SyncML. 
+To enable this policy, use the following SyncML. This example prevents Windows from installing compatible devices with device instance IDs of USB\VID_1F75 and USB\VID_0781. To configure multiple classes, use `&#xF000;` as a delimiter.

 ``` xml
 <SyncML>
@ -805,6 +805,25 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i
 <<<  Section end 2018/11/15 12:26:41.751
 <<<  [Exit status: SUCCESS]
 ```
+
+You can also block installation and usage of prohibited peripherals by using a custom profile in Intune. 
+
+For example, this custom profile prevents installation of devices with matching device instance IDs.
+
+![Custom profile](images/custom-profile-prevent-device-instance-ids.png)
+
+To prevent installation of devices with matching device instance IDs by using custom profile in Intune:
+1. Locate the device instance ID.
+2. Replace `&` in the device instance IDs with `&amp;`.  
+For example:  
+Replace  
+```USBSTOR\DISK&VEN_SAMSUNG&PROD_FLASH_DRIVE&REV_1100\0376319020002347&0```  
+with  
+```USBSTOR\DISK&amp;VEN_SAMSUNG&amp;PROD_FLASH_DRIVE&amp;REV_1100\0376319020002347&amp;0```
+    > [!Note]
+    > Do not use spaces in the value.
+3. Replace the device instance IDs with `&amp;` into the sample SyncML. Add the SyncML into the Intune custom device configuration profile.
+
 <!--/Example-->
 <!--Validation-->

--- a/windows/configuration/docfx.json
+++ b/windows/configuration/docfx.json
@ -35,9 +35,7 @@
      "ms.technology": "windows",
      "audience": "ITPro",
      "ms.topic": "article",
-      "feedback_system": "GitHub",
-      "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
-      "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
+      "feedback_system": "None",
      "_op_documentIdPathDepotMapping": {
        "./": {
          "depot_name": "MSDN.win-configuration",
--- a/windows/configure/docfx.json
+++ b/windows/configure/docfx.json
@ -30,6 +30,7 @@
    "overwrite": [],
    "externalReference": [],
    "globalMetadata": {
+      "feedback_system": "None",
      "_op_documentIdPathDepotMapping": {
        "./": {
          "depot_name": "MSDN.windows-configure"
--- a/windows/deployment/update/waas-morenews.md
+++ b/windows/deployment/update/waas-morenews.md
@ -7,7 +7,6 @@ audience: itpro
 itproauthor: jaimeo
 author: jaimeo
 ms.author: jaimeo
-ms.date: 12/19/2018
 ms.reviewer: 
 manager: laurawi
 ms.localizationpriority: high
@ -18,6 +17,12 @@ ms.topic: article
 Here's more news about [Windows as a service](windows-as-a-service.md):

 <ul>
+<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-Enterprise-vs-Windows-10-Pro-Modern-management/ba-p/720445">Windows 10 Enterprise vs. Windows 10 Pro: Modern management considerations for your organization  </a> - June 25, 2019</li>
+<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Updating-Windows-10-version-1903-using-Configuration-Manager-or/ba-p/639100">Updating Windows 10, version 1903 using Configuration Manager or WSUS</a> - May 23, 2019</li>
+<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/What-s-new-in-Windows-Update-for-Business-in-Windows-10-version/ba-p/622064">What’s new in Windows Update for Business in Windows 10, version 1903</a> - May 21, 2019</li>
+<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/What-s-new-for-IT-pros-in-Windows-10-version-1903/ba-p/622024">What’s new for IT pros in Windows 10, version 1903</a> - May 21, 2019</li>
+<li><a href="https://blogs.windows.com/windowsexperience/2019/05/21/how-to-get-the-windows-10-may-2019-update">How to get the Windows 10 May 2019 Update</a> - May 21, 2019</li>
+ <li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/The-benefits-of-Windows-10-Dynamic-Update/ba-p/467847">The benefits of Windows 10 Dynamic Update</a> - April 17, 2019</li>
  <li><a href="https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency">Improving the Windows 10 update experience with control, quality and transparency</a> - April 4, 2019</li>
 <li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Call-to-action-review-your-Windows-Update-for-Business-deferral/ba-p/394244">Call to action: review your Windows Update for Business deferral values</a> - April 3, 2019</li>
  <li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-version-1809-designated-for-broad-deployment/ba-p/389540">Windows 10, version 1809 designated for broad deployment</a> - March 28, 2019</li>
--- a/windows/deployment/update/windows-as-a-service.md
+++ b/windows/deployment/update/windows-as-a-service.md
@ -29,13 +29,16 @@ Everyone wins when transparency is a top priority. We want you to know when upda

 The latest news:
 <ul compact style="list-style: none"> 
+<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/How-to-get-Extended-Security-Updates-for-eligible-Windows/ba-p/917807">How to get Extended Security Updates for eligible Windows devices </a> - October 17, 2019</li>
+<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/End-of-service-reminders-for-Windows-10-versions-1703-and-1803/ba-p/903715">End of service reminders for Windows 10, versions 1703 and 1803  </a> - October 9, 2019</li>
+<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Using-machine-learning-to-improve-the-Windows-10-update/ba-p/877860">Using machine learning to improve the Windows 10 update experience  </a> - September 26, 2019</li>
+<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Publishing-pre-release-Windows-10-feature-updates-to-WSUS/ba-p/845054
+">Publishing pre-release Windows 10 feature updates to WSUS  </a> - September 24, 2019</li>
+<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/New-extended-support-dates-for-MDOP-tools/ba-p/837312">New extended support dates for MDOP tools   </a> - September 4, 2019</li>
+<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/FastTrack-for-Windows-10-deployment-and-other-migration/ba-p/800406">FastTrack for Windows 10 deployment and other migration resources   </a> - August 12, 2019</li>
+<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Tactical-considerations-for-creating-Windows-deployment-rings/ba-p/746979">Tactical considerations for creating Windows deployment rings   </a> - July 10, 2019</li>
 <li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Upgrading-Windows-10-devices-with-installation-media-different/ba-p/746126">Upgrading Windows 10 devices with installation media different than the original OS install language</a> - July 9, 2019</li>
 <li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Moving-to-the-next-Windows-10-feature-update-for-commercial/ba-p/732968">Moving to the next Windows 10 feature update for commercial customers</a> - July 1, 2019</li>
-<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Updating-Windows-10-version-1903-using-Configuration-Manager-or/ba-p/639100">Updating Windows 10, version 1903 using Configuration Manager or WSUS</a> - May 23, 2019</li>
-<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/What-s-new-in-Windows-Update-for-Business-in-Windows-10-version/ba-p/622064">What’s new in Windows Update for Business in Windows 10, version 1903</a> - May 21, 2019</li>
-<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/What-s-new-for-IT-pros-in-Windows-10-version-1903/ba-p/622024">What’s new for IT pros in Windows 10, version 1903</a> - May 21, 2019</li>
-<li><a href="https://blogs.windows.com/windowsexperience/2019/05/21/how-to-get-the-windows-10-may-2019-update">How to get the Windows 10 May 2019 Update</a> - May 21, 2019</li>
- <li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/The-benefits-of-Windows-10-Dynamic-Update/ba-p/467847">The benefits of Windows 10 Dynamic Update</a> - April 17, 2019</li>
 </ul>

 [See more news](waas-morenews.md). You can also check out the [Windows 10 blog](https://techcommunity.microsoft.com/t5/Windows-10-Blog/bg-p/Windows10Blog).
--- a/windows/keep-secure/docfx.json
+++ b/windows/keep-secure/docfx.json
@ -30,6 +30,7 @@
    "overwrite": [],
    "externalReference": [],
    "globalMetadata": {
+      "feedback_system": "None",
      "_op_documentIdPathDepotMapping": {
        "./": {
          "depot_name": "MSDN.keep-secure",
--- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md
+++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md
@ -50,8 +50,10 @@ The following table describes the ways Microsoft Defender ATP can allow or block
 |----------|-------------|
 | [Restrict USB drives and other peripherals](#restrict-usb-drives-and-other-peripherals) | You can allow/prevent users to install only the USB drives and other peripherals included on a list of authorized/unauthorized devices or device types. |
 | [Block installation and usage of removable storage](#block-installation-and-usage-of-removable-storage) | You can't install or use removable storage. |
-| [Only allow installation and usage of specifically approved peripherals](#only-allow-installation-and-usage-of-specifically-approved-peripherals)   | You can only install and use approved peripherals that report specific properties in their firmware. |
+| [Allow installation and usage of specifically approved peripherals](#allow-installation-and-usage-of-specifically-approved-peripherals)   | You can only install and use approved peripherals that report specific properties in their firmware. |
 | [Prevent installation of specifically prohibited peripherals](#prevent-installation-of-specifically-prohibited-peripherals) | You can't install or use prohibited peripherals that report specific properties in their firmware. |
+| [Allow installation and usage of specifically approved peripherals with matching device instance IDs](#allow-installation-and-usage-of-specifically-approved-peripherals-with-matching-device-instance-ids) | You can only install and use approved peripherals that match any of these device instance IDs. |
+| [Prevent installation and usage of specifically prohibited peripherals with matching device instance IDs](#prevent-installation-and-usage-of-specifically-prohibited-peripherals-with-matching-device-instance-ids) | You can't install or use prohibited peripherals that match any of these device instance IDs. |
 | [Limit services that use Bluetooth](#limit-services-that-use-bluetooth) | You can limit the services that can use Bluetooth. |
 | [Use Microsoft Defender ATP baseline settings](#use-microsoft-defender-atp-baseline-settings) | You can set the recommended configuration for ATP by using the Microsoft Defender ATP security baseline. |

@ -169,7 +171,7 @@ Select-Object -Property *

 7. Click **Create** to save the profile.

-### Only allow installation and usage of specifically approved peripherals
+### Allow installation and usage of specifically approved peripherals

 Peripherals that are allowed to be installed can be specified by their [hardware identity](https://docs.microsoft.com/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](https://docs.microsoft.com/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it blocks and allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.

@ -183,6 +185,18 @@ Microsoft Defender ATP blocks installation and usage of prohibited peripherals b
 - [Administrative Templates](https://docs.microsoft.com/intune/administrative-templates-windows) can block any device with a matching hardware ID or setup class.  
 - [Device Installation CSP settings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation) with a custom profile in Intune. You can [prevent installation of specific device IDs](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofmatchingdeviceids) or [prevent specific device classes](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofmatchingdevicesetupclasses).

+### Allow installation and usage of specifically approved peripherals with matching device instance IDs
+
+Peripherals that are allowed to be installed can be specified by their [device instance IDs](https://docs.microsoft.com/windows-hardware/drivers/install/device-instance-ids). Test the configuration prior to rolling it out to ensure it allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
+
+You can allow installation and usage of approved peripherals with matching device instance IDs by configuring [DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-allowinstallationofmatchingdeviceinstanceids) policy setting.
+
+### Prevent installation and usage of specifically prohibited peripherals with matching device instance IDs
+
+Peripherals that are prohibited to be installed can be specified by their [device instance IDs](https://docs.microsoft.com/windows-hardware/drivers/install/device-instance-ids). Test the configuration prior to rolling it out to ensure it allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
+
+You can prevent installation of the prohibited peripherals with matching device instance IDs by configuring [DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofmatchingdeviceinstanceids) policy setting.
+
 ### Limit services that use Bluetooth

 Using Intune, you can limit the services that can use Bluetooth through the ["Bluetooth allowed services"](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-bluetooth#servicesallowedlist-usage-guide). The default state of "Bluetooth allowed services" settings means everything is allowed.  As soon as a service is added, that becomes the allowed list. If the customer adds the Keyboards and Mice values, and doesn’t add the file transfer GUIDs, file transfer should be blocked.
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md
@ -24,7 +24,10 @@ ms.topic: article
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)

 ## Before you begin 
-Ensure that you have Microsoft Defender ATP deployed in your environment with machines enrolled, and not just on a laboratory set-up. 
+Ensure that you have Microsoft Defender ATP deployed in your environment with machines enrolled, and not just on a laboratory set-up.
+
+>[!NOTE]
+>Microsoft Defender ATP customers need to apply for the Microsoft Threat Experts managed threat hunting service to get proactive targeted attack notifications and to collaborate with experts on demand. A Microsoft Threat Experts subscription is a prerequisite for experts on demand collaboration.

 ## Register to Microsoft Threat Experts managed threat hunting service 
 If you're already a Microsoft Defender ATP customer, you can apply through the Microsoft Defender ATP portal. 
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md
@ -25,6 +25,9 @@ ms.topic: conceptual
 Microsoft Threat Experts is a managed detection and response (MDR) service that provides Security Operation Centers (SOCs) with expert level monitoring and analysis to help them ensure that critical threats in their unique environments don’t get missed.
  
 This new capability provides expert-driven insights and data through targeted attack notification and access to experts on demand. 
+
+>[!NOTE]
+>Microsoft Defender ATP customers need to apply for the Microsoft Threat Experts managed threat hunting service to get proactive targeted attack notifications and to collaborate with experts on demand. A Microsoft Threat Experts subscription is a prerequisite for experts on demand collaboration. See [Configure Microsoft Threat Experts capabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts#before-you-begin) for details. 
 
 ## Targeted attack notification 
 Microsoft Threat Experts provides proactive hunting for the most important threats to your network, including human adversary intrusions, hands-on-keyboard attacks, or advanced attacks like cyberespionage. The managed hunting service includes: