Merge remote-tracking branch 'origin/master' into atp-rs4

2025-06-18 11:53:37 +00:00 · 2018-04-09 10:31:29 -07:00
parent ba9252360d bba9b0928a
commit 2e40283079
9 changed files with 118 additions and 54 deletions
--- a/windows/client-management/mdm/policy-csp-kioskbrowser.md
+++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 04/03/2018
+ms.date: 04/06/2018
 ---

 # Policy CSP - KioskBrowser
@ -14,7 +14,8 @@ ms.date: 04/03/2018
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

-These policies only apply to kiosk browser.
+These policies currently only apply to Kiosk Browser app. Kiosk Browser is a Microsoft Store app, added in Windows 10 version 1803, that provides IT a way to customize the end user’s browsing experience to fulfill kiosk, signage, and shared device scenarios. Application developers can also create their own kiosk browser and read these policies using [NamedPolicy.GetPolicyFromPath(String, String) Method](https://docs.microsoft.com/en-us/uwp/api/windows.management.policies.namedpolicy.getpolicyfrompath#Windows_Management_Policies_NamedPolicy_GetPolicyFromPath_System_String_System_String_). 
+

 <hr/>

@ -85,7 +86,7 @@ These policies only apply to kiosk browser.
 Added in Windows 10, version 1803. List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs.

 > [!Note]  
-> This policy only applies to kiosk browser.
+> This policy only applies to the Kiosk Browser app in Microsoft Store.

 <!--/Description-->
 <!--/Policy-->
@ -132,7 +133,7 @@ Added in Windows 10, version 1803. List of exceptions to the blocked website URL
 Added in Windows 10, version 1803. List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers cannot navigate to.

 > [!Note]  
-> This policy only applies to kiosk browser.
+> This policy only applies to the Kiosk Browser app in Microsoft Store.

 <!--/Description-->
 <!--/Policy-->
@ -179,7 +180,7 @@ Added in Windows 10, version 1803. List of blocked website URLs (with wildcard s
 Added in Windows 10, version 1803. Configures the default URL kiosk browsers to navigate on launch and restart.

 > [!Note]  
-> This policy only applies to kiosk browser.
+> This policy only applies to the Kiosk Browser app in Microsoft Store.

 <!--/Description-->
 <!--/Policy-->
@ -226,7 +227,7 @@ Added in Windows 10, version 1803. Configures the default URL kiosk browsers to
 Added in Windows 10, version 1803. Enable/disable kiosk browser's home button.

 > [!Note]  
-> This policy only applies to kiosk browser.
+> This policy only applies to the Kiosk Browser app in Microsoft Store.

 <!--/Description-->
 <!--/Policy-->
@ -273,7 +274,7 @@ Added in Windows 10, version 1803. Enable/disable kiosk browser's home button.
 Added in Windows 10, version 1803. Enable/disable kiosk browser's navigation buttons (forward/back).

 > [!Note]  
-> This policy only applies to kiosk browser.
+> This policy only applies to the Kiosk Browser app in Microsoft Store.

 <!--/Description-->
 <!--/Policy-->
@ -322,7 +323,7 @@ Added in Windows 10, version 1803. Amount of time in minutes the session is idle
 The value is an int 1-1440 that specifies the amount of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty which means there is no idle timeout within the kiosk browser.

 > [!Note]  
-> This policy only applies to kiosk browser.
+> This policy only applies to the Kiosk Browser app in Microsoft Store.

 <!--/Description-->
 <!--/Policy-->
--- a/windows/deployment/TOC.md
+++ b/windows/deployment/TOC.md
@ -230,6 +230,7 @@
 ### [Deploy Windows 10 updates using System Center Configuration Manager](update/waas-manage-updates-configuration-manager.md)
 ### [Manage device restarts after updates](update/waas-restart.md)
 ### [Manage additional Windows Update settings](update/waas-wu-settings.md)
+### [Determine the source of Windows updates](update/windows-update-sources.md)
 ### [Windows Insider Program for Business](update/waas-windows-insider-for-business.md)
 #### [Introduction to the Windows Insider Program for Business](update/WIP4Biz-intro.md)
 #### [Windows Insider Program for Business Frequently Asked Questions](update/waas-windows-insider-for-business-faq.md)
--- a/windows/deployment/update/index.md
+++ b/windows/deployment/update/index.md
@ -1,16 +1,16 @@
 ---
-title: Update Windows 10 in the enterprise (Windows 10)
+title: Update Windows 10 in enterprise deployments (Windows 10)
 description: Windows as a service provides an all-new way to think about building, deploying, and servicing Windows 10.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: DaniHalfin
+author: Jaimeo
 ms.localizationpriority: high
-ms.author: daniha
-ms.date: 11/17/2017
+ms.author: jaimeo
+ms.date: 04/06/2018
 ---

-# Update Windows 10 in the enterprise
+# Update Windows 10 in enterprise deployments


 **Applies to**
--- a/windows/deployment/update/windows-update-sources.md
+++ b/windows/deployment/update/windows-update-sources.md
@ -0,0 +1,37 @@
+---
+title: Determine the source of Windows updates
+description: Determine the source that Windows Update service is currently using.
+ms.prod: w10
+ms.mktglfcycl: 
+ms.sitesec: library
+author: kaushika-msft
+ms.localizationpriority: high
+ms.author: jaimeo
+ms.date: 04/05/2018
+---
+
+# Determine the source of Windows updates
+
+Windows 10 devices can receive updates from a variety of sources, including Windows Update online, a Windows Server Update Services server, and others. To determine the source of Windows Updates currently being used on a device, follow these steps: 
+
+1.  Start Windows PowerShell as an administrator
+2.  Run  `\$MUSM = New-Object -ComObject   “Microsoft.Update.ServiceManager”`.
+3.  Run `\$MUSM.Services`. Check the resulting output for the **Name** and **OffersWindowsUPdates** parameters, which you can intepret according to this table:
+
+| Output          | Interpretation |
+|-----------------------------------------------------|-----------------------------------|
+| - Name: **Microsoft Update**<br>-OffersWindowsUpdates: **True** | - The update source is Microsoft Update, which means that updates for other Microsoft products besides the operating system could also be delivered.<br>-  Indicates that the client is configured to receive updates for all Microsoft Products (Office, etc.)|
+|- Name: **DCat Flighting Prod** <br>-  OffersWindowsUpdates: **False**|- The update source is the Windows Insider Program.<br>- Indicates that the client will not receive or is not configured to receive these updates. |
+| - Name: **Windows Store (DCat Prod)**<br>- OffersWindowsUpdates: **False** |-The update source is Insider Updates for Store Apps.<br>- Indicates that the client will not receive or is not configured to receive these updates.| 
+|-  Name: **Windows Server Update Service**<br>-  OffersWindowsUpdates: **True**  |- The source is a Windows Server Updates Services server.<br>- The client is configured to receive updates from WSUS.|
+|- Name: **Windows Update**<br>- OffersWindowsUpdates: **True** |- The source is Windows Update.<br>- The client is configured to receive updates from Windows Update Online.|
+
+
+
+See also:
+
+[Understanding the Windowsupdate.log file for advanced users](https://support.microsoft.com/help/4035760)
+
+[You can't install updates on a Windows-based computer](https://support.microsoft.com/help/2509997/you-can-t-install-updates-on-a-windows-based-computer)
+
+[How to read the Windowsupdate.log file on Windows 7 and earlier OS versions](https://support.microsoft.com/help/902093/how-to-read-the-windowsupdate-log-file)
--- a/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md
+++ b/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md
@ -799,7 +799,7 @@ To create a WDAC policy, copy each of the following commands into an elevated Wi

 2.  Use [New-CIPolicy](https://docs.microsoft.com/powershell/module/configci/new-cipolicy?view=win10-ps) to create a new WDAC policy by scanning the system for installed applications:

-    ` New-CIPolicy -Level PcaCertificate -FilePath $InitialCIPolicy –UserPEs 3> CIPolicyLog.txt `
+    ` New-CIPolicy -Level FilePublisher -FilePath $InitialCIPolicy –UserPEs -FallBack Hash 3> CIPolicyLog.txt `

    > [!Note] 
    
@ -841,7 +841,7 @@ When WDAC policies are run in audit mode, it allows administrators to discover a
    
    > - An alternative method to test a policy is to rename the test file to SIPolicy.p7b and drop it into C:\\Windows\\System32\\CodeIntegrity, rather than deploy it by using the Local Group Policy Editor.
    
-3.  Navigate to **Computer Configuration\\Administrative Templates\\System\\Windows Defender Device Guard**, and then select **Deploy Windows Defender Application Control**. Enable this setting by using the appropriate file path, for example, C:\\Windows\\System32\\CodeIntegrity\\DeviceGuardPolicy.bin, as shown in Figure 1.
+3.  Navigate to **Computer Configuration\\Administrative Templates\\System\\Device Guard**, and then select **Deploy Windows Defender Application Control**. Enable this setting by using the appropriate file path, for example, C:\\Windows\\System32\\CodeIntegrity\\DeviceGuardPolicy.bin, as shown in Figure 1.

    > [!Note]
    
@ -889,7 +889,7 @@ Use the following procedure after you have been running a computer with a WDAC p

 3.  Use [New-CIPolicy](https://docs.microsoft.com/powershell/module/configci/new-cipolicy?view=win10-ps) to generate a new WDAC policy from logged audit events. This example uses a file rule level of **Hash** and includes `3> CIPolicylog.txt`, which redirects warning messages to a text file, **CIPolicylog.txt**.

-    ` New-CIPolicy -Audit -Level Hash -FilePath $CIAuditPolicy –UserPEs 3> CIPolicylog.txt`
+    ` New-CIPolicy -Audit -Level Hash -FilePath $CIAuditPolicy –UserPEs 3 -FallBack Hash > CIPolicylog.txt`

  > [!Note] 
  > When you create policies from audit events, you should carefully consider the file rule level that you select to trust. The preceding example uses the **Hash** rule level, which is the most specific. Any change to the file (such as replacing the file with a newer version of the same file) will change the Hash value, and require an update to the policy.