From 925360614525f2a200f1027040ace06301c527bd Mon Sep 17 00:00:00 2001 From: LizRoss Date: Thu, 13 Oct 2016 07:20:26 -0700 Subject: [PATCH 01/27] Updated the icon overlay section to reflect new behavior --- windows/keep-secure/create-wip-policy-using-intune.md | 6 +++--- windows/keep-secure/create-wip-policy-using-sccm.md | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/keep-secure/create-wip-policy-using-intune.md b/windows/keep-secure/create-wip-policy-using-intune.md index ed6a4793e9..697b91a142 100644 --- a/windows/keep-secure/create-wip-policy-using-intune.md +++ b/windows/keep-secure/create-wip-policy-using-intune.md @@ -457,11 +457,11 @@ After you've decided where your protected apps can access enterprise data on you - **No, or not configured (recommended).** Stops Windows Search from searching and indexing encrypted corporate data and Store apps. - - **Show the Windows Information Protection icon overlay.** Determines whether the Windows Information Protection icon overlay appears on corporate files or in the **Start** menu, on top of the tiles for your unenlightened protected apps. The options are: + - **Show the Windows Information Protection icon overlay.** Determines whether the Windows Information Protection icon overlay appears on corporate files in the Save As and File Explore views. The options are: - - **Yes (recommended).** Allows the Windows Information Protection icon overlay to appear for files or on top of the tiles for your unenlightened protected apps in the **Start** menu. + - **Yes (recommended).** Allows the Windows Information Protection icon overlay to appear on corporate files in the Save As and File Explore views. - - **No, or not configured.** Stops the Windows Information Protection icon overlay from appearing for files or on top of the tiles for your unenlightened protected apps in the **Start** menu. + - **No, or not configured.** Stops the Windows Information Protection icon overlay from appearing on corporate files in the Save As and File Explore views. 2. Click **Save Policy**. diff --git a/windows/keep-secure/create-wip-policy-using-sccm.md b/windows/keep-secure/create-wip-policy-using-sccm.md index 9c13f0506b..df5fe1770c 100644 --- a/windows/keep-secure/create-wip-policy-using-sccm.md +++ b/windows/keep-secure/create-wip-policy-using-sccm.md @@ -443,7 +443,7 @@ There are no default locations included with WIP, you must add each of your netw - **Enterprise IP Ranges list is authoritative (do not auto-detect).** Click this box if you want Windows to treat the IP ranges you specified in the network boundary definition as the complete list of IP ranges available on your network. If you clear this box, Windows will search for additional IP ranges on any domain-joined devices connected to your network. - - **Show the Windows Information Protection icon overlay on your allowed apps that are WIP-unaware in the Windows Start menu and on corporate file icons in the File Explorer.** Click this box if you want the Windows Information Protection icon overlay to appear on corporate files or in the Start menu, on top the tiles for your unenlightened protected apps. + - **Show the Windows Information Protection icon overlay on your allowed apps that are WIP-unaware on corporate file icons in the File Explorer.** Click this box if you want the Windows Information Protection icon overlay to appear on corporate files in the Save As and File Explore views. 5. In the required **Upload a Data Recovery Agent (DRA) certificate to allow recovery of encrypted data** box, click **Browse** to add a data recovery certificate for your policy. From dee90bfb13e61ca209f60c0e7fec475bc56c8885 Mon Sep 17 00:00:00 2001 From: Tommy N Date: Thu, 13 Oct 2016 16:21:11 -0700 Subject: [PATCH 02/27] Update uev-upgrade-uev-from-previous-releases.md --- .../manage/uev-upgrade-uev-from-previous-releases.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/windows/manage/uev-upgrade-uev-from-previous-releases.md b/windows/manage/uev-upgrade-uev-from-previous-releases.md index aa12c04977..2487df2e88 100644 --- a/windows/manage/uev-upgrade-uev-from-previous-releases.md +++ b/windows/manage/uev-upgrade-uev-from-previous-releases.md @@ -19,9 +19,11 @@ If you’re already using UE-V 2.x and you’re planning to upgrade user devices 2. Verify that UE-V settings were migrated correctly. -3. Enable the UE-V service on user devices. +3. Set the template storage path to your current template store. -4. Install the UE-V template generator if you want to synchronize application settings for custom applications. +4. Enable the UE-V service on user devices. + +5. Install the UE-V template generator if you want to synchronize application settings for custom applications. > **Important**  You can upgrade your existing UE-V installation to Windows 10, version 1607 from UE-V versions 2.1 or 2.0 only. If you are using a previous version of UE-V, you’ll need to upgrade from that version to UE-V 2.x before you upgrade to Windows 10, version 1607.. @@ -49,7 +51,11 @@ After upgrading a user device to Windows 10, version 1607, it’s important to v 2. Navigate to **HKEY_LOCAL_MACHINE\Software\Microsoft\UEV\Agent\Configuration.** -3. Verify that the settings storage path and the settings template catalog path are pointing to the same locations as before you upgraded the device to Windows 10. +3. Verify that the settings storage path and the settings template catalog path are pointing to the same locations as before you upgraded the device to Windows 10. + +## Set the template storage path to your current template store + +Template Settings Storage Path will not automatically migrate. Run Set-UEVConfiguration in PowerShell or use the settings storage path Group Policy to configure and point to your current settings storage folder. ## Enable the UE-V service on user devices From 8b9ac86f5869bee46bb5f828cd19c03909b80a54 Mon Sep 17 00:00:00 2001 From: Mattias Fors Date: Mon, 17 Oct 2016 19:46:35 +0200 Subject: [PATCH 03/27] Reference wrong MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Wrong reference under title "Set “preferred” cache devices for Delivery Optimization". Refers to DOBackgroundQoS , should be DOMinBackgroundQoS --- windows/manage/waas-delivery-optimization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/manage/waas-delivery-optimization.md b/windows/manage/waas-delivery-optimization.md index ec8c9efdd4..d518eb27de 100644 --- a/windows/manage/waas-delivery-optimization.md +++ b/windows/manage/waas-delivery-optimization.md @@ -225,7 +225,7 @@ To specify which devices are preferred, you can set the **Max Cache Age** config On devices that are not preferred, you can choose to set the following policy to prioritize data coming from local peers instead of the Internet: -- Set **DOBackgroundQoS** with a low value, for example `65536` which is the equivalent of 64 KB/s. +- Set **DOMinBackgroundQoS** with a low value, for example `65536` which is the equivalent of 64 KB/s. ## Learn more From f22d4d35bcc1ce089c62f83ed90110df1b05478f Mon Sep 17 00:00:00 2001 From: Trudy Hakala Date: Mon, 17 Oct 2016 12:48:35 -0700 Subject: [PATCH 04/27] adding back Windows 10 settings to MDM topic -- commented out until verified --- ...anage-settings-with-mdm-for-surface-hub.md | 87 ++++++++++++++++++- 1 file changed, 86 insertions(+), 1 deletion(-) diff --git a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md index 6dfa5ff0ef..da6d15af77 100644 --- a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md +++ b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md @@ -52,7 +52,7 @@ You can manually enroll with an MDM using the **Settings** app on your Surface H ## Manage Surface Hub settings with MDM -You can use MDM to manage some [Surface Hub CSP settings](#supported-surface-hub-csp-settings). Depending on the MDM provider that you use, you may set these settings using a built-in user interface, or by deploying custom SyncML. Microsoft Intune and System Center Configuration Manager provide built-in experiences to help create policy templates for Surface Hub. Refer to documentation from your MDM provider to learn how to create and deploy SyncML. +You can use MDM to manage some [Surface Hub CSP settings](#supported-surface-hub-csp-settings). Depending on the MDM provider that you use, you may set these settings using a built-in user interface, or by deploying custom SyncML. Microsoft Intune and System Center Configuration Manager provide built-in experiences to help create policy templates for Surface Hub. Refer to documentation from your MDM provider to learn how to create and deploy SyncML. ### Supported Surface Hub CSP settings @@ -73,6 +73,91 @@ For more information, see [SurfaceHub configuration service provider](https://ms | Friendly name for wireless projection | Properties/FriendlyName | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | | Device account, including password rotation | DeviceAccount/\
See [SurfaceHub CSP](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx). | No | No | Yes | + + ## Example: Manage Surface Hub settings with Micosoft Intune You can use Microsoft Intune to manage Surface Hub settings. From f834c48cfb098a6429467c4de1ee310ae7158a6b Mon Sep 17 00:00:00 2001 From: Celeste de Guzman Date: Mon, 17 Oct 2016 12:48:44 -0700 Subject: [PATCH 05/27] Update chromebook-migration-guide.md --- education/windows/chromebook-migration-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/education/windows/chromebook-migration-guide.md b/education/windows/chromebook-migration-guide.md index 81002929b2..795ac6c860 100644 --- a/education/windows/chromebook-migration-guide.md +++ b/education/windows/chromebook-migration-guide.md @@ -35,7 +35,7 @@ App migration or replacement is an essential part of your Chromebook migration. Before you can do any analysis or make decisions about which apps to migrate or replace, you need to identify which apps are currently in use on the Chromebook devices. You will create a list of apps that are currently in use (also called an app portfolio). -**Note**   +> [!NOTE] The majority of Chromebook apps are web apps. For these apps you need to first perform Microsoft Edge compatibility testing and then publish the web app URL to the Windows users. For more information, see the [Perform app compatibility testing for web apps](#perform-testing-webapps) section.   From bd40ef28a886e9fcd1f3269cb6a9f6fda1d31a17 Mon Sep 17 00:00:00 2001 From: Celeste de Guzman Date: Mon, 17 Oct 2016 12:53:58 -0700 Subject: [PATCH 06/27] Update chromebook-migration-guide.md --- education/windows/chromebook-migration-guide.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/education/windows/chromebook-migration-guide.md b/education/windows/chromebook-migration-guide.md index 795ac6c860..099b0efc5b 100644 --- a/education/windows/chromebook-migration-guide.md +++ b/education/windows/chromebook-migration-guide.md @@ -1,4 +1,4 @@ ---- +> --- title: Chromebook migration guide (Windows 10) description: In this guide you will learn how to migrate a Google Chromebook-based learning environment to a Windows 10-based learning environment. ms.assetid: 7A1FA48A-C44A-4F59-B895-86D4D77F8BEA @@ -36,7 +36,7 @@ App migration or replacement is an essential part of your Chromebook migration. Before you can do any analysis or make decisions about which apps to migrate or replace, you need to identify which apps are currently in use on the Chromebook devices. You will create a list of apps that are currently in use (also called an app portfolio). > [!NOTE] -The majority of Chromebook apps are web apps. For these apps you need to first perform Microsoft Edge compatibility testing and then publish the web app URL to the Windows users. For more information, see the [Perform app compatibility testing for web apps](#perform-testing-webapps) section. +> The majority of Chromebook apps are web apps. For these apps you need to first perform Microsoft Edge compatibility testing and then publish the web app URL to the Windows users. For more information, see the [Perform app compatibility testing for web apps](#perform-testing-webapps) section.   From a2c96e6d4b94d3d15bc99e601aab6bc325d1b576 Mon Sep 17 00:00:00 2001 From: Trudy Hakala Date: Mon, 17 Oct 2016 14:02:51 -0700 Subject: [PATCH 07/27] commenting out link --- devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md index da6d15af77..0b83006a82 100644 --- a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md +++ b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md @@ -52,7 +52,7 @@ You can manually enroll with an MDM using the **Settings** app on your Surface H ## Manage Surface Hub settings with MDM -You can use MDM to manage some [Surface Hub CSP settings](#supported-surface-hub-csp-settings). Depending on the MDM provider that you use, you may set these settings using a built-in user interface, or by deploying custom SyncML. Microsoft Intune and System Center Configuration Manager provide built-in experiences to help create policy templates for Surface Hub. Refer to documentation from your MDM provider to learn how to create and deploy SyncML. +You can use MDM to manage some [Surface Hub CSP settings](#supported-surface-hub-csp-settings). Depending on the MDM provider that you use, you may set these settings using a built-in user interface, or by deploying custom SyncML. Microsoft Intune and System Center Configuration Manager provide built-in experiences to help create policy templates for Surface Hub. Refer to documentation from your MDM provider to learn how to create and deploy SyncML. ### Supported Surface Hub CSP settings From 8d6531d9a47fddd83a90d89770490a81aa21784c Mon Sep 17 00:00:00 2001 From: Justinha Date: Mon, 17 Oct 2016 15:26:52 -0700 Subject: [PATCH 08/27] updated link to cumulative update for IE --- windows/deploy/upgrade-analytics-get-started.md | 2 +- windows/deploy/upgrade-analytics-review-site-discovery.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deploy/upgrade-analytics-get-started.md b/windows/deploy/upgrade-analytics-get-started.md index 8307a9bfbf..f86fc0f308 100644 --- a/windows/deploy/upgrade-analytics-get-started.md +++ b/windows/deploy/upgrade-analytics-get-started.md @@ -101,7 +101,7 @@ IMPORTANT: Restart user computers after you install the compatibility update KBs | **Site discovery** | **KB** | |----------------------|-----------------------------------------------------------------------------| -| [Review site discovery](upgrade-analytics-review-site-discovery.md) | Site discovery requires the [July 2016 security update for Internet Explorer](https://support.microsoft.com/en-us/kb/3170106) (KB3170106) or later. | +| [Review site discovery](upgrade-analytics-review-site-discovery.md) | Site discovery requires the [Cumulative Security Update for Internet Explorer 11](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=internet%20explorer%2011%20cumulative%20update), starting with the July 2016 update (KB3170106). | ### Automate data collection diff --git a/windows/deploy/upgrade-analytics-review-site-discovery.md b/windows/deploy/upgrade-analytics-review-site-discovery.md index f236d85945..8a1835573e 100644 --- a/windows/deploy/upgrade-analytics-review-site-discovery.md +++ b/windows/deploy/upgrade-analytics-review-site-discovery.md @@ -15,7 +15,7 @@ This section of the Upgrade Analytics workflow provides an inventory of web site Ensure the following prerequisites are met before using site discovery: -1. Install the latest Internet Explorer 11 Cumulative Update. This update provides the capability for site discovery and is available in the [July 2016 cumulative update](https://support.microsoft.com/kb/3170106) and later. +1. Install the latest Internet Explorer 11 Cumulative Security Update. This update provides the capability for site discovery and is available in the [Internet Explorer 11 Cumulative Security Update](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=internet%20explorer%2011%20cumulative%20update), starting with the July 2016 update. 2. Install the update for customer experience and diagnostic telemetery ([KB3080149](https://support.microsoft.com/kb/3080149)). 3. Enable Internet Explorer data collection, which is disabled by default. The best way to enable it is to modify the [Upgrade Analytics deployment script](upgrade-analytics-get-started.md#run-the-upgrade-analytics-deployment-script) to allow Internet Explorer data collection before you run it. From 552ec005c9269551c0f1709acc4c635cccf944bc Mon Sep 17 00:00:00 2001 From: Trudy Hakala Date: Mon, 17 Oct 2016 15:37:13 -0700 Subject: [PATCH 09/27] removing commented out section --- ...anage-settings-with-mdm-for-surface-hub.md | 84 ------------------- 1 file changed, 84 deletions(-) diff --git a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md index 0b83006a82..6bd7936606 100644 --- a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md +++ b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md @@ -73,90 +73,6 @@ For more information, see [SurfaceHub configuration service provider](https://ms | Friendly name for wireless projection | Properties/FriendlyName | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | | Device account, including password rotation | DeviceAccount/\
See [SurfaceHub CSP](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx). | No | No | Yes | - ## Example: Manage Surface Hub settings with Micosoft Intune From 5c77e4e3952817e1b9b347cada7f555961672074 Mon Sep 17 00:00:00 2001 From: Jan Backstrom Date: Mon, 17 Oct 2016 15:40:27 -0700 Subject: [PATCH 10/27] fix note --- .../replace-a-windows-7-computer-with-a-windows-10-computer.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/deploy/replace-a-windows-7-computer-with-a-windows-10-computer.md b/windows/deploy/replace-a-windows-7-computer-with-a-windows-10-computer.md index 3c570b4800..a3e51c36b6 100644 --- a/windows/deploy/replace-a-windows-7-computer-with-a-windows-10-computer.md +++ b/windows/deploy/replace-a-windows-7-computer-with-a-windows-10-computer.md @@ -82,6 +82,7 @@ During a computer replace, these are the high-level steps that occur: 1. Select a task sequence to execute on this computer: Backup Only Task Sequence * Specify where to save your data and settings: Specify a location * Location: \\\\MDT01\\MigData$\\PC0002 + >[!NOTE]   >If you are replacing the computer at a remote site you should create the MigData folder on MDT02 and use that share instead.   From 9d4bdec3d2c536fe14c01a26bda31ceba6e3ba58 Mon Sep 17 00:00:00 2001 From: Jan Backstrom Date: Mon, 17 Oct 2016 16:37:34 -0700 Subject: [PATCH 11/27] fix bulleted lists; notes --- ...e-boot-image-with-configuration-manager.md | 18 +++--- ...f-windows-10-with-configuration-manager.md | 60 +++++++++---------- 2 files changed, 36 insertions(+), 42 deletions(-) diff --git a/windows/deploy/create-a-custom-windows-pe-boot-image-with-configuration-manager.md b/windows/deploy/create-a-custom-windows-pe-boot-image-with-configuration-manager.md index 3d55bb7385..bfb8f98424 100644 --- a/windows/deploy/create-a-custom-windows-pe-boot-image-with-configuration-manager.md +++ b/windows/deploy/create-a-custom-windows-pe-boot-image-with-configuration-manager.md @@ -47,10 +47,8 @@ By using the MDT wizard to create the boot image in Configuration Manager, you g 2. On the **Package Source** page, in the **Package source folder to be created (UNC Path):** text box, type **\\\\CM01\\Sources$\\OSD\\Boot\\Zero Touch WinPE x64** and click **Next**. - **Note**   - The Zero Touch WinPE x64 folder does not yet exist. The folder will be created later by the wizard. - -   + >[!NOTE] + >The Zero Touch WinPE x64 folder does not yet exist. The folder will be created later by the wizard. 3. On the **General Settings** page, assign the name **Zero Touch WinPE x64** and click **Next**. @@ -58,16 +56,14 @@ By using the MDT wizard to create the boot image in Configuration Manager, you g 5. On the **Components** page, in addition to the default selected **Microsoft Data Access Components (MDAC/ADO)** support, select the **Microsoft Diagnostics and Recovery Toolkit (DaRT)** check box. - ![figure 15](images/mdt-06-fig16.png) + ![Add the DaRT component to the Configuration Manager boot image](images/mdt-06-fig16.png "Add the DaRT component to the Configuration Manager boot image") Figure 15. Add the DaRT component to the Configuration Manager boot image. 6. On the **Customization** page, select the **Use a custom background bitmap file** check box, and in the **UNC path:** text box, browse to **\\\\CM01\\Sources$\\OSD\\Branding\\ ContosoBackground.bmp**. Then click **Next** twice. - **Note**   - It will take a few minutes to generate the boot image. - -   + >[!NOTE] + >It will take a few minutes to generate the boot image. 7. Distribute the boot image to the CM01 distribution point by selecting the **Boot images** node, right-clicking the **Zero Touch WinPE x64** boot image, and selecting **Distribute Content**. @@ -75,9 +71,9 @@ By using the MDT wizard to create the boot image in Configuration Manager, you g 9. Using Configuration Manager Trace, review the E:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file. Do not continue until you can see that the boot image is distributed. Look for the line that reads STATMSG: ID=2301. You also can view Content Status in the Configuration Manager Console by selecting **the Zero Touch WinPE x86** boot image. - ![figure 16](images/fig16-contentstatus.png) + ![Content status for the Zero Touch WinPE x64 boot image](images/fig16-contentstatus.png "Content status for the Zero Touch WinPE x64 boot image") - Figure 16. Content status for the Zero Touch WinPE x64 boot image. + Figure 16. Content status for the Zero Touch WinPE x64 boot image 10. Using the Configuration Manager Console, right-click the **Zero Touch WinPE x64** boot image and select **Properties**. diff --git a/windows/deploy/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md b/windows/deploy/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md index 4f25bc9987..ea62cd3903 100644 --- a/windows/deploy/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md +++ b/windows/deploy/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md @@ -49,25 +49,25 @@ To configure permissions for the various service accounts needed for operating s 2. Select the Service Accounts OU and create the CM\_JD account using the following settings: - 1. Name: CM\_JD + * Name: CM\_JD - 2. User logon name: CM\_JD + * User logon name: CM\_JD - 3. Password: P@ssw0rd + * Password: P@ssw0rd - 4. User must change password at next logon: Clear + * User must change password at next logon: Clear - 5. User cannot change password: Select + * User cannot change password: Select - 6. Password never expires: Select + * Password never expires: Select 3. Repeat the step, but for the CM\_NAA account. 4. After creating the accounts, assign the following descriptions: - 1. CM\_JD: Configuration Manager Join Domain Account + * CM\_JD: Configuration Manager Join Domain Account - 2. CM\_NAA: Configuration Manager Network Access Account + * CM\_NAA: Configuration Manager Network Access Account ![figure 6](images/mdt-06-fig06.png) @@ -93,39 +93,37 @@ In order for the Configuration Manager Join Domain Account (CM\_JD) to join mach 3. The Set-OUPermissions.ps1 script allows the CM\_JD user account permissions to manage computer accounts in the Contoso / Computers / Workstations OU. The following is a list of the permissions being granted: - 1. Scope: This object and all descendant objects + * Scope: This object and all descendant objects - 2. Create Computer objects + * Create Computer objects - 3. Delete Computer objects + * Delete Computer objects - 4. Scope: Descendant Computer objects + * Scope: Descendant Computer objects - 5. Read All Properties + * Read All Properties - 6. Write All Properties + * Write All Properties - 7. Read Permissions + * Read Permissions - 8. Modify Permissions + * Modify Permissions - 9. Change Password + * Change Password - 10. Reset Password + * Reset Password - 11. Validated write to DNS host name + * Validated write to DNS host name - 12. Validated write to service principal name + * Validated write to service principal name ## Review the Sources folder structure To support the packages you create in this section, the following folder structure should be created on the Configuration Manager primary site server (CM01): -**Note**   -In most production environments, the packages are stored on a Distributed File System (DFS) share or a "normal" server share, but in a lab environment you can store them on the site server. - -  +>[!NOTE]   +>In most production environments, the packages are stored on a Distributed File System (DFS) share or a "normal" server share, but in a lab environment you can store them on the site server. - E:\\Sources @@ -168,9 +166,9 @@ To extend the Configuration Manager console with MDT 2013 Update 2 wizards and t 5. From the Start screen, run Configure ConfigManager Integration with the following settings: - 1. Site Server Name: CM01.contoso.com + * Site Server Name: CM01.contoso.com - 2. Site code: PS1 + * Site code: PS1 ![figure 8](images/mdt-06-fig08.png) @@ -221,15 +219,15 @@ Configuration Manager has many options for starting a deployment, but starting v 3. In the **PXE** tab, select the following settings: - 1. Enable PXE support for clients + * Enable PXE support for clients - 2. Allow this distribution point to respond to incoming PXE requests + * Allow this distribution point to respond to incoming PXE requests - 3. Enable unknown computer support + * Enable unknown computer support - 4. Require a password when computers use PXE + * Require a password when computers use PXE - 5. Password and Confirm password: Passw0rd! + * Password and Confirm password: Passw0rd! ![figure 12](images/mdt-06-fig13.png) From 6065fc8646c69756e5ebf7388709c0e75c1f34a2 Mon Sep 17 00:00:00 2001 From: Trudy Hakala Date: Tue, 18 Oct 2016 07:53:47 -0700 Subject: [PATCH 12/27] adding back commented out W10 settings --- ...anage-settings-with-mdm-for-surface-hub.md | 86 ++++++++++++++++++- 1 file changed, 85 insertions(+), 1 deletion(-) diff --git a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md index 6bd7936606..5ed6ba03dd 100644 --- a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md +++ b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md @@ -52,7 +52,7 @@ You can manually enroll with an MDM using the **Settings** app on your Surface H ## Manage Surface Hub settings with MDM -You can use MDM to manage some [Surface Hub CSP settings](#supported-surface-hub-csp-settings). Depending on the MDM provider that you use, you may set these settings using a built-in user interface, or by deploying custom SyncML. Microsoft Intune and System Center Configuration Manager provide built-in experiences to help create policy templates for Surface Hub. Refer to documentation from your MDM provider to learn how to create and deploy SyncML. +You can use MDM to manage some [Surface Hub CSP settings](#supported-surface-hub-csp-settings). Depending on the MDM provider that you use, you may set these settings using a built-in user interface, or by deploying custom SyncML. Microsoft Intune and System Center Configuration Manager provide built-in experiences to help create policy templates for Surface Hub. Refer to documentation from your MDM provider to learn how to create and deploy SyncML. ### Supported Surface Hub CSP settings @@ -73,6 +73,90 @@ For more information, see [SurfaceHub configuration service provider](https://ms | Friendly name for wireless projection | Properties/FriendlyName | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | | Device account, including password rotation | DeviceAccount/\
See [SurfaceHub CSP](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx). | No | No | Yes | + ## Example: Manage Surface Hub settings with Micosoft Intune From 4f78a490932b0aaa563cbf924ac5d26dfa4cc0b2 Mon Sep 17 00:00:00 2001 From: Trudy Hakala Date: Tue, 18 Oct 2016 08:07:29 -0700 Subject: [PATCH 13/27] fixing build error --- .../surface-hub/manage-settings-with-mdm-for-surface-hub.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md index 5ed6ba03dd..2fce3b3573 100644 --- a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md +++ b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md @@ -84,7 +84,7 @@ The following tables include info on Windows 10 settings that have been validate | Setting | Details | CSP reference | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML? | | -------- | -------- | ------------- |-------------------------- | ---------------------------------------- | ------------------------- | | Allow Bluetooth | Keep this enabled to support Bluetooth peripherals. | [Connectivity/AllowBluetooth](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#Connectivity_AllowBluetooth) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -| Bluetooth policies | Use to set the Bluetooth device name, and block advertising, discovery, and automatic pairing. | Bluetooth/
See [Policy CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | +| Bluetooth policies | Use to set the Bluetooth device name, and block advertising, discovery, and automatic pairing. | Bluetooth/\\
See [Policy CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | | Allow camera | Keep this enabled for Skype for Business. | [Camera/AllowCamera](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#Camera_AllowCamera) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | | Allow location | Keep this enabled to support apps such as Maps. | [System/AllowLocation](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#System_AllowLocation) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | | Allow telemetry | Keep this enabled to help Microsoft improve Surface Hub. | [System/AllowTelemetry](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#System_AllowTelemetry) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | @@ -113,13 +113,13 @@ The following tables include info on Windows 10 settings that have been validate | Pause feature updates | See above. | [Update/PauseFeatureUpdates](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#Update_PauseFeatureUpdates) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | | Pause quality updates | See above. | [Update/PauseQualityUpdates](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#Update_PauseQualityUpdates) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes| | Configure device to use WSUS| Use to connect your Surface Hub to WSUS instead of Windows Update – see [Windows updates](manage-windows-updates-for-surface-hub.md). | [Update/UpdateServiceUrl](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#Update_UpdateServiceUrl) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -| Delivery optimization | Use peer-to-peer content sharing to reduce bandwidth issues during updates. See [Configure Delivery Optimization for Windows 10](https://technet.microsoft.com/itpro/windows/manage/waas-delivery-optimization) for details. | DeliveryOptimization/
See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | +| Delivery optimization | Use peer-to-peer content sharing to reduce bandwidth issues during updates. See [Configure Delivery Optimization for Windows 10](https://technet.microsoft.com/itpro/windows/manage/waas-delivery-optimization) for details. | DeliveryOptimization/\\
See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | #### Windows Defender settings | Setting | Details | CSP reference | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML? | | ----------- | ---------------- | ------------- |-------------------------- | ---------------------------------------- | ------------------------- | -| Defender policies. |Use to configure various Defender settings, including a scheduled scan time. | Defender/
See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes +| Defender policies. |Use to configure various Defender settings, including a scheduled scan time. | Defender/\\
See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | Defender status | Use to initiate a Defender scan, force a signature update, query any threats detected. | [Defender CSP](https://msdn.microsoft.com/library/windows/hardware/mt187856.aspx) | No. | No. | Yes | #### Remote reboot settings From c42fb0f5dc1813517ca0324723c7c0745fce87d8 Mon Sep 17 00:00:00 2001 From: Trudy Hakala Date: Tue, 18 Oct 2016 08:17:06 -0700 Subject: [PATCH 14/27] fixing build error --- .../manage-settings-with-mdm-for-surface-hub.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md index 2fce3b3573..3028f76efe 100644 --- a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md +++ b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md @@ -71,9 +71,9 @@ For more information, see [SurfaceHub configuration service provider](https://ms | Welcome screen background image | InBoxApps/Welcome/CurrentBackgroundPath | Yes | Yes.
Use a custom setting. | Yes | | Meeting information displayed on the welcome screen | InBoxApps/Welcome/MeetingInfoOption | Yes | Yes.
Use a custom setting. | Yes | | Friendly name for wireless projection | Properties/FriendlyName | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -| Device account, including password rotation | DeviceAccount/\
See [SurfaceHub CSP](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx). | No | No | Yes | +| Device account, including password rotation | DeviceAccount/*``*
See [SurfaceHub CSP](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx). | No | No | Yes | - +- bool (Boolean) ## Example: Manage Surface Hub settings with Micosoft Intune From 47650f5febccaef0efa9a15ec4db832d92c47d2f Mon Sep 17 00:00:00 2001 From: Trudy Hakala Date: Tue, 18 Oct 2016 09:22:31 -0700 Subject: [PATCH 17/27] testing fix --- .../surface-hub/manage-settings-with-mdm-for-surface-hub.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md index 188628e0ca..714b21afbd 100644 --- a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md +++ b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md @@ -73,6 +73,7 @@ For more information, see [SurfaceHub configuration service provider](https://ms | Friendly name for wireless projection | Properties/FriendlyName | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | | Device account, including password rotation | DeviceAccount/*``*
See [SurfaceHub CSP](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx). | No | No | Yes | + + ## Example: Manage Surface Hub settings with Micosoft Intune You can use Microsoft Intune to manage Surface Hub settings. From 8141e7cc6f7789c58da60d0413068e7e08ae2084 Mon Sep 17 00:00:00 2001 From: Trudy Hakala Date: Tue, 18 Oct 2016 09:35:05 -0700 Subject: [PATCH 18/27] testing fix --- devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md index 714b21afbd..d330ae3656 100644 --- a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md +++ b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md @@ -79,6 +79,7 @@ For more information, see [SurfaceHub configuration service provider](https://ms In addition to Surface Hub specific settings, there are numerous settings common to all Windows 10 devices. These settings are defined in the [Configuration service provider reference](https://msdn.microsoft.com/library/windows/hardware/dn920025.aspx). The following tables include info on Windows 10 settings that have been validated with Surface Hub. There is a table with settings for these areas: security, browser, Windows Updates, Windows Defender, remote reboot, certificates, and logs. Each table also tells if the setting is supported with Microsoft Intune, System Center Configuration Manager, or SyncML. +--> #### Security settings @@ -159,7 +160,6 @@ The data type is also stated in the CSP documentation. The most common data type - int (Integer) - bool (Boolean) ---> ## Example: Manage Surface Hub settings with Micosoft Intune From dc22896ac9f885565667a61c6332c30ee33bc988 Mon Sep 17 00:00:00 2001 From: Trudy Hakala Date: Tue, 18 Oct 2016 10:05:25 -0700 Subject: [PATCH 19/27] comment out security setting h4 --- devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md index d330ae3656..a491bc67fe 100644 --- a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md +++ b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md @@ -81,6 +81,7 @@ In addition to Surface Hub specific settings, there are numerous settings common The following tables include info on Windows 10 settings that have been validated with Surface Hub. There is a table with settings for these areas: security, browser, Windows Updates, Windows Defender, remote reboot, certificates, and logs. Each table also tells if the setting is supported with Microsoft Intune, System Center Configuration Manager, or SyncML. --> + #### Browser settings From cba6236dcaf5207aa0333fc99fae20e73aa561ff Mon Sep 17 00:00:00 2001 From: LizRoss Date: Tue, 18 Oct 2016 10:35:17 -0700 Subject: [PATCH 20/27] Updated about icon overlay changes --- windows/keep-secure/change-history-for-keep-windows-10-secure.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/keep-secure/change-history-for-keep-windows-10-secure.md b/windows/keep-secure/change-history-for-keep-windows-10-secure.md index 9fe6c9986e..dada97fc72 100644 --- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md +++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md @@ -16,6 +16,7 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md | New or changed topic | Description | | --- | --- | +|[Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-wip-policy-using-sccm.md) and [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) |Updated the text about the icon overlay option. This icon now only appears on corporate files in the Save As and File Explore views. | |[Limitations while using Windows Information Protection (WIP)](limitations-with-wip.md) |Added content about using ActiveX controls.| |[Unenlightened and enlightened app behavior while using Windows Information Protection (WIP)](app-behavior-with-wip.md) |New | |[VPN technical guide](vpn-guide.md) | Multiple new topics, replacing previous **VPN profile options** topic | From a6359d9de8c109c1dddc6b9c4a14845c7d596dc9 Mon Sep 17 00:00:00 2001 From: Trudy Hakala Date: Tue, 18 Oct 2016 11:13:13 -0700 Subject: [PATCH 21/27] testing fix - add back h3 --- .../surface-hub/manage-settings-with-mdm-for-surface-hub.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md index a491bc67fe..b49768ece6 100644 --- a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md +++ b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md @@ -73,13 +73,13 @@ For more information, see [SurfaceHub configuration service provider](https://ms | Friendly name for wireless projection | Properties/FriendlyName | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | | Device account, including password rotation | DeviceAccount/*``*
See [SurfaceHub CSP](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx). | No | No | Yes | - + + #### Browser settings From ae92ac015801710418149dac136fb18d603a4a55 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Tue, 18 Oct 2016 12:51:20 -0700 Subject: [PATCH 25/27] Formatting for comment --- .../manage-settings-with-mdm-for-surface-hub.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md index 25e96c5db5..0f6e4b0c4c 100644 --- a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md +++ b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md @@ -80,9 +80,8 @@ In addition to Surface Hub specific settings, there are numerous settings common The following tables include info on Windows 10 settings that have been validated with Surface Hub. There is a table with settings for these areas: security, browser, Windows Updates, Windows Defender, remote reboot, certificates, and logs. Each table also tells if the setting is supported with Microsoft Intune, System Center Configuration Manager, or SyncML. - -#### Security settings - + #### Browser settings From fe7705d9c3391f45acbdfe68376dc33beec04b2d Mon Sep 17 00:00:00 2001 From: Trudy Hakala Date: Tue, 18 Oct 2016 13:21:01 -0700 Subject: [PATCH 26/27] removing W10 settings section --- ...anage-settings-with-mdm-for-surface-hub.md | 88 +------------------ 1 file changed, 1 insertion(+), 87 deletions(-) diff --git a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md index 0f6e4b0c4c..77fe621aae 100644 --- a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md +++ b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md @@ -52,7 +52,7 @@ You can manually enroll with an MDM using the **Settings** app on your Surface H ## Manage Surface Hub settings with MDM -You can use MDM to manage some [Surface Hub CSP settings](#supported-surface-hub-csp-settings). Depending on the MDM provider that you use, you may set these settings using a built-in user interface, or by deploying custom SyncML. Microsoft Intune and System Center Configuration Manager provide built-in experiences to help create policy templates for Surface Hub. Refer to documentation from your MDM provider to learn how to create and deploy SyncML. +You can use MDM to manage some [Surface Hub CSP settings](#supported-surface-hub-csp-settings). Depending on the MDM provider that you use, you may set these settings using a built-in user interface, or by deploying custom SyncML. Microsoft Intune and System Center Configuration Manager provide built-in experiences to help create policy templates for Surface Hub. Refer to documentation from your MDM provider to learn how to create and deploy SyncML. ### Supported Surface Hub CSP settings @@ -74,92 +74,6 @@ For more information, see [SurfaceHub configuration service provider](https://ms | Device account, including password rotation | DeviceAccount/*``*
See [SurfaceHub CSP](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx). | No | No | Yes | - ### Supported Windows 10 settings - -In addition to Surface Hub specific settings, there are numerous settings common to all Windows 10 devices. These settings are defined in the [Configuration service provider reference](https://msdn.microsoft.com/library/windows/hardware/dn920025.aspx). - -The following tables include info on Windows 10 settings that have been validated with Surface Hub. There is a table with settings for these areas: security, browser, Windows Updates, Windows Defender, remote reboot, certificates, and logs. Each table also tells if the setting is supported with Microsoft Intune, System Center Configuration Manager, or SyncML. - - - -#### Browser settings - -| Setting | Details | CSP reference | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML? | -| -------- | ---------------- | ------------- |-------------------------- | ---------------------------------------- | ------------------------- | -| Homepages | Use to configure the default homepages in Microsoft Edge. | [Browser/Homepages](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_Homepages) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -| Allow cookies | Surface Hub automatically deletes cookies at the end of a session. Use this to block cookies within a session. | [Browser/AllowCookies](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowCookies) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -| Allow developer tools | Use to stop users from using F12 Developer Tools. | [Browser/AllowDeveloperTools](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowDeveloperTools) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -| Allow Do Not Track | Use to enable Do Not Track headers. | [Browser/AllowDoNotTrack](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowDoNotTrack) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -| Allow pop-ups | Use to block pop-up browser windows. | [Browser/AllowPopups](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowPopups) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -| Allow search suggestions | Use to block search suggestions in the address bar. | [Browser/AllowSearchSuggestionsinAddressBar](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSearchSuggestionsinAddressBar) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -| Allow SmartScreen | Keep this enabled to turn on SmartScreen. | [Browser/AllowSmartScreen](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSmartScreen) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -| Prevent ignoring SmartScreen Filter warnings for websites | For extra security, use to stop users from ignoring SmartScreen Filter warnings and block them from accessing potentially malicious websites. | [Browser/PreventSmartScreenPromptOverride](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverride) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -| Prevent ignoring SmartScreen Filter warnings for files | For extra security, use to stop users from ignoring SmartScreen Filter warnings and block them from downloading unverified files from Microsoft Edge. | [Browser/PreventSmartScreenPromptOverrideForFiles](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverrideForFiles) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | - -#### Windows Update settings - -| Setting | Details | CSP reference | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML? | -| ----------- | ---------------- | ------------- |-------------------------- | ---------------------------------------- | ------------------------- | -| Use Current Branch or Current Branch for Business | Use to configure Windows Update for Business – see [Windows updates](manage-windows-updates-for-surface-hub.md). | [Update/BranchReadinessLevel](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_BranchReadinessLevel) | Yes. Use a custom policy. | Yes. Use a custom setting. | Yes | -| Defer feature updates| See above. | [Update/ DeferFeatureUpdatesPeriodInDays](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_DeferFeatureUpdatesPeriodInDays) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -| Defer quality updates | See above. | [Update/DeferQualityUpdatesPeriodInDays](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_DeferQualityUpdatesPeriodInDays) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -| Pause feature updates | See above. | [Update/PauseFeatureUpdates](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_PauseFeatureUpdates) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -| Pause quality updates | See above. | [Update/PauseQualityUpdates](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_PauseQualityUpdates) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes| -| Configure device to use WSUS| Use to connect your Surface Hub to WSUS instead of Windows Update – see [Windows updates](manage-windows-updates-for-surface-hub.md). | [Update/UpdateServiceUrl](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_UpdateServiceUrl) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -| Delivery optimization | Use peer-to-peer content sharing to reduce bandwidth issues during updates. See [Configure Delivery Optimization for Windows 10](https://technet.microsoft.com/itpro/windows/manage/waas-delivery-optimization) for details. | DeliveryOptimization/*``*
See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | - -#### Windows Defender settings - -| Setting | Details | CSP reference | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML? | -| ----------- | ---------------- | ------------- |-------------------------- | ---------------------------------------- | ------------------------- | -| Defender policies. | Use to configure various Defender settings, including a scheduled scan time. | Defender/*``*
See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -| Defender status | Use to initiate a Defender scan, force a signature update, query any threats detected. | [Defender CSP](https://msdn.microsoft.com/library/windows/hardware/mt187856.aspx) | No. | No. | Yes | - -#### Remote reboot settings - -| Setting | Details | CSP reference | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML? | -| ----------- | ---------------- | ------------- |-------------------------- | ---------------------------------------- | ------------------------- | -| Reboot the device immediately | Use in conjunction with OMS to minimize support costs – see [Monitor your Microsoft Surface Hub](monitor-surface-hub.md). | ./Vendor/MSFT/Reboot/RebootNow
See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | No | No | Yes | -| Reboot the device at a scheduled date and time | See above. | ./Vendor/MSFT/Reboot/Schedule/Single
See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -| Reboot the device daily at a scheduled date and time | See above. | ./Vendor/MSFT/Reboot/Schedule/DailyRecurrent
See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | - -#### Certficate settings - -| Setting | Details | CSP reference | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML? | -| ----------- | ---------------- | ------------- |-------------------------- | ---------------------------------------- | ------------------------- | -| Install certificates | Use to deploy certificates to the Surface Hub. | [RootCATrustedCertificates CSP](https://msdn.microsoft.com/library/windows/hardware/dn904970.aspx)
[ClientCertificateInstall CSP](https://msdn.microsoft.com/library/windows/hardware/dn920023.aspx) | Yes.
See [Secure resource access with certificate profiles](https://docs.microsoft.com/intune/deploy-use/secure-resource-access-with-certificate-profiles). | Yes.
See [How to create certificate profiles in Configuration Manager](https://technet.microsoft.com/library/dn270541.aspx). | Yes | - -#### Log settings - -| Setting | Details | CSP reference | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML? | -| ----------- | ---------------- | ------------- |-------------------------- | ---------------------------------------- | ------------------------- | -| Log collection | Use to remotely collect ETW logs from Surface Hub. | [DiagnosticLog CSP](https://msdn.microsoft.com/library/windows/hardware/mt219118.aspx) | No | No | Yes | - -### Generate OMA URIs for settings -You need to use a setting’s OMA URI to create a custom policy in Intune, or a custom setting in System Center Configuration Manager. - -**To generate the OMA URI for any setting in the CSP documentation** -1. In the CSP documentation, identify the root node of the CSP. Generally, this looks like `./Vendor/MSFT/`.
-For example, the root node of the [SurfaceHub CSP](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx) is `./Vendor/MSFT/SurfaceHub`. -2. Identify the node path for the setting you want to use.
-For example, the node path for the setting to enable wireless projection is `InBoxApps/WirelessProjection/Enabled`. -3. Append the node path to the root node to generate the OMA URI.
-For example, the OMA URI for the setting to enable wireless projection is `./Vendor/MSFT/SurfaceHub/InBoxApps/WirelessProjection/Enabled`. - -The data type is also stated in the CSP documentation. The most common data types are: -- char (String) -- int (Integer) -- bool (Boolean) - ## Example: Manage Surface Hub settings with Micosoft Intune From 464227c61082fc6f6ae36c27b14f2fe45d0030e3 Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Wed, 19 Oct 2016 08:21:52 -0700 Subject: [PATCH 27/27] fix Passport references --- .../join-windows-10-mobile-to-azure-active-directory.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/manage/join-windows-10-mobile-to-azure-active-directory.md b/windows/manage/join-windows-10-mobile-to-azure-active-directory.md index 6c398d7d27..eae687dfc0 100644 --- a/windows/manage/join-windows-10-mobile-to-azure-active-directory.md +++ b/windows/manage/join-windows-10-mobile-to-azure-active-directory.md @@ -81,9 +81,9 @@ An added work account provides the same SSO experience in browser apps like Offi An MDM service is required for managing Azure AD-joined devices. You can use MDM to push settings to devices, as well as application and certificates used by VPN, Wi-Fi, etc. Azure AD Premium or [Enterprise Mobility Suite (EMS)](https://go.microsoft.com/fwlink/p/?LinkID=723984) licenses are required to set up your Azure AD-joined devices to automatically enroll in MDM. [Learn more about setting up your Azure AD tenant for MDM auto-enrollment.](https://go.microsoft.com/fwlink/p/?LinkID=691615) -- **Microsoft Passport** +- **Windows Hello** - Creating a Microsoft Passport (PIN) is required on Windows 10 Mobile by default and cannot be disabled. [You can control Microsoft Passport policies](https://go.microsoft.com/fwlink/p/?LinkId=735079) using controls in MDM, such as Intune. Because the device is joined using organizational credentials, the device must have a PIN to unlock the device. Windows Hello (biometrics such as fingerprint or iris) can be used for Passport authentication. Creating a Microsoft Passport requires the user to perform an multi-factor authentication since the PIN is a strong authentication credential. [Learn more about Microsoft Passport for Azure AD.](https://go.microsoft.com/fwlink/p/?LinkId=735004) + Creating a Windows Hello (PIN) is required on Windows 10 Mobile by default and cannot be disabled. You can control Windows Hello policiesusing controls in MDM, such as Intune. Because the device is joined using organizational credentials, the device must have a PIN to unlock the device. Biometrics such as fingerprint or iris can be used for authentication. Creating a Windows Hello requires the user to perform an multi-factor authentication since the PIN is a strong authentication credential. [Learn more about Windows Hello for Azure AD.](https://go.microsoft.com/fwlink/p/?LinkId=735004) - **Conditional access**