diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 0c4909bd02..737430f195 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -6562,12 +6562,12 @@ }, { "source_path": "windows/manage/manage-inventory-windows-store-for-business.md", -"redirect_url": "/microsoft-store/app-inventory-managemement-windows-store-for-business", +"redirect_url": "/microsoft-store/app-inventory-management-windows-store-for-business", "redirect_document_id": true }, { "source_path": "store-for-business/app-inventory-managemement-windows-store-for-business.md", -"redirect_url": "/microsoft-store/app-inventory-managemement-microsoft-store-for-business", +"redirect_url": "/microsoft-store/app-inventory-management-microsoft-store-for-business", "redirect_document_id": true }, { @@ -15046,6 +15046,11 @@ "source_path": "windows/device-security/index.md", "redirect_url": "/windows/security/threat-protection", "redirect_document_id": true +}, +{ +"source_path": "browsers/internet-explorer/ie11-deploy-guide/group-policy-compatability-with-ie11.md", +"redirect_url": "/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatibility-with-ie11", +"redirect_document_id": true } ] } diff --git a/browsers/edge/group-policies/developer-settings-gp.md b/browsers/edge/group-policies/developer-settings-gp.md index bc91700ced..c13c677abc 100644 --- a/browsers/edge/group-policies/developer-settings-gp.md +++ b/browsers/edge/group-policies/developer-settings-gp.md @@ -4,7 +4,7 @@ description: Microsoft Edge, by default, allows users to use the F12 developer t services: keywords: ms.localizationpriority: medium -managre: dougkim +manager: dougkim author: eavena ms.author: eravena ms.date: 10/02/2018 diff --git a/browsers/edge/includes/configure-cookies-include.md b/browsers/edge/includes/configure-cookies-include.md index d47147ae74..df7adb9aab 100644 --- a/browsers/edge/includes/configure-cookies-include.md +++ b/browsers/edge/includes/configure-cookies-include.md @@ -19,7 +19,7 @@ ms.topic: include | Group Policy | MDM | Registry | Description | Most restricted | |---------------------------------------------|:---:|:--------:|-----------------------------------------------|:------------------------------------------------:| | Enabled | 0 | 0 | Block all cookies from all sites. | ![Most restricted value](/images/check-gn.png) | -| Enabled | 1 | 1 | Block only coddies from third party websites. | | +| Enabled | 1 | 1 | Block only cookies from third party websites. | | | Disabled or not configured
**(default)** | 2 | 2 | Allow all cookies from all sites. | | --- diff --git a/browsers/edge/index.yml b/browsers/edge/index.yml index 9550d5d1d2..0afcf97eb7 100644 --- a/browsers/edge/index.yml +++ b/browsers/edge/index.yml @@ -92,7 +92,7 @@ sections: - href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/interoperability-enterprise-guidance-gp - html:

Learch how you can use the Enterprise Mode site list for websites and apps that have compatibility problems in Microsoft Edge.

+ html:

Learn how you can use the Enterprise Mode site list for websites and apps that have compatibility problems in Microsoft Edge.

image: diff --git a/browsers/edge/microsoft-edge.yml b/browsers/edge/microsoft-edge.yml index 1d5723ae94..341292cab7 100644 --- a/browsers/edge/microsoft-edge.yml +++ b/browsers/edge/microsoft-edge.yml @@ -33,7 +33,7 @@ sections: - type: markdown text: " Even if you still have legacy apps in your organization, you can default to the secure, modern experience of Microsoft Edge and provide a consistent level of compatibility with existing legacy applications.
- +

**Test your site on Microsoft Edge**
Test your site on Microsoft Edge for free instantly, with remote browser testing powered by BrowserStack. You can also use the linting tool sonarwhal to assess your site's accessibility, speed, security, and more.
Test your site on Microsoft Edge for free on BrowserStack
Use sonarwhal to improve your website.
**Improve compatibility with Enterprise Mode**
With Enterprise Mode you can use Microsoft Edge as your default browser, while ensuring apps continue working on IE11.
Use Enterprse mode to improve compatibility
Turn on Enterprise Mode and use a site list
Enterprise Site List Portal
Ultimate browser strategy on Windows 10
**Web Application Compatibility Lab Kit**
The Web Application Compatibility Lab Kit is a primer for the features and techniques used to provide web application compatibility during a typical enterprise migration to Microsoft Edge.
Find out more

**Test your site on Microsoft Edge**
Test your site on Microsoft Edge for free instantly, with remote browser testing powered by BrowserStack. You can also use the linting tool sonarwhal to assess your site's accessibility, speed, security, and more.
Test your site on Microsoft Edge for free on BrowserStack
Use sonarwhal to improve your website.
**Improve compatibility with Enterprise Mode**
With Enterprise Mode you can use Microsoft Edge as your default browser, while ensuring apps continue working on IE11.
Use Enterprise mode to improve compatibility
Turn on Enterprise Mode and use a site list
Enterprise Site List Portal
Ultimate browser strategy on Windows 10
**Web Application Compatibility Lab Kit**
The Web Application Compatibility Lab Kit is a primer for the features and techniques used to provide web application compatibility during a typical enterprise migration to Microsoft Edge.
Find out more
" - title: Security diff --git a/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md b/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md index 34da92da2a..15858b4039 100644 --- a/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md +++ b/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md @@ -147,7 +147,7 @@ You need to set up your computers for data collection by running the provided Po **To set up Enterprise Site Discovery** -- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1`. For more info, see [about Execution Policies](https://go.microsoft.com/fwlink/p/?linkid=517460). +- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETelemetrySetUp.ps1`. For more info, see [about Execution Policies](https://go.microsoft.com/fwlink/p/?linkid=517460). ### WMI only: Set up your firewall for WMI data If you choose to use WMI as your data output, you need to make sure that your WMI data can travel through your firewall for the domain. If you’re sure, you can skip this section; otherwise, follow these steps: @@ -171,13 +171,13 @@ You can determine which zones or domains are used for data collection, using Pow **To set up data collection using a domain allow list** - - Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`. + - Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`. >**Important**
Wildcards, like \*.microsoft.com, aren’t supported. **To set up data collection using a zone allow list** - - Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`. + - Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`. >**Important**
Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported. @@ -447,7 +447,7 @@ After you’ve collected your data, you’ll need to turn Enterprise Site Discov **To stop collecting data, using PowerShell** -- On your client computer, start Windows PowerShell in elevated mode (using admin privileges) and run `IETelemetrySetUp.ps1`, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1 –IEFeatureOff`. +- On your client computer, start Windows PowerShell in elevated mode (using admin privileges) and run `IETelemetrySetUp.ps1`, using this command: `powershell -ExecutionPolicy Bypass .\IETelemetrySetUp.ps1 –IEFeatureOff`. >**Note**
Turning off data collection only disables the Enterprise Site Discovery feature – all data already written to WMI stays on your employee’s computer. diff --git a/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md b/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md index b43215b9ac..503be19c75 100644 --- a/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md +++ b/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md @@ -179,7 +179,7 @@ Where https://fabrikam.com doesn't use IE8 Enterprise Mode, but https://fabrikam

Example 

 <docMode>
-  <domain exclude="false">fakrikam.com
+  <domain exclude="false">fabrikam.com
     <path docMode="7">/products</path>
   </domain>
 </docMode>
diff --git a/browsers/enterprise-mode/enterprise-mode.md b/browsers/enterprise-mode/enterprise-mode.md index 592363962b..3e22df673d 100644 --- a/browsers/enterprise-mode/enterprise-mode.md +++ b/browsers/enterprise-mode/enterprise-mode.md @@ -54,6 +54,6 @@ You can build and manage your Enterprise Mode Site List is by using any generic ### Add a single site to the site list -### Add mulitple sites to the site list +### Add multiple sites to the site list diff --git a/browsers/enterprise-mode/turn-off-enterprise-mode.md b/browsers/enterprise-mode/turn-off-enterprise-mode.md index 9b68512593..ce1f04eaa1 100644 --- a/browsers/enterprise-mode/turn-off-enterprise-mode.md +++ b/browsers/enterprise-mode/turn-off-enterprise-mode.md @@ -2,7 +2,7 @@ ms.localizationpriority: low ms.mktglfcycl: deploy ms.pagetype: appcompat -description: How to turn Enteprrise Mode off temporarily while testing websites and how to turn it off completely if you no longer want to to use it. +description: How to turn Enterprise Mode off temporarily while testing websites and how to turn it off completely if you no longer want to to use it. author: eavena ms.prod: ie11 ms.assetid: 5027c163-71e0-49b8-9dc0-f0a7310c7ae3 diff --git a/browsers/internet-explorer/TOC.md b/browsers/internet-explorer/TOC.md index 229def58e0..0fed701c19 100644 --- a/browsers/internet-explorer/TOC.md +++ b/browsers/internet-explorer/TOC.md @@ -76,7 +76,7 @@ ###[New group policy settings for Internet Explorer 11](ie11-deploy-guide/new-group-policy-settings-for-ie11.md) ###[Set the default browser using Group Policy](ie11-deploy-guide/set-the-default-browser-using-group-policy.md) ###[ActiveX installation using group policy](ie11-deploy-guide/activex-installation-using-group-policy.md) -###[Group Policy and compatibility with Internet Explorer 11](ie11-deploy-guide/group-policy-compatability-with-ie11.md) +###[Group Policy and compatibility with Internet Explorer 11](ie11-deploy-guide/group-policy-compatibility-with-ie11.md) ###[Group policy preferences and Internet Explorer 11](ie11-deploy-guide/group-policy-preferences-and-ie11.md) ###[Administrative templates and Internet Explorer 11](ie11-deploy-guide/administrative-templates-and-ie11.md) ###[Enable and disable add-ons using administrative templates and group policy](ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md) diff --git a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md index e2858bc04b..d634c34fd0 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md +++ b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md @@ -147,7 +147,7 @@ You need to set up your computers for data collection by running the provided Po **To set up Enterprise Site Discovery** -- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1`. For more info, see [about Execution Policies](https://go.microsoft.com/fwlink/p/?linkid=517460). +- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETelemetrySetUp.ps1`. For more info, see [about Execution Policies](https://go.microsoft.com/fwlink/p/?linkid=517460). ### WMI only: Set up your firewall for WMI data If you choose to use WMI as your data output, you need to make sure that your WMI data can travel through your firewall for the domain. If you’re sure, you can skip this section; otherwise, follow these steps: @@ -171,13 +171,13 @@ You can determine which zones or domains are used for data collection, using Pow **To set up data collection using a domain allow list** - - Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`. + - Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`. >**Important**
Wildcards, like \*.microsoft.com, aren’t supported. **To set up data collection using a zone allow list** - - Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`. + - Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`. >**Important**
Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported. @@ -447,7 +447,7 @@ After you’ve collected your data, you’ll need to turn Enterprise Site Discov **To stop collecting data, using PowerShell** -- On your client computer, start Windows PowerShell in elevated mode (using admin privileges) and run `IETelemetrySetUp.ps1`, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1 –IEFeatureOff`. +- On your client computer, start Windows PowerShell in elevated mode (using admin privileges) and run `IETelemetrySetUp.ps1`, using this command: `powershell -ExecutionPolicy Bypass .\IETelemetrySetUp.ps1 –IEFeatureOff`. >**Note**
Turning off data collection only disables the Enterprise Site Discovery feature – all data already written to WMI stays on your employee’s computer. diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md index 72522b17ec..daa0f1c0ee 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md +++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md @@ -179,7 +179,7 @@ Where http

Example 

 <docMode>
-  <domain exclude="false">fakrikam.com
+  <domain exclude="false">fabrikam.com
     <path docMode="7">/products</path>
   </domain>
 </docMode>
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md index 3c8c913f1f..d6703810d1 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md @@ -34,7 +34,7 @@ Use the topics in this section to learn about Group Policy and how to use it to |[New group policy settings for Internet Explorer 11](new-group-policy-settings-for-ie11.md) |Info about many of the new group policy settings added for Internet Explorer 11. | |[Group Policy management tools](group-policy-objects-and-ie11.md) |Guidance about how to use Microsoft Active Directory Domain Services (AD DS) to manage your Group Policy settings. | |[ActiveX installation using group policy](activex-installation-using-group-policy.md) |Info about using the ActiveX Installer Service (AXIS) and Group Policy to manage your ActiveX control deployment. | -|[Group Policy and compatibility with Internet Explorer 11](group-policy-compatability-with-ie11.md) |Our Group Policy recommendations for security, performance, and compatibility with previous versions of IE, regardless of which Zone the website is in. | +|[Group Policy and compatibility with Internet Explorer 11](group-policy-compatibility-with-ie11.md) |Our Group Policy recommendations for security, performance, and compatibility with previous versions of IE, regardless of which Zone the website is in. | |[Group policy preferences and Internet Explorer 11](group-policy-preferences-and-ie11.md) |Info about Group Policy preferences, as compared to Group Policy settings. | |[Administrative templates and Internet Explorer 11](administrative-templates-and-ie11.md) |Info about Administrative Templates, including where to store them and the related Group Policy settings. | |[Enable and disable add\-ons using administrative templates and group policy](enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md) |Guidance about how to use your local Group Policy editor or the CLSID and Administrative Templates to manage your Group Policy objects. diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatability-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatibility-with-ie11.md similarity index 100% rename from browsers/internet-explorer/ie11-deploy-guide/group-policy-compatability-with-ie11.md rename to browsers/internet-explorer/ie11-deploy-guide/group-policy-compatibility-with-ie11.md diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md index ae44dfb1ef..e6bd87fc61 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md +++ b/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md @@ -2,7 +2,7 @@ ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat -description: How to turn Enteprrise Mode off temporarily while testing websites and how to turn it off completely if you no longer want to to use it. +description: How to turn Enterprise Mode off temporarily while testing websites and how to turn it off completely if you no longer want to to use it. author: lomayor ms.prod: ie11 ms.assetid: 5027c163-71e0-49b8-9dc0-f0a7310c7ae3 diff --git a/browsers/internet-explorer/ie11-ieak/extreginf-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/extreginf-ins-file-setting.md index a3c7eaf892..c1eb4899a4 100644 --- a/browsers/internet-explorer/ie11-ieak/extreginf-ins-file-setting.md +++ b/browsers/internet-explorer/ie11-ieak/extreginf-ins-file-setting.md @@ -15,7 +15,7 @@ ms.date: 07/27/2017 # Use the ExtRegInf .INS file to specify installation files and mode -Info about how to specify your Setup information (.inf) files and the instsallation mode for your custom components. +Info about how to specify your Setup information (.inf) files and the installation mode for your custom components. |Name |Value |Description | |-----------|---------|------------------------------------------------------------------------------------------------------------------| diff --git a/browsers/internet-explorer/ie11-ieak/file-types-ieak11.md b/browsers/internet-explorer/ie11-ieak/file-types-ieak11.md index c9561b70bb..ff726343d3 100644 --- a/browsers/internet-explorer/ie11-ieak/file-types-ieak11.md +++ b/browsers/internet-explorer/ie11-ieak/file-types-ieak11.md @@ -22,7 +22,7 @@ A list of the file types used or created by tools in IEAK 11: |.adm | An admin file (located at `:\Program Files\Windows IEAK 11\policies`), used by Group Policy to define the system policies and restrictions for Windows. You can use the IEAK 11 to change these settings. | |.bat |An ASCII text file that contains a sequence of operating system commands, including the parameters and operators supported by the batch command language. When you run the batch file from a command prompt, the computer processes each command sequentially. | |.bmp, .gif, .jpeg, and .jpg |Image files you can use to customize your toolbar button and favorites list icons. For info, see the [Customize the Toolbar button and Favorites List icons using IEAK 11](guidelines-toolbar-and-favorites-list-ieak11.md) page. | -|.cab |A compressed cabinet (.cab) file, created by the Internet Explorer Customization Wizard 11 to store your custom compenent files. We highly recommend that your .cab files be signed for security purposes. For more info, see the [Security features and IEAK 11](security-and-ieak11.md) page. | +|.cab |A compressed cabinet (.cab) file, created by the Internet Explorer Customization Wizard 11 to store your custom component files. We highly recommend that your .cab files be signed for security purposes. For more info, see the [Security features and IEAK 11](security-and-ieak11.md) page. | |.cif |A component info file (IESetup.cif), identifying the new or updated components you're going to install with Internet Explorer. Each component file has an associated *ComponentID* that's used by Windows Update Setup to determine whether a new component or an update exists. | |.cmp |Connection profile files that are created by the Connection Manager Administration Kit (CMAK). | |.cms |Service provider files, created by the CMAK tool to specify the configuration of the phone book and many of the other functions of your service profiles. | diff --git a/browsers/internet-explorer/ie11-ieak/language-selection-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/language-selection-ieak11-wizard.md index 07784519e8..3132ba6558 100644 --- a/browsers/internet-explorer/ie11-ieak/language-selection-ieak11-wizard.md +++ b/browsers/internet-explorer/ie11-ieak/language-selection-ieak11-wizard.md @@ -1,7 +1,7 @@ --- ms.localizationpriority: medium ms.mktglfcycl: deploy -description: How to use the Language Selection page in the IEAK 11 Customization Wizard to choose the lanaguage for your IEAK 11 custom package. +description: How to use the Language Selection page in the IEAK 11 Customization Wizard to choose the language for your IEAK 11 custom package. author: lomayor ms.prod: ie11 ms.assetid: f9d4ab57-9b1d-4cbc-9398-63f4938df1f6 diff --git a/browsers/internet-explorer/ie11-ieak/using-internet-settings-ins-files.md b/browsers/internet-explorer/ie11-ieak/using-internet-settings-ins-files.md index 86deef2e02..f17c6d7844 100644 --- a/browsers/internet-explorer/ie11-ieak/using-internet-settings-ins-files.md +++ b/browsers/internet-explorer/ie11-ieak/using-internet-settings-ins-files.md @@ -17,7 +17,7 @@ ms.date: 07/27/2017 # Using Internet Settings (.INS) files with IEAK 11 Use the Internet Settings (.ins) files and the Internet Explorer Administration Kit 11 (IEAK 11) to configure your custom browser and its components. You can create multiple versions of your custom package by customizing copies of this file. -Here's a list of the availble .INS file settings: +Here's a list of the available .INS file settings: |Setting |Description | |-----------------------------------------|------------------------------------------------------------------------------| diff --git a/browsers/internet-explorer/internet-explorer.yml b/browsers/internet-explorer/internet-explorer.yml index c9b14b03a2..5007545950 100644 --- a/browsers/internet-explorer/internet-explorer.yml +++ b/browsers/internet-explorer/internet-explorer.yml @@ -33,7 +33,7 @@ sections: - type: markdown text: " Find information and tips to help you assess compatibility and prioritize processes as you plan for Internet Explorer 11.
- +

**Get started with compatibility**
Find out how to extend your company's investment in older web apps through higher compatibility with older rendering engines while moving forward to a more modern browser like Internet Explorer 11.
What is Enterprise Mode?
Tips and tricks to manage Internet Explorer compatibility
Download the Enterprise Site Discovery Toolkit
Collect data using Enterprise Site Discovery
Manage Windows upgrades with Upgrade Readiness
Demo: Plan and manage Windows 10 upgrades and feature updates with Upgrade Readiness
**Using Enterprise Mode**
Learn how to avoid the commom compatibility problems associated with web apps written and tested on older versions of Internet Explorer by using Enterprise Mode.
Turn on Enterprise Mode and use a site list
Add sites to the Enterprise Mode site list
Edit the Enterprise Mode site list
Turn on local control and logging for Enterprise Mode

**Get started with compatibility**
Find out how to extend your company's investment in older web apps through higher compatibility with older rendering engines while moving forward to a more modern browser like Internet Explorer 11.
What is Enterprise Mode?
Tips and tricks to manage Internet Explorer compatibility
Download the Enterprise Site Discovery Toolkit
Collect data using Enterprise Site Discovery
Manage Windows upgrades with Upgrade Readiness
Demo: Plan and manage Windows 10 upgrades and feature updates with Upgrade Readiness
**Using Enterprise Mode**
Learn how to avoid the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer by using Enterprise Mode.
Turn on Enterprise Mode and use a site list
Add sites to the Enterprise Mode site list
Edit the Enterprise Mode site list
Turn on local control and logging for Enterprise Mode
" - title: Deploy diff --git a/devices/surface-hub/TOC.md b/devices/surface-hub/TOC.md index 8c02df9195..e5078d0377 100644 --- a/devices/surface-hub/TOC.md +++ b/devices/surface-hub/TOC.md @@ -12,7 +12,7 @@ #### [Site planning for Surface Hub 2S](surface-hub-2s-site-planning.md) #### [Surface Hub 2S quick start](surface-hub-2s-quick-start.md) #### [Install and mount Surface Hub 2S](surface-hub-2s-install-mount.md) -#### [Customizing installation of Surface Hub 2S](surface-hub-2s-custom-install.md) +#### [Customize wall mount of Surface Hub 2S](surface-hub-2s-custom-install.md) #### [Setup worksheet](setup-worksheet-surface-hub.md) #### [Surface Hub 2S ports and keypad overview](surface-hub-2s-port-keypad-overview.md) #### [Connect devices to Surface Hub 2S](surface-hub-2s-connect.md) diff --git a/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md b/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md index d2e0e0f813..27ebc7924e 100644 --- a/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md +++ b/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md @@ -498,7 +498,7 @@ if (![System.String]::IsNullOrEmpty($strRegPoolEntry)) $strRegPool = $strRegPoolEntry } -# Try to SfB-enable the account. Note that it may not work right away as the account needs to propogate to active directory +# Try to SfB-enable the account. Note that it may not work right away as the account needs to propagate to active directory PrintAction "Enabling Skype for Business..." Start-Sleep -s 10 $Error.Clear() @@ -878,7 +878,7 @@ if (![System.String]::IsNullOrEmpty($strRegPoolEntry)) } #> -# Try to SfB-enable the account. Note that it may not work right away as the account needs to propogate to active directory +# Try to SfB-enable the account. Note that it may not work right away as the account needs to propagate to active directory PrintAction "Enabling Skype for Business on $strRegPool" Start-Sleep -s 10 $Error.Clear() @@ -1352,7 +1352,7 @@ Validate -Test "ActiveSync devices are allowed" -Condition ($strDefaultAccessLev # Check if there exists a device access rule that bans the device type Windows Mail $blockingRules = Get-ActiveSyncDeviceAccessRule | where {($_.AccessLevel -eq 'Block' -or $_.AccessLevel -eq 'Quarantine') -and $_.Characteristic -eq 'DeviceType'-and $_.QueryString -eq 'WindowsMail'} -Validate -Test "Windows mail devices are not blocked or quarantined" -Condition ($blockingRules -eq $null -or $blockingRules.Length -eq 0) -FailureMsg "DeviceType Windows Mail is accessible - devices are blocked or quaratined - the surface hub will not be able to send mail or sync its calendar." +Validate -Test "Windows mail devices are not blocked or quarantined" -Condition ($blockingRules -eq $null -or $blockingRules.Length -eq 0) -FailureMsg "DeviceType Windows Mail is accessible - devices are blocked or quarantined - the surface hub will not be able to send mail or sync its calendar." ## End Exchange ## @@ -1411,7 +1411,7 @@ if ($fHasOnline) } } -#If there is an on-prem component, we can get the authorative AD user from mailbox +#If there is an on-prem component, we can get the authoritative AD user from mailbox if ($fHasOnPrem) { $accountOnPrem = $null diff --git a/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md b/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md index ca44043031..cf30261837 100644 --- a/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md +++ b/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md @@ -127,13 +127,13 @@ The administrative features in Windows 10 Enterprise, such as the Microsoft Mana ### Remote management and monitoring -Surface Hub supports remote management through mobile device management (MDM), and monitoring through Operations Management Suite (OMS). +Surface Hub supports remote management through mobile device management (MDM) solutions such as [Microsoft Intune](https://docs.microsoft.com/en-us/intune/) and monitoring through [Azure Monitor](https://azure.microsoft.com/services/monitor/). *Organization policies that this may affect:*
Surface Hub doesn't support installing Win32 agents required by most traditional PC management and monitoring tools, such as System Center Operations Manager. -### Group policy +### Group Policy -Surface Hub does not support group policy, including auditing. Instead, use MDM to apply policies to your Surface Hub. For more information about MDM, see [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md). +Surface Hub does not support Windows Group Policy, including auditing. Instead, use MDM to apply policies to your Surface Hub. For more information about MDM, see [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md). *Organization policies that this may affect:*
Use MDM to manage Surface Hub rather than group policy. diff --git a/devices/surface-hub/first-run-program-surface-hub.md b/devices/surface-hub/first-run-program-surface-hub.md index 375ee1686d..22cddbc67d 100644 --- a/devices/surface-hub/first-run-program-surface-hub.md +++ b/devices/surface-hub/first-run-program-surface-hub.md @@ -88,7 +88,7 @@ This screen is shown only if the device fails to detect a wired network. If you - You can select one of the wireless networks shown. If the network is secured, you'll be taken to a login page. See [Wireless network setup](#wireless) for details. - Click **Skip this step** to skip connecting to a network. You'll be taken to the [Set up for you page](#set-up-for-you). >[!NOTE] - >If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including system updates and email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network managment](wireless-network-management-for-surface-hub.md)). + >If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including system updates and email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network management](wireless-network-management-for-surface-hub.md)). @@ -123,7 +123,7 @@ This page will be shown when the device detects a wired connection with limited - You can select a wireless network to use instead of the limited wired connection. - You can skip connecting to a network by selecting **Skip this step**. You'll be taken to the [Set up for you page](#set-up-for-you). - **Note**  If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including things like email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network managment](wireless-network-management-for-surface-hub.md)). + **Note**  If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including things like email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network management](wireless-network-management-for-surface-hub.md)). @@ -149,7 +149,7 @@ When you click **Next**, the device will attempt to connect to the proxy server. You can skip connecting to a network by selecting **Skip this step**. You'll be taken to the [Set up for you page](#set-up-for-you). >[!NOTE] ->If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including things like email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network managment](wireless-network-management-for-surface-hub.md)). +>If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including things like email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network management](wireless-network-management-for-surface-hub.md)). @@ -203,7 +203,7 @@ If you skip setting it up now, you can add a device account later by using the S If you click **Skip setting up a device account**, the device will display a dialog box showing what will happen if the device doesn't have a device account. If you choose **Yes, skip this**, you will be sent to the [Name this device page](#name-this-device). -![Image showing message the is displaed to confirm you want to skip creating a device account.](images/setupskipdeviceacct.png) +![Image showing message the is displayed to confirm you want to skip creating a device account.](images/setupskipdeviceacct.png) ### What happens? diff --git a/devices/surface-hub/index.md b/devices/surface-hub/index.md index 6f051de2d4..3383f10f91 100644 --- a/devices/surface-hub/index.md +++ b/devices/surface-hub/index.md @@ -21,7 +21,7 @@ Surface Hub 2S is an all-in-one digital interactive whiteboard, meetings platfor
- Get started icon + Get started icon
@@ -40,7 +40,7 @@ Surface Hub 2S is an all-in-one digital interactive whiteboard, meetings platfor
- Plan icon + Plan icon
@@ -59,7 +59,7 @@ Surface Hub 2S is an all-in-one digital interactive whiteboard, meetings platfor
- Deploy icon + Deploy icon
@@ -81,7 +81,7 @@ Surface Hub 2S is an all-in-one digital interactive whiteboard, meetings platfor
- Manage icon + Manage icon
@@ -99,7 +99,7 @@ Surface Hub 2S is an all-in-one digital interactive whiteboard, meetings platfor
- Secure icon + Secure icon
@@ -117,7 +117,7 @@ Surface Hub 2S is an all-in-one digital interactive whiteboard, meetings platfor
- Support icon + Support icon
diff --git a/devices/surface-hub/monitor-surface-hub.md b/devices/surface-hub/monitor-surface-hub.md index cb09128a97..f030a801e9 100644 --- a/devices/surface-hub/monitor-surface-hub.md +++ b/devices/surface-hub/monitor-surface-hub.md @@ -138,7 +138,7 @@ You'll need the workspace ID and primary key of your OMS workspace. You can get A confirmation dialog will appear telling you whether or not the OMS configuration was successfully applied to the device. If it was, the device will start sending data to OMS. ### Enroll using a provisioning package -You can use a provisioning package to enroll your Surface Hub. For more infomation, see [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md). +You can use a provisioning package to enroll your Surface Hub. For more information, see [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md). ### Enroll using a MDM provider You can enroll Surface Hub into OMS using the SurfaceHub CSP. Intune and Configuration Manager provide built-in experiences to help create policy templates for Surface Hub. For more information, see [Manage Surface Hub settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md). diff --git a/devices/surface-hub/prepare-your-environment-for-surface-hub.md b/devices/surface-hub/prepare-your-environment-for-surface-hub.md index f9377b503f..d5c4c22cea 100644 --- a/devices/surface-hub/prepare-your-environment-for-surface-hub.md +++ b/devices/surface-hub/prepare-your-environment-for-surface-hub.md @@ -29,7 +29,7 @@ Review these dependencies to make sure Surface Hub features will work in your IT | Exchange (Exchange 2013 or later, or Exchange Online) and Exchange ActiveSync |

Exchange is used for enabling mail and calendar features, and also lets people who use the device send meeting requests to the Surface Hub, enabling one-touch meeting join.

ActiveSync is used to sync the device account’s calendar and mail to the Surface Hub. If the device cannot use ActiveSync, it will not show meetings on the welcome screen, and joining meetings and emailing whiteboards will not be enabled. | | Skype for Business (Lync Server 2013 or later, or Skype for Business Online) | Skype for Business is used for various conferencing features, like video calls, instant messaging, and screen sharing.| | Mobile device management (MDM) solution (Microsoft Intune, System Center Configuration Manager, or supported third-party MDM provider) | If you want to apply settings and install apps remotely, and to multiple devices at a time, you must set up a MDM solution and enroll the device to that solution. See [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md) for details. | -| Microsoft Operations Managmement Suite (OMS) | OMS is used to monitor the health of Surface Hub devices. See [Monitor your Surface Hub](monitor-surface-hub.md) for details. | +| Microsoft Operations Management Suite (OMS) | OMS is used to monitor the health of Surface Hub devices. See [Monitor your Surface Hub](monitor-surface-hub.md) for details. | | Network and Internet access | In order to function properly, the Surface Hub should have access to a wired or wireless network. Overall, a wired connection is preferred. 802.1X Authentication is supported for both wired and wireless connections.


**802.1X authentication:** In Windows 10, version 1703, 802.1X authentication for wired and wireless connections is enabled by default in Surface Hub. If your organization doesn't use 802.1X authentication, there is no configuration required and Surface Hub will continue to function as normal. If you use 802.1X authentication, you must ensure that the authentication certification is installed on Surface Hub. You can deliver the certificate to Surface Hub using the [ClientCertificateInstall CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/clientcertificateinstall-csp) in MDM, or you can [create a provisioning package](provisioning-packages-for-surface-hub.md) and install it during first run or through the Settings app. After the certificate is applied to Surface Hub, 802.1X authentication will start working automatically.
**Note:** For more information on enabling 802.1X wired authentication on Surface Hub, see [Enable 802.1x wired authentication](enable-8021x-wired-authentication.md).

**Dynamic IP:** The Surface Hub cannot be configured to use a static IP. It must use DHCP to assign an IP address.

**Proxy servers:** If your topology requires a connection to a proxy server to reach Internet services, then you can configure it during first run, or in Settings. Proxy credentials are stored across Surface Hub sessions and only need to be set once. | Additionally, note that Surface Hub requires the following open ports: diff --git a/devices/surface-hub/skype-hybrid-voice.md b/devices/surface-hub/skype-hybrid-voice.md index 53922be017..a6fa631e1b 100644 --- a/devices/surface-hub/skype-hybrid-voice.md +++ b/devices/surface-hub/skype-hybrid-voice.md @@ -87,7 +87,7 @@ If you deployed Skype for Business Cloud PBX with one of the hybrid voice option Set-CalendarProcessing surfacehub2@adatum.com -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!" ``` -11. Enable the mailbox as a meeting device in Skype for Business Online. Run the following cmdlet which enables the acount as a meeting device. +11. Enable the mailbox as a meeting device in Skype for Business Online. Run the following cmdlet which enables the account as a meeting device. ``` Get-CsTenant | select registrarpool diff --git a/devices/surface-hub/surface-hub-2s-account.md b/devices/surface-hub/surface-hub-2s-account.md index cbb2db2049..efbcbaf321 100644 --- a/devices/surface-hub/surface-hub-2s-account.md +++ b/devices/surface-hub/surface-hub-2s-account.md @@ -18,7 +18,7 @@ Creating a Surface Hub device account (also known as a Room mailbox) allows Surf Unlike standard Room mailboxes that remain disabled by default, you need to enable the Surface Hub 2S device account to sign on to Microsoft Teams and Skype for Business. Surface Hub 2S relies on Exchange ActiveSync, which requires an ActiveSync mailbox policy on the device account. Apply the default ActiveSync mailbox policy that comes with Exchange Online. -Create the account using the Microsoft 365 admin center or by using PowerShell. You can use Exhange Online PowerShell to configure specific features including: +Create the account using the Microsoft 365 admin center or by using PowerShell. You can use Exchange Online PowerShell to configure specific features including: - Calendar processing for every Surface Hub device account. - Custom auto replies to scheduling requests. diff --git a/devices/surface-hub/surface-hub-2s-custom-install.md b/devices/surface-hub/surface-hub-2s-custom-install.md index c2fdafa753..13c25204aa 100644 --- a/devices/surface-hub/surface-hub-2s-custom-install.md +++ b/devices/surface-hub/surface-hub-2s-custom-install.md @@ -79,7 +79,7 @@ Important considerations for mounting systems ## Mounting methods compatible with Surface Hub 2S -Rail mounts typically have multiple holes and a set of slots, enabling compatibility across a wide range of displays. A rail attached to the wall and two mounts attached to the display enable you to securely install Surface Hub 2S to a wall. When evaluating rail mounts for compatibility, ensure they meet versatility requirements listed earlier. +Surface Hub 2S is compatible with mounts that allow you to place it at angles of 10-70 degrees from the vertical plane. Rail mounts typically have multiple holes and a set of slots, enabling compatibility across a wide range of displays. A rail attached to the wall and two mounts attached to the display enable you to securely install Surface Hub 2S to a wall. When evaluating rail mounts for compatibility, ensure they meet versatility requirements listed earlier. ![*Figure 6. Rail mounts*](images/h2gen-railmount.png)
***Figure 6. Surface Hub 2S rail mounts*** diff --git a/devices/surface-hub/surface-hub-2s-deploy.md b/devices/surface-hub/surface-hub-2s-deploy.md index ab024f3baf..52acbc78da 100644 --- a/devices/surface-hub/surface-hub-2s-deploy.md +++ b/devices/surface-hub/surface-hub-2s-deploy.md @@ -18,7 +18,7 @@ You can use Windows Configuration Designer (WCD) to create provisioning packages ### Install Windows Configuration Designer -Install Windows Configuration Designer from the Windows Assessment and Deployment Kit (ADK) for Windows 10. Download and install the [ADK for Windows 10, version 1703](https://go.microsoft.com/fwlink/p/?LinkId=845542). For more information, see [Download and install the Windows ADK](https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install). +Install Windows Configuration Designer from the Windows Assessment and Deployment Kit (ADK) for Windows 10. Download and install the [ADK for Windows 10, version 1703](https://go.microsoft.com/fwlink/p/?LinkId=845542). For more information, see [Download and install the Windows ADK](https://docs.microsoft.com/windows-hardware/get-started/adk-install). ### Add certificates diff --git a/devices/surface-hub/surface-hub-2s-install-mount.md b/devices/surface-hub/surface-hub-2s-install-mount.md index 983a313c0d..2c082049b6 100644 --- a/devices/surface-hub/surface-hub-2s-install-mount.md +++ b/devices/surface-hub/surface-hub-2s-install-mount.md @@ -22,7 +22,7 @@ For more information, see [Officially licensed third-party accessories](http://l ![Surface Hub 2S on Roam Mobile Stand](images/sh2-mobile-stand.png)
-If you’re not using licensed accessories, see [Customizing installation of Surface Hub 2S](surface-hub-2s-connect.md). +If you’re not using licensed accessories, see [Customize wall mount of Surface Hub 2S](surface-hub-2s-custom-install.md). | 1. **Set up your mount first** | | |:------ |:-------- | diff --git a/devices/surface-hub/surface-hub-2s-phone-authenticate.md b/devices/surface-hub/surface-hub-2s-phone-authenticate.md index 99e69475e4..ecf42be99d 100644 --- a/devices/surface-hub/surface-hub-2s-phone-authenticate.md +++ b/devices/surface-hub/surface-hub-2s-phone-authenticate.md @@ -1,6 +1,6 @@ --- -title: "Configure Easy Authentication for Surface Hub 2S" -description: "Learn how to simplify signing in to Surface Hub 2S using Easy Authentication on your mobile device." +title: "Configure password-less phone sign-in for Surface Hub 2S" +description: "Learn how to simplify signing in to Surface Hub 2S using password-less phone sign-in on your mobile device." keywords: separate values with commas ms.prod: surface-hub ms.sitesec: library @@ -12,14 +12,14 @@ ms.date: 06/20/2019 ms.localizationpriority: Normal --- -# Configure Easy Authentication for Surface Hub 2S +# Configure password-less phone sign-in for Surface Hub 2S -Easy Authentication simplifies signing-in to your meetings and files on Surface Hub 2S. +Password-less phone sign-in simplifies signing-in to your meetings and files on Surface Hub 2S. > [!NOTE] -> Easy Authentication requires that your primary email address must match your UPN. +> Password-less phone sign-in requires that your primary email address must match your UPN. -## To set up Easy Authentication +## To set up password-less phone sign-in 1. Download the [Microsoft Authenticator](https://www.microsoft.com/en-us/account/authenticator) app for iPhone or Android to your phone. 2. From your PC, go to [https://aka.ms/MFASetup](https://aka.ms/MFASetup) , sign in with your account, and select **Next.** @@ -37,3 +37,6 @@ Easy Authentication simplifies signing-in to your meetings and files on Surface 1. On Surface Hub, sign into **My meetings and files** and select **Send notification** when prompted. 2. Match the number displayed on your phone with the number displayed on Surface Hub to approve your sign-in request. 3. If prompted, enter the PIN or biometric ID on your phone to complete sign-in. + +## Learn more +For more information, see [Password-less phone sign-in with the Microsoft Authenticator app](https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-phone-sign-in). diff --git a/devices/surface-hub/surface-hub-2s-port-keypad-overview.md b/devices/surface-hub/surface-hub-2s-port-keypad-overview.md index 8a3c27b36c..af0d573e27 100644 --- a/devices/surface-hub/surface-hub-2s-port-keypad-overview.md +++ b/devices/surface-hub/surface-hub-2s-port-keypad-overview.md @@ -28,7 +28,7 @@ The figure below shows the location of ports and physical buttons on a keypad at |**Key**|**Component**|**Description**|**Key parameters**| |:--- |:--------- |:----------- |:-------------- | | 1 | **USB C** | **USB 3.1 Gen 1**
Use as a walk-up port for plugging in peripherals such as thumb-drives. Guest ports are on each side of the device (4).

*NOTE: This is the recommended port for connecting an external camera. Additional camera mount features are incorporated into the design to help support retention of attached cameras.*

NOTE: TouchBack and video ingest are not supported on these ports. | Type C

15 W Port (5V/3A) | -| 2 | **AC power** | **100-240 V input**
Connect to standard AC power and Surface Hub 2S will auto switch to the local power standard such as110 volts in the US and Canada or 220 volts in the UK.

*NOTE: When the AC cord is plugged in, the system remains in an off state in which only the system management controller (SMC), real-time clock (RTC), and keypad are running.* | IEC 60320 C14 | +| 2 | **AC power** | **100-240 V input**
Connect to standard AC power and Surface Hub 2S will auto switch to the local power standard such as110 volts in the US and Canada or 220 volts in the UK. | IEC 60320 C14 | | 3 | **DC power** | **24V DC input port**
Use for connecting to mobile battery. | Xbox1 Dual barrel to Anderson connector | | 4 | **Ethernet** | **1000/100/10 Base-T**
Use for providing a continuous connection in a corporate environment and related scenarios requiring maximum stability or capacity. | RJ45 | | 5 | **USB-A** | **USB 3.1 Gen 1**
Use as a walk-up port for plugging in peripherals such as thumb-drives. | Type A
7.5 W Port (5V/1.5A) | diff --git a/devices/surface-hub/surface-hub-2s-prepare-environment.md b/devices/surface-hub/surface-hub-2s-prepare-environment.md index a558874d88..905baa519f 100644 --- a/devices/surface-hub/surface-hub-2s-prepare-environment.md +++ b/devices/surface-hub/surface-hub-2s-prepare-environment.md @@ -16,34 +16,34 @@ ms.localizationpriority: Normal ## Office 365 readiness -You may use Exchange and Skype for Business on-premises with Surface Hub 2S. However, if you use Exchange Online, Skype for Business Online, Microsoft Teams or Microsoft Whiteboard, and intend to manage Surface Hub 2S with Intune, first review the [Office 365 requirements for endpoints](https://docs.microsoft.com/en-us/office365/enterprise/office-365-endpoints). +You may use Exchange and Skype for Business on-premises with Surface Hub 2S. However, if you use Exchange Online, Skype for Business Online, Microsoft Teams or Microsoft Whiteboard, and intend to manage Surface Hub 2S with Intune, first review the [Office 365 requirements for endpoints](https://docs.microsoft.com/office365/enterprise/office-365-endpoints). Office 365 endpoints help optimize your network by sending all trusted Office 365 network requests directly through your firewall, bypassing all additional packet level inspection or processing. This feature reduces latency and your perimeter capacity requirements. -Microsoft regularly updates the Office 365 service with new features and functionality, which may alter required ports, URLs, and IP addresses. To evaluate, configure, and stay up-to-date with changes, subscribe to the [Office 365 IP Address and URL Web service](https://docs.microsoft.com/en-us/office365/enterprise/office-365-ip-web-service). +Microsoft regularly updates the Office 365 service with new features and functionality, which may alter required ports, URLs, and IP addresses. To evaluate, configure, and stay up-to-date with changes, subscribe to the [Office 365 IP Address and URL Web service](https://docs.microsoft.com/office365/enterprise/office-365-ip-web-service). ## Device affiliation Use Device affiliation to manage user access to the Settings app on Surface Hub 2S. -With the Windows 10 Team Edition operating system — that runs on Surface Hub 2S — only authorized users can adjust settings via the settings app. Since choosing the affiliation can impact feature availability, plan appropriately to ensure that users can access features as intended. +With the Windows 10 Team Edition operating system — that runs on Surface Hub 2S — only authorized users can adjust settings via the Settings app. Since choosing the affiliation can impact feature availability, plan appropriately to ensure that users can access features as intended. > [!NOTE] > You can only set Device affiliation during the initial out-of-box experience (OOBE) setup. If you need to reset Device affiliation, you’ll have to repeat OOBE setup. ## No affiliation -No affiliation is like having Surface Hub 2S in a workgroup with a different local Administrator account on each Surface Hub 2S. If you choose No affiliation, you must locally save the [Bitlocker Key to a USB thumb drive](https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-key-management-faq). You can still enroll the device with Intune, however only the local admin can access the Settings app using the account credentials configured during OOBE. You can change the Administrator account password from the Settings app. +No affiliation is like having Surface Hub 2S in a workgroup with a different local Administrator account on each Surface Hub 2S. If you choose No affiliation, you must locally save the [Bitlocker Key to a USB thumb drive](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-key-management-faq). You can still enroll the device with Intune, however only the local admin can access the Settings app using the account credentials configured during OOBE. You can change the Administrator account password from the Settings app. ## Active Directory Domain Services -If you affiliate Surface Hub 2S with on-premises Active Directory Domain Services, you need to manage access to the Settings app via a security group on your domain, ensuring that all SG members have permissions to change settings on Surface Hub 2S. Note also the following: +If you affiliate Surface Hub 2S with on-premises Active Directory Domain Services, you need to manage access to the Settings app via a security group on your domain, ensuring that all security group members have permissions to change settings on Surface Hub 2S. Note also the following: -- When Surface Hub 2S affiliates with your on-premises Active Directory Domain Services, the Bitlocker key is saved in the AD Schema. +- When Surface Hub 2S affiliates with your on-premises Active Directory Domain Services, the Bitlocker key can be saved in the AD Schema. For more information, see [Prepare your organization for BitLocker: Planning and policies](https://docs.microsoft.com/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies). - Your organization’s Trusted Root CAs are pushed to the same container in Surface Hub 2S, which means you don’t need to import them using a provisioning package. - You can still enroll the device with Intune to centrally manage settings on your Surface Hub 2S. ## Azure Active Directory -When choosing to affiliate your Surface Hub 2S with Azure AD, any user in the Global Admins Security Group can sign in to the Settings app on Surface Hub 2S. Currently, no other group can be delegated to sign in to the Settings app on Surface Hub 2S. +When choosing to affiliate your Surface Hub 2S with Azure AD, any user in the Global Admins Security Group can sign in to the Settings app on Surface Hub 2S. Alternatively, you can configure the Device Administrator role to sign in to the Settings app. For more information, see [Administrator role permissions in Azure Active Directory](https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles#device-administrators). Currently, no other group can be delegated to sign in to the Settings app on Surface Hub 2S. If you enabled Intune Automatic Enrollment for your organization, Surface Hub 2S will automatically enroll itself with Intune. The device’s Bitlocker key is automatically saved in Azure AD. When affiliating Surface Hub 2S with Azure AD, single sign-on and Easy Authentication will not work. diff --git a/devices/surface-hub/surface-hub-2s-recover-reset.md b/devices/surface-hub/surface-hub-2s-recover-reset.md index fc5e79e345..4f04c38a31 100644 --- a/devices/surface-hub/surface-hub-2s-recover-reset.md +++ b/devices/surface-hub/surface-hub-2s-recover-reset.md @@ -23,7 +23,7 @@ To begin, sign into Surface Hub 2S with admin credentials, open the **Settings** 1. To reset, select **Get Started**. 2. When the **Ready to reset this device** window appears, select **Reset**. Surface Hub 2S reinstalls the operating system from the recovery partition and may take up to one hour to complete. 3. Run **the first time Setup program** to reconfigure the device. -4. If you manage the device using Intune or other mobile device manager (MDM) solution, retire and delete the previous record and re-enroll the new device. For more information, see [Remove devices by using wipe, retire, or manually unenrolling the device](https://docs.microsoft.com/en-us/intune/devices-wipe). +4. If you manage the device using Intune or other mobile device manager (MDM) solution, retire and delete the previous record and re-enroll the new device. For more information, see [Remove devices by using wipe, retire, or manually unenrolling the device](https://docs.microsoft.com/intune/devices-wipe). ![*Reset and recovery for Surface Hub 2S*](images/sh2-reset.png)
*Figure 1. Reset and recovery for Surface Hub 2S.* diff --git a/devices/surface-hub/surface-hub-2s-secure-with-uefi-semm.md b/devices/surface-hub/surface-hub-2s-secure-with-uefi-semm.md index e706dd7bc8..1fcb058b87 100644 --- a/devices/surface-hub/surface-hub-2s-secure-with-uefi-semm.md +++ b/devices/surface-hub/surface-hub-2s-secure-with-uefi-semm.md @@ -39,7 +39,7 @@ Use the Microsoft Surface UEFI Configurator to turn on or off the following UEFI ## Create UEFI configuration image -Unlike other Surface devices, you cannot use an MSI file or a Win PE image to apply these settings on Surface Hub 2S. Instead, you need to create a USB image to load into the device. To create a Surface Hub 2S UEFI configuration image, download and install the latest version of the Microsoft Surface UEFI Configurator from the [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) page in the Microsoft Download Center. For more information about using UEFI and SEMM, see [Microsoft Surface Enterprise Management Mode](https://docs.microsoft.com/en-us/surface/surface-enterprise-management-mode). +Unlike other Surface devices, you cannot use an MSI file or a Win PE image to apply these settings on Surface Hub 2S. Instead, you need to create a USB image to load into the device. To create a Surface Hub 2S UEFI configuration image, download and install the latest version of the Microsoft Surface UEFI Configurator from the [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) page in the Microsoft Download Center. For more information about using UEFI and SEMM, see [Microsoft Surface Enterprise Management Mode](https://docs.microsoft.com/surface/surface-enterprise-management-mode). ## To configure UEFI on Surface Hub 2S diff --git a/devices/surface-hub/surface-hub-2s-site-planning.md b/devices/surface-hub/surface-hub-2s-site-planning.md index 4da20953a0..bdd4c45509 100644 --- a/devices/surface-hub/surface-hub-2s-site-planning.md +++ b/devices/surface-hub/surface-hub-2s-site-planning.md @@ -35,7 +35,7 @@ Whether mounted to a wall or installed on the mobile stand, the areas where you - Room temperatures no cooler than 10°C (50° F) and no hotter than 35°C (95° F). - Relative humidity no lower than 20 percent and no higher than 80 percent. -For detailed room planning guidance and more information about Microsoft Teams Rooms see [Plan Microsoft Teams Rooms.](https://docs.microsoft.com/en-us/MicrosoftTeams/room-systems/skype-room-systems-v2-0) +For detailed room planning guidance and more information about Microsoft Teams Rooms see [Plan Microsoft Teams Rooms.](https://docs.microsoft.com/MicrosoftTeams/room-systems/skype-room-systems-v2-0) ## Managing Surface Hub 2S location diff --git a/devices/surface-hub/surface-hub-technical-55.md b/devices/surface-hub/surface-hub-technical-55.md index 8b10f58716..353347476f 100644 --- a/devices/surface-hub/surface-hub-technical-55.md +++ b/devices/surface-hub/surface-hub-technical-55.md @@ -77,7 +77,7 @@ USB type A, side I/O | ![](images/usb.png) | Provides 1 USB 3.0 connection for U USB type A, bottom I/O with blue insulator | ![](images/usb.png) | Provides USB 3.0 connection. 3.5mm, bottom I/O | ![](images/analog.png) | Provides analog audio out. Display port, bottom I/O | ![](images/dportout.png) | Provides mirrored video out function to another display. -IEC/EN60320-C13 receptable with hard switch | ![](images/iec.png) | Provides AC input and compliance with EU power requirements. +IEC/EN60320-C13 receptacle with hard switch | ![](images/iec.png) | Provides AC input and compliance with EU power requirements. RJ45, bottom I/O | ![](images/rj45.png) | Connects to Ethernet. RJ11, bottom I/O | ![](images/rj11.png) | Connects to room control systems. diff --git a/devices/surface-hub/surface-hub-technical-84.md b/devices/surface-hub/surface-hub-technical-84.md index 4c87d4ed53..fb52cf8797 100644 --- a/devices/surface-hub/surface-hub-technical-84.md +++ b/devices/surface-hub/surface-hub-technical-84.md @@ -79,7 +79,7 @@ USB type A, side I/O | ![](images/usb.png) | Provides 1 USB 3.0 connection for U USB type A, bottom I/O with blue insulator | ![](images/usb.png) | Provides USB 3.0 connection. 3.5mm, bottom I/O | ![](images/analog.png) | Provides analog audio out. Display port, bottom I/O | ![](images/dportout.png) | Provides mirrored video out function to another display. -IEC/EN60320-C13 receptable with hard switch | ![](images/iec.png) | Provides AC input and compliance with EU power requirements. +IEC/EN60320-C13 receptacle with hard switch | ![](images/iec.png) | Provides AC input and compliance with EU power requirements. RJ45, bottom I/O | ![](images/rj45.png) | Connects to Ethernet. RJ11, bottom I/O | ![](images/rj11.png) | Connects to room control systems. diff --git a/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md b/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md index 65b4f6f1ca..57f4f3faa0 100644 --- a/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md +++ b/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md @@ -1,5 +1,5 @@ --- -title: Use fully qualified doman name with Surface Hub +title: Use fully qualified domain name with Surface Hub description: Troubleshoot common problems, including setup issues, Exchange ActiveSync errors. keywords: ["Troubleshoot common problems", "setup issues", "Exchange ActiveSync errors"] author: levinec diff --git a/devices/surface-hub/use-room-control-system-with-surface-hub.md b/devices/surface-hub/use-room-control-system-with-surface-hub.md index f8c792f932..e18ca0fcd5 100644 --- a/devices/surface-hub/use-room-control-system-with-surface-hub.md +++ b/devices/surface-hub/use-room-control-system-with-surface-hub.md @@ -76,7 +76,7 @@ In Replacement PC mode, the power states are only Ready and Off and only change | 0 | S5 | Off | | 5 | S0 | Ready | -For a control device, anything other than 5 / Ready should be considered off. Each PowerOn command results in two state changes and reponses. +For a control device, anything other than 5 / Ready should be considered off. Each PowerOn command results in two state changes and responses. | Command | State change| Response | | --- | --- | --- | diff --git a/devices/surface/get-started.md b/devices/surface/get-started.md index 0013b51394..9294a400bc 100644 --- a/devices/surface/get-started.md +++ b/devices/surface/get-started.md @@ -21,7 +21,7 @@ Harness the power of Surface, Windows, and Office connected together through the
- Plan + Plan
@@ -39,7 +39,7 @@ Harness the power of Surface, Windows, and Office connected together through the
- Deploy + Deploy
@@ -58,7 +58,7 @@ Harness the power of Surface, Windows, and Office connected together through the
- Manage + Manage
@@ -80,7 +80,7 @@ Harness the power of Surface, Windows, and Office connected together through the
- Secure + Secure
@@ -99,7 +99,7 @@ Harness the power of Surface, Windows, and Office connected together through the
- Support + Support
diff --git a/devices/surface/step-by-step-surface-deployment-accelerator.md b/devices/surface/step-by-step-surface-deployment-accelerator.md index dfe01468cc..2d0b406711 100644 --- a/devices/surface/step-by-step-surface-deployment-accelerator.md +++ b/devices/surface/step-by-step-surface-deployment-accelerator.md @@ -118,7 +118,7 @@ The following steps show you how to create a deployment share for Windows 10 tha - Creation of rules and task sequences for Windows deployment - ![The installatin progress window](images/sdasteps-fig5-installwindow.png "The installatin progress window") + ![The installation progress window](images/sdasteps-fig5-installwindow.png "The installation progress window") *Figure 5. The Installation Progress window* diff --git a/education/get-started/set-up-windows-education-devices.md b/education/get-started/set-up-windows-education-devices.md index 65cd88c27c..582134817f 100644 --- a/education/get-started/set-up-windows-education-devices.md +++ b/education/get-started/set-up-windows-education-devices.md @@ -17,7 +17,7 @@ manager: dansimp # Set up Windows 10 devices using Windows OOBE -If you are setting up a Windows 10 device invidividually, and network bandwidth is not an issue, you can go through the Windows 10 first-run setup experience, also known as OOBE (out-of-box-experience) to set up the device, and join it to your school's Office 365 and Azure Active Directory. +If you are setting up a Windows 10 device individually, and network bandwidth is not an issue, you can go through the Windows 10 first-run setup experience, also known as OOBE (out-of-box-experience) to set up the device, and join it to your school's Office 365 and Azure Active Directory. You can watch the video to see how this is done, or follow the step-by-step guide.
diff --git a/education/windows/deploy-windows-10-in-a-school-district.md b/education/windows/deploy-windows-10-in-a-school-district.md index 4b3c170a20..a7bc124171 100644 --- a/education/windows/deploy-windows-10-in-a-school-district.md +++ b/education/windows/deploy-windows-10-in-a-school-district.md @@ -962,7 +962,7 @@ Now that you have created your Microsoft Store for Business portal, you’re rea You can deploy apps to individual users or make apps available to users through your private store. Deploying apps to individual users restricts the app to those specified users. Making apps available through your private store allows all your users to install the apps. -For more information about how to find, acquire, and distribute apps in the portal, see [App inventory management for Microsoft Store for Business](https://technet.microsoft.com/itpro/windows/manage/app-inventory-managemement-windows-store-for-business). +For more information about how to find, acquire, and distribute apps in the portal, see [App inventory management for Microsoft Store for Business](../../store-for-business/app-inventory-management-microsoft-store-for-business.md). #### Summary diff --git a/education/windows/deploy-windows-10-in-a-school.md b/education/windows/deploy-windows-10-in-a-school.md index aa032cdf0f..ab4b67cf7b 100644 --- a/education/windows/deploy-windows-10-in-a-school.md +++ b/education/windows/deploy-windows-10-in-a-school.md @@ -587,7 +587,7 @@ Now that you have created your Microsoft Store for Business portal, you’re rea You can deploy apps to individual users or make apps available to users through your private store. Deploying apps to individual users restricts the app to those specified users. Making apps available through your private store allows all your users. -For more information about how to find, acquire, and distribute apps in the portal, see [App inventory management for Microsoft Store for Business](https://technet.microsoft.com/itpro/windows/manage/app-inventory-managemement-windows-store-for-business). +For more information about how to find, acquire, and distribute apps in the portal, see [App inventory management for Microsoft Store for Business](../../store-for-business/app-inventory-management-microsoft-store-for-business.md). ### Summary diff --git a/education/windows/education-scenarios-store-for-business.md b/education/windows/education-scenarios-store-for-business.md index e23fe11c3d..5598256e19 100644 --- a/education/windows/education-scenarios-store-for-business.md +++ b/education/windows/education-scenarios-store-for-business.md @@ -130,7 +130,7 @@ Teachers can: ## Distribute apps -Manage and distribute apps to students and others in your organization. Different options are avaialble for admins and teachers. +Manage and distribute apps to students and others in your organization. Different options are available for admins and teachers. Applies to: IT admins diff --git a/education/windows/take-a-test-multiple-pcs.md b/education/windows/take-a-test-multiple-pcs.md index f1ee030a57..ac67906e9b 100644 --- a/education/windows/take-a-test-multiple-pcs.md +++ b/education/windows/take-a-test-multiple-pcs.md @@ -191,7 +191,7 @@ Set-AssignedAccess -AppUserModelId Microsoft.Windows.SecureAssessmentBrowser_cw5 12. Create a new **Action**. 13. Configure the action to **Start a program**. 14. In the **Program/script** field, enter **powershell**. -15. In the **Add arguments** field, enter **-file ""**. +15. In the **Add arguments** field, enter **-file "\"**. 16. Click **OK**. 17. Navigate to the **Triggers** tab and create a new trigger. 18. Specify the trigger to be **On a schedule**. diff --git a/education/windows/test-windows10s-for-edu.md b/education/windows/test-windows10s-for-edu.md index d20b5ec239..e3c51dea05 100644 --- a/education/windows/test-windows10s-for-edu.md +++ b/education/windows/test-windows10s-for-edu.md @@ -23,7 +23,7 @@ The Windows 10 in S mode self-installer will allow you to test Windows 10 in S m Windows 10 in S mode is built to give schools the familiar, robust, and productive experiences you count on from Windows in an experience that's been streamlined for security and performance in the classroom, and built to work with Microsoft Education[2](#footnote2). -Windows 10 in S mode is different from other editions of Windows 10 as everything that runs on the device is verfied by Microsoft for security and performance. Therefore, Windows 10 in S mode works exclusively with apps from the Microsoft Store. Some accessories and apps compatible with Windows 10 may not work and performance may vary. Certain default settings, features, and apps cannot be changed. When you install Windows 10 in S mode, your existing applications and settings will be deleted and you will only be able to install apps from the Microsoft Store. +Windows 10 in S mode is different from other editions of Windows 10 as everything that runs on the device is verified by Microsoft for security and performance. Therefore, Windows 10 in S mode works exclusively with apps from the Microsoft Store. Some accessories and apps compatible with Windows 10 may not work and performance may vary. Certain default settings, features, and apps cannot be changed. When you install Windows 10 in S mode, your existing applications and settings will be deleted and you will only be able to install apps from the Microsoft Store. **Configuring Windows 10 in S mode for school use is easy:** Education customers must configure **SetEduPolicies** for use in K-12 schools. For more information on how to do these, see [Use the Set up School PCs app](use-set-up-school-pcs-app.md) and [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md). diff --git a/education/windows/use-set-up-school-pcs-app.md b/education/windows/use-set-up-school-pcs-app.md index 4c9d0245bd..1af547f463 100644 --- a/education/windows/use-set-up-school-pcs-app.md +++ b/education/windows/use-set-up-school-pcs-app.md @@ -208,7 +208,7 @@ Set up the Take a Test app to give online quizzes and high-stakes assessments. D ![Set up Take a Test app page with "Yes" selected to create an app button. Page also has two checkboxes for additional settings and one text field for the assessment URL.](images/1810_SUSPC_Take_Test.png) -2. Select from the advanced settings. Available settings inclue: +2. Select from the advanced settings. Available settings include: * Allow keyboard auto-suggestions: Allows app to suggest words as the student types on the PC's keyboard. * Allow teachers to monitor online tests: Enables screen capture in the Take a Test app. 3. Enter the URL where the test is hosted. When students log in to the Take a Test account, they'll be able to click or enter the link to view the assessment. diff --git a/mdop/agpm/configure-logging-and-tracing.md b/mdop/agpm/configure-logging-and-tracing.md index 242b0dc634..5146b45a14 100644 --- a/mdop/agpm/configure-logging-and-tracing.md +++ b/mdop/agpm/configure-logging-and-tracing.md @@ -51,7 +51,7 @@ A user account with the AGPM Administrator (Full Control) role, the user account ### Additional considerations -- You must be able to edit and deploy a GPO to confige AGPM logging and tracing. See [Editing a GPO](editing-a-gpo.md) and [Deploy a GPO](deploy-a-gpo.md) for additional detail. +- You must be able to edit and deploy a GPO to configure AGPM logging and tracing. See [Editing a GPO](editing-a-gpo.md) and [Deploy a GPO](deploy-a-gpo.md) for additional detail. ### Additional references diff --git a/mdop/agpm/index.md b/mdop/agpm/index.md index 96315421b6..324327c269 100644 --- a/mdop/agpm/index.md +++ b/mdop/agpm/index.md @@ -62,7 +62,7 @@ In addition to the product documentation available online, supplemental product MDOP is a suite of products that can help streamline desktop deployment, management, and support across the enterprise. MDOP is available as an additional subscription for Software Assurance customers. **Evaluate MDOP** -MDOP is also available for test and evaluation to [MSDN](https://msdn.microsoft.com/subscriptions/downloads/default.aspx?PV=42:178) and [TechNet](https://technet.microsoft.com/subscriptions/downloads/default.aspx?PV=42:178) subscribers in accordance with MDSN and TechNet agreements. +MDOP is also available for test and evaluation to [MSDN](https://msdn.microsoft.com/subscriptions/downloads/default.aspx?PV=42:178) and [TechNet](https://technet.microsoft.com/subscriptions/downloads/default.aspx?PV=42:178) subscribers in accordance with MSDN and TechNet agreements. **Download MDOP** MDOP subscribers can download the software at the [Microsoft Volume Licensing website (MVLS)](https://go.microsoft.com/fwlink/?LinkId=166331). diff --git a/mdop/appv-v4/application-virtualization-client-hardware-and-software-requirements.md b/mdop/appv-v4/application-virtualization-client-hardware-and-software-requirements.md index e11246cb72..fbeb7f66e6 100644 --- a/mdop/appv-v4/application-virtualization-client-hardware-and-software-requirements.md +++ b/mdop/appv-v4/application-virtualization-client-hardware-and-software-requirements.md @@ -53,7 +53,7 @@ The hardware requirements are applicable to all versions. Operating System Edition Service Pack -Achitectural SKU +Architectural SKU @@ -106,7 +106,7 @@ For the Application Virtualization (App-V) 4.6 Desktop Client, the following add Operating System Edition Service Pack -Achitectural SKU +Architectural SKU @@ -176,7 +176,7 @@ The hardware requirements are applicable to all versions. Operating System Edition Service Pack -Achitectural SKU +Architectural SKU @@ -233,7 +233,7 @@ For the Application Virtualization (App-V) 4.6 Desktop Client, the following add Operating System Edition Service Pack -Achitectural SKU +Architectural SKU diff --git a/mdop/appv-v4/how-to-sequence-a-new-application.md b/mdop/appv-v4/how-to-sequence-a-new-application.md index 3d05d35761..21debde0ba 100644 --- a/mdop/appv-v4/how-to-sequence-a-new-application.md +++ b/mdop/appv-v4/how-to-sequence-a-new-application.md @@ -38,7 +38,7 @@ After you successfully sequence the application, it is available in the App-V Se 4. On the **Advanced Options** page, to specify the **Block Size** for the virtual application, select the size you want. The block size determines how the **.sft** file will be divided for streaming the package across the network to target computers. To allow Microsoft Update to update the application as it is being sequenced; select **Allow Microsoft Update to run during monitoring**. If you select this option, Microsoft Updates are allowed to be installed during the monitoring phase and you will need to accept the associated updates for them to be installed. To remap the supported dynamic link library (.dll) files so that they use a contiguous space of RAM, select **Rebase DLLs**. Selecting this option can conserve memory and help improve performance. Many applications do not support this option, but it is useful in environments with limited RAM such as in Terminal Server scenarios. Click **Next**. -5. On the **Monitor Installation** page, to monitor the installation of an application, click **Begin Monitoring**. After you click **Begin Monitoring**, specify the directory on the Q:\\ drive where the application will be installed. To install the application to a folder that has not been ccreated, click **Make New Folder**. You must install each application that you sequence into a separate directory. +5. On the **Monitor Installation** page, to monitor the installation of an application, click **Begin Monitoring**. After you click **Begin Monitoring**, specify the directory on the Q:\\ drive where the application will be installed. To install the application to a folder that has not been created, click **Make New Folder**. You must install each application that you sequence into a separate directory. **Important** The folder name you specify must not be longer than 8 characters. diff --git a/mdop/appv-v4/server-groups-results-pane.md b/mdop/appv-v4/server-groups-results-pane.md index 4b07de6c20..1d2a446726 100644 --- a/mdop/appv-v4/server-groups-results-pane.md +++ b/mdop/appv-v4/server-groups-results-pane.md @@ -77,7 +77,7 @@ Deletes an Application Virtualization Management Server. Changes the name of an Application Virtualization Management Server. **Properties** -Displays the **Propertie**s dialog box for the selected server. The **Properties** dialog box has the following tabs: +Displays the **Properties** dialog box for the selected server. The **Properties** dialog box has the following tabs: - **General**—Enables you to select the provider policy from the **Provider Policies** drop-down list and to enable or disable the server by selecting or clearing the **Enable** check box. diff --git a/mdop/appv-v5/about-app-v-50-sp3.md b/mdop/appv-v5/about-app-v-50-sp3.md index c7b6ad9dc3..404ea88933 100644 --- a/mdop/appv-v5/about-app-v-50-sp3.md +++ b/mdop/appv-v5/about-app-v-50-sp3.md @@ -756,7 +756,7 @@ The primary virtual application directory (PVAD) is hidden in App-V 5.0 SP3, but

  1. In the Registry Editor, navigate to: HKLM\SOFTWARE\Microsoft\AppV\Sequencer\Compatibility

    -Note

    If the Compatability subkey doesn’t exist, you must create it.

    +Note

    If the Compatibility subkey doesn’t exist, you must create it.

    diff --git a/mdop/appv-v5/about-client-configuration-settings.md b/mdop/appv-v5/about-client-configuration-settings.md index ab80cd454a..8671a0c754 100644 --- a/mdop/appv-v5/about-client-configuration-settings.md +++ b/mdop/appv-v5/about-client-configuration-settings.md @@ -303,7 +303,7 @@ The following table displays information about the App-V 5.0 client configuratio

    ROAMINGREGISTRYEXCLUSIONS

    Specifies the registry paths that do not roam with a user profile. Example usage: /ROAMINGREGISTRYEXCLUSIONS=software\classes;software\clients

    String

    -

    Integration\RoamingReglstryExclusions

    +

    Integration\RoamingRegistryExclusions

    Policy value not written (same as Not Configured)

    diff --git a/mdop/appv-v5/about-client-configuration-settings51.md b/mdop/appv-v5/about-client-configuration-settings51.md index 608b86b707..b0af200279 100644 --- a/mdop/appv-v5/about-client-configuration-settings51.md +++ b/mdop/appv-v5/about-client-configuration-settings51.md @@ -49,7 +49,7 @@ The following table displays information about the App-V 5.1 client configuratio | CEIPOPTIN | CEIPOPTIN | Allows the computer running the App-V 5.1 Client to collect and return certain usage information to help allow us to further improve the application. | 0 for disabled; 1 for enabled | SOFTWARE/Microsoft/AppV/CEIP/CEIPEnable | 0 | | EnablePackageScripts | ENABLEPACKAGESCRIPTS | Enables scripts defined in the package manifest of configuration files that should run. | True(enabled); False(Disabled state) | \Scripting\EnablePackageScripts | | | RoamingFileExclusions | ROAMINGFILEEXCLUSIONS | Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage:  /ROAMINGFILEEXCLUSIONS='desktop;my pictures' | | | | -| RoamingRegistryExclusions | ROAMINGREGISTRYEXCLUSIONS | Specifies the registry paths that do not roam with a user profile. Example usage: /ROAMINGREGISTRYEXCLUSIONS=software\\classes;software\\clients | String | Integration\RoamingReglstryExclusions | Policy value not written (same as Not Configured) | +| RoamingRegistryExclusions | ROAMINGREGISTRYEXCLUSIONS | Specifies the registry paths that do not roam with a user profile. Example usage: /ROAMINGREGISTRYEXCLUSIONS=software\\classes;software\\clients | String | Integration\RoamingRegistryExclusions | Policy value not written (same as Not Configured) | | IntegrationRootUser | Not available. | Specifies the location to create symbolic links associated with the current version of a per-user published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %localappdata%\Microsoft\AppV\Client\Integration.| String | Integration\IntegrationRootUser | Policy value not written (same as Not Configured) | |IntegrationRootGlobal | Not available.| Specifies the location to create symbolic links associated with the current version of a globally published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %allusersprofile%\Microsoft\AppV\Client\Integration | String | Integration\IntegrationRootGlobal | Policy value not written (same as Not Configured) | | VirtualizableExtensions | Not available. | A comma -delineated list of file name extensions that can be used to determine if a locally installed application can be run in the virtual environment.
    When shortcuts, FTAs, and other extension points are created during publishing, App-V will compare the file name extension to the list if the application that is associated with the extension point is locally installed. If the extension is located, the **RunVirtual** command line parameter will be added, and the application will run virtually.
    For more information about the **RunVirtual** parameter, see [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications51.md). | String | Integration\VirtualizableExtensions | Policy value not written | diff --git a/mdop/appv-v5/application-publishing-and-client-interaction.md b/mdop/appv-v5/application-publishing-and-client-interaction.md index b19f40b8e8..6623e796d2 100644 --- a/mdop/appv-v5/application-publishing-and-client-interaction.md +++ b/mdop/appv-v5/application-publishing-and-client-interaction.md @@ -327,7 +327,7 @@ The App-V Client manages the following two file-based locations:

    Default storage location

    -

    ppdata\roaming\Microsoft\AppV\Client\Catalog\Packages\PkgGUID\VerGUID

    +

    appdata\roaming\Microsoft\AppV\Client\Catalog\Packages\PkgGUID\VerGUID

    Files in the user catalog

    @@ -877,7 +877,7 @@ Adding an App-V package to the client is the first step of the publishing refres 7. Create the Registry.dat file from the package store to %ProgramData%\\Microsoft\\AppV\\Client\\VReg\\{VersionGUID}.dat - 8. Register the package with the App-V Kernal Mode Driver HKLM\\Microsoft\\Software\\AppV\\MAV + 8. Register the package with the App-V Kernel Mode Driver HKLM\\Microsoft\\Software\\AppV\\MAV 9. Invoke scripting from the AppxManifest.xml or DeploymentConfig.xml file for Package Add timing. @@ -1554,12 +1554,12 @@ The example below shows the combination of the Manifest, Deployment Configuratio [{Desktop}]\7-Zip\7-Zip File Manager.lnk [{AppVPackageRoot}]\7zFM.exe - [{AppVPackageRoot}]\7zFM.exe.O.ico + [{AppVPackageRoot}]\7zFM.exe.O.ico [{Common Programs}]\7-Zip\7-Zip File Manager.Ink [{AppVPackageRoot}]\7zFM.exe - [{AppVPackageRoot)]\7zFM.exe.O.ico + [{AppVPackageRoot)]\7zFM.exe.O.ico diff --git a/mdop/appv-v5/application-publishing-and-client-interaction51.md b/mdop/appv-v5/application-publishing-and-client-interaction51.md index 7188685403..257cbe8a43 100644 --- a/mdop/appv-v5/application-publishing-and-client-interaction51.md +++ b/mdop/appv-v5/application-publishing-and-client-interaction51.md @@ -327,7 +327,7 @@ The App-V Client manages the following two file-based locations:

    Default storage location

    -

    ppdata\roaming\Microsoft\AppV\Client\Catalog\Packages\PkgGUID\VerGUID

    +

    appdata\roaming\Microsoft\AppV\Client\Catalog\Packages\PkgGUID\VerGUID

    Files in the user catalog

    @@ -877,7 +877,7 @@ Adding an App-V package to the client is the first step of the publishing refres 7. Create the Registry.dat file from the package store to %ProgramData%\\Microsoft\\AppV\\Client\\VReg\\{VersionGUID}.dat - 8. Register the package with the App-V Kernal Mode Driver HKLM\\Microsoft\\Software\\AppV\\MAV + 8. Register the package with the App-V Kernel Mode Driver HKLM\\Microsoft\\Software\\AppV\\MAV 9. Invoke scripting from the AppxManifest.xml or DeploymentConfig.xml file for Package Add timing. @@ -1554,12 +1554,12 @@ The example below shows the combination of the Manifest, Deployment Configuratio [{Desktop}]\7-Zip\7-Zip File Manager.lnk [{AppVPackageRoot}]\7zFM.exe - [{AppVPackageRoot}]\7zFM.exe.O.ico + [{AppVPackageRoot}]\7zFM.exe.O.ico [{Common Programs}]\7-Zip\7-Zip File Manager.Ink [{AppVPackageRoot}]\7zFM.exe - [{AppVPackageRoot)]\7zFM.exe.O.ico + [{AppVPackageRoot)]\7zFM.exe.O.ico diff --git a/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v.md b/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v.md index 0c1c022bae..6ac193ddbc 100644 --- a/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v.md +++ b/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v.md @@ -696,7 +696,7 @@ To exclude specific Office applications (for example, Access and InfoPath) when - + Lync 2013 @@ -738,10 +738,10 @@ You may want to disable shortcuts for certain Office applications instead of unp Microsoft.Office.MSACCESS.EXE.15 - true + true Build a professional app quickly to manage data. l - [{AppVPackageRoot}]\officel5\MSACCESS.EXE + [{AppVPackageRoot}]\office15\MSACCESS.EXE ``` diff --git a/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v51.md b/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v51.md index ec2a4316b5..2e781bfa2b 100644 --- a/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v51.md +++ b/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v51.md @@ -704,7 +704,7 @@ To exclude specific Office applications (for example, Access and InfoPath) when - + Lync 2013 @@ -746,10 +746,10 @@ You may want to disable shortcuts for certain Office applications instead of unp Microsoft.Office.MSACCESS.EXE.15 - true + true Build a professional app quickly to manage data. l - [{AppVPackageRoot}]\officel5\MSACCESS.EXE + [{AppVPackageRoot}]\office15\MSACCESS.EXE ``` diff --git a/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v.md b/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v.md index b60166ff33..203086f71b 100644 --- a/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v.md +++ b/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v.md @@ -634,7 +634,7 @@ You may want to disable specific applications in your Office App-V package. For 5. Add the Office 2016 App-V Package with the new Deployment Configuration File. ``` syntax - + Lync 2016 @@ -676,10 +676,10 @@ You may want to disable shortcuts for certain Office applications instead of unp Microsoft.Office.MSACCESS.EXE.15 - true + true Build a professional app quickly to manage data. l - [{AppVPackageRoot}]\officel6\MSACCESS.EXE + [{AppVPackageRoot}]\office16\MSACCESS.EXE ``` diff --git a/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v51.md b/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v51.md index b90fa7c2e2..317e8df4e7 100644 --- a/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v51.md +++ b/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v51.md @@ -634,7 +634,7 @@ You may want to disable specific applications in your Office App-V package. For 5. Add the Office 2016 App-V Package with the new Deployment Configuration File. ```xml - + Lync 2016 @@ -676,10 +676,10 @@ You may want to disable shortcuts for certain Office applications instead of unp Microsoft.Office.MSACCESS.EXE.15 - true + true Build a professional app quickly to manage data. l - [{AppVPackageRoot}]\officel6\MSACCESS.EXE + [{AppVPackageRoot}]\office16\MSACCESS.EXE ``` diff --git a/mdop/appv-v5/how-to-access-the-client-management-console.md b/mdop/appv-v5/how-to-access-the-client-management-console.md index 1e5fc68d4b..90164220e0 100644 --- a/mdop/appv-v5/how-to-access-the-client-management-console.md +++ b/mdop/appv-v5/how-to-access-the-client-management-console.md @@ -37,7 +37,7 @@ Use the following procedure to access the client management console. 2. When the App-V 5.0 client management console is displayed, click the tab you want to review and perform any required tasks. For more information about the client management console tasks see, [Using the App-V 5.0 Client Management Console](using-the-app-v-50-client-management-console.md). - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-add-or-remove-an-administrator-by-using-the-management-console.md b/mdop/appv-v5/how-to-add-or-remove-an-administrator-by-using-the-management-console.md index d62e802902..7f2daaca8d 100644 --- a/mdop/appv-v5/how-to-add-or-remove-an-administrator-by-using-the-management-console.md +++ b/mdop/appv-v5/how-to-add-or-remove-an-administrator-by-using-the-management-console.md @@ -33,7 +33,7 @@ Use the following procedures to add or remove an administrator on the App-V 5.0 2. Right-click the account to be removed from the list of administrators and select **Remove**. - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-add-or-upgrade-packages-by-using-the-management-console-beta-gb18030.md b/mdop/appv-v5/how-to-add-or-upgrade-packages-by-using-the-management-console-beta-gb18030.md index 6ffae20774..ac3caca510 100644 --- a/mdop/appv-v5/how-to-add-or-upgrade-packages-by-using-the-management-console-beta-gb18030.md +++ b/mdop/appv-v5/how-to-add-or-upgrade-packages-by-using-the-management-console-beta-gb18030.md @@ -42,7 +42,7 @@ You can the following procedure to add or upgrade a package to the App-V 5.0 Man 5. Click **Close** to close the **Add or Upgrade Packages** page. - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-allow-only-administrators-to-enable-connection-groups.md b/mdop/appv-v5/how-to-allow-only-administrators-to-enable-connection-groups.md index a04d25f7ae..ac99282ee1 100644 --- a/mdop/appv-v5/how-to-allow-only-administrators-to-enable-connection-groups.md +++ b/mdop/appv-v5/how-to-allow-only-administrators-to-enable-connection-groups.md @@ -58,7 +58,7 @@ Use one of the following methods to allow only administrators to enable or disab -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). +**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-apply-the-deployment-configuration-file-by-using-powershell.md b/mdop/appv-v5/how-to-apply-the-deployment-configuration-file-by-using-powershell.md index 8e30f21d57..3f0b9b7a68 100644 --- a/mdop/appv-v5/how-to-apply-the-deployment-configuration-file-by-using-powershell.md +++ b/mdop/appv-v5/how-to-apply-the-deployment-configuration-file-by-using-powershell.md @@ -37,7 +37,7 @@ The dynamic deployment configuration file is applied when a package is added or ~~~ -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). +**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ~~~ ## Related topics diff --git a/mdop/appv-v5/how-to-apply-the-user-configuration-file-by-using-powershell.md b/mdop/appv-v5/how-to-apply-the-user-configuration-file-by-using-powershell.md index 0aa5bd5e31..bf8e5bc775 100644 --- a/mdop/appv-v5/how-to-apply-the-user-configuration-file-by-using-powershell.md +++ b/mdop/appv-v5/how-to-apply-the-user-configuration-file-by-using-powershell.md @@ -33,7 +33,7 @@ Use the following procedure to specify a user-specific configuration file. The f **Publish-AppVClientPackage $pkg –DynamicUserConfigurationPath c:\\Packages\\Contoso\\config.xml** - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-configure-access-to-packages-by-using-the-management-console-50.md b/mdop/appv-v5/how-to-configure-access-to-packages-by-using-the-management-console-50.md index 2afafa6b63..b09260f550 100644 --- a/mdop/appv-v5/how-to-configure-access-to-packages-by-using-the-management-console-50.md +++ b/mdop/appv-v5/how-to-configure-access-to-packages-by-using-the-management-console-50.md @@ -60,7 +60,7 @@ Use the following procedure to configure access to virtualized packages. 3. To close the **AD ACCESS** page, click **Close**. - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-configure-the-client-to-receive-package-and-connection-groups-updates-from-the-publishing-server-beta.md b/mdop/appv-v5/how-to-configure-the-client-to-receive-package-and-connection-groups-updates-from-the-publishing-server-beta.md index 9120a87f6f..fd12886881 100644 --- a/mdop/appv-v5/how-to-configure-the-client-to-receive-package-and-connection-groups-updates-from-the-publishing-server-beta.md +++ b/mdop/appv-v5/how-to-configure-the-client-to-receive-package-and-connection-groups-updates-from-the-publishing-server-beta.md @@ -70,7 +70,7 @@ For the following procedures the management server was installed on a computer n The command will query the publishing server for the packages and connection groups that need to be added or removed for this particular client based on the entitlements for the packages and connection groups as configured on the management server. - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-connect-to-the-management-console-beta.md b/mdop/appv-v5/how-to-connect-to-the-management-console-beta.md index 3fdbfba946..a460c12f62 100644 --- a/mdop/appv-v5/how-to-connect-to-the-management-console-beta.md +++ b/mdop/appv-v5/how-to-connect-to-the-management-console-beta.md @@ -25,7 +25,7 @@ Use the following procedure to connect to the App-V 5.0 Management Console. 2. To view different sections of the console, click the desired section in the navigation pane. - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-convert-a-package-created-in-a-previous-version-of-app-v.md b/mdop/appv-v5/how-to-convert-a-package-created-in-a-previous-version-of-app-v.md index 2c1debb1f6..7bc0c4e2c1 100644 --- a/mdop/appv-v5/how-to-convert-a-package-created-in-a-previous-version-of-app-v.md +++ b/mdop/appv-v5/how-to-convert-a-package-created-in-a-previous-version-of-app-v.md @@ -67,7 +67,7 @@ Import-Module AppVPkgConverter - Other functionality - PowerShell has other built-in functionality for features such as aliases, piping, lazy-binding, .NET object, and many others. All of these are usable in PowerShell and can help you create advanced scenarios for the Package Converter. -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). +**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ~~~ ## Related topics diff --git a/mdop/appv-v5/how-to-create-a-connection-group-with-user-published-and-globally-published-packages.md b/mdop/appv-v5/how-to-create-a-connection-group-with-user-published-and-globally-published-packages.md index 85916b88c8..f9ce72926a 100644 --- a/mdop/appv-v5/how-to-create-a-connection-group-with-user-published-and-globally-published-packages.md +++ b/mdop/appv-v5/how-to-create-a-connection-group-with-user-published-and-globally-published-packages.md @@ -52,9 +52,9 @@ You can create user-entitled connection groups that contain both user-published 1. Add and publish packages by using the following commands: - **Add-AppvClientPackage Pacakage1\_AppV\_file\_Path** + **Add-AppvClientPackage Package1\_AppV\_file\_Path** - **Add-AppvClientPackage Pacakage2\_AppV\_file\_Path** + **Add-AppvClientPackage Package2\_AppV\_file\_Path** **Publish-AppvClientPackage -PackageId Package1\_ID -VersionId Package1\_Version ID -Global** @@ -76,7 +76,7 @@ You can create user-entitled connection groups that contain both user-published 3. Follow the instructions in [How to Create a Connection Group](how-to-create-a-connection-group.md) to create the connection group, and add the user-published and globally published packages. - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-create-a-connection-group-with-user-published-and-globally-published-packages51.md b/mdop/appv-v5/how-to-create-a-connection-group-with-user-published-and-globally-published-packages51.md index 7df286b807..fe42b5278b 100644 --- a/mdop/appv-v5/how-to-create-a-connection-group-with-user-published-and-globally-published-packages51.md +++ b/mdop/appv-v5/how-to-create-a-connection-group-with-user-published-and-globally-published-packages51.md @@ -53,9 +53,9 @@ You can create user-entitled connection groups that contain both user-published 1. Add and publish packages by using the following commands: - **Add-AppvClientPackage Pacakage1\_AppV\_file\_Path** + **Add-AppvClientPackage Package1\_AppV\_file\_Path** - **Add-AppvClientPackage Pacakage2\_AppV\_file\_Path** + **Add-AppvClientPackage Package2\_AppV\_file\_Path** **Publish-AppvClientPackage -PackageId Package1\_ID -VersionId Package1\_Version ID -Global** diff --git a/mdop/appv-v5/how-to-create-a-connection-group.md b/mdop/appv-v5/how-to-create-a-connection-group.md index b9ab2dc072..70a482f2c4 100644 --- a/mdop/appv-v5/how-to-create-a-connection-group.md +++ b/mdop/appv-v5/how-to-create-a-connection-group.md @@ -46,7 +46,7 @@ When you place packages in a connection group, their package root paths are merg 7. After adding all the applications and configuring Active Directory access, click **Apply**. - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-create-a-custom-configuration-file-by-using-the-app-v-50-management-console.md b/mdop/appv-v5/how-to-create-a-custom-configuration-file-by-using-the-app-v-50-management-console.md index 42efe03dad..4837568ff0 100644 --- a/mdop/appv-v5/how-to-create-a-custom-configuration-file-by-using-the-app-v-50-management-console.md +++ b/mdop/appv-v5/how-to-create-a-custom-configuration-file-by-using-the-app-v-50-management-console.md @@ -31,7 +31,7 @@ Use the following procedure to create a Dynamic User Configuration file by using 4. Click **Advanced**, and then click **Export Configuration**. Type in a filename and click **Save**. Now you can edit the file to configure a package for a user. - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-create-a-package-accelerator-by-using-powershell.md b/mdop/appv-v5/how-to-create-a-package-accelerator-by-using-powershell.md index 484ac45489..0f7df5d66c 100644 --- a/mdop/appv-v5/how-to-create-a-package-accelerator-by-using-powershell.md +++ b/mdop/appv-v5/how-to-create-a-package-accelerator-by-using-powershell.md @@ -43,7 +43,7 @@ App-V 5.0 package accelerators automatically sequence large, complex application - **AcceleratorDescriptionFile** - specifies the path to user created package accelerator instructions. The package accelerator instructions are **.txt** or **.rtf** description files that will be packaged with the package created using the package accelerator. - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-create-a-package-accelerator.md b/mdop/appv-v5/how-to-create-a-package-accelerator.md index 3ca349472c..b823c813a0 100644 --- a/mdop/appv-v5/how-to-create-a-package-accelerator.md +++ b/mdop/appv-v5/how-to-create-a-package-accelerator.md @@ -98,7 +98,7 @@ Click **Next**. ~~~ -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). +**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ~~~ ## Related topics diff --git a/mdop/appv-v5/how-to-create-a-virtual-application-package-using-an-app-v-package-accelerator.md b/mdop/appv-v5/how-to-create-a-virtual-application-package-using-an-app-v-package-accelerator.md index 5520322085..d6752dc7b3 100644 --- a/mdop/appv-v5/how-to-create-a-virtual-application-package-using-an-app-v-package-accelerator.md +++ b/mdop/appv-v5/how-to-create-a-virtual-application-package-using-an-app-v-package-accelerator.md @@ -91,7 +91,7 @@ If the package accelerator requires an application to be installed before you ap The package is now available in the Sequencer. To edit the package properties, click **Edit \[Package Name\]**. For more information about how to modify a package, see [How to Modify an Existing Virtual Application Package](how-to-modify-an-existing-virtual-application-package-beta.md). - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-create-and-use-a-project-template.md b/mdop/appv-v5/how-to-create-and-use-a-project-template.md index 199c3b09bf..514740a212 100644 --- a/mdop/appv-v5/how-to-create-and-use-a-project-template.md +++ b/mdop/appv-v5/how-to-create-and-use-a-project-template.md @@ -51,7 +51,7 @@ Use the following procedures to create and apply a new template. Create the new virtual application package. The settings saved with the specified template will be applied to the new virtual application package that you are creating. - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-customize-virtual-applications-extensions-for-a-specific-ad-group-by-using-the-management-console.md b/mdop/appv-v5/how-to-customize-virtual-applications-extensions-for-a-specific-ad-group-by-using-the-management-console.md index ba34780c3d..110fce61e0 100644 --- a/mdop/appv-v5/how-to-customize-virtual-applications-extensions-for-a-specific-ad-group-by-using-the-management-console.md +++ b/mdop/appv-v5/how-to-customize-virtual-applications-extensions-for-a-specific-ad-group-by-using-the-management-console.md @@ -33,7 +33,7 @@ Use the following procedure to customize the virtual application extensions for 5. To edit additional application extensions, modify the configuration file and click **Import and Overwrite this Configuration**. Select the modified file and click **Open**. In the dialog, click **Overwrite** to complete the process. - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-delete-a-connection-group.md b/mdop/appv-v5/how-to-delete-a-connection-group.md index 99c4502ead..8d3a29dee3 100644 --- a/mdop/appv-v5/how-to-delete-a-connection-group.md +++ b/mdop/appv-v5/how-to-delete-a-connection-group.md @@ -25,7 +25,7 @@ Use the following procedure to delete an existing App-V connection group. 2. Right-click the connection group to be removed, and select **delete**. - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-delete-a-package-in-the-management-console-beta.md b/mdop/appv-v5/how-to-delete-a-package-in-the-management-console-beta.md index 5717b7c75f..a9a1d7847a 100644 --- a/mdop/appv-v5/how-to-delete-a-package-in-the-management-console-beta.md +++ b/mdop/appv-v5/how-to-delete-a-package-in-the-management-console-beta.md @@ -25,7 +25,7 @@ Use the following procedure to delete an App-V 5.0 package. 2. Right-click the package, and select **delete** to remove the package. - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-deploy-app-v-50-packages-using-electronic-software-distribution.md b/mdop/appv-v5/how-to-deploy-app-v-50-packages-using-electronic-software-distribution.md index cb240b0114..c84a1d788d 100644 --- a/mdop/appv-v5/how-to-deploy-app-v-50-packages-using-electronic-software-distribution.md +++ b/mdop/appv-v5/how-to-deploy-app-v-50-packages-using-electronic-software-distribution.md @@ -62,7 +62,7 @@ Use one of the following methods to publish packages to App-V client computers w If you are using System Center Configuration Manager, start by reviewing [Introduction to Application Management in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=281816) for information about using App-V 5.0 and System Center 2012 Configuration Manager. - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-deploy-the-app-v-46-and-the-app-v--50-client-on-the-same-computer.md b/mdop/appv-v5/how-to-deploy-the-app-v-46-and-the-app-v--50-client-on-the-same-computer.md index 15023aec87..b201ab4069 100644 --- a/mdop/appv-v5/how-to-deploy-the-app-v-46-and-the-app-v--50-client-on-the-same-computer.md +++ b/mdop/appv-v5/how-to-deploy-the-app-v-46-and-the-app-v--50-client-on-the-same-computer.md @@ -39,7 +39,7 @@ Use the following information to install the App-V 5.0 client (preferably, with 5. Test that your App-V 5.0 packages are successful, and then remove the 4.6 packages. To check the user state of your client computers, we recommend that you use [User Experience Virtualization](https://technet.microsoft.com/library/dn458947.aspx) or another user environment management tool. - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-deploy-the-app-v-50-server-50sp3.md b/mdop/appv-v5/how-to-deploy-the-app-v-50-server-50sp3.md index 4c309e2617..b58dcbe9cc 100644 --- a/mdop/appv-v5/how-to-deploy-the-app-v-50-server-50sp3.md +++ b/mdop/appv-v5/how-to-deploy-the-app-v-50-server-50sp3.md @@ -255,7 +255,7 @@ Use the following procedure to install the App-V 5.0 server. For information abo Example: **http://localhost:12345/console.html**. If the installation succeeded, the App-V Management console is displayed with no errors. - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-deploy-the-app-v-50-server-using-a-script.md b/mdop/appv-v5/how-to-deploy-the-app-v-50-server-using-a-script.md index 3132a01373..03f183eae8 100644 --- a/mdop/appv-v5/how-to-deploy-the-app-v-50-server-using-a-script.md +++ b/mdop/appv-v5/how-to-deploy-the-app-v-50-server-using-a-script.md @@ -657,7 +657,7 @@ Use the following tables for more information about installing the App-V 5.0 ser

    /EXISTING_ REPORTING _DB_NAME

    -

    Specifies the name of the existing Reporting database that should be used. Takes a string. E.g. /EXISITING_REPORTING_DB_NAME="AppVReporting"

    +

    Specifies the name of the existing Reporting database that should be used. Takes a string. E.g. /EXISTING_REPORTING_DB_NAME="AppVReporting"

    @@ -735,7 +735,7 @@ Use the following tables for more information about installing the App-V 5.0 ser

    /EXISTING_MANAGEMENT_DB_NAME

    -

    Specifies the name of the existing management database that should be used. Example usage: /EXISITING_MANAGEMENT_DB_NAME=”AppVMgmtDB”. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored.

    +

    Specifies the name of the existing management database that should be used. Example usage: /EXISTING_MANAGEMENT_DB_NAME=”AppVMgmtDB”. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored.

    Got a suggestion for App-V? Add or vote on suggestions here. Got an App-V issue? Use the App-V TechNet Forum.

    diff --git a/mdop/appv-v5/how-to-deploy-the-app-v-51-server-using-a-script.md b/mdop/appv-v5/how-to-deploy-the-app-v-51-server-using-a-script.md index 597cd51d2b..e3c13b3c79 100644 --- a/mdop/appv-v5/how-to-deploy-the-app-v-51-server-using-a-script.md +++ b/mdop/appv-v5/how-to-deploy-the-app-v-51-server-using-a-script.md @@ -689,7 +689,7 @@ In order to complete the **appv\_server\_setup.exe** Server setup successfully u

    /EXISTING_ REPORTING _DB_NAME

    -

    Specifies the name of the existing Reporting database that should be used. Takes a string. E.g. /EXISITING_REPORTING_DB_NAME="AppVReporting"

    +

    Specifies the name of the existing Reporting database that should be used. Takes a string. E.g. /EXISTING_REPORTING_DB_NAME="AppVReporting"

    @@ -771,7 +771,7 @@ In order to complete the **appv\_server\_setup.exe** Server setup successfully u

    /EXISTING_MANAGEMENT_DB_NAME

    -

    Specifies the name of the existing management database that should be used. Example usage: /EXISITING_MANAGEMENT_DB_NAME=”AppVMgmtDB”. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored.

    +

    Specifies the name of the existing management database that should be used. Example usage: /EXISTING_MANAGEMENT_DB_NAME=”AppVMgmtDB”. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored.

    Got a suggestion for App-V? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). Got an App-V issue? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).

    diff --git a/mdop/appv-v5/how-to-deploy-the-app-v-databases-by-using-sql-scripts.md b/mdop/appv-v5/how-to-deploy-the-app-v-databases-by-using-sql-scripts.md index d203c1c67e..0427b800e1 100644 --- a/mdop/appv-v5/how-to-deploy-the-app-v-databases-by-using-sql-scripts.md +++ b/mdop/appv-v5/how-to-deploy-the-app-v-databases-by-using-sql-scripts.md @@ -67,7 +67,7 @@ Use the following instructions to use SQL scripts, rather than the Windows Insta ~~~ -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). +**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ~~~ ## Related topics diff --git a/mdop/appv-v5/how-to-enable-only-administrators-to-publish-packages-by-using-an-esd.md b/mdop/appv-v5/how-to-enable-only-administrators-to-publish-packages-by-using-an-esd.md index a865bd7718..094eff2814 100644 --- a/mdop/appv-v5/how-to-enable-only-administrators-to-publish-packages-by-using-an-esd.md +++ b/mdop/appv-v5/how-to-enable-only-administrators-to-publish-packages-by-using-an-esd.md @@ -29,7 +29,7 @@ Starting in App-V 5.0 SP3, you can configure the App-V client so that only admin To alternatively use PowerShell to set this item, see [How to Manage App-V 5.0 Packages Running on a Stand-Alone Computer by Using PowerShell](how-to-manage-app-v-50-packages-running-on-a-stand-alone-computer-by-using-powershell.md#bkmk-admins-pub-pkgs). - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).   diff --git a/mdop/appv-v5/how-to-enable-reporting-on-the-app-v-50-client-by-using-powershell.md b/mdop/appv-v5/how-to-enable-reporting-on-the-app-v-50-client-by-using-powershell.md index 34ed292cca..128470febf 100644 --- a/mdop/appv-v5/how-to-enable-reporting-on-the-app-v-50-client-by-using-powershell.md +++ b/mdop/appv-v5/how-to-enable-reporting-on-the-app-v-50-client-by-using-powershell.md @@ -80,7 +80,7 @@ Use the following procedure to configure the App-V 5.0 for reporting. Additionally, administrators can manually send the data back in an on-demand manner using the **Send-AppvClientReport** PowerShell cmdlet. - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-install-the-app-v-50-client-for-shared-content-store-mode.md b/mdop/appv-v5/how-to-install-the-app-v-50-client-for-shared-content-store-mode.md index f4f3e227c2..b9405a9529 100644 --- a/mdop/appv-v5/how-to-install-the-app-v-50-client-for-shared-content-store-mode.md +++ b/mdop/appv-v5/how-to-install-the-app-v-50-client-for-shared-content-store-mode.md @@ -41,7 +41,7 @@ For more information about SCS mode, see [Shared Content Store in Microsoft App- 2. After you have completed the installation you can deploy packages to the computer running the client and all package contents will be streamed across the network. - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-install-the-app-v-databases-and-convert-the-associated-security-identifiers--by-using-powershell.md b/mdop/appv-v5/how-to-install-the-app-v-databases-and-convert-the-associated-security-identifiers--by-using-powershell.md index 8380e16dff..22ca05448e 100644 --- a/mdop/appv-v5/how-to-install-the-app-v-databases-and-convert-the-associated-security-identifiers--by-using-powershell.md +++ b/mdop/appv-v5/how-to-install-the-app-v-databases-and-convert-the-associated-security-identifiers--by-using-powershell.md @@ -165,7 +165,7 @@ Before attempting this procedure, you should read and understand the information **.\\ConvertToSID.ps1 $accountsArray | Write-Output -FilePath .\\SIDs.txt -Width 200”** - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-install-the-management-and-reporting-databases-on-separate-computers-from-the-management-and-reporting-services.md b/mdop/appv-v5/how-to-install-the-management-and-reporting-databases-on-separate-computers-from-the-management-and-reporting-services.md index dd19ea6161..924e89d919 100644 --- a/mdop/appv-v5/how-to-install-the-management-and-reporting-databases-on-separate-computers-from-the-management-and-reporting-services.md +++ b/mdop/appv-v5/how-to-install-the-management-and-reporting-databases-on-separate-computers-from-the-management-and-reporting-services.md @@ -109,7 +109,7 @@ Specify the user name for the reporting server **Install Administrator** using t 5. Run the scripts on the computer running Microsoft SQL Server. - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-install-the-management-server-on-a-standalone-computer-and-connect-it-to-the-database.md b/mdop/appv-v5/how-to-install-the-management-server-on-a-standalone-computer-and-connect-it-to-the-database.md index 05a849b30c..c27949ba3d 100644 --- a/mdop/appv-v5/how-to-install-the-management-server-on-a-standalone-computer-and-connect-it-to-the-database.md +++ b/mdop/appv-v5/how-to-install-the-management-server-on-a-standalone-computer-and-connect-it-to-the-database.md @@ -52,7 +52,7 @@ Specify the **SQL Server Database name** that this management server will use, f 9. To confirm that the setup has completed successfully, open a web browser, and type the following URL: http://managementserver:portnumber/Console.html if the installation was successful you should see the **Silverlight Management Console** appear without any error messages or warnings being displayed. - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-install-the-publishing-server-on-a-remote-computer.md b/mdop/appv-v5/how-to-install-the-publishing-server-on-a-remote-computer.md index 22a42e002d..d9862868d2 100644 --- a/mdop/appv-v5/how-to-install-the-publishing-server-on-a-remote-computer.md +++ b/mdop/appv-v5/how-to-install-the-publishing-server-on-a-remote-computer.md @@ -67,7 +67,7 @@ Use the following procedure to install the publishing server on a separate compu `` - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-install-the-reporting-server-on-a-standalone-computer-and-connect-it-to-the-database.md b/mdop/appv-v5/how-to-install-the-reporting-server-on-a-standalone-computer-and-connect-it-to-the-database.md index 6cd9f15218..4285fdefd0 100644 --- a/mdop/appv-v5/how-to-install-the-reporting-server-on-a-standalone-computer-and-connect-it-to-the-database.md +++ b/mdop/appv-v5/how-to-install-the-reporting-server-on-a-standalone-computer-and-connect-it-to-the-database.md @@ -57,7 +57,7 @@ Specify the **SQL Server Database name** that this reporting server will use, fo 8. Click **Install**. - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-install-the-sequencer-beta-gb18030.md b/mdop/appv-v5/how-to-install-the-sequencer-beta-gb18030.md index 3f7e638081..c02d94ec51 100644 --- a/mdop/appv-v5/how-to-install-the-sequencer-beta-gb18030.md +++ b/mdop/appv-v5/how-to-install-the-sequencer-beta-gb18030.md @@ -97,7 +97,7 @@ You can also use the command line to install the App-V 5.0 sequencer. The follow - For more information regarding the sequencer installation, you can view the error log in the **%temp%** folder. To review the log files, click **Start**, type **%temp%**, and then look for the **appv\_ log**. - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-manage-app-v-50-packages-running-on-a-stand-alone-computer-by-using-powershell.md b/mdop/appv-v5/how-to-manage-app-v-50-packages-running-on-a-stand-alone-computer-by-using-powershell.md index 08c7e04567..ef45d7b6df 100644 --- a/mdop/appv-v5/how-to-manage-app-v-50-packages-running-on-a-stand-alone-computer-by-using-powershell.md +++ b/mdop/appv-v5/how-to-manage-app-v-50-packages-running-on-a-stand-alone-computer-by-using-powershell.md @@ -280,7 +280,7 @@ The pending task will run later, according to the following rules: For more information about pending tasks, see [About App-V 5.0 SP2](about-app-v-50-sp2.md#bkmk-pkg-upgr-pendg-tasks). -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). +**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-manage-connection-groups-on-a-stand-alone-computer-by-using-powershell.md b/mdop/appv-v5/how-to-manage-connection-groups-on-a-stand-alone-computer-by-using-powershell.md index 8c1781f985..742f6905de 100644 --- a/mdop/appv-v5/how-to-manage-connection-groups-on-a-stand-alone-computer-by-using-powershell.md +++ b/mdop/appv-v5/how-to-manage-connection-groups-on-a-stand-alone-computer-by-using-powershell.md @@ -128,7 +128,7 @@ This topic explains the following procedures: - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-50-package-for-all-users-on-a-specific-computer.md b/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-50-package-for-all-users-on-a-specific-computer.md index 75bb7066c4..02c3ed99ef 100644 --- a/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-50-package-for-all-users-on-a-specific-computer.md +++ b/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-50-package-for-all-users-on-a-specific-computer.md @@ -56,9 +56,9 @@ The following procedure does not require an App-V 5.0 management server. PS>**Publish-AppVClientPackage $pkg** -3. To test the migration, open the virtual application using asscoaited FTAs or shortcuts. The application opens with App-V 5.0. Both, the App-V 4.6 package and the converted App-V 5.0 package are published to the user, but the FTAs and shortcuts for the applications have been assumed by the App-V 5.0 package. +3. To test the migration, open the virtual application using associated FTAs or shortcuts. The application opens with App-V 5.0. Both, the App-V 4.6 package and the converted App-V 5.0 package are published to the user, but the FTAs and shortcuts for the applications have been assumed by the App-V 5.0 package. - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-50-for-a-specific-user.md b/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-50-for-a-specific-user.md index d93b082e4b..5221f2f8c7 100644 --- a/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-50-for-a-specific-user.md +++ b/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-50-for-a-specific-user.md @@ -35,7 +35,7 @@ Use the following procedure to migrate packages created with App-V using the use </UserConfiguration> -2. To add the App-V 5.0 package type the following in an elavted PowerShell command prompt: +2. To add the App-V 5.0 package type the following in an elevated PowerShell command prompt: PS>**$pkg= Add-AppvClientPackage –Path** <Path to package location> @@ -45,7 +45,7 @@ Use the following procedure to migrate packages created with App-V using the use The App-V SP2 package and the converted App-V 5.0 package are published to the user, but the FTAs and shortcuts for the applications have been assumed by the App-V 5.0 package. - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-modify-an-existing-virtual-application-package-beta.md b/mdop/appv-v5/how-to-modify-an-existing-virtual-application-package-beta.md index db77297d82..cb4d6428ca 100644 --- a/mdop/appv-v5/how-to-modify-an-existing-virtual-application-package-beta.md +++ b/mdop/appv-v5/how-to-modify-an-existing-virtual-application-package-beta.md @@ -142,7 +142,7 @@ This topic explains how to: 13. On the **Completion** page, click **Close**. The package is now available in the sequencer. - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-modify-app-v-50-client-configuration-using-the-admx-template-and-group-policy.md b/mdop/appv-v5/how-to-modify-app-v-50-client-configuration-using-the-admx-template-and-group-policy.md index a70a6e6083..8ad3680354 100644 --- a/mdop/appv-v5/how-to-modify-app-v-50-client-configuration-using-the-admx-template-and-group-policy.md +++ b/mdop/appv-v5/how-to-modify-app-v-50-client-configuration-using-the-admx-template-and-group-policy.md @@ -34,7 +34,7 @@ Use the App-V 5.0 ADMX template to configure App-V 5.0 client settings using the 3. After you have copied the files open the Group Policy Management Console, to modify the policies associated with your App-V 5.0 clients browse to **Computer Configuration** / **Policies** / **Administrative Templates** / **System** / **App-V**. - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-modify-client-configuration-by-using-powershell.md b/mdop/appv-v5/how-to-modify-client-configuration-by-using-powershell.md index dcf4b6386c..b51429c229 100644 --- a/mdop/appv-v5/how-to-modify-client-configuration-by-using-powershell.md +++ b/mdop/appv-v5/how-to-modify-client-configuration-by-using-powershell.md @@ -31,7 +31,7 @@ Use the following procedure to configure the App-V 5.0 client configuration. `Set-AppvClientConfiguration –AutoLoad 2` - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-move-the-app-v-server-to-another-computer.md b/mdop/appv-v5/how-to-move-the-app-v-server-to-another-computer.md index ba22fd6a3a..75439a513b 100644 --- a/mdop/appv-v5/how-to-move-the-app-v-server-to-another-computer.md +++ b/mdop/appv-v5/how-to-move-the-app-v-server-to-another-computer.md @@ -28,7 +28,7 @@ The following list displays the steps necessary to create a new management serve 2. After you have completed the installation, use the following link to connect it to the App-V 5.0 database - [How to install the Management Server on a Standalone Computer and Connect it to the Database](how-to-install-the-management-server-on-a-standalone-computer-and-connect-it-to-the-database.md). -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). +**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-publish-a-connection-group.md b/mdop/appv-v5/how-to-publish-a-connection-group.md index c94e8ce5e2..d3e96c272e 100644 --- a/mdop/appv-v5/how-to-publish-a-connection-group.md +++ b/mdop/appv-v5/how-to-publish-a-connection-group.md @@ -25,7 +25,7 @@ After you create a connection group, you must publish it to computers that run t 2. Right-click the connection group to be published, and select **publish**. - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-publish-a-package-by-using-the-management-console-50.md b/mdop/appv-v5/how-to-publish-a-package-by-using-the-management-console-50.md index fb93be080c..99df93599f 100644 --- a/mdop/appv-v5/how-to-publish-a-package-by-using-the-management-console-50.md +++ b/mdop/appv-v5/how-to-publish-a-package-by-using-the-management-console-50.md @@ -42,7 +42,7 @@ The ability to enable only administrators to publish or unpublish packages (desc To alternatively use PowerShell to set this item, see [How to Manage App-V 5.0 Packages Running on a Stand-Alone Computer by Using PowerShell](how-to-manage-app-v-50-packages-running-on-a-stand-alone-computer-by-using-powershell.md#bkmk-admins-pub-pkgs). - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-register-and-unregister-a-publishing-server-by-using-the-management-console.md b/mdop/appv-v5/how-to-register-and-unregister-a-publishing-server-by-using-the-management-console.md index 0a2288bf44..abd93c7e0a 100644 --- a/mdop/appv-v5/how-to-register-and-unregister-a-publishing-server-by-using-the-management-console.md +++ b/mdop/appv-v5/how-to-register-and-unregister-a-publishing-server-by-using-the-management-console.md @@ -39,7 +39,7 @@ Use the following procedure to register or unregister a publishing server. 3. To unregister the server, right-click the computer name and select the computer name and select **unregister server**. - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-a-specific-user.md b/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-a-specific-user.md index 7c0d2eb7d4..c290148b0d 100644 --- a/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-a-specific-user.md +++ b/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-a-specific-user.md @@ -35,7 +35,7 @@ Use the following procedure to revert an App-V 5.0 package to the App-V file for ~~~ -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). +**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ~~~ ## Related topics diff --git a/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-all-users-on-a-specific-computer.md b/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-all-users-on-a-specific-computer.md index eb3e8e7dfb..d154228918 100644 --- a/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-all-users-on-a-specific-computer.md +++ b/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-all-users-on-a-specific-computer.md @@ -41,7 +41,7 @@ Use the following procedure to revert extension points from an App-V 5.0 package ~~~ -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). +**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ~~~ ## Related topics diff --git a/mdop/appv-v5/how-to-sequence-a-new-application-with-app-v-50-beta-gb18030.md b/mdop/appv-v5/how-to-sequence-a-new-application-with-app-v-50-beta-gb18030.md index 5765532b2a..f69cd05803 100644 --- a/mdop/appv-v5/how-to-sequence-a-new-application-with-app-v-50-beta-gb18030.md +++ b/mdop/appv-v5/how-to-sequence-a-new-application-with-app-v-50-beta-gb18030.md @@ -314,7 +314,7 @@ The default **Save Location** is also displayed on this page. To change the defa ~~~ -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). +**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ~~~ ## Related topics diff --git a/mdop/appv-v5/how-to-sequence-a-package--by-using-powershell-50.md b/mdop/appv-v5/how-to-sequence-a-package--by-using-powershell-50.md index 17f4bffcb4..d9728ec6c1 100644 --- a/mdop/appv-v5/how-to-sequence-a-package--by-using-powershell-50.md +++ b/mdop/appv-v5/how-to-sequence-a-package--by-using-powershell-50.md @@ -56,11 +56,11 @@ Before you use this procedure you must copy the associated installer files to th - InstallMediaPath - specifies the path to where the installation media is - - TemplateFilePath - specifies the path to a template fileif you want to customize the sequencing process. + - TemplateFilePath - specifies the path to a template file if you want to customize the sequencing process. - FullLoad - specifies that the package must be fully downloaded to the computer running the App-V 5.0 before it can be opened. - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-sequence-a-package--by-using-powershell-51.md b/mdop/appv-v5/how-to-sequence-a-package--by-using-powershell-51.md index a4804fc73e..8a8c74258e 100644 --- a/mdop/appv-v5/how-to-sequence-a-package--by-using-powershell-51.md +++ b/mdop/appv-v5/how-to-sequence-a-package--by-using-powershell-51.md @@ -56,7 +56,7 @@ Before you use this procedure you must copy the associated installer files to th - InstallMediaPath - specifies the path to where the installation media is - - TemplateFilePath - specifies the path to a template fileif you want to customize the sequencing process. + - TemplateFilePath - specifies the path to a template file if you want to customize the sequencing process. - FullLoad - specifies that the package must be fully downloaded to the computer running the App-V 5.1 before it can be opened. diff --git a/mdop/appv-v5/how-to-transfer-access-and-configurations-to-another-version-of-a-package-by-using-the-management-console.md b/mdop/appv-v5/how-to-transfer-access-and-configurations-to-another-version-of-a-package-by-using-the-management-console.md index ab3d68c846..1979f1b044 100644 --- a/mdop/appv-v5/how-to-transfer-access-and-configurations-to-another-version-of-a-package-by-using-the-management-console.md +++ b/mdop/appv-v5/how-to-transfer-access-and-configurations-to-another-version-of-a-package-by-using-the-management-console.md @@ -29,7 +29,7 @@ Use the following procedure to transfer the access and default package configura If you select **transfer access and configurations from**, then all access permissions, as well as the configuration settings, will be copied. - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-uninstall-the-app-v-50-client.md b/mdop/appv-v5/how-to-uninstall-the-app-v-50-client.md index 3923ff9ea3..b30443d81b 100644 --- a/mdop/appv-v5/how-to-uninstall-the-app-v-50-client.md +++ b/mdop/appv-v5/how-to-uninstall-the-app-v-50-client.md @@ -43,7 +43,7 @@ You should ensure that the App-V 5.0 client service is running prior to performi ~~~ -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). +**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ~~~ ## Related topics diff --git a/mdop/appv-v5/how-to-use-an-app-v-46-sp1-application-from-an-app-v-50-application.md b/mdop/appv-v5/how-to-use-an-app-v-46-sp1-application-from-an-app-v-50-application.md index 4781b2cf89..c265b6155e 100644 --- a/mdop/appv-v5/how-to-use-an-app-v-46-sp1-application-from-an-app-v-50-application.md +++ b/mdop/appv-v5/how-to-use-an-app-v-46-sp1-application-from-an-app-v-50-application.md @@ -27,7 +27,7 @@ Use the following procedure to run an App-V 4.6 application with App-V 5.0 appl 4. The converted application now runs using App-V 5.0 and you can open one application from the other. For example, if you converted a Microsoft Office package to an App-V 5.0 package and Adobe Acrobat is still running as an App-V 4.6 package, you can open an Adobe Acrobat Reader attachment using Microsoft Outlook. - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-beta.md b/mdop/appv-v5/how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-beta.md index 9b22eac2ef..b7b66d2e47 100644 --- a/mdop/appv-v5/how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-beta.md +++ b/mdop/appv-v5/how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-beta.md @@ -33,7 +33,7 @@ Use the following procedure to view and configure default package extensions. 5. To edit other application extensions, modify the configuration file and click **Import and Overwrite this Configuration**. Select the modified file and click **Open**. In the dialog box, click **Overwrite** to complete the process. - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). ## Related topics diff --git a/mdop/appv-v5/maintaining-app-v-50.md b/mdop/appv-v5/maintaining-app-v-50.md index 72362de20d..21a91e196a 100644 --- a/mdop/appv-v5/maintaining-app-v-50.md +++ b/mdop/appv-v5/maintaining-app-v-50.md @@ -17,7 +17,7 @@ ms.date: 06/16/2016 # Maintaining App-V 5.0 -After you have completed all the necessary planning, and then deployment of App-V 5.0, you can use the following information to maiantain the App-V 5.0 infrastructure. +After you have completed all the necessary planning, and then deployment of App-V 5.0, you can use the following information to maintain the App-V 5.0 infrastructure. ## Move the App-V 5.0 Server diff --git a/mdop/appv-v5/performance-guidance-for-application-virtualization-50.md b/mdop/appv-v5/performance-guidance-for-application-virtualization-50.md index 1850499cde..8c33b0c43a 100644 --- a/mdop/appv-v5/performance-guidance-for-application-virtualization-50.md +++ b/mdop/appv-v5/performance-guidance-for-application-virtualization-50.md @@ -448,7 +448,7 @@ The following section contains lists with information about Microsoft documentat About NGEN technology -- [How to speed up NGEN optimaztion](https://blogs.msdn.com/b/dotnet/archive/2013/08/06/wondering-why-mscorsvw-exe-has-high-cpu-usage-you-can-speed-it-up.aspx) +- [How to speed up NGEN optimization](https://blogs.msdn.com/b/dotnet/archive/2013/08/06/wondering-why-mscorsvw-exe-has-high-cpu-usage-you-can-speed-it-up.aspx) - [Script](https://aka.ms/DrainNGenQueue) @@ -590,7 +590,7 @@ If, during sequencer monitoring, an SxS Assembly (such as a VC++ Runtime) is ins **Client Side**: -When publishing a virtual application package, the App-V 5.0 SP2 Client will detect if a required SxS dependency is already installed. If the dependency is unavailable on the computer and it is included in the package, a traditional Windows Insataller (.**msi**) installation of the SxS assembly will be initiated. As previously documented, simply install the dependency on the computer running the client to ensure that the Windows Installer (.msi) installation will not occur. +When publishing a virtual application package, the App-V 5.0 SP2 Client will detect if a required SxS dependency is already installed. If the dependency is unavailable on the computer and it is included in the package, a traditional Windows Installer (.**msi**) installation of the SxS assembly will be initiated. As previously documented, simply install the dependency on the computer running the client to ensure that the Windows Installer (.msi) installation will not occur. diff --git a/mdop/appv-v5/performance-guidance-for-application-virtualization-51.md b/mdop/appv-v5/performance-guidance-for-application-virtualization-51.md index 2833f23817..adeaf0e07f 100644 --- a/mdop/appv-v5/performance-guidance-for-application-virtualization-51.md +++ b/mdop/appv-v5/performance-guidance-for-application-virtualization-51.md @@ -455,7 +455,7 @@ The following section contains lists with information about Microsoft documentat About NGEN technology -- [How to speed up NGEN optimaztion](https://blogs.msdn.com/b/dotnet/archive/2013/08/06/wondering-why-mscorsvw-exe-has-high-cpu-usage-you-can-speed-it-up.aspx) +- [How to speed up NGEN optimization](https://blogs.msdn.com/b/dotnet/archive/2013/08/06/wondering-why-mscorsvw-exe-has-high-cpu-usage-you-can-speed-it-up.aspx) - [Script](https://aka.ms/DrainNGenQueue) @@ -597,7 +597,7 @@ If, during sequencer monitoring, an SxS Assembly (such as a VC++ Runtime) is ins **Client Side**: -When publishing a virtual application package, the App-V Client will detect if a required SxS dependency is already installed. If the dependency is unavailable on the computer and it is included in the package, a traditional Windows Insataller (.**msi**) installation of the SxS assembly will be initiated. As previously documented, simply install the dependency on the computer running the client to ensure that the Windows Installer (.msi) installation will not occur. +When publishing a virtual application package, the App-V Client will detect if a required SxS dependency is already installed. If the dependency is unavailable on the computer and it is included in the package, a traditional Windows Installer (.**msi**) installation of the SxS assembly will be initiated. As previously documented, simply install the dependency on the computer running the client to ensure that the Windows Installer (.msi) installation will not occur.
    diff --git a/mdop/appv-v5/release-notes-for-app-v-51.md b/mdop/appv-v5/release-notes-for-app-v-51.md index f6c42f34ad..4f937ae374 100644 --- a/mdop/appv-v5/release-notes-for-app-v-51.md +++ b/mdop/appv-v5/release-notes-for-app-v-51.md @@ -150,7 +150,7 @@ The App-V 5.x Sequencer cannot sequence applications with filenames matching "CO ## Intermittent "File Not Found" error when Mounting a Package -Occassionally when mounting a package, a "File Not Found" (0x80070002) error is generated. Typically, this occurs when a folder in an App-V package contains many files ( i.e. 20K or more). This can cause streaming to take longer than expected and to time out which generates the "File Not Found" error. +Occasionally when mounting a package, a "File Not Found" (0x80070002) error is generated. Typically, this occurs when a folder in an App-V package contains many files ( i.e. 20K or more). This can cause streaming to take longer than expected and to time out which generates the "File Not Found" error. **Workaround**: Starting with HF06, a new registry key has been introduced to enable extending this time-out period. diff --git a/mdop/uev-v2/application-template-schema-reference-for-ue-v-2x-both-uevv2.md b/mdop/uev-v2/application-template-schema-reference-for-ue-v-2x-both-uevv2.md index b972d7f736..cf5d567d3a 100644 --- a/mdop/uev-v2/application-template-schema-reference-for-ue-v-2x-both-uevv2.md +++ b/mdop/uev-v2/application-template-schema-reference-for-ue-v-2x-both-uevv2.md @@ -642,7 +642,7 @@ This element defines the settings for a single application or a suite of applica Here is the SettingsLocationTemplate.xsd file showing its elements, child elements, attributes, and parameters: -``` syntax +```xml **Microsoft Store for Education customers with support for free apps and Minecraft: Education Edition** > - Admins can acquire free apps from **Microsoft Store for Education**. > - Admins need to use an invoice to purchase **Minecraft: Education Edition**. For more information, see [Invoice payment option](https://docs.microsoft.com/education/windows/school-get-minecraft#invoices). -> - Teachers, or people with the Basic Purachaser role, can acquire free apps, but not **Minecraft: Education Edition**. +> - Teachers, or people with the Basic Purchaser role, can acquire free apps, but not **Minecraft: Education Edition**. ## Privacy notice diff --git a/store-for-business/notifications-microsoft-store-business.md b/store-for-business/notifications-microsoft-store-business.md index 90199712a8..d360104140 100644 --- a/store-for-business/notifications-microsoft-store-business.md +++ b/store-for-business/notifications-microsoft-store-business.md @@ -1,6 +1,6 @@ --- title: Notifications in Microsoft Store for Business and Education (Windows 10) -description: Notifications alert you to issues or outages with Micrososft Store for Business and Education. +description: Notifications alert you to issues or outages with Microsoft Store for Business and Education. keywords: notifications, alerts ms.assetid: ms.reviewer: @@ -34,5 +34,5 @@ Microsoft Store for Business and Microsoft Store for Education use a set of noti | Manage | We’re on it. Something happened on our end with management for apps and software. We’re working to fix the problem. | You might be unable to manage inventory, including viewing inventory, distributing apps, assigning licenses, or viewing and managing order history. | | Shop | We’re on it. Something happened on our end with purchasing. We’re working to fix the problem. | Shop might not be available. You might not be able to purchase new, or additional licenses. | | Private store | We’re on it. Something happened on our end with your organization’s private store. People in your organization can’t download apps right now. We’re working to fix the problem. | People in your organization might not be able to view the private store, or get apps. | -| Acquistion and licensing | We’re on it. People in your org might not be able to install or use certain apps. We’re working to fix the problem. | People in your org might not be able to claim a license from your private store. | +| Acquisition and licensing | We’re on it. People in your org might not be able to install or use certain apps. We’re working to fix the problem. | People in your org might not be able to claim a license from your private store. | | Partner | We’re on it. Something happened on our end with Find a Partner. We’re working to fix the problem. | You might not be able to search for a partner. | diff --git a/store-for-business/update-microsoft-store-for-business-account-settings.md b/store-for-business/update-microsoft-store-for-business-account-settings.md index bc20f75efc..495b200df1 100644 --- a/store-for-business/update-microsoft-store-for-business-account-settings.md +++ b/store-for-business/update-microsoft-store-for-business-account-settings.md @@ -19,7 +19,7 @@ manager: dansimp A billing account contains defining information about your organization. >[!NOTE] ->Billing accounts are available in Microsoft Store for Business, and M365 admin center preview. For more infomation, see [aka.ms/aboutM365preview](https://aka.ms/aboutM365preview). +>Billing accounts are available in Microsoft Store for Business, and M365 admin center preview. For more information, see [aka.ms/aboutM365preview](https://aka.ms/aboutM365preview). The **Billing account** page allows you to manage organization information, purchasing agreements that you have with Microsoft, and admin approvals. The organization information and payment options are required before you can shop for products that have a price. @@ -103,7 +103,7 @@ You’ll need this documentation: | United States | Sales Tax Exemption Certificate | | Canada | Certificate of Exemption (or equivalent letter of authorization) | | Ireland | 13B/56A Tax Exemption Certificate| -| International organizations that hold tax exaemption | Certification / letter confirmation from local tax authorities | +| International organizations that hold tax exemption | Certification / letter confirmation from local tax authorities | ### Calculating tax @@ -117,7 +117,7 @@ For example:
    ($1.29 X .095) X 100 = $12.25 ## Agreements -Each billing account inculdes access to the purchasing agreements your organization has signed with Microsoft. This could include: +Each billing account includes access to the purchasing agreements your organization has signed with Microsoft. This could include: - Microsoft Enterprise Agreement - Select agreements - Open agreements diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index 45588fbda9..3dbd5d0ae9 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -847,12 +847,12 @@ The following example shows the combination of the Manifest, Deployment Configur [{Desktop}]\7-Zip\7-Zip File Manager.lnk [{AppVPackageRoot}]\7zFM.exe - [{AppVPackageRoot}]\7zFM.exe.O.ico + [{AppVPackageRoot}]\7zFM.exe.O.ico [{Common Programs}]\7-Zip\7-Zip File Manager.Ink [{AppVPackageRoot}]\7zFM.exe - [{AppVPackageRoot)]\7zFM.exe.O.ico + [{AppVPackageRoot)]\7zFM.exe.O.ico diff --git a/windows/application-management/app-v/appv-client-configuration-settings.md b/windows/application-management/app-v/appv-client-configuration-settings.md index 1d23aca023..693a058d7e 100644 --- a/windows/application-management/app-v/appv-client-configuration-settings.md +++ b/windows/application-management/app-v/appv-client-configuration-settings.md @@ -94,7 +94,7 @@ The following table provides information about App-V client configuration settin | **MigrationMode**
    True(Enabled state); False (Disabled state) | Coexistence\\MigrationMode | | | **EnablePackageScripts**
    True (Enabled); False (Disabled state) | \\Scripting\\EnablePackageScripts | | | **RoamingFileExclusions**
    String | | | -| **RoamingRegistryExclusions**
    String | Integration\\RoamingReglstryExclusions | Policy value not written (same as Not Configured) | +| **RoamingRegistryExclusions**
    String | Integration\\RoamingRegistryExclusions | Policy value not written (same as Not Configured) | | **IntegrationRootUser**
    String | Integration\\IntegrationRootUser | Policy value not written (same as Not Configured) | | **IntegrationRootGlobal**
    String | Integration\\IntegrationRootGlobal | Policy value not written (same as Not Configured) | | **VirtualizableExtensions**
    String | Integration\\VirtualizableExtensions | Policy value not written | diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md index ea9f0906f7..2b22d0a46a 100644 --- a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md +++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md @@ -324,7 +324,7 @@ You may want to disable specific applications in your Office App-V package. For - + Lync 2013 @@ -362,10 +362,10 @@ You may want to disable shortcuts for certain Office applications instead of unp Microsoft.Office.MSACCESS.EXE.15 - true + true Build a professional app quickly to manage data. l - [{AppVPackageRoot}]\officel5\MSACCESS.EXE + [{AppVPackageRoot}]\office15\MSACCESS.EXE ``` 3. Save the Deployment Configuration File. diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md index 74b0b27728..f9239225d9 100644 --- a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md +++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md @@ -300,7 +300,7 @@ You can also disable specific applications in your Office App-V package. For exa 5. Add the Office 2016 App-V Package with the new Deployment Configuration File. ```XML - + Lync 2016 @@ -340,10 +340,10 @@ You may want to disable shortcuts for certain Office applications instead of unp Microsoft.Office.MSACCESS.EXE.16 - true + true Build a professional app quickly to manage data. l - [{AppVPackageRoot}]\officel6\MSACCESS.EXE + [{AppVPackageRoot}]\office16\MSACCESS.EXE ``` 3. Save the Deployment Configuration File. diff --git a/windows/application-management/per-user-services-in-windows.md b/windows/application-management/per-user-services-in-windows.md index f6a1ae0b1d..53121c3c18 100644 --- a/windows/application-management/per-user-services-in-windows.md +++ b/windows/application-management/per-user-services-in-windows.md @@ -172,7 +172,7 @@ Set-Service -StartupType Disabled ## View per-user services in the Services console (services.msc) -As mentioned you can't view the template services in the Services console, but you can see the user-specific per-user services - they are displayed using the _LUID format (where LUID is the locally unique identifier). +As mentioned you can't view the template services in the Services console, but you can see the user-specific per-user services - they are displayed using the \_LUID format (where LUID is the locally unique identifier). For example, you might see the following per-user services listed in the Services console: diff --git a/windows/client-management/mdm/accountmanagement-ddf.md b/windows/client-management/mdm/accountmanagement-ddf.md index b5d6a4375c..1007c05b28 100644 --- a/windows/client-management/mdm/accountmanagement-ddf.md +++ b/windows/client-management/mdm/accountmanagement-ddf.md @@ -18,7 +18,7 @@ This topic shows the OMA DM device description framework (DDF) for the **Account The XML below is for Windows 10, version 1803. -``` syntax +```xml @@ -1663,7 +1663,7 @@ The following example for Windows 10, version 1607 denies known unenlightened Mi In this example, Contoso is the node name. We recommend using a GUID for this node. -``` syntax +```xml diff --git a/windows/client-management/mdm/assignedaccess-csp.md b/windows/client-management/mdm/assignedaccess-csp.md index 69ae1d1fb5..ed052860e4 100644 --- a/windows/client-management/mdm/assignedaccess-csp.md +++ b/windows/client-management/mdm/assignedaccess-csp.md @@ -134,7 +134,7 @@ Additionally, the Status payload includes the following fields: Supported operation is Get. **./Device/Vendor/MSFT/AssignedAccess/ShellLauncher** -Added in Windows 10,version 1803. This node accepts a ShellLauncherConfiguration xml as input. Click [link](#shelllauncherconfiguration-xsd) to see the schema. For more information, see [Shell Launcher](https://docs.microsoft.com/windows-hardware/customize/enterprise/shell-launcher). +Added in Windows 10,version 1803. This node accepts a ShellLauncherConfiguration xml as input. Click [link](#shelllauncherconfiguration-xsd) to see the schema. Shell Launcher V2 is introduced in Windows 10, version 1903 to support both UWP and Win32 apps as the custom shell. For more information, see [Shell Launcher](https://docs.microsoft.com/en-us/windows/configuration/kiosk-shelllauncher). > [!Note] > You cannot set both ShellLauncher and KioskModeApp at the same time on the device. @@ -844,6 +844,8 @@ Status Get ## ShellLauncherConfiguration XSD +Shell Launcher V2 uses a separate XSD and namespace for backward compatibility. The original V1 XSD has a reference to the V2 XSD. + ```xml + + @@ -875,6 +880,8 @@ Status Get + + @@ -885,10 +892,11 @@ Status Get - - + + + @@ -931,7 +939,7 @@ Status Get - + @@ -992,6 +1000,31 @@ Status Get ``` +### Shell Launcher V2 XSD + +```xml + + + + + + + + + + + + + + + +``` ## ShellLauncherConfiguration examples @@ -1112,6 +1145,61 @@ ShellLauncherConfiguration Add AutoLogon ``` +ShellLauncher V2 Add +``` + + + + 2 + + + ./Device/Vendor/MSFT/AssignedAccess/ShellLauncher + + + chr + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ]]> + + + + + + + +``` + ShellLauncherConfiguration Get ``` diff --git a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md index 6b89551570..5ae36d9c00 100644 --- a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md +++ b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md @@ -12,10 +12,6 @@ author: lomayor ms.date: 09/05/2017 --- - - - - # Azure Active Directory integration with MDM Azure Active Directory is the world largest enterprise cloud identity management service. It’s used by millions of organizations to access Office 365 and thousands of business applications from Microsoft and third party software as a service (SaaS) vendors. Many of the rich Windows 10 experiences for organizational users (such as store access or OS state roaming) use Azure AD as the underlying identity infrastructure. Windows 10 provides an integrated configuration experience with Azure AD, allowing devices to be registered in Azure AD and enrolled into MDM in a smooth integrated flow. diff --git a/windows/client-management/mdm/bitlocker-ddf-file.md b/windows/client-management/mdm/bitlocker-ddf-file.md index 0947f35b1a..bb69c429fb 100644 --- a/windows/client-management/mdm/bitlocker-ddf-file.md +++ b/windows/client-management/mdm/bitlocker-ddf-file.md @@ -22,7 +22,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic The XML below is the current version Windows 10, version 1809. -``` syntax +```xml diff --git a/windows/client-management/mdm/certificatestore-csp.md b/windows/client-management/mdm/certificatestore-csp.md index 514837edc2..4262590b10 100644 --- a/windows/client-management/mdm/certificatestore-csp.md +++ b/windows/client-management/mdm/certificatestore-csp.md @@ -196,7 +196,7 @@ Required. Specifies the root CA thumbprint. It is a 20-byte value of the SHA1 ce Supported operations are Get, Add, Delete, and Replace. **My/SCEP/*UniqueID*/Install/SubjectAlternativeNames** -Optional. Specifies the subject alternative name. Multiple alternative names can be specified. Each name is the combination of name format+actual name. Refer to the name type definition in MSDN. Each pair is separated by semicolon. For example, multiple subject alternative names are presented in the format **+**;**+**. Value type is chr. +Optional. Specifies the subject alternative name. Multiple alternative names can be specified. Each name is the combination of name format+actual name. Refer to the name type definition in MSDN. Each pair is separated by semicolon. For example, multiple subject alternative names are presented in the format *\*+*\*;*\*+*\*. Value type is chr. Supported operations are Get, Add, Delete, and Replace. diff --git a/windows/client-management/mdm/certificatestore-ddf-file.md b/windows/client-management/mdm/certificatestore-ddf-file.md index dfda88db79..248e475b20 100644 --- a/windows/client-management/mdm/certificatestore-ddf-file.md +++ b/windows/client-management/mdm/certificatestore-ddf-file.md @@ -21,7 +21,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic The XML below is the current version for this CSP. -``` syntax +```xml     - + diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md index 0fdd2a3569..fb7628c241 100644 --- a/windows/client-management/mdm/defender-ddf.md +++ b/windows/client-management/mdm/defender-ddf.md @@ -21,7 +21,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic The XML below is for Windows 10, version 1809. -``` syntax +```xml SyncML example diff --git a/windows/client-management/mdm/devicelock-ddf-file.md b/windows/client-management/mdm/devicelock-ddf-file.md index db0167e5b9..545ebcdb9b 100644 --- a/windows/client-management/mdm/devicelock-ddf-file.md +++ b/windows/client-management/mdm/devicelock-ddf-file.md @@ -17,7 +17,7 @@ ms.date: 06/26/2017 This topic shows the OMA DM device description framework (DDF) for the **DeviceLock** configuration service provider. DDF files are used only with OMA DM provisioning XML. -``` syntax +```xml @@ -192,7 +192,7 @@ You can use the DiagnosticLog CSP to enable the ETW provider. The provider ID is Add a collector node -``` syntax +```xml @@ -214,7 +214,7 @@ Add a collector node Add the ETW provider to the trace -``` syntax +```xml @@ -236,7 +236,7 @@ Add the ETW provider to the trace Start collector trace logging -``` syntax +```xml @@ -259,7 +259,7 @@ Start collector trace logging Stop collector trace logging -``` syntax +```xml @@ -314,7 +314,7 @@ For best results, ensure that the PC or VM on which you are viewing logs matches Here's an example of how to collect current MDM device state data using the [DiagnosticLog CSP](diagnosticlog-csp.md), version 1.3, which was added in Windows 10, version 1607. You can collect the file from the device using the same FileDownload node in the CSP as you do for the etl files. -``` syntax +```xml diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md index 2ef2e01721..98c675ebf6 100644 --- a/windows/client-management/mdm/diagnosticlog-csp.md +++ b/windows/client-management/mdm/diagnosticlog-csp.md @@ -121,7 +121,7 @@ Supported operations are Add, Delete, and Get. Add a collector -``` syntax +```xml @@ -143,7 +143,7 @@ Add a collector Delete a collector -``` syntax +```xml @@ -232,7 +232,7 @@ To stop the trace, running an execute command on this node with the value STOP. Start collector trace logging -``` syntax +```xml @@ -255,7 +255,7 @@ Start collector trace logging Stop collector trace logging -``` syntax +```xml @@ -301,7 +301,7 @@ Supported operations are Add, Delete, and Get. Add a provider -``` syntax +```xml @@ -323,7 +323,7 @@ Add a provider Delete a provider -``` syntax +```xml @@ -388,7 +388,7 @@ The following table lists the possible values. Set provider **TraceLevel** -``` syntax +```xml @@ -499,7 +499,7 @@ The following table lists the possible values. Default value is TRUE. Set provider **State** -``` syntax +```xml @@ -532,7 +532,7 @@ Supported operations are Add, Delete, and Get. Add a channel -``` syntax +```xml @@ -554,7 +554,7 @@ Add a channel Delete a channel -``` syntax +```xml @@ -578,7 +578,7 @@ The supported operation is Execute. Export channel event data -``` syntax +```xml @@ -606,7 +606,7 @@ Default value is empty string. Get channel **Filter** -``` syntax +```xml @@ -659,7 +659,7 @@ The following table lists the possible values. Get channel **State** -``` syntax +```xml @@ -678,7 +678,7 @@ Get channel **State** Set channel **State** -``` syntax +```xml @@ -707,7 +707,7 @@ Added in version 1.3 of the CSP in Windows 10, version 1607. Triggers the snapp The supported value is Execute. -``` syntax +```xml @@ -748,7 +748,7 @@ Supported operations are Get and Replace. Set **BlockSizeKB** -``` syntax +```xml @@ -771,7 +771,7 @@ Set **BlockSizeKB** Get **BlockSizeKB** -``` syntax +```xml @@ -797,7 +797,7 @@ The only supported operation is Get. Get **BlockCount** -``` syntax +```xml @@ -823,7 +823,7 @@ Supported operations are Get and Replace. Set **BlockIndexToRead** at 0 -``` syntax +```xml @@ -846,7 +846,7 @@ Set **BlockIndexToRead** at 0 Set **BlockIndexToRead** at 1 -``` syntax +```xml @@ -874,7 +874,7 @@ The only supported operation is Get. Get **BlockData** -``` syntax +```xml diff --git a/windows/client-management/mdm/dmacc-ddf-file.md b/windows/client-management/mdm/dmacc-ddf-file.md index 88579bda87..232f5672cd 100644 --- a/windows/client-management/mdm/dmacc-ddf-file.md +++ b/windows/client-management/mdm/dmacc-ddf-file.md @@ -21,7 +21,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic The XML below is the current version for this CSP. -``` syntax +```xml section of your current WLAN Profile XML (This is what you specify for the WLanXml node in the Wi-Fi CSP). Within these tags you will find the complete EAP configuration. Replace the section under with your updated XML and update your Wi-Fi profile. You might need to refer to your MDM’s guidance on how to deploy a new Wi-Fi profile. +- For Wi-Fi, look for the `` section of your current WLAN Profile XML (This is what you specify for the WLanXml node in the Wi-Fi CSP). Within these tags you will find the complete EAP configuration. Replace the section under `` with your updated XML and update your Wi-Fi profile. You might need to refer to your MDM’s guidance on how to deploy a new Wi-Fi profile. - For VPN, EAP Configuration is a separate field in the MDM Configuration. Work with your MDM provider to identify and update the appropriate Field. For information about EAP Settings, see diff --git a/windows/client-management/mdm/email2-ddf-file.md b/windows/client-management/mdm/email2-ddf-file.md index 3042c4df79..f24a64e3e3 100644 --- a/windows/client-management/mdm/email2-ddf-file.md +++ b/windows/client-management/mdm/email2-ddf-file.md @@ -21,7 +21,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic The XML below is the current version for this CSP. -``` syntax +```xml payload is \. Here is an example to disable AppVirtualiza The \ payload is empty. Here an example to set AppVirtualization/PublishingAllowServer2 to "Not Configured." -``` syntax +```xml diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md index d395f091cd..85e0516dfd 100644 --- a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md +++ b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md @@ -18,7 +18,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic ### EnrollmentStatusTracking CSP -``` syntax +```xml EnterpriseAPN CSP version 1.0 DDF -``` syntax +```xml EnterpriseAPN CSP version 1.1 DDF -``` syntax +```xml EnterpriseAPN CSP version 1.2 DDF -``` syntax +```xml node among with other nodes, it shares most grammar with the Application Node, **folderId** is mandatory, **folderName** is optional, which is the folder name displayed on Start. **folderId** is a unique unsigned integer for each folder. +Folder | A folder should be contained in `` node among with other `` nodes, it shares most grammar with the Application Node, **folderId** is mandatory, **folderName** is optional, which is the folder name displayed on Start. **folderId** is a unique unsigned integer for each folder. Folder example: ``` syntax @@ -422,7 +422,7 @@ To disable navigation buttons (such as Home or Back) in lockdown XML, you supply The following section contains a sample lockdown XML file that shows how to disable navigation buttons. -``` syntax +```xml @@ -521,7 +521,7 @@ The following sample file contains configuration for enabling tile manipulation. > [!NOTE] > Tile manipulation is disabled when you don’t have a `` node in lockdown XML, or if you have a `` node but don’t have the `` node. -``` syntax +```xml diff --git a/windows/client-management/mdm/enterpriseassignedaccess-ddf.md b/windows/client-management/mdm/enterpriseassignedaccess-ddf.md index 1620155242..e5392fcc55 100644 --- a/windows/client-management/mdm/enterpriseassignedaccess-ddf.md +++ b/windows/client-management/mdm/enterpriseassignedaccess-ddf.md @@ -19,7 +19,7 @@ This topic shows the OMA DM device description framework (DDF) for the **Enterpr Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). -``` syntax +```xml block of the AssignedAccessXML node. -``` syntax +```xml -**Accounts/DomainNamesForEmailSync** - - -

    assignedTo

    string

    Format = UPN (user

    Format = UPN (user@domain)

    dateAssigned
    - - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    cross markcheck markcheck markcheck markcheck markcheck markcheck mark
    - - - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
    - - - -Specifies a list of the domains that are allowed to sync email on the device. - -The data type is a string. - -The default value is an empty string, which allows all email accounts on the device to sync email. Otherwise, the string should contain a pipe-separated list of domains that are allowed to sync email on the device. For example, "contoso.com|fabrikam.net|woodgrove.gov". - - - - diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index 09d3644c12..7bbea44531 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -92,7 +92,7 @@ To create the SyncML, follow these steps: Here is an example output from the dism default association export command: -``` syntax +```xml @@ -111,7 +111,7 @@ PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxEZWZhdWx0QXNzb2NpYXRpb25z Here is the SyncMl example: -``` syntax +```xml diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md index 772d25390b..8e0abebf9d 100644 --- a/windows/client-management/mdm/policy-csp-exploitguard.md +++ b/windows/client-management/mdm/policy-csp-exploitguard.md @@ -82,7 +82,7 @@ ADMX Info: Here is an example: -``` syntax +```xml diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md index 4a64d0d55d..338d517c12 100644 --- a/windows/client-management/mdm/policy-csp-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-remoteassistance.md @@ -290,9 +290,9 @@ If you enable this policy setting, you have two ways to allow helpers to provide To configure the list of helpers, click "Show." In the window that opens, you can enter the names of the helpers. Add each user or group one by one. When you enter the name of the helper user or user groups, use the following format: -\ or +`\` or -\ +`\` If you enable this policy setting, you should also enable firewall exceptions to allow Remote Assistance communications. The firewall exceptions required for Offer (Unsolicited) Remote Assistance depend on the version of Windows you are running. diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md index 4a7f1eebd5..7f5f4f91db 100644 --- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md +++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md @@ -222,7 +222,7 @@ ADMX Info: This policy setting specifies whether to prevent the mapping of client drives in a Remote Desktop Services session (drive redirection). -By default, an RD Session Host server maps client drives automatically upon connection. Mapped drives appear in the session folder tree in File Explorer or Computer in the format on . You can use this policy setting to override this behavior. +By default, an RD Session Host server maps client drives automatically upon connection. Mapped drives appear in the session folder tree in File Explorer or Computer in the format `` on ``. You can use this policy setting to override this behavior. If you enable this policy setting, client drive redirection is not allowed in Remote Desktop Services sessions, and Clipboard file copy redirection is not allowed on computers running Windows Server 2003, Windows 8, and Windows XP. diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 7fe7216b40..e4c57fa46a 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -2722,7 +2722,7 @@ The following list shows the supported values: Added in Windows 10, version 1703. Specifies the date and time when the IT admin wants to start pausing the Feature Updates. -Value type is string. Supported operations are Add, Get, Delete, and Replace. +Value type is string (yyyy-mm-dd, ex. 2018-10-28). Supported operations are Add, Get, Delete, and Replace. @@ -2835,7 +2835,7 @@ The following list shows the supported values: Added in Windows 10, version 1703. Specifies the date and time when the IT admin wants to start pausing the Quality Updates. -Value type is string. Supported operations are Add, Get, Delete, and Replace. +Value type is string (yyyy-mm-dd, ex. 2018-10-28). Supported operations are Add, Get, Delete, and Replace. diff --git a/windows/client-management/mdm/policy-ddf-file.md b/windows/client-management/mdm/policy-ddf-file.md index b95883e2bf..86b57361ab 100644 --- a/windows/client-management/mdm/policy-ddf-file.md +++ b/windows/client-management/mdm/policy-ddf-file.md @@ -32,7 +32,7 @@ You can download DDF files for various CSPs from [CSP DDF files download](config The XML below is the DDF for Windows 10, version 1903. -``` syntax +```xml @@ -449,7 +449,7 @@ Adding new configuration information for a H-SLP server for SUPL. Values in ital Adding a SUPL and a V2 UPL account to the same device. Values in italic must be replaced with correct settings for the mobile operator network. A valid binary blob must be included for the root certificate data value. -``` syntax +```xml diff --git a/windows/client-management/mdm/supl-ddf-file.md b/windows/client-management/mdm/supl-ddf-file.md index fd4eac6e4d..bf899e6c8e 100644 --- a/windows/client-management/mdm/supl-ddf-file.md +++ b/windows/client-management/mdm/supl-ddf-file.md @@ -23,7 +23,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic The XML below is for Windows 10, version 1809. -``` syntax +```xml Supported operations are Get and Add.

    Sample syncml: -

    +``` ./Vendor/MSFT/Update/ApprovedUpdates/%7ba317dafe-baf4-453f-b232-a7075efae36e%7d - +``` **ApprovedUpdates/*Approved Update Guid*/ApprovedTime**

    Specifies the time the update gets approved. @@ -166,7 +166,7 @@ If the conditions are not true, the device will not Roll Back the Latest Quality **Rollback/FeatureUpdate** Added in Windows 10, version 1803. Roll Back Latest Feature Update, if the machine meets the following conditions: -- Condition 1: Device must be Windows Update for Business Connnected +- Condition 1: Device must be Windows Update for Business Connected - Condition 2: Device must be in Paused State - Condition 3: Device must have the Latest Feature Update Installed on the device (Current State) - Condition 4: Machine should be within the uninstall period diff --git a/windows/client-management/mdm/update-ddf-file.md b/windows/client-management/mdm/update-ddf-file.md index ea12784169..731adeeb60 100644 --- a/windows/client-management/mdm/update-ddf-file.md +++ b/windows/client-management/mdm/update-ddf-file.md @@ -20,7 +20,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic The XML below is for Windows 10, version 1803. -``` syntax +```xml Roll Back Latest Feature Update, if the machine meets the following conditions: - Condition 1: Device must be WUfB Connnected + Condition 1: Device must be WUfB Connected Condition 2: Device must be in Paused State Condition 3: Device must have the Latest Feature Update Installed on the device (Current State) Condition 4: Machine should be within the uninstall period @@ -615,7 +615,7 @@ The XML below is for Windows 10, version 1803. - Returns the result of last RollBack QualityUpdate opearation. + Returns the result of last RollBack QualityUpdate operation. @@ -637,7 +637,7 @@ The XML below is for Windows 10, version 1803. - Returns the result of last RollBack FeatureUpdate opearation. + Returns the result of last RollBack FeatureUpdate operation. diff --git a/windows/client-management/mdm/vpn-ddf-file.md b/windows/client-management/mdm/vpn-ddf-file.md index 3e277d92c5..b3e8aef28c 100644 --- a/windows/client-management/mdm/vpn-ddf-file.md +++ b/windows/client-management/mdm/vpn-ddf-file.md @@ -17,7 +17,7 @@ ms.date: 06/26/2017 This topic shows the OMA DM device description framework (DDF) for the **VPN** configuration service provider. DDF files are used only with OMA DM provisioning XML. -``` syntax +```xml diff --git a/windows/client-management/mdm/wifi-csp.md b/windows/client-management/mdm/wifi-csp.md index 8b233ba1e3..7db7e01ffb 100644 --- a/windows/client-management/mdm/wifi-csp.md +++ b/windows/client-management/mdm/wifi-csp.md @@ -25,7 +25,7 @@ Programming considerations: - Because the Windows 10 Mobile emulator does not support Wi-Fi, you cannot test the Wi-Fi configuration with an emulator. You can still provision a Wi-Fi network using the WiFi CSP, then check it in the Wi-Fi settings page, but you cannot test the network connectivity in the emulator. - For WEP, WPA, and WPA2-based networks, include the passkey in the network configuration in plaintext. The passkey is encrypted automatically when it is stored on the device. - The SSID of the Wi-Fi network part of the LocURI node must be a valid URI based on RFC 2396. This requires that all non-ASCII characters must be escaped using a %-character. Unicode characters without the necessary escaping are not supported. -- The *name\_goes\_here* must match *name\_goes\_here*. +- The \*name\_goes\_here*\\ must match \\ *name\_goes\_here*\\. - For the WiFi CSP, you cannot use the Replace command unless the node already exists. - Using Proxyis only supported in Windows 10 Mobile. Using this configuration in Windows 10 for desktop editions (Home, Pro, Enterprise, and Education) will result in failure. @@ -43,10 +43,10 @@ Identifies the Wi-Fi network configuration. Each Wi-Fi network configuration is Supported operation is Get. -**** +**\** Specifies the name of the Wi-Fi network (32 bytes maximum) to create, configure, query, or delete. The name is case sensitive and can be represented in ASCII. The SSID is added when the WlanXML node is added. When the SSID node is deleted, then all the subnodes are also deleted. -SSID is the name of network you are connecting to, while Profile name is the name of the Profile which contains the WiFi settings information. If the Profile name is not set right in the MDM SyncML, as per the information in the WiFi settings XML, it could lead to some unexpected errors. For example, ./Vendor/MSFT/WiFi/Profile/<*MUST BE NAME OF PROFILE AS PER WIFI XML*>/WlanXml. +SSID is the name of network you are connecting to, while Profile name is the name of the Profile which contains the WiFi settings information. If the Profile name is not set right in the MDM SyncML, as per the information in the WiFi settings XML, it could lead to some unexpected errors. For example, \./Vendor/MSFT/WiFi/Profile/<*MUST BE NAME OF PROFILE AS PER WIFI XML*>/WlanXml\. The supported operations are Add, Get, Delete, and Replace. diff --git a/windows/client-management/mdm/wifi-ddf-file.md b/windows/client-management/mdm/wifi-ddf-file.md index dffd9c60c8..2c51e50a62 100644 --- a/windows/client-management/mdm/wifi-ddf-file.md +++ b/windows/client-management/mdm/wifi-ddf-file.md @@ -21,7 +21,7 @@ This topic shows the OMA DM device description framework (DDF) for the **WiFi** The XML below is for Windows 10, version 1809. -``` syntax +```xml Copy *.* D:\BootBackup Bcdboot <**OSDrive* >:\windows /s <**SYSTEMdrive* >: /f ALL ``` - For example: if we assign the ,System Drive> (WinRE drive) the letter R and the is the letter D, this command would be the following: + For example: if we assign the `` (WinRE drive) the letter R and the `` is the letter D, this command would be the following: ```cmd Bcdboot D:\windows /s R: /f ALL diff --git a/windows/client-management/troubleshoot-tcpip-rpc-errors.md b/windows/client-management/troubleshoot-tcpip-rpc-errors.md index 7022b0feb4..2d7183fc7b 100644 --- a/windows/client-management/troubleshoot-tcpip-rpc-errors.md +++ b/windows/client-management/troubleshoot-tcpip-rpc-errors.md @@ -156,7 +156,7 @@ Netsh trace stop Open the traces in [Microsoft Network Monitor 3.4](troubleshoot-tcpip-netmon.md) or Message Analyzer and filter the trace for -- Ipv4.address== and ipv4.address== and tcp.port==135 or just tcp.port==135 should help. +- `Ipv4.address==` and `ipv4.address==` and `tcp.port==135` or just `tcp.port==135` should help. - Look for the “EPM” Protocol Under the “Protocol” column. @@ -166,7 +166,7 @@ Open the traces in [Microsoft Network Monitor 3.4](troubleshoot-tcpip-netmon.md) - Check if we are connecting successfully to this Dynamic port successfully. -- The filter should be something like this: tcp.port== and ipv4.address== +- The filter should be something like this: `tcp.port==` and `ipv4.address==` ![Screenshot of Network Monitor with filter applied](images/tcp-ts-24.png) diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk-shelllauncher.md index 5d0f225bd4..327042ee5c 100644 --- a/windows/configuration/kiosk-shelllauncher.md +++ b/windows/configuration/kiosk-shelllauncher.md @@ -94,7 +94,7 @@ You can use XML and a [custom OMA-URI setting](#custom-oma-uri-setting) to confi The following XML sample works for **Shell Launcher v1**: -``` +```xml @@ -112,7 +112,7 @@ The following XML sample works for **Shell Launcher v1**: For **Shell Launcher v2**, you can use UWP app type for `Shell` by specifying the v2 namespace, and use `v2:AppType` to specify the type, as shown in the following example. If `v2:AppType` is not specified, it implies the shell is Win32 app. -``` +```xml @@ -150,7 +150,7 @@ For scripts for Shell Launcher v2, see [Shell Launcher v2 Bridge WMI sample scri For Shell Launcher v1, modify the following PowerShell script as appropriate. The comments in the sample script explain the purpose of each section and tell you where you will want to change the script for your purposes. Save your script with the extension .ps1, open Windows PowerShell as administrator, and run the script on the kiosk device. -``` +```powershell # Check if shell launcher license is enabled function Check-ShellLauncherLicenseEnabled { @@ -293,7 +293,7 @@ Value|Description 2|Shut down the device 3|Do nothing -These action can be used as default action, or can be mapped to a specific exit code. Refer to [Shell Launcher](https://docs.microsoft.com/en-us/windows-hardware/customize/enterprise/wesl-usersettingsetcustomshell) to see how these codes with Shell Launcher WMI. +These action can be used as default action, or can be mapped to a specific exit code. Refer to [Shell Launcher](https://docs.microsoft.com/windows-hardware/customize/enterprise/wesl-usersettingsetcustomshell) to see how these codes with Shell Launcher WMI. To configure these action with Shell Launcher CSP, use below syntax in the shell launcher configuration xml. You can specify at most 4 custom actions mapping to 4 exit codes, and one default action for all other exit codes. When app exits and if the exit code is not found in the custom action mapping, or there is no default action defined, it will be no-op, i.e. nothing happens. So it's recommeded to at least define DefaultAction. [Get XML examples for different Shell Launcher v2 configurations.](https://github.com/Microsoft/Windows-iotcore-samples/tree/develop/Samples/ShellLauncherV2) ``` xml diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md index cbfd69c344..a906cf7e68 100644 --- a/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md +++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md @@ -91,7 +91,7 @@ Universal apps that you can distribute in the provisioning package can be line-o 6. In the **Available customizations** pane, click the **LicenseProductId** that you just added. -7. For **LicenseInstall**, click **Browse**, navigate to the license file that you renamed **.**ms-windows-store-license**, and select the license file. +7. For **LicenseInstall**, click **Browse**, navigate to the license file that you renamed *\*.**ms-windows-store-license**, and select the license file. [Learn more about distributing offline apps from the Microsoft Store for Business.](/microsoft-store/distribute-offline-apps) diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md index 0529a3a1fb..b6d2e80dc0 100644 --- a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md +++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md @@ -27,7 +27,7 @@ In Windows 10, version 1703, you can install multiple Universal Windows Platform When you add an app in a Windows Configuration Designer wizard, the appropriate settings are displayed based on the app that you select. For instructions on adding an app using the advanced editor in Windows Configuration Designer, see [Add an app using advanced editor](#adv). >[!IMPORTANT] ->If you plan to use Intune to manage your devices, we recommend using Intune to install Office 365 ProPlus 2016 apps (Access, Excel, OneDrive for Business, OneNote, Outlook, PowerPoint, Publisher, Skype for Business, Word, Project Desktop Cilent, and Visio Pro for Office 365 ProPlus). Apps that are installed using a provisioning package cannot be managed or modified using Intune. [Learn how to assign Office 365 ProPlus 2016 apps using Microsoft Intune.](https://docs.microsoft.com/intune/apps-add-office365) +>If you plan to use Intune to manage your devices, we recommend using Intune to install Office 365 ProPlus 2016 apps (Access, Excel, OneDrive for Business, OneNote, Outlook, PowerPoint, Publisher, Skype for Business, Word, Project Desktop Client, and Visio Pro for Office 365 ProPlus). Apps that are installed using a provisioning package cannot be managed or modified using Intune. [Learn how to assign Office 365 ProPlus 2016 apps using Microsoft Intune.](https://docs.microsoft.com/intune/apps-add-office365) ## Settings for UWP apps @@ -103,7 +103,7 @@ Universal apps that you can distribute in the provisioning package can be line-o 6. In the **Available customizations** pane, click the **LicenseProductId** that you just added. -7. For **LicenseInstall**, click **Browse**, navigate to the license file that you renamed **.**ms-windows-store-license**, and select the license file. +7. For **LicenseInstall**, click **Browse**, navigate to the license file that you renamed *\*.**ms-windows-store-license**, and select the license file. [Learn more about distributing offline apps from the Microsoft Store for Business.](/microsoft-store/distribute-offline-apps) diff --git a/windows/configuration/provisioning-packages/provisioning-command-line.md b/windows/configuration/provisioning-packages/provisioning-command-line.md index 782997dd02..62e14f6e7a 100644 --- a/windows/configuration/provisioning-packages/provisioning-command-line.md +++ b/windows/configuration/provisioning-packages/provisioning-command-line.md @@ -44,7 +44,7 @@ icd.exe /Build-ProvisioningPackage /CustomizationXML: /PackagePath: | /CustomizationXML | No | Specifies the path to a Windows provisioning XML file that contains the customization assets and settings. For more information, see Windows provisioning answer file. | | /PackagePath | Yes | Specifies the path and the package name where the built provisioning package will be saved. | | /StoreFile | No


    See Important note. | For partners using a settings store other than the default store(s) used by Windows Configuration Designer, use this parameter to specify the path to one or more comma-separated Windows settings store file. By default, if you don't specify a settings store file, the settings store that's common to all Windows editions will be loaded by Windows Configuration Designer.


    **Important** If you use this parameter, you must not use /MSPackageRoot or /OEMInputXML. | -| /Variables | No | Specifies a semicolon separated and macro pair. The format for the argument must be =. | +| /Variables | No | Specifies a semicolon separated `` and `` macro pair. The format for the argument must be `=`. | | Encrypted | No | Denotes whether the provisioning package should be built with encryption. Windows Configuration Designer auto-generates the decryption password and includes this information in the output.


    Precede with + for encryption or - for no encryption. The default is no encryption. | | Overwrite | No | Denotes whether to overwrite an existing provisioning package.


    Precede with + to overwrite an existing package or - if you don't want to overwrite an existing package. The default is false (don't overwrite). | | /? | No | Lists the switches and their descriptions for the command-line tool or for certain commands. | diff --git a/windows/configuration/set-up-shared-or-guest-pc.md b/windows/configuration/set-up-shared-or-guest-pc.md index 2d3e412440..61ab4d40ae 100644 --- a/windows/configuration/set-up-shared-or-guest-pc.md +++ b/windows/configuration/set-up-shared-or-guest-pc.md @@ -189,7 +189,7 @@ On a desktop computer, navigate to **Settings** > **Accounts** > **Work ac ## Guidance for accounts on shared PCs * We recommend no local admin accounts on the PC to improve the reliability and security of the PC. -* When a PC is set up in shared PC mode with the default deletion policy, accounts will be cached automatically until disk space is low. Then, accounts will be deleted to reclaim disk space. This account managment happens automatically. Both Azure AD and Active Directory domain accounts are managed in this way. Any accounts created through **Guest** and **Kiosk** will be deleted automatically at sign out. +* When a PC is set up in shared PC mode with the default deletion policy, accounts will be cached automatically until disk space is low. Then, accounts will be deleted to reclaim disk space. This account management happens automatically. Both Azure AD and Active Directory domain accounts are managed in this way. Any accounts created through **Guest** and **Kiosk** will be deleted automatically at sign out. * On a Windows PC joined to Azure Active Directory: * By default, the account that joined the PC to Azure AD will have an admin account on that PC. Global administrators for the Azure AD domain will also have admin accounts on the PC. * With Azure AD Premium, you can specify which accounts have admin accounts on a PC using the **Additional administrators on Azure AD Joined devices** setting on the Azure portal. diff --git a/windows/configuration/ue-v/uev-application-template-schema-reference.md b/windows/configuration/ue-v/uev-application-template-schema-reference.md index 68f04ffda2..299ba40be7 100644 --- a/windows/configuration/ue-v/uev-application-template-schema-reference.md +++ b/windows/configuration/ue-v/uev-application-template-schema-reference.md @@ -643,7 +643,7 @@ This element defines the settings for a single application or a suite of applica Here is the SettingsLocationTemplate.xsd file showing its elements, child elements, attributes, and parameters: -``` syntax +```xml ; ) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.10166` -- is automatically replaced with the OEM name. This is the same as the PhoneManufacturer setting value that is set as part of the customization Phone metadata in DeviceTargetingInfo. -- is replaced with the device name or phone name. This is the same as the PhoneModelName setting value that is set as part of the customization Phone metadata in DeviceTargetingInfo. +- `` is automatically replaced with the OEM name. This is the same as the PhoneManufacturer setting value that is set as part of the customization Phone metadata in DeviceTargetingInfo. +- `` is replaced with the device name or phone name. This is the same as the PhoneModelName setting value that is set as part of the customization Phone metadata in DeviceTargetingInfo. **Limitations and restrictions:** diff --git a/windows/configuration/wcd/wcd-messaging.md b/windows/configuration/wcd/wcd-messaging.md index df739bb51d..9dd957088d 100644 --- a/windows/configuration/wcd/wcd-messaging.md +++ b/windows/configuration/wcd/wcd-messaging.md @@ -338,7 +338,7 @@ By default, this string has the format WindowsPhoneMMS/MicrosoftMMSVersionNumber | ADDR | Specify the absolute MMSC URL. The possible values to configure the ADDR parameter are:

    - A Uniform Resource Identifier (URI)
    - An IPv4 address represented in decimal format with dots as delimiters
    - A fully qualified Internet domain name | | APPID | Set to `w4`. | | MS | (optional) Specify the maximum size of MMS, in KB. If the value is not a number, or is less than or equal to 10, it will be ignored and outgoing MMS will not be resized. | -| NAME | (optional) Enter user–readable application identity. This parameter is also used to define part of the registry path for the APPLICATION parameters. The possible values to configure the **NAME** parameter are:

    - Character string containing the name
    - no value specified

    If no value is specified, the registry location will default to . If **NAME** is greater than 40 characters, it will be truncated to 40 characters. | +| NAME | (optional) Enter user–readable application identity. This parameter is also used to define part of the registry path for the APPLICATION parameters. The possible values to configure the **NAME** parameter are:

    - Character string containing the name
    - no value specified

    If no value is specified, the registry location will default to ``. If **NAME** is greater than 40 characters, it will be truncated to 40 characters. | | TONAPID | Specify the network access point identification name (NAPID) defined in the provisioning file. This parameter takes a string value. It is only possible to refer to network access points defined within the same provisioning file (except if the INTERNET attribute is set in the NAPDEF characteristic). For more information about the NAPDEF characteristic, see [NAPDEF configuration service provider](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/napdef-csp). | | TOPROXY | Specify one logical proxy with a matching PROXY-ID. It is only possible to refer to proxies defined within the same provisioning file. Only one proxy can be listed. The TO-PROXY value must be set to the value of the PROXY ID in PXLOGICAL that defines the MMS specific-proxy. | diff --git a/windows/configuration/wcd/wcd-policies.md b/windows/configuration/wcd/wcd-policies.md index be459e9731..5ccfcbb449 100644 --- a/windows/configuration/wcd/wcd-policies.md +++ b/windows/configuration/wcd/wcd-policies.md @@ -117,7 +117,7 @@ This section describes the **Policies** settings that you can configure in [prov | [AllowWebContentOnNewTabPage](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage) | Specify whether a New tab page opens with the default content or a blank page. | X | X | X | | X | [AlwaysEnableBooksLibrary](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) | Always show the Books Library in Microsoft Edge. | X | X | | | | | [ClearBrowsingDataOnExit](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-clearbrowsingdataonexit) | Specify whether to clear browsing data when exiting Microsoft Edge. | X | | | | | -| [ConfigureAdditionalSearchEngines](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-configureadditionalsearchengines) | Allows you to add up to 5 addtional search engines for MDM-enrolled devices. | X | X | X | | X | +| [ConfigureAdditionalSearchEngines](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-configureadditionalsearchengines) | Allows you to add up to 5 additional search engines for MDM-enrolled devices. | X | X | X | | X | | [ConfigureFavoritesBar](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar) | Specify whether the Favorites bar is shown or hidden on all pages. | X | | | | | | [ConfigureHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) | Configure whether the Home button will be shown, and what should happen when it is selected. You should also configure the [SetHomeButtonURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) setting. To configure this setting and also allow users to make changes to the Home button, see the [UnlockHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) setting. | X | | | | | | [ConfigureKioskMode](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode) | Configure how Microsoft Edge operates when it's running in kiosk mode, either as a single-app kiosk or as one of multiple apps running on the kiosk device. | X | | | | | diff --git a/windows/deployment/add-store-apps-to-image.md b/windows/deployment/add-store-apps-to-image.md index d39bede8cc..dfeaba4ae4 100644 --- a/windows/deployment/add-store-apps-to-image.md +++ b/windows/deployment/add-store-apps-to-image.md @@ -58,7 +58,7 @@ On a test machine: 1. **Install the Microsoft Store for Business application you previously added** to your image. 2. **Pin these apps to the Start screen**, by typing the name of the app, right-clicking and selecting **Pin to Start**. 3. Open Windows PowerShell with administrator privileges. -4. Use `Export-StartLayout -path .xml` where ** is the path and name of the xml file your will later import into your Windows Image. +4. Use `Export-StartLayout -path .xml` where *\\* is the path and name of the xml file your will later import into your Windows Image. 5. Copy the XML file you created to a location accessible by the machine you previously used to add Store applications to your image. Now, on the machine where your image file is accessible: diff --git a/windows/deployment/update/device-health-using.md b/windows/deployment/update/device-health-using.md index 96987d01b7..72d8385c62 100644 --- a/windows/deployment/update/device-health-using.md +++ b/windows/deployment/update/device-health-using.md @@ -188,7 +188,7 @@ To work around this, click the **App Reliability** tab above the results to see #### Clicking "See all…" from the App Reliability Events blade followed by clicking an app from the expanded list results in raw records instead of the App Reliability view To work around this, replace all of the text in the Log Search query box with the following: -*DHAppReliability | where AppFileDisplayName == ""* +*DHAppReliability | where AppFileDisplayName == "\"* For example: diff --git a/windows/deployment/update/feature-update-maintenance-window.md b/windows/deployment/update/feature-update-maintenance-window.md index 453f81384b..df669aaff6 100644 --- a/windows/deployment/update/feature-update-maintenance-window.md +++ b/windows/deployment/update/feature-update-maintenance-window.md @@ -27,8 +27,8 @@ Use the following information to deploy feature updates during a maintenance win 1. In the Configuration Manager console, choose **Assets and Compliance> Device Collections**. 2. In the **Device Collections** list, select the collection for which you intended to deploy the feature update(s). 3. On the **Home** tab, in the **Properties** group, choose **Properties**. -4. In the **Maintenance Windows** tab of the Properties dialog box, choose the New icon. -5. Complete the Schedule dialog. +4. In the **Maintenance Windows** tab of the `` Properties dialog box, choose the New icon. +5. Complete the `` Schedule dialog. 6. Select from the Apply this schedule to drop-down list. 7. Choose **OK** and then close the **\ Properties** dialog box. diff --git a/windows/deployment/update/update-compliance-wd-av-status.md b/windows/deployment/update/update-compliance-wd-av-status.md index 2298c263fd..962f5cdcfd 100644 --- a/windows/deployment/update/update-compliance-wd-av-status.md +++ b/windows/deployment/update/update-compliance-wd-av-status.md @@ -36,3 +36,7 @@ Here are some important terms to consider when using the Windows Defender AV Sta ## Windows Defender data latency Because of the way Windows Defender is associated with the rest of Windows device data, Defender data for new devices might take much longer to appear than other data types. This process could take up to 28 days. + +## Related topics + +- [Windows Defender Antivirus pre-requisites](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting#confirm-pre-requisites) diff --git a/windows/deployment/update/windows-update-errors.md b/windows/deployment/update/windows-update-errors.md index 54c06b6319..7d473f04c2 100644 --- a/windows/deployment/update/windows-update-errors.md +++ b/windows/deployment/update/windows-update-errors.md @@ -26,8 +26,8 @@ The following table provides information about common errors you might run into | 0x80242006 | WU_E_UH_INVALIDMETADATA | A handler operation could not be completed because the update contains invalid metadata. | Rename Software Redistribution Folder and attempt to download the updates again:
    Rename the following folders to \*.BAK:
    - %systemroot%\system32\catroot2

    To do this, type the following commands at a command prompt. Press ENTER after you type each command.
    - Ren %systemroot%\SoftwareDistribution\DataStore \*.bak
    - Ren %systemroot%\SoftwareDistribution\Download \*.bak
    Ren %systemroot%\system32\catroot2 \*.bak | | 0x80070BC9 | ERROR_FAIL_REBOOT_REQUIRED | The requested operation failed. A system reboot is required to roll back changes made. | Ensure that we do not have any policies that control the start behavior for the Windows Module Installer. This service should not be hardened to any start value and should be managed by the OS. | | 0x80200053 | BG_E_VALIDATION_FAILED | NA | Ensure that there is no Firewalls that filter downloads. The Firewall filtering may lead to invalid responses being received by the Windows Update Client.

    If the issue still persists, run the [WU reset script](https://gallery.technet.microsoft.com/scriptcenter/Reset-Windows-Update-Agent-d824badc). | -| 0x80072EE2 | WININET_E_TIMEOUT | The operation timed out | This error message can be caused if the computer isn't connected to Internet. To fix this issue, following these steps: make sure these URLs are not blocked:
    http://.update.microsoft.com
    https://    .update.microsoft.com


    Additionally , you can take a network trace and see what is timing out. | -| 0x80072EFD
    0x80072EFE 
    0x80D02002 | TIME OUT ERRORS | The operation timed out | Make sure there are no firewall rules or proxy to block Microsoft download URLs.
    Take a network monitor trace to understand better. | +| 0x80072EE2 | WININET_E_TIMEOUT | The operation timed out | This error message can be caused if the computer isn't connected to Internet. To fix this issue, following these steps: make sure these URLs are not blocked:
    http://.update.microsoft.com
    https://    .update.microsoft.com


    Additionally , you can take a network trace and see what is timing out. \ | +| 0x80072EFD
    0x80072EFE 
    0x80D02002 | TIME OUT ERRORS | The operation timed out | Make sure there are no firewall rules or proxy to block Microsoft download URLs.
    Take a network monitor trace to understand better. \ | | 0X8007000D | ERROR_INVALID_DATA | Indicates invalid data downloaded or corruption occurred. | Attempt to re-download the update and initiate installation. | | 0x8024A10A | USO_E_SERVICE_SHUTTING_DOWN | Indicates that the WU Service is shutting down. | This may happen due to a very long period of time of inactivity, a system hang leading to the service being idle and leading to the shutdown of the service. Ensure that the system remains active and the connections remain established to complete the upgrade. | | 0x80240020 | WU_E_NO_INTERACTIVE_USER | Operation did not complete because there is no logged-on interactive user. | Please login to the system to initiate the installation and allow the system to be rebooted. | diff --git a/windows/deployment/upgrade/log-files.md b/windows/deployment/upgrade/log-files.md index fdcd498da9..2344d36ef8 100644 --- a/windows/deployment/upgrade/log-files.md +++ b/windows/deployment/upgrade/log-files.md @@ -142,7 +142,7 @@ Therefore, Windows Setup failed because it was not able to migrate the corrupt f 27:00, Info [0x0803e5] MIG Not unmapping HKCU\Software\Classes; it is not mapped 27:00, Info [0x0803e5] MIG Not unmapping HKCU; it is not mapped 27:00, Info SP ExecuteProgress: Elapsed events:1 of 4, Percent: 12 -27:00, Info [0x0802c6] MIG Processing GATHER for migration unit: \UpgradeFramework (CMXEAgent) +27:00, Info [0x0802c6] MIG Processing GATHER for migration unit: <System>\UpgradeFramework (CMXEAgent) 27:08, Error SP Error READ, 0x00000570 while gathering/applying object: File, C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Will return 0[gle=0x00000570] 27:08, Error MIG Error 1392 while gathering object C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Shell application requested abort![gle=0x00000570] 27:08, Info SP ExecuteProgress: Elapsed events:2 of 4, Percent: 25 diff --git a/windows/deployment/upgrade/setupdiag.md b/windows/deployment/upgrade/setupdiag.md index a938d6cf16..8c44441ec6 100644 --- a/windows/deployment/upgrade/setupdiag.md +++ b/windows/deployment/upgrade/setupdiag.md @@ -404,9 +404,9 @@ Refer to https://docs.microsoft.com/windows/deployment/upgrade/upgrade-error-cod ### XML log sample -``` +```xml - + 1.5.0.0 FindSPFatalError A4028172-1B09-48F8-AD3B-86CDD7D55852 @@ -449,7 +449,7 @@ Error: 0x00000057 LogEntry: 2019-06-06 21:47:11, Error SP Error converting install time 5/2/2019 to structure[gle=0x00000057] LogEntry: 2019-06-06 21:47:11, Error SP Error converting install time 5/2/2019 to structure[gle=0x00000057] -Refer to "https://docs.microsoft.com/en-us/windows/desktop/Debug/system-error-codes" for error information. +Refer to "https://docs.microsoft.com/windows/desktop/Debug/system-error-codes" for error information. Err = 0x00000057, LastOperation = Gather data, scope: EVERYTHING, LastPhase = Downlevel ``` diff --git a/windows/deployment/upgrade/upgrade-readiness-deployment-script.md b/windows/deployment/upgrade/upgrade-readiness-deployment-script.md index 83db3a42b1..9e087abb3e 100644 --- a/windows/deployment/upgrade/upgrade-readiness-deployment-script.md +++ b/windows/deployment/upgrade/upgrade-readiness-deployment-script.md @@ -179,5 +179,5 @@ Error creating or updating registry key: **CommercialId** at **HKLM:\SOFTWARE\Mi > > Then run the Enterprise Config script (RunConfig.bat) again. > -> If the script still fails, then send mail to uasupport@microsoft.com including log files from the RunConfig.bat script. These log files are stored on the drive that is specified in the RunConfig.bat file. By default this is set to **%SystemDrive%\UADiagnostics**. The log file is named with the format **UA_yyyy_mm_dd_hh_mm_ss_machineID.txt**. There will be some additional logs generated under your **\Windows\Temp** directory with the names similar to **AslLog_....txt**. You should send those logs as well. +> If the script still fails, then send mail to uasupport@microsoft.com including log files from the RunConfig.bat script. These log files are stored on the drive that is specified in the RunConfig.bat file. By default this is set to **%SystemDrive%\UADiagnostics**. The log file is named with the format **UA_yyyy_mm_dd_hh_mm_ss_machineID.txt**. There will be some additional logs generated under your **\\Windows\Temp** directory with the names similar to **AslLog_....txt**. You should send those logs as well. diff --git a/windows/deployment/usmt/usmt-configxml-file.md b/windows/deployment/usmt/usmt-configxml-file.md index c1fea98e25..8e536f61c9 100644 --- a/windows/deployment/usmt/usmt-configxml-file.md +++ b/windows/deployment/usmt/usmt-configxml-file.md @@ -383,7 +383,7 @@ Syntax: ``` ` Refer to the following sample Config.xml file for additional details about items you can choose to exclude from a migration. -``` syntax +```xml diff --git a/windows/deployment/usmt/usmt-custom-xml-examples.md b/windows/deployment/usmt/usmt-custom-xml-examples.md index a0fa56bd65..39269803a9 100644 --- a/windows/deployment/usmt/usmt-custom-xml-examples.md +++ b/windows/deployment/usmt/usmt-custom-xml-examples.md @@ -134,7 +134,7 @@ The following is a custom .xml file named CustomFile.xml that migrates My Videos -``` syntax +```xml diff --git a/windows/deployment/usmt/usmt-estimate-migration-store-size.md b/windows/deployment/usmt/usmt-estimate-migration-store-size.md index 581f97e79a..0c2253be96 100644 --- a/windows/deployment/usmt/usmt-estimate-migration-store-size.md +++ b/windows/deployment/usmt/usmt-estimate-migration-store-size.md @@ -90,7 +90,7 @@ To preserve the functionality of existing applications or scripts that require t The space requirements report provides two elements, <**storeSize**> and <**temporarySpace**>. The <**temporarySpace**> value shows the disk space, in bytes, that USMT uses to operate during the migration—this does not include the minimum 250 MB needed to support USMT. The <**storeSize**> value shows the disk space, in bytes, required to host the migration store contents on both the source and destination computers. The following example shows a report generated using **/p:***<path to a file>*. -``` syntax +```xml diff --git a/windows/deployment/usmt/usmt-log-files.md b/windows/deployment/usmt/usmt-log-files.md index 34f4626318..fad90a25bf 100644 --- a/windows/deployment/usmt/usmt-log-files.md +++ b/windows/deployment/usmt/usmt-log-files.md @@ -272,7 +272,7 @@ The directory of **C:\\data\\New Folder** contains: To migrate these files you author the following migration XML: -``` syntax +```xml @@ -368,7 +368,7 @@ The **C:\\Data\\New Folder\\** contains: You author the following migration XML: -``` syntax +```xml @@ -422,7 +422,7 @@ However, upon testing the migration you notice that all the text files are still Upon reviewing the diagnostic log, you confirm that the files are still migrating, and that it is a problem with the authored migration XML rule. You author an update to the migration XML script as follows: -``` syntax +```xml diff --git a/windows/deployment/windows-10-poc-sc-config-mgr.md b/windows/deployment/windows-10-poc-sc-config-mgr.md index 303b19e350..1473adef20 100644 --- a/windows/deployment/windows-10-poc-sc-config-mgr.md +++ b/windows/deployment/windows-10-poc-sc-config-mgr.md @@ -306,7 +306,7 @@ This section contains several procedures to support Zero Touch installation with WDSUTIL /Set-Server /AnswerClients:None ``` -1. Deterime the MAC address of the internal network adapter on SRV1. To determine this, type the following command at an elevated Windows PowerShell prompt on SRV1: +1. Determine the MAC address of the internal network adapter on SRV1. To determine this, type the following command at an elevated Windows PowerShell prompt on SRV1: ``` (Get-NetAdapter "Ethernet").MacAddress @@ -793,7 +793,7 @@ In this first deployment scenario, we will deploy Windows 10 using PXE. This sce ## Replace a client with Windows 10 using Configuration Manager ->Before starting this section, you can delete computer objects from Active Directory that were created as part of previous deployment procedures. Use the Active Directory Users and Computers console on DC1 to remove stale entries under contoto.com\Computers, but do not delete the computer account (hostname) for PC1. There should be at least two computer accounts present in the contoso.com\Computers container: one for SRV1, and one for the hostname of PC1. It is not required to delete the stale entries, this is only done to remove clutter. +>Before starting this section, you can delete computer objects from Active Directory that were created as part of previous deployment procedures. Use the Active Directory Users and Computers console on DC1 to remove stale entries under contoso.com\Computers, but do not delete the computer account (hostname) for PC1. There should be at least two computer accounts present in the contoso.com\Computers container: one for SRV1, and one for the hostname of PC1. It is not required to delete the stale entries, this is only done to remove clutter. ![contoso.com\Computers](images/poc-computers.png) @@ -840,7 +840,7 @@ Set-VMNetworkAdapter -VMName PC4 -StaticMacAddress 00-15-5D-83-26-FF Checkpoint-VM -Name PC1 -SnapshotName BeginState ``` -3. On SRV1, in the Configuration Manager console, in the Administration workspace, expand **Hierarcy Configuration** and click on **Discovery Methods**. +3. On SRV1, in the Configuration Manager console, in the Administration workspace, expand **Hierarchy Configuration** and click on **Discovery Methods**. 4. Double-click **Active Directory System Discovery** and on the **General** tab select the **Enable Active Directory System Discovery** checkbox. 5. Click the yellow starburst, click **Browse**, select **contoso\Computers**, and then click **OK** three times. 6. When a popup dialog box asks if you want to run full discovery, click **Yes**. @@ -930,7 +930,7 @@ Set-VMNetworkAdapter -VMName PC4 -StaticMacAddress 00-15-5D-83-26-FF 4. In the Software Library workspace, expand **Operating Systems**, click **Task Sequences**, right-click **Windows 10 Enterprise x64** and then click **Deploy**. -5. Use the following settings in the Deploy Sofware wizard: +5. Use the following settings in the Deploy Software wizard: - General > Collection: Click Browse and select **Install Windows 10 Enterprise x64**
    - Deployment Settings > Purpose: **Available**
    - Deployment Settings > Make available to the following: **Configuration Manager clients, media and PXE**
    @@ -1052,8 +1052,8 @@ In the Configuration Manager console, in the Software Library workspace under Op 1. On SRV1, in the Assets and Compliance workspace, click **Device Collections** and then double-click **Install Windows 10 Enterprise x64**. 2. Right-click the computer account for PC1, point to **Client Notification**, click **Download Computer Policy**, and click **OK** in the popup dialog box. -3. On PC1, in the notification area, click **New sofware is available** and then click **Open Sofware Center**. -4. In the Sofware Center, click **Operating Systems**, click **Windows 10 Enterprise x64**, click **Install** and then click **INSTALL OPERATING SYSTEM**. See the following example: +3. On PC1, in the notification area, click **New software is available** and then click **Open Software Center**. +4. In the Software Center, click **Operating Systems**, click **Windows 10 Enterprise x64**, click **Install** and then click **INSTALL OPERATING SYSTEM**. See the following example: ![installOS](images/sccm-install-os.png) diff --git a/windows/deployment/windows-autopilot/enrollment-status.md b/windows/deployment/windows-autopilot/enrollment-status.md index dd731fbc59..25a363fea8 100644 --- a/windows/deployment/windows-autopilot/enrollment-status.md +++ b/windows/deployment/windows-autopilot/enrollment-status.md @@ -35,7 +35,7 @@ The ESP will track the installation of applications, security policies, certific The Enrollment Status Page tracks a subset of the available MDM CSP policies that are delivered to the device as part of the complete device configuration process. The specific types of policies that are tracked include: - Certain types of app installations. - - Enterprise modern apps (Appx/MSIX) installed by the [Enterprise Modern App Managment CSP](https://docs.microsoft.com/windows/client-management/mdm/enterprisemodernappmanagement-csp). + - Enterprise modern apps (Appx/MSIX) installed by the [Enterprise Modern App Management CSP](https://docs.microsoft.com/windows/client-management/mdm/enterprisemodernappmanagement-csp). - Enterprise desktop apps (single-file MSIs) installed by the [Enterprise Desktop App Management CSP](https://docs.microsoft.com/windows/client-management/mdm/enterprisedesktopappmanagement-csp). - Certain device configuration policies. The following types of policies and installations are not tracked: diff --git a/windows/deployment/windows-autopilot/existing-devices.md b/windows/deployment/windows-autopilot/existing-devices.md index c177340864..3d3883c068 100644 --- a/windows/deployment/windows-autopilot/existing-devices.md +++ b/windows/deployment/windows-autopilot/existing-devices.md @@ -62,7 +62,7 @@ See the following examples. #### Install required modules - ``` + ```powershell Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force Install-Module AzureAD -Force Install-Module WindowsAutopilotIntune -Force @@ -71,7 +71,7 @@ See the following examples. 3. Enter the following lines and provide Intune administrative credentials - In the following command, replace the example user principal name for Azure authentication (admin@M365x373186.onmicrosoft.com) with your user account. Be sure that the user account you specify has sufficient administrative rights. - ``` + ```powershell Connect-AutopilotIntune -user admin@M365x373186.onmicrosoft.com ``` The password for your account will be requested using a standard Azure AD form. Type your password and then click **Sign in**. @@ -87,7 +87,7 @@ See the following examples. #### Retrieve profiles in Autopilot for existing devices JSON format - ``` + ```powershell Get-AutopilotProfile | ConvertTo-AutopilotConfigurationJSON ``` @@ -126,7 +126,7 @@ See the following examples. 5. The Autopilot profile must be saved as a JSON file in ASCII or ANSI format. Windows PowerShell defaults to Unicode format, so if you attempt to redirect output of the commands to a file, you must also specify the file format. For example, to save the file in ASCII format using Windows PowerShell, you can create a directory (ex: c:\Autopilot) and save the profile as shown below: (use the horizontal scroll bar at the bottom if needed to view the entire command string) - ``` + ```powershell Get-AutopilotProfile | ConvertTo-AutopilotConfigurationJSON | Out-File c:\Autopilot\AutopilotConfigurationFile.json -Encoding ASCII ``` **IMPORTANT**: The file name must be named **AutopilotConfigurationFile.json** in addition to being encoded as ASCII/ANSI. @@ -302,7 +302,7 @@ The Task Sequence will download content, reboot, format the drives and install W ![refresh-3](images/up-3.png) >[!NOTE] ->If joining devices to Active Directory (Hybrid Azure AD Join), it is necessary to create a Domain Join device configuration profile that is targeted to "All Devices" (since there is no Azure Active Directory device object for the computer to do group-based targeting). See [User-driven mode for hybrid Azure Active Directory join](https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/user-driven#user-driven-mode-for-hybrid-azure-active-directory-join) for more information. +>If joining devices to Active Directory (Hybrid Azure AD Join), it is necessary to create a Domain Join device configuration profile that is targeted to "All Devices" (since there is no Azure Active Directory device object for the computer to do group-based targeting). See [User-driven mode for hybrid Azure Active Directory join](https://docs.microsoft.com/windows/deployment/windows-autopilot/user-driven#user-driven-mode-for-hybrid-azure-active-directory-join) for more information. ### Register the device for Windows Autopilot diff --git a/windows/deployment/windows-autopilot/known-issues.md b/windows/deployment/windows-autopilot/known-issues.md index 4495c6c055..3e55879db7 100644 --- a/windows/deployment/windows-autopilot/known-issues.md +++ b/windows/deployment/windows-autopilot/known-issues.md @@ -24,13 +24,15 @@ ms.topic: article
    IssueMore information +
    White glove gives a red screen and the Microsoft-Windows-User Device Registration/Admin event log displays HResult error code 0x801C03F3This can happen if Azure AD can’t find an AAD device object for the device that you are trying to deploy. This will occur if you manually delete the object. To fix it, remove the device from AAD, Intune, and Autopilot, then re-register it with Autopilot, which will recreate the AAD device object.
    +
    To obtain troubleshooting logs use: Mdmdiagnosticstool.exe -area Autopilot;TPM -cab c:\autopilot.cab
    White glove gives a red screenWhite glove is not supported on a VM.
    Error importing Windows Autopilot devices from a .csv fileEnsure that you have not edited the .csv file in Microsoft Excel or an editor other than Notepad. Some of these editors can introduce extra characters causing the file format to be invalid.
    Windows Autopilot for existing devices does not follow the Autopilot OOBE experience.Ensure that the JSON profile file is saved in ANSI/ASCII format, not Unicode or UTF-8.
    Something went wrong is displayed page during OOBE.The client is likely unable to access all the required AAD/MSA-related URLs. For more information, see Networking requirements.
    - ## Related topics +[Diagnose MDM failures in Windows 10](https://docs.microsoft.com/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10)
    [Troubleshooting Windows Autopilot](troubleshooting.md) \ No newline at end of file diff --git a/windows/deployment/windows-autopilot/troubleshooting.md b/windows/deployment/windows-autopilot/troubleshooting.md index 52b66ab257..ece1531dec 100644 --- a/windows/deployment/windows-autopilot/troubleshooting.md +++ b/windows/deployment/windows-autopilot/troubleshooting.md @@ -113,4 +113,9 @@ If you need to reboot a computer during OOBE: - Press Shift-F10 to open a command prompt. - Enter **shutdown /r /t 0** to restart immediately, or **shutdown /s /t 0** to shutdown immediately. -For more information, see [Windows Setup Command-Line Options](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-command-line-options). \ No newline at end of file +For more information, see [Windows Setup Command-Line Options](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-command-line-options). + +## Related topics + +[Windows Autopilot - known issues](known-issues.md)
    +[Diagnose MDM failures in Windows 10](https://docs.microsoft.com/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10)
    diff --git a/windows/hub/windows-10.yml b/windows/hub/windows-10.yml index a981edf38a..e858c87806 100644 --- a/windows/hub/windows-10.yml +++ b/windows/hub/windows-10.yml @@ -40,7 +40,7 @@ sections: - items: - type: markdown text: " - Get answers to commom questions, or get help with a specific problem.
    + Get answers to common questions, or get help with a specific problem.
    Windows 10 FAQ for IT Pros
    Windows 10 forums
    Windows 10 TechCommunity
    Which edition is right for your organization?
    Infrastructure requirements
    What's Windows as a service?
    Windows 10 Mobile deployment and management guide
    " diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 98ab45165f..6130327341 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -41,7 +41,7 @@ Applying the Windows Restricted Traffic Limited Functionality Baseline is the sa It is recommended that you restart a device after making configuration changes to it. Note that **Get Help** and **Give us Feedback** links no longer work after the Windows Restricted Traffic Limited Functionality Baseline is applied. -To use Microsoft InTune cloud based device managment for restricting traffic please refer to the [Manage connections from Windows operating system components to Microsoft services using MDM](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-mdm). +To use Microsoft InTune cloud based device management for restricting traffic please refer to the [Manage connections from Windows operating system components to Microsoft services using MDM](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-mdm). We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting telmhelp@microsoft.com. @@ -604,7 +604,7 @@ For a complete list of the Microsoft Edge policies, see [Available policies for ### 14. Network Connection Status Indicator -Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to http://www.msftconnecttest.com/connecttest.txt to determine if the device can communicate with the Internet. For more info about NCSI, see [The Network Connection Status Icon](http://blogs.technet.com/b/networking/archive/2012/12/20/the-network-connection-status-icon.aspx). +Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to http://www.msftconnecttest.com/connecttest.txt to determine if the device can communicate with the Internet. For more info about NCSI, see [The Network Connection Status Icon](https://techcommunity.microsoft.com/t5/Networking-Blog/bg-p/NetworkingBlog). In versions of Windows 10 prior to Windows 10, version 1607 and Windows Server 2016, the URL was `http://www.msftncsi.com`. @@ -1465,7 +1465,7 @@ To turn this Off in the UI: ### 18.23 Voice Activation -In the **Vocie activation** area, you can choose turn Off apps ability to listen for a Voice keyword. +In the **Voice activation** area, you can choose turn Off apps ability to listen for a Voice keyword. To turn this Off in the UI: @@ -1671,7 +1671,7 @@ In Group Policy, configure: -OR- -- Create a REG_DWORD registry setting named **EnableSmartScreen** in **HKEY_LOCAL_MACHINE\\Sofware\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**. +- Create a REG_DWORD registry setting named **EnableSmartScreen** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**. -and- diff --git a/windows/privacy/manage-windows-1709-endpoints.md b/windows/privacy/manage-windows-1709-endpoints.md index 35f3ef35ee..1d4984ab8f 100644 --- a/windows/privacy/manage-windows-1709-endpoints.md +++ b/windows/privacy/manage-windows-1709-endpoints.md @@ -422,6 +422,10 @@ If you [turn off traffic for these endpoints](manage-connections-from-windows-op | svchost | HTTPS | *.update.microsoft.com | | svchost | HTTPS | *.delivery.mp.microsoft.com | +These are dependent on enabling: +- [Device authentication](manage-windows-1709-endpoints.md#device-authentication) +- [Microsoft account](manage-windows-1709-endpoints.md#microsoft-account) + The following endpoint is used for content regulation. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all. diff --git a/windows/privacy/manage-windows-1803-endpoints.md b/windows/privacy/manage-windows-1803-endpoints.md index 983d8bce4b..4c1d88e554 100644 --- a/windows/privacy/manage-windows-1803-endpoints.md +++ b/windows/privacy/manage-windows-1803-endpoints.md @@ -427,6 +427,10 @@ If you [turn off traffic for these endpoints](manage-connections-from-windows-op | svchost | HTTPS | *.update.microsoft.com | | svchost | HTTPS | *.delivery.mp.microsoft.com | +These are dependent on enabling: +- [Device authentication](manage-windows-1803-endpoints.md#device-authentication) +- [Microsoft account](manage-windows-1803-endpoints.md#microsoft-account) + The following endpoint is used for content regulation. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all. diff --git a/windows/privacy/manage-windows-1903-endpoints.md b/windows/privacy/manage-windows-1903-endpoints.md index eb0dfe93cd..45e7568fd3 100644 --- a/windows/privacy/manage-windows-1903-endpoints.md +++ b/windows/privacy/manage-windows-1903-endpoints.md @@ -146,8 +146,8 @@ Office|The following endpoints are used to connect to the Office 365 portal's sh |||HTTP|cs9.wac.phicdn.net| |||HTTP|emdl.ws.microsoft.com| ||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store. If you turn off traffic for these endpoints, the device will not be able to download updates for the operating system.|HTTP|*.dl.delivery.mp.microsoft.com| -|||HTTP|*.windowsupdate.com*| -||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store. If you turn off traffic for these endpoints, the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store.|HTTPS|*.delivery.mp.microsoft.com| +|||HTTP|*.windowsupdate.com| +||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store. If you turn off traffic for these endpoints, the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store. These are dependent on also enabling "Device authentication" and "Microsoft Account" endpoints.|HTTPS|*.delivery.mp.microsoft.com| |||HTTPS|*.update.microsoft.com| ||The following endpoint is used for content regulation. If you turn off traffic for this endpoint, the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly.|HTTPS|tsfe.trafficshaping.dsp.mp.microsoft.com| diff --git a/windows/release-information/resolved-issues-windows-10-1709.yml b/windows/release-information/resolved-issues-windows-10-1709.yml index 0a611e7088..38d3c78785 100644 --- a/windows/release-information/resolved-issues-windows-10-1709.yml +++ b/windows/release-information/resolved-issues-windows-10-1709.yml @@ -1,10 +1,10 @@ ### YamlMime:YamlDocument documentType: LandingData -title: Resolved issues in Windows 10, version 1709 and Windows Server, vesion 1709 +title: Resolved issues in Windows 10, version 1709 and Windows Server, version 1709 metadata: document_id: - title: Resolved issues in Windows 10, version 1709 and Windows Server, vesion 1709 + title: Resolved issues in Windows 10, version 1709 and Windows Server, version 1709 description: Resolved issues in Windows 10, version 1709 and Windows Server 1709 keywords: ["Resolved issues in Windows 10", "Windows 10", "Windows 10, version 1709"] ms.localizationpriority: high diff --git a/windows/security/identity-protection/access-control/local-accounts.md b/windows/security/identity-protection/access-control/local-accounts.md index 364908841f..d63ee0bd86 100644 --- a/windows/security/identity-protection/access-control/local-accounts.md +++ b/windows/security/identity-protection/access-control/local-accounts.md @@ -193,7 +193,7 @@ The DSMA is a well-known user account type. It is a user neutral account that can be used to run processes that are either multi-user aware or user-agnostic. The DSMA is disabled by default on the desktop SKUs (full windows SKUs) and WS 2016 with the Desktop. -The DSMA has a well-known RID of 503. The security identifier (SID) of the DSMA will thus have a well-known SID in the following format: S-1-5-21--503 +The DSMA has a well-known RID of 503. The security identifier (SID) of the DSMA will thus have a well-known SID in the following format: S-1-5-21-\-503 The DSMA is a member of the well-known group **System Managed Accounts Group**, which has a well-known SID of S-1-5-32-581. diff --git a/windows/security/identity-protection/access-control/security-identifiers.md b/windows/security/identity-protection/access-control/security-identifiers.md index 576e8b4fd0..d8db3e63d2 100644 --- a/windows/security/identity-protection/access-control/security-identifiers.md +++ b/windows/security/identity-protection/access-control/security-identifiers.md @@ -283,6 +283,14 @@ The following table describes changes in SID implementation in the Windows opera | Most of the operating system files are owned by the TrustedInstaller security identifier (SID)| Windows Server 2008, Windows Vista| The purpose of this change is to prevent a process that is running as an administrator or under the LocalSystem account from automatically replacing the operating system files. | | Restricted SID checks are implemented| Windows Server 2008, Windows Vista| When restricting SIDs are present, Windows performs two access checks. The first is the normal access check, and the second is the same access check against the restricting SIDs in the token. Both access checks must pass to allow the process to access the object. | +## Capability SIDs + +Capability Security Identifiers (SIDs) are used to uniquely and immutably identify capabilities. Capabilities represent an unforgeable token of authority that grants access to resources (Examples: documents, camera, locations etc...) to Universal Windows Applications. An App that “has” a capability is granted access to the resource the capability is associated with, and one that “does not have” a capability is denied access to the resource. + +All Capability SIDs that the operating system is aware of are stored in the Windows Registry in the path `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapabilityClasses\AllCachedCapabilities'. Any Capability SID added to Windows by first or third-party applications will be added to this location. + +All Capability SIDs are prefixed by S-1-15-3 + ## See also - [Access Control Overview](access-control.md) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md index ec2e495b92..6865d59384 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md @@ -182,7 +182,7 @@ The User Portal and Mobile Application web services need to communicate with the 1. Open **Active Directory Users and Computers**. 2. In the navigation pane, expand the node with the organization’s Active Directory domain name. Right-click the **Users** container, select **New**, and select **User**. -3. In the **New Object – User** dialog box, type **PFWSDK_** in the **First name** and **User logon name** boxes, where ** is the name of the primary MFA server running the Web Services SDK. Click **Next**. +3. In the **New Object – User** dialog box, type **PFWSDK_\** in the **First name** and **User logon name** boxes, where *\* is the name of the primary MFA server running the Web Services SDK. Click **Next**. 4. Type a strong password and confirm it in the respective boxes. Clear **User must change password at next logon**. Click **Next**. Click **Finish** to create the user account. #### Add the MFA SDK user account to the Phonefactor Admins group @@ -192,7 +192,7 @@ Adding the WebServices SDK user account to the Phonefactor Admins group provides 1. Open **Active Directory Users and Computers**. 2. In the navigation pane, expand the node with the organization’s Active Directory domain name. Select **Users**. In the content pane. Right-click the **Phonefactor Admins** security group and select Properties. 3. Click the Members tab. -4. Click **Add**. Click **Object Types..** Type the PFWSDK_ user name in the **Enter the object names to select** box and then click **OK**. +4. Click **Add**. Click **Object Types..** Type the PFWSDK_\ user name in the **Enter the object names to select** box and then click **OK**. * The computer account for the primary MFA Server * The Webservices SDK user account * Group or user account that will manage the User Portal server. @@ -507,7 +507,7 @@ Sign in the primary AD FS server with _local administrator_ equivalent credentia Sign in the primary AD FS server with _local administrator_ equivalent credentials. -Edit the **Register-MultiFactorAuthenticationAdfsAdapter.ps1** script adding `-ConfigurationFilePath ` to the end of the `Register-AdfsAuthenticationProvider` command where **** is the full path to the **MultiFactorAuthenticationAdfsAdapter.config** file. +Edit the **Register-MultiFactorAuthenticationAdfsAdapter.ps1** script adding `-ConfigurationFilePath ` to the end of the `Register-AdfsAuthenticationProvider` command where **\** is the full path to the **MultiFactorAuthenticationAdfsAdapter.config** file. ### Run the AD FS Adapter PowerShell cmdlet diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index 561401fa44..d1342ab11f 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -66,7 +66,7 @@ The minimum required enterprise certificate authority that can be used with Wind * Optionally, the certificate Subject section should contain the directory path of the server object (the distinguished name). * The certificate Key Usage section must contain Digital Signature and Key Encipherment. * Optionally, the certificate Basic Constraints section should contain: [Subject Type=End Entity, Path Length Constraint=None]. -* The certificate Enhanced Key Usage section must contain Client Authentication (1.3.6.1.5.5.7.3.2) and Server Authentication (1.3.6.1.5.5.7.3.1). +* The certificate Enhanced Key Usage section must contain Client Authentication (1.3.6.1.5.5.7.3.2), Server Authentication (1.3.6.1.5.5.7.3.1), and KDC Authentication (1.3.6.1.5.2.3.5). * The certificate Subject Alternative Name section must contain the Domain Name System (DNS) name. * The certificate template must have an extension that has the BMP data value "DomainController". * The domain controller certificate must be installed in the local computer's certificate store. diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-deploy-mfa.md index 9b6ae813f1..eb46ba61fe 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-deploy-mfa.md @@ -182,7 +182,7 @@ The User Portal and Mobile Application web services need to communicate with the 1. Open **Active Directory Users and Computers**. 2. In the navigation pane, expand the node with the organization’s Active Directory domain name. Right-click the **Users** container, select **New**, and select **User**. -3. In the **New Object – User** dialog box, type **PFWSDK_** in the **First name** and **User logon name** boxes, where ** is the name of the primary MFA server running the Web Services SDK. Click **Next**. +3. In the **New Object – User** dialog box, type **PFWSDK_\** in the **First name** and **User logon name** boxes, where *\* is the name of the primary MFA server running the Web Services SDK. Click **Next**. 4. Type a strong password and confirm it in the respective boxes. Clear **User must change password at next logon**. Click **Next**. Click **Finish** to create the user account. #### Add the MFA SDK user account to the Phonefactor Admins group @@ -192,7 +192,7 @@ Adding the WebServices SDK user account to the Phonefactor Admins group provides 1. Open **Active Directory Users and Computers**. 2. In the navigation pane, expand the node with the organization’s Active Directory domain name. Select **Users**. In the content pane. Right-click the **Phonefactors Admin** security group and select Properties. 3. Click the Members tab. -4. Click **Add**. Click **Object Types..** Type the PFWSDK_ user name in the **Enter the object names to select** box and then click **OK**. +4. Click **Add**. Click **Object Types..** Type the PFWSDK_\ user name in the **Enter the object names to select** box and then click **OK**. * The computer account for the primary MFA Server * The Webservices SDK user account * Group or user account that will manage the User Portal server. @@ -507,7 +507,7 @@ Sign in the primary AD FS server with _local administrator_ equivalent credentia Sign in the primary AD FS server with _local administrator_ equivalent credentials. -Edit the **Register-MultiFactorAuthenticationAdfsAdapter.ps1** script adding `-ConfigurationFilePath ` to the end of the `Register-AdfsAuthenticationProvider` command where **** is the full path to the **MultiFactorAuthenticationAdfsAdapter.config** file. +Edit the **Register-MultiFactorAuthenticationAdfsAdapter.ps1** script adding `-ConfigurationFilePath ` to the end of the `Register-AdfsAuthenticationProvider` command where **\** is the full path to the **MultiFactorAuthenticationAdfsAdapter.config** file. ### Run the AD FS Adapter PowerShell cmdlet diff --git a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md index 2a808c73fa..e3226ec136 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md +++ b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md @@ -1713,7 +1713,7 @@ In **Configure user storage of BitLocker recovery information**, select whether Select **Omit recovery options from the BitLocker setup wizard** to prevent users from specifying recovery options when they enable BitLocker on a drive. This means that you cannot specify which recovery option to use when you enable BitLocker. Instead, BitLocker recovery options for the drive are determined by the policy setting. -In **Save BitLocker recovery information to Active Directory Doman Services**, choose which BitLocker recovery information to store in AD DS for fixed data drives. If you select **Backup recovery password and key package**, the BitLocker recovery password and the key package are stored in AD DS. +In **Save BitLocker recovery information to Active Directory Domain Services**, choose which BitLocker recovery information to store in AD DS for fixed data drives. If you select **Backup recovery password and key package**, the BitLocker recovery password and the key package are stored in AD DS. Storing the key package supports recovering data from a drive that has been physically corrupted. To recover this data, you can use the **Repair-bde** command-line tool. If you select **Backup recovery password only**, only the recovery password is stored in AD DS. For more information about the BitLocker repair tool, see [Repair-bde](https://technet.microsoft.com/library/ff829851.aspx). diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md index a5e58c1e6b..8dd40cf580 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md @@ -101,7 +101,7 @@ To install the role using Windows PowerShell, use the following command: Install-WindowsFeature WDS-Deployment ``` -You must configure the WDS server so that it can communicate with DHCP (and optionally Active Directory Doman Services) and the client computer. You can do using the WDS management tool, wdsmgmt.msc, which starts the Windows Deployment Services Configuration Wizard. +You must configure the WDS server so that it can communicate with DHCP (and optionally Active Directory Domain Services) and the client computer. You can do using the WDS management tool, wdsmgmt.msc, which starts the Windows Deployment Services Configuration Wizard. ### Confirm the WDS Service is running diff --git a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md index a251c95b5e..7f618aa9ba 100644 --- a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md +++ b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md @@ -43,7 +43,7 @@ It is important to note that this binding to PCR values also includes the hashin ## What happens when PCR banks are switched? -When the PCR banks are switched, the algorithm used to compute the hashed values stored in the PCRs during extend operations is changed. For the same input, each hash algorithm will return a different cryptographic signature for the same inputs. +When the PCR banks are switched, the algorithm used to compute the hashed values stored in the PCRs during extend operations is changed. Each hash algorithm will return a different cryptographic signature for the same inputs. As a result, if the currently used PCR bank is switched all keys that have been bound to the previous PCR values will no longer work. For example, if you had a key bound to the SHA-1 value of PCR\[12\] and subsequently changed the PCR banks to SHA-256, the banks wouldn’t match, and you would be unable to use that key. The BitLocker key is secured using the PCR banks and Windows 10 will not be able to unseal it if the PCR banks are switched while BitLocker is enabled. diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 7fbe04c2fc..e054a66443 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -516,7 +516,7 @@ ##### [Planning and deploying advanced security audit policies](auditing/planning-and-deploying-advanced-security-audit-policies.md) ##### [Advanced security auditing FAQ](auditing/advanced-security-auditing-faq.md) ###### [Which editions of Windows support advanced audit policy configuration](auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md) -###### [How to list XML elements in ](auditing/how-to-list-xml-elements-in-eventdata.md) +###### [How to list XML elements in \](auditing/how-to-list-xml-elements-in-eventdata.md) ###### [Using advanced security auditing options to monitor dynamic access control objects](auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md) ####### [Monitor the central access policies that apply on a file server](auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/TOC.md b/windows/security/threat-protection/microsoft-defender-atp/TOC.md index e8ce0c9dd9..c3b2acca81 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/TOC.md +++ b/windows/security/threat-protection/microsoft-defender-atp/TOC.md @@ -4,6 +4,10 @@ ### [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) #### [What's in the dashboard and what it means for my organization](tvm-dashboard-insights.md) #### [Configuration score](configuration-score.md) +#### [Security recommendation](tvm-security-recommendation.md) +#### [Remediation](tvm-remediation.md) +#### [Software inventory](tvm-software-inventory.md) +#### [Weaknesses](tvm-weaknesses.md) #### [Scenarios](threat-and-vuln-mgt-scenarios.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configuration-score.md b/windows/security/threat-protection/microsoft-defender-atp/configuration-score.md index edc1463dfc..87fc6dcbbf 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configuration-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configuration-score.md @@ -1,6 +1,5 @@ --- title: Overview of Configuration score in Microsoft Defender Security Center -ms.reviewer: description: Expand your visibility into the overall security configuration posture of your organization keywords: configuration score, mdatp configuration score, secure score, security controls, improvement opportunities, security configuration score over time, security posture, baseline search.product: eADQiWindows 10XVcnh @@ -9,8 +8,8 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: mjcaparas -author: mjcaparas +ms.author: dolmont +author: DulceMontemayor ms.localizationpriority: medium manager: dansimp audience: ITPro @@ -25,7 +24,7 @@ ms.date: 04/11/2019 [!include[Prerelease information](prerelease.md)] >[!NOTE] -> Secure score is now part of Threat & Vulnerability Management as Configuration score. We’ll keep the secure score page available for a few weeks. View the [Secure score](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection) page. +> Secure score is now part of Threat & Vulnerability Management as Configuration score. We’ll keep the secure score page available for a few weeks. View the [Secure score](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/overview-secure-score) page. The Microsoft Defender Advanced Threat Protection Configuration score gives you visibility and control over your organization's security posture based on security best practices. @@ -54,4 +53,8 @@ The goal is to improve your configuration score by remediating the issues in the ## Related topics - [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) - [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md) +- [Security recommendations](tvm-security-recommendation.md) +- [Remediation](tvm-remediation.md) +- [Software inventory](tvm-software-inventory.md) +- [Weaknesses](tvm-weaknesses.md) - [Scenarios](threat-and-vuln-mgt-scenarios.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-menu.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-menu.png new file mode 100644 index 0000000000..aeab8c3b5c Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-menu.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm_dashboard.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_dashboard.png index d321e0ca67..580b189700 100644 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/tvm_dashboard.png and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_dashboard.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm_machine_page_details.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_machine_page_details.png index 6e474ccfa6..2b22b3f8b3 100644 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/tvm_machine_page_details.png and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_machine_page_details.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm_software_page_details.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_software_page_details.png index 095eb7424c..a55fa7fdf8 100644 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/tvm_software_page_details.png and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_software_page_details.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md index 070ec84568..4e503d2f19 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md +++ b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md @@ -1,6 +1,5 @@ --- title: Next-generation Threat & Vulnerability Management -ms.reviewer: description: This new capability uses a game-changing risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations. keywords: threat and vulnerability management, MDATP-TVM, vulnerability management, threat and vulnerability scanning search.product: eADQiWindows 10XVcnh @@ -9,8 +8,8 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: mjcaparas -author: mjcaparas +ms.author: dolmont +author: DulceMontemayor ms.localizationpriority: medium manager: dansimp audience: ITPro @@ -24,16 +23,14 @@ ms.topic: conceptual [!include[Prerelease information](prerelease.md)] -Effectively identifying, assessing, and remediating endpoint weaknesses is pivotal in running a healthy security program and reducing organizational risk. Threat & Vulnerability Management serves as an infrustructure for reducing organizational exposure, hardening endpoint surface area, and increasing organizational resilience. +Effectively identifying, assessing, and remediating endpoint weaknesses is pivotal in running a healthy security program and reducing organizational risk. Threat & Vulnerability Management serves as an infrastructure for reducing organizational exposure, hardening endpoint surface area, and increasing organizational resilience. It helps organizations discover vulnerabilities and misconfigurations in real-time, based on sensors, without the need of agents or periodic scans. It prioritizes vulnerabilities based on the threat landscape, detections in your organization, sensitive information on vulnerable devices, and business context. ## Next-generation capabilities Threat & Vulnerability Management is built-in, real-time, cloud-powered, fully integrated with Microsoft endpoint security stack, the Microsoft Intelligent Security Graph, and the application analytics knowledgebase. -It is the first solution in the industry to automate the remediation process through integration with Microsoft Intune and Microsoft System Center Configuration Manager (SCCM) for patching, configuration changes, or upgrades. ->[!Note] -> Microsoft Intune and Microsoft System Center Configuration Manager (SCCM) integration will be available in the coming weeks. +It is the first solution in the industry to bridge the gap between security administration and IT administration during remediation process. It does so by creating a security task or ticket through integration with Microsoft Intune and Microsoft System Center Configuration Manager (SCCM). It provides the following solutions to frequently-cited gaps across security operations, security administration, and IT administration workflows and communication. - Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities @@ -44,21 +41,21 @@ It provides the following solutions to frequently-cited gaps across security ope To discover endpoint vulnerabilities and misconfiguration, Threat & Vulnerability Management uses the same agentless built-in Microsoft Defender ATP sensors to reduce cumbersome network scans and IT overhead, and provides: - Real-time device inventory. Devices onboarded to Microsoft Defender ATP automatically report and push vulnerability and security configuration data to the dashboard. -- Visibility into software and vulnerabilities. Optics into the organization’s software inventory, as well as software changes like installations, uninstallations, and patches. Newly discovered vulnerabilities are reported with actionable mitigation recommendations for 1st and 3rd party applications. -- Application runtime context. Constant visibility into application usage patterns for better prioritization and decision-making. Critical dependencies, such as vulnerable runtime libraries being loaded by other applications, are made visible. -- Configuration posture. Visibility into organizational security configuration, surfacing issues like disabled antivirus, enabled SMBv1, or misconfigurations that could allow escalation of privileges. Issues are reported in the dashboard with actionable security recommendations. +- Visibility into software and vulnerabilities. Optics into the organization’s software inventory, and software changes like installations, uninstallations, and patches. Newly discovered vulnerabilities are reported with actionable mitigation recommendations for 1st and 3rd party applications. +- Application runtime context. Visibility on application usage patterns for better prioritization and decision-making. +- Configuration posture. Visibility into organizational security configuration or misconfigurations. Issues are reported in the dashboard with actionable security recommendations. ### Intelligence-driven prioritization Threat & Vulnerability Management helps customers prioritize and focus on those weaknesses that pose the most urgent and the highest risk to the organization. Rather than using static prioritization by severity scores, Threat & Vulnerability Management in Microsoft Defender ATP highlights the most critical weaknesses that need attention by fusing its security recommendations with dynamic threat and business context: - Exposing emerging attacks in the wild. Through its advanced cyber data and threat analytics platform, Threat & Vulnerability Management dynamically aligns the prioritization of its security recommendations to focus on vulnerabilities that are currently being exploited in the wild and emerging threats that pose the highest risk. - Pinpointing active breaches. Microsoft Defender ATP correlates Threat & Vulnerability Management and EDR insights to provide the unique ability to prioritize vulnerabilities that are currently being exploited in an active breach within the organization. -- Protecting high-value assets. Microsoft Defender ATP’s integration with Azure Information Protection allows Threat & Vulnerability Management to call attention to exposed machines with business-critical applications, confidential data, or high-value users. +- Protecting high-value assets. Microsoft Defender ATP’s integration with Azure Information Protection allows Threat & Vulnerability Management to identify the exposed machines with business-critical applications, confidential data, or high-value users. ### Seamless remediation Microsoft Defender ATP’s Threat & Vulnerability Management allows security administrators and IT administrators to collaborate seamlessly to remediate issues. -- One-click remediation requests to IT. Through Microsoft Defender ATP’s integration with Microsoft Intune and System Center Configuration Manager (SCCM), security administrators can create a remediation task in Microsoft Intune with one click. We plan to expand this capability to other IT security management platforms. +- Remediation requests to IT. Through Microsoft Defender ATP’s integration with Microsoft Intune and System Center Configuration Manager (SCCM), security administrators can create a remediation task in Microsoft Intune from the Security recommendation pages. We plan to expand this capability to other IT security management platforms. - Alternate mitigations. Threat & Vulnerability Management provides insights on additional mitigations, such as configuration changes that can reduce risk associated with software vulnerabilities. - Real-time remediation status. Microsoft Defender ATP provides real-time monitoring of the status and progress of remediation activities across the organization. @@ -66,3 +63,7 @@ Microsoft Defender ATP’s Threat & Vulnerability Management allows security adm - [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md) - [Configuration score](configuration-score.md) - [Scenarios](threat-and-vuln-mgt-scenarios.md) +- [Security recommendations](tvm-security-recommendation.md) +- [Remediation](tvm-remediation.md) +- [Software inventory](tvm-software-inventory.md) +- [Weaknesses](tvm-weaknesses.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md index 5d53cdeabf..3b639a0b80 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md @@ -1,108 +1,133 @@ ---- -title: Threat & Vulnerability Management scenarios -ms.reviewer: -description: Learn how to use Threat & Vulnerability Management in the context of scenarios that Security Administrators encounter when collaborating with IT Administrators and SecOps while protecting their organization from cybersecurity threats. -keywords: mdatp-tvm scenarios, mdatp, tvm, tvm scenarios, reduce threat & vulnerability exposure, reduce threat and vulnerability, improve security configuration, increase configuration score, increase threat & vulnerability configuration score, configuration score, exposure score, security controls -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: mjcaparas -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article ---- - -# Threat & Vulnerability Management scenarios -**Applies to:** -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - -[!include[Prerelease information](prerelease.md)] - -## Before you begin -Ensure that your machines: -- Are onboarded to Microsoft Defender Advanced Threat Protection -- Running with Windows 10 1709 (Fall Creators Update) or later -- Have the following mandatory updates installed: -- (1) RS3 customers | [KB4493441](https://support.microsoft.com/en-us/help/4493441/windows-10-update-kb4493441) -- (2) RS4 customers | [KB4493464](https://support.microsoft.com/en-us/help/4493464) -- Have at least one security recommendation that can be viewed in the machine page -- Are tagged or marked as co-managed - - -## Reduce your threat and vulnerability exposure -Threat & Vulnerability Management introduces a new exposure score metric which visually represents how exposed your machines are to imminent threats. - -The exposure score is continuously calculated on each device in the organization and influenced by the following factors: -- Weaknesses, such as vulnerabilities and misconfigurations discovered on the device -- External and internal threats such as public exploit code and security alerts -- Likelihood of the device getting breached given its current security posture -- Value of the device to the organization given its role and content - -The exposure score is broken down into the following levels: -- 0 to 29: low exposure score -- 30 to 69: medium exposure score -- 70 to 100: high exposure score - -You can reduce the exposure score by remediating issues based on prioritized security recommendations. Each software has weaknesses that are transformed into recommendations and prioritized based on risk to the organization. - -To lower down your threat and vulnerability exposure: - -1. Review the **Top security recommendations** from your **Threat & Vulnerability Management dashboard**, and select the first item on the list. This opens the **Security recommendation** page. - - >>![top security recommendations](images/tvm_security_recommendations.png) - - >[!NOTE] - > There are two types of recommendations: - > - Security update which refers to recommendations that require a package installation - > - Configuration change which refers to recommendations that require a registry or GPO modification - > Always prioritize recommendations that are associated with ongoing threats. These recommendations are marked with the threat insight ![threat insight](images/tvm_bug_icon.png) icon or the possible alert activity [possible alert activity](images/tvm_alert_icon.png) icon. - -2. In the **Security recommendations** page, you will see the description of what needs to be done and why. It shows the vulnerability details, such as the associated exploits affecting what machines and its business impact. Click **Open software page** option from the flyout menu. ![details in security recommendations page](images/tvm_security_recommendations_page.png) - -3. Click **Installed machines** and select the affected machine from the list to open the flyout page with the relevant machine details, exposure and risk levels, alert and incident activities. ![details in software page](images/tvm_software_page_details.png) - -4. Click **Open machine page** to connect to the machine and apply the selected recommendation. ![details in machine page](images/tvm_machine_page_details.png) - -5. Allow a few hours for the changes to propagate in the system. - -6. Review the machine **Security recommendation** tab again. The recommendation you've chosen to remediate won't be listed there anymore, and the exposure score should decrease. - -## Improve your security configuration ->[!NOTE] -> Secure score is now part of Threat & Vulnerability Management as [configuration score](configuration-score.md). We’ll keep the secure score page available for a few weeks. View the [secure score](https://securitycenter.windows.com/securescore) page. - -Remediating issues in the security recommendations list will improve your configuration. As you do so, your configuration score improves, which means building your organization's resilience against cybersecurity threats and vulnerabilities stronger. - -1. From the Configuration score widget, select **Security controls**. This opens the **Security recommendations** page showing the list of issues related to security controls. - - >>![configuration score widget](images/tvm_config_score.png) - -2. Select the first item on the list. This opens the flyout menu with the description of the security controls issue, a short description of the potential risk, insights, configuration ID, exposed machines, and business impact. Click **Remediation options**. - ![security controls related security recommendations](images/tvm_security_controls.png) - -3. Read the description to understand the context of the issue and what to do next. Select a due date, add notes, and select **Export all remediation activity data to CSV** so you can attach it to the email that you can send to your IT Administrator for follow-up. - - > >![request remediation](images/tvm_request_remediation.png). - > - > You will see a confirmation message that the remediation task has been created. - > ![remediation task creation confirmation](images/tvm_remediation_task_created.png) - -4. Save your CSV file. - ![save csv file](images/tvm_save_csv_file.png) - -5. Send a follow up email to your IT Administrator and allow the time that you have alloted for the remediation to propagate in the system. - -6. Review the machine **Configuration score** widget again. The number of the security controls issues will decrease. When you click **Security controls** to go back to the **Security recommendations** page, the item that you have addressed will not be listed there anymore, and your configuration score should increase. - - -## Related topics -- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) -- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md) -- [Configuration score](configuration-score.md) - +--- +title: Threat & Vulnerability Management scenarios +description: Learn how to use Threat & Vulnerability Management in the context of scenarios that Security Administrators encounter when collaborating with IT Administrators and SecOps while protecting their organization from cybersecurity threats. +keywords: mdatp-tvm scenarios, mdatp, tvm, tvm scenarios, reduce threat & vulnerability exposure, reduce threat and vulnerability, improve security configuration, increase configuration score, increase threat & vulnerability configuration score, configuration score, exposure score, security controls +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Threat & Vulnerability Management scenarios +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +## Before you begin +Ensure that your machines: +- Are onboarded to Microsoft Defender Advanced Threat Protection +- Running with Windows 10 1709 (Fall Creators Update) or later + +>[!NOTE] +>Threat & Vulnerability Management can also scan machines running on Windows 7 and Windows Server 2019 operating systems and detects vulnerabilities coming from patch Tuesday. + +- Have the following mandatory updates installed: +- (1) RS3 customers | [KB4493441](https://support.microsoft.com/en-us/help/4493441/windows-10-update-kb4493441) +- (2) RS4 customers | [KB4493464](https://support.microsoft.com/en-us/help/4493464) +- Are onboarded to Microsoft Intune and System Center Configuration Manager (SCCM). If you are using SCCM, update your console to the latest May version 1905 +- Have at least one security recommendation that can be viewed in the machine page +- Are tagged or marked as co-managed + + +## Reduce your threat and vulnerability exposure +Threat & Vulnerability Management introduces a new exposure score metric which visually represents how exposed your machines are to imminent threats. + +The exposure score is continuously calculated on each device in the organization and influenced by the following factors: +- Weaknesses, such as vulnerabilities discovered on the device +- External and internal threats such as public exploit code and security alerts +- Likelihood of the device getting breached given its current security posture +- Value of the device to the organization given its role and content + +The exposure score is broken down into the following levels: +- 0 to 29: low exposure score +- 30 to 69: medium exposure score +- 70 to 100: high exposure score + +You can reduce the exposure score by remediating issues based on prioritized security recommendations. Each software has weaknesses that are transformed into recommendations and prioritized based on risk to the organization. + +To lower down your threat and vulnerability exposure: + +1. Review the **Top security recommendations** from your **Threat & Vulnerability Management dashboard**, and select the first item on the list. This opens the **Security recommendation** page. + + >>![top security recommendations](images/tvm_security_recommendations.png) + + >[!NOTE] + > There are two types of recommendations: + > - Security update which refers to recommendations that require a package installation + > - Configuration change which refers to recommendations that require a registry or GPO modification + > Always prioritize recommendations that are associated with ongoing threats. These recommendations are marked with the threat insight ![threat insight](images/tvm_bug_icon.png) icon and possible active alert ![possible active alert](images/tvm_alert_icon.png) icon. + +2. In the **Security recommendations** page, you will see the description of what needs to be done and why. It shows the vulnerability details, such as the associated exploits affecting what machines and its business impact. Click **Open software page** option from the flyout menu. ![details in security recommendations page](images/tvm_security_recommendations_page.png) + +3. Click **Installed machines** and select the affected machine from the list to open the flyout page with the relevant machine details, exposure and risk levels, alert and incident activities. ![details in software page ](images/tvm_software_page_details.png) + +4. Click **Open machine page** to connect to the machine and apply the selected recommendation. ![details in machine page](images/tvm_machine_page_details.png) + +5. Allow a few hours for the changes to propagate in the system. + +6. Review the machine **Security recommendation** tab again. The recommendation you've chosen to remediate won't be listed there anymore, and the exposure score should decrease. + +## Improve your security configuration +>[!NOTE] +> Secure score is now part of Threat & Vulnerability Management as [configuration score](configuration-score.md). We’ll keep the secure score page available for a few weeks. View the [secure score](https://securitycenter.windows.com/securescore) page. + +Remediating issues in the security recommendations list will improve your configuration. As you do so, your configuration score improves, which means building your organization's resilience against cybersecurity threats and vulnerabilities stronger. + +1. From the Configuration score widget, select **Security controls**. This opens the **Security recommendations** page showing the list of issues related to security controls. + + >>![configuration score widget](images/tvm_config_score.png) + +2. Select the first item on the list. This opens the flyout menu with the description of the security controls issue, a short description of the potential risk, insights, configuration ID, exposed machines, and business impact. Click **Remediation options**. + ![security controls related security recommendations](images/tvm_security_controls.png) + +3. Read the description to understand the context of the issue and what to do next. Select a due date, add notes, and select **Export all remediation activity data to CSV** so you can attach it to the email that you can send to your IT Administrator for follow-up. + + >>![request remediation](images/tvm_request_remediation.png). + + >You will see a confirmation message that the remediation task has been created. + >![remediation task creation confirmation](images/tvm_remediation_task_created.png) + +4. Save your CSV file. + ![save csv file](images/tvm_save_csv_file.png) + +5. Send a follow up email to your IT Administrator and allow the time that you have alloted for the remediation to propagate in the system. + +6. Review the machine **Configuration score** widget again. The number of the security controls issues will decrease. When you click **Security controls** to go back to the **Security recommendations** page, the item that you have addressed will not be be listed there anymore, and your configuration score should increase. + +## Request a remediation +>[!NOTE] +>To use this capability, enable your Microsoft Intune connections. Navigate to **Settings** > **General** > **Advanced features**. Scroll down and look for **Microsoft Intune connection**. By default, the toggle is turned off. Turn your **Microsoft Intune connection** toggle on. + +The Threat & Vulnerability Management capability in Microsoft Defender ATP bridges the gap between Security and IT Administrators through the remediation request workflow. +Security Administrators like you can request for the IT Administrator to remediate a vulnerability from the **Security recommendation** pages to Intune. + +1. Click on a security recommendation you would like to request remediation for, and then click **Remediation options**. + +2. Select **Open a ticket in Intune (for AAD joined devices)**, select a due date, and add optional notes for the IT Administrator. Click **Submit request**. + +3. Notify your IT Administrator about the new request and have them log into Intune to approve or reject the request and start a package deployment. + +4. Go to the **Remediation** page to view the status of your remediation request. + +See [Use Intune to remediate vulnerabilities identified by Microsoft Defender ATP](https://docs.microsoft.com/en-us/intune/atp-manage-vulnerabilities) for details. + +>[!NOTE] +>If your request involves remediating more than 10,000 machines, we will only send 10,000 machines for remediation to Intune. + +## Related topics +- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) +- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md) +- [Configuration score](configuration-score.md) +- [Security recommendations](tvm-security-recommendation.md) +- [Remediation](tvm-remediation.md) +- [Software inventory](tvm-software-inventory.md) +- [Weaknesses](tvm-weaknesses.md) + diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md index 2f3d53c781..6c634edeed 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md @@ -1,6 +1,5 @@ --- title: What's in the dashboard and what it means for my organization's security posture -ms.reviewer: description: What's in the Threat & Vulnerability Management dashboard and how it can help SecOps and Security Administrators arrive at informed decisions in addressing cybersecurity threat vulnerabilities and building their organization's security resilience. keywords: mdatp-tvm, mdatp-tvm dashboard, threat & vulnerability management, risk-based threat & vulnerability management, security configuration, configuration score, exposure score search.product: eADQiWindows 10XVcnh @@ -9,8 +8,8 @@ ms.prod: eADQiWindows 10XVcnh ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: ellevin -author: levinec +ms.author: dolmont +author: DulceMontemayor ms.localizationpriority: medium manager: dansimp audience: ITPro @@ -22,18 +21,15 @@ ms.topic: conceptual **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -[!include[Prerelease information](prerelease.md)] - >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) +[!include[Prerelease information](prerelease.md)] + Threat & Vulnerability Management is a component of Microsoft Defender ATP, and provides both security administrators and security operations teams with unique value, including: - Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities - Invaluable machine vulnerability context during incident investigations - Built-in remediation processes through Microsoft Intune and Microsoft System Center Configuration Manager (SCCM) - >[!NOTE] - > Microsoft Intune and Microsoft System Center Configuration Manager (SCCM) integration will be available in the coming weeks. - You can use the Threat & Vulnerability Management capability in [Microsoft Defender Security Center](https://securitycenter.windows.com/) to: - View exposure and configuration scores side-by-side with top security recommendations, software vulnerability, remediation activities, and exposed machines - Correlate EDR insights with endpoint vulnerabilities and process them @@ -44,7 +40,7 @@ When you open the portal, you’ll see the main areas of the capability: ![Microsoft Defender Advanced Threat Protection portal](images/tvm_dashboard.png) - ![Threat & Vulnerability Management menu](images/tvm_menu.png) + ![Threat & Vulnerability Management menu](images/tvm-menu.png) - (1) Menu in the navigation pane - (2) Threat & Vulnerability Management icon @@ -55,23 +51,29 @@ You can navigate through the portal using the menu options available in all sect Area | Description :---|:--- (1) Menu | Select menu to expand the navigation pane and see the names of the Threat & Vulnerability Management capabilities. -(2) Threat & Vulnerability Management navigation pane | Use the navigation pane to move across the **Threat and Vulnerability Management Dashboard**, **Security recommendations**, **Remediation**, and **Software inventory**. +(2) Threat & Vulnerability Management navigation pane | Use the navigation pane to move across the **Threat and Vulnerability Management Dashboard**, **Security recommendations**, **Remediation**, **Software inventory**, and **Weaknesses**. **Dashboards** | Get a high-level view of the organization exposure score, MDATP configuration score, top remediation activities, top security recommendations, top vulnerable software, and top exposed machines data. -**Security recommendations** | See the list of security recommendations, their related components, insights, number or exposed devices, impact, and request for remediation. You can click each item on the list and it will open a flyout pane where you will see vulnerability details, and have the option to open the software page, and see the remediation options. -**Remediation** | See the remediation activity, related component, remediation type, status, due date, option to export the remediation and process data to CSV. -**Software inventory** | See the list of applications, versions, weaknesses, whether there’s an exploit found on the application, prevalence in the organization, how many were installed, how many exposed devices are there, and the numerical value of the impact. You can select each item in the list and opt to open the software page which shows the vulnerabilities and misconfigurations associated and its machine and version distribution details. -(3) Threat & Vulnerability Management dashboard | Access the **Exposure score**, **Configuration score**, **Exposure distribution**, **Top security recommendations**, **Top vulnerable software**, **Top remediation activities**, **Top exposed machines**, and **Threat campaigns**. +**Security recommendations** | See the list of security recommendations, their related components, insights, number or exposed devices, impact, and request for remediation. You can click each item on the list and it will open a flyout pane where you will see vulnerability details, open the software page, and see the remediation options. You can also open a ticket in Intune if your machines are joined through Azure Active Directory and you have enabled your Intune connections in Microsoft Defender ATP. See [Security recommendations](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation) for more information. +**Remediation** | See the remediation activity, related component, remediation type, status, due date, and option to export the remediation and process data to CSV. See [Remediation](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation) for more information. +**Software inventory** | See the list of applications, versions, weaknesses, whether there’s an exploit found on the application, prevalence in the organization, how many were installed, how many exposed devices are there, and the numerical value of the impact. You can select each item in the list and opt to open the software page which shows the associated vulnerabilities, misconfigurations, affected machine, version distribution details, and missing KBs or security updates. See [Software inventory](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory) for more information. +**Weaknesses** | See the list of common vulnerabilities and exposures, the severity, its common vulnerability scoring system (CVSS) V3 score, related software, age, when it was published, related threat alerts, and how many exposed machines are there. You can select each item in the list and it opens a fly-in page with the vulnerability description and other details. See [Weaknesses](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses) for more information. +(3) Threat & Vulnerability Management dashboard | Access the **Exposure score**, **Configuration score**, **Exposure distribution**, **Top security recommendations**, **Top vulnerable software**, **Top remediation activities**, and **Top exposed machines**. +**Selected machine groups (#/#)** | Filter the Threat & Vulnerability Management data that you want to see in the dashboard and widgets by machine groups. What you select in the filter will be applied throughout the Threat & Vulnerability management pages only. **Organization Exposure score** | See the current state of your organization’s device exposure to threats and vulnerabilities. Several factors affect your organization’s exposure score: weaknesses discovered in your devices, likelihood of your devices to be breached, value of the devices to your organization, and relevant alerts discovered with your devices. The goal is to lower down your organization’s exposure score to be more secure. To reduce the score, you need to remediate the related security configuration issues listed in the security recommendations. -**MDATP Configuration score** | See the security posture of your organization’s operating system, applications, network, accounts and security controls. The goal is to increase your configuration score by remediating the related security configuration issues. You can click the bars and it will take you to the **Security recommendation** page for details. +**MDATP Configuration score** | See the security posture of your organization’s operating system, applications, network, accounts and security controls. The goal is to increase your configuration score by remediating the related security configuration issues. You can click the bars and it will take you to the **Security recommendation** page for details. See [Configuration score](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configuration-score) for more information. **Machine exposure distribution** | See how many machines are exposed based on their exposure level. You can click the sections in the doughnut chart and it will take you to the **Machines list** page where you'll see the affected machine names, exposure level side by side with risk level, among other details such as domain, OS platform, its health state, when it was last seen, and its tags. **Top security recommendations** | See the collated security recommendations which are sorted and prioritized based on your organization’s risk exposure and the urgency that it requires. Useful icons also quickly calls your attention on possible active alerts ![possible active alert](images/tvm_alert_icon.png), associated public exploits ![threat insight](images/tvm_bug_icon.png), and recommendation insights ![recommendation insight](images/tvm_insight_icon.png). You can drill down on the security recommendation to see the potential risks, list of exposed machines, and read the insights. Thus, providing you with an informed decision to either proceed with a remediation request. Click **Show more** to see the rest of the security recommendations in the list. **Top vulnerable software** | Get real-time visibility into the organizational software inventory, with stack-ranked list of vulnerable software installed on your network’s devices and how they impact on your organizational exposure score. Click each item for details or **Show more** to see the rest of the vulnerable application list in the **Software inventory** page. **Top remediation activities** | Track the remediation activities generated from the security recommendations. You can click each item on the list to see the details in the **Remediation** page or click **Show more** to see the rest of the remediation activities. **Top exposed machines** | See the exposed machine names and their exposure level. You can click each machine name from the list and it will take you to the machine page where you can view the alerts, risks, incidents, security recommendations, installed software, discovered vulnerabilities associated with the exposed machines. You can also do other EDR-related tasks in it, such as: manage tags, initiate automated investigations, initiate a live response session, collect an investigation package, run antivirus scan, restrict app execution, and isolate machine. You can also click **Show more** to see the rest of the exposed machines list. -See [Microsoft Defender ATP icons](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection#windows-defender-atp-icons) for more information on the icons used throughout the portal. +See [Microsoft Defender ATP icons](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection#windows-defender-atp-icons) for more information on the icons used throughout the portal. ## Related topics - [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) - [Configuration score](configuration-score.md) - [Scenarios](threat-and-vuln-mgt-scenarios.md) +- [Security recommendations](tvm-security-recommendation.md) +- [Remediation](tvm-remediation.md) +- [Software inventory](tvm-software-inventory.md) +- [Weaknesses](tvm-weaknesses.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md new file mode 100644 index 0000000000..3617f68bd7 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md @@ -0,0 +1,64 @@ +--- +title: Remediation +description: You can lower down your organization's exposure from vulnerabilities and increase your security configuration by remediating the security recommendations. Threat & Vulnerability Management bridges the gap between security administration and IT administration during remediation process. It does so by creating a security task or ticket through integration with Microsoft Intune and Microsoft System Center Configuration Manager (SCCM). +keywords: microsoft defender atp tvm remediation, mdatp tvm, threat & vulnerability management, threat & vulnerability management remediation, tvm remediation intune, tvm remediation sccm +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 04/11/2019 +--- +# Remediation +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](prerelease.md)] + +>[!NOTE] +>To use this capability, enable your Microsoft Intune connections. Navigate to **Settings** > **General** > **Advanced features**. Scroll down and look for **Microsoft Intune connection**. By default, the toggle is turned off. Turn your **Microsoft Intune connection** toggle on. + +After your organization's cybersecurity weaknesses are identified and mapped to actionable security recommendations, you can start creating security tasks through the integration with Microsoft Intune where remediation tickets are created. + +You can lower down your organization's exposure from vulnerabilities and increase your security configuration by remediating the security recommendations. + +## Navigate through your remediation options +You'll see your remediation options when you select one of the security recommendation blocks from your **Top security recommendations** widget in the dashboard. +1. From the fly-in page, you'll see the security recommendation details including your next steps. Click **Remediation options**. +2. In the **Remediation options** page, select **Open a ticket in Intune (for AAD joined devices)**. + +>[!NOTE] +>If your request involves remediating more than 10,000 machines, we will only send 10,000 machines for remediation to Intune. + +3. Select a remediation due date. +4. Add notes to give your IT administrator a context of your remediation request. For example, you can indicate urgency of the remediation request to avoid potential exposure to a recent exploit activity, or if the request is a part of compliance. + +If you want to check how the ticket shows up in Intune, see [Use Intune to remediate vulnerabilities identified by Microsoft Defender ATP](https://docs.microsoft.com/en-us/intune/atp-manage-vulnerabilities) for details. + +## How it works + +When you submit a remediation request from Threat & Vulnerability Management, it kicks-off a remediation activity. + +It creates a security task which will be tracked in Threat & Vulnerability Management **Remediation page**, and it also creates a remediation ticket in Microsoft Intune. + +You also have the option to export all remediation activity data to CSV for records, reporting purposes, or if you want to notify your IT administration counterpart that a remediation ticket has been submitted. + +The dashboard will show that status of your top remediation activities. Click any of the entries and it will take you to the **Remediation** page. You can mark the remediation activity as completed after the IT administration team remediates the task. + +## Related topics +- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) +- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md) +- [Scenarios](threat-and-vuln-mgt-scenarios.md) +- [Security recommendation](tvm-security-recommendation.md) +- [Software inventory](tvm-software-inventory.md) +- [Weaknesses](tvm-weaknesses.md) + + diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md new file mode 100644 index 0000000000..865fe8405f --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -0,0 +1,68 @@ +--- +title: Security recommendation +description: The weaknesses identified in the environment are mapped to actionable security recommendations and prioritized by their impact on the organizational exposure score. +keywords: threat and vulnerability management, mdatp tvm security recommendation, cybersecurity recommendation, actionable security recommendation +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 04/11/2019 +--- +# Security recommendation +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](prerelease.md)] + +The cybersecurity weaknesses identified in your organization are mapped to actionable security recommendations and prioritized by their impact on the security recommendation list. Prioritized recommendation helps shorten the mean time to mitigate or remediate vulnerabilities and drive compliance. + +Each security recommendation includes an actionable remediation recommendation which can be pushed into the IT task queue through a built-in integration with Microsoft Intune and SCCM. It is also dynamic in the sense that when the threat landscape changes, the recommendation also changes as it continuously collect information from your environment. + +## The basis of the security recommendation +Each machine in the organization is scored based on three important factors: threat, likelihood to be breached, and value, to help customers to focus on the right things at the right time. + +- Threat - Characteristics of the vulnerabilities and exploits in your organizations' devices and breach history. Based on these factors, the security recommendations shows the correponding links to active alerts, ongoing threat campaigns, and their corresponding threat analytic reports. + +- Breach likelihood - Your organization's security posture and resilience against threats + +- Business value - Your organization's assets, critical processes, and intellectual properties + + +## Navigate through your security recommendations +You can access the security recommendation from the Microsoft Defender ATP Threat & Vulnerability Management menu, dashboard, software page, and machine page, to give you the context that you need as you require it. + +There are security recommendations for application, operating system, network, accounts, and security controls. + +In a given day as a Security Administrator, you can take a look at the dashboard to see your exposure score side-by-side with your configuration score. The goal is to lower down your organization's exposure from vulnerabilities, and increase your organization's security configuration to be more resilient against cybersecurity threat attacks. The top security recommendations list can help you achieve that goal. + +The top security recommendations lists down the improvement opportunities prioritized based on the three important factors mentioned in the previous section - threat, likelihood to be breached, and value. + +You can click on each one of them and see the details, the description, the potential risk if you don't act on or remediate it, insights, how many exposed devices are associated with the security recommendation, vulnerabilities, and other threats. + +From that page, you can do any of the following depending on what you need to do: + +- Open software page - Drill down and open the software page to get more context of the software details, prevalence in the organization, weaknesses discovered, version distribution, and charts so you can see the exposure trend over time. + +- Choose from remediation options - Submit a remediation request to open a ticket in Microsoft Intune for your IT Administrator to pick up and address. + +- Choose from exception options - Submit an exception, provide justification, and set exception duration if you can't remediate the issue just yet due to specific business reasons, compensation controls, or if it is a false positive. + + +## Related topics +- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) +- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md) +- [Configuration score](configuration-score.md) +- [Remediation](tvm-remediation.md) +- [Software inventory](tvm-software-inventory.md) +- [Weaknesses](tvm-weaknesses.md) +- [Scenarios](threat-and-vuln-mgt-scenarios.md) + diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md new file mode 100644 index 0000000000..fed509c866 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md @@ -0,0 +1,44 @@ +--- +title: Software inventory +description: Microsoft Defender ATP Threat & Vulnerability management's discovery capability shows in the software inventory page. You can see the name of the product, vendor, the latest version it is in, and the number of weaknesses and vulnerabilities detected. +keywords: microsoft defender atp, microsoft defender atp software inventory, mdatp threat & vulnerability management, mdatp threat & vulnerability management software inventory, mdatp tvm software inventory, tvm software inventory +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 04/11/2019 +--- +# Software inventory +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](prerelease.md)] + +Microsoft Defender ATP Threat & Vulnerability management's discovery capability shows in the **Software inventory** page. The software inventory includes the name of the product or vendor, the latest version it is in, and the number of weaknesses and vulnerabilities detected with it. + +## Navigate through your software inventory +1. Select **Software inventory** from the Threat & Vulnerability management navigation menu. +2. In the **Software inventory** page, select the application that you want to investigate and a fly-in screen opens up with the software details, vendor information, prevalence in the organization, exposed machines, threat context, and its impact to your organization's exposure score. +3. In the fly-in screen, select **Open software page** to dive deeper into your software inventory. You will see how many weaknesses are discovered with the application, devices exposed, installed machines, version distribution, and the corresponding security recommendations for the weaknesses and vulnerabilities identified. + +## How it works +In the field of discovery, we are leveraging the same set of signals in Microsoft Defender ATP's endpoint detection and response that's responsible for detection, for vulnerability assessment. + +Since it is real-time, in a matter of minutes, you will see vulnerability information as they get discovered. The engine automatically grabs information from multiple security feeds. In fact, you'll will see if a particular application is connected to a live campaign. It also provides a link to a Threat Analytics report soon as it's available. + +## Related topics +- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) +- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md) +- [Scenarios](threat-and-vuln-mgt-scenarios.md) +- [Security recommendation](tvm-security-recommendation.md) +- [Remediation](tvm-remediation.md) +- [Weaknesses](tvm-weaknesses.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md new file mode 100644 index 0000000000..dec5d3e76e --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md @@ -0,0 +1,60 @@ +--- +title: Weaknesses +description: The **Weaknesses** page lists down the vulnerabilities found in the infected software running in your organization, their severity, Common Vulnerability Scoring System (CVSS) rating, its prevalence in your organization, breach, and threat insights. +keywords: mdatp threat & vulnerability management, mdatp tvm weaknesses page, finding weaknesses through tvm, tvm vulnerability list, vulnerability details in tvm +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 04/11/2019 +--- +# Weaknesses +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](prerelease.md)] + +Threat & Vulnerability Management leverages the same signals in Microsoft Defender ATP's endpoint protection to scan and detect vulnerabilities. + +The **Weaknesses** page lists down the vulnerabilities found in the infected software running in your organization, their severity, Common Vulnerability Scoring System (CVSS) rating, its prevalence in your organization, corresponding breach, and threat insights. + +## Navigate through your organization's weaknesses page +You can see the list of vulnerabilities in two ways: + +*Global search* +1. Click the global search drop-down menu. +2. Select **Vulnerability** and key-in the Common Vulnerabilities and Exposures (CVE) ID that you are looking for. The **Weaknesses** page opens with the list of the vulnerabilities and details. + +*Weaknesses page in the menu* +1. Go to the Threat & Vulnerability Management navigation menu and select **Weaknesses** to open up the list of vulnerabilities found in your organization. +2. Select the vulnerability that you want to investigate to open up a fly-in page with the vulnerability details, such as: CVE description, CVE ID, exploits available, severity, publish, and update dates. + +## How it works +When new vulnerabilities are released, you would want know how many of your assets are exposed. You can see the list of vulnerabilities and the details in the **Weaknesses** page. + +If the **Exposed Machines** column shows 0, that means you are not infected. + +If there's a number in the **Exposed Machines**, that means you need to remediate the vulnerabilities in those machines because they put the rest of your assets and your organization at risk. + +You can also see the related alert and threat insights in the **Threat** column. + + >[!NOTE] + > Always prioritize recommendations that are associated with ongoing threats. These recommendations are marked with the threat insight ![threat insight](images/tvm_bug_icon.png) icon and possible active alert ![possible active alert](images/tvm_alert_icon.png) icon. + + +## Related topics +- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) +- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md) +- [Scenarios](threat-and-vuln-mgt-scenarios.md) +- [Security recommendation](tvm-security-recommendation.md) +- [Remediation](tvm-remediation.md) +- [Software inventory](tvm-software-inventory.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md index f03034aac2..ba47760e7f 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md @@ -41,7 +41,7 @@ MpCmdRun.exe [command] [-options] | Command | Description | |:--------------------------------------------------------------------------------------------------------|:-------------------------------------------------------------------------------------------------------| | \-? **or** -h | Displays all available options for this tool | -| \-Scan [-ScanType #] [-File [-DisableRemediation] [-BootSectorScan]] [-Timeout ] [-Cancel] | Scans for malicious software | +| \-Scan [-ScanType #] [-File \ [-DisableRemediation] [-BootSectorScan]] [-Timeout \] [-Cancel] | Scans for malicious software | | \-Trace [-Grouping #] [-Level #] | Starts diagnostic tracing | | \-GetFiles | Collects support information | | \-GetFilesDiagTrack | Same as Getfiles but outputs to temporary DiagTrack folder | @@ -49,11 +49,11 @@ MpCmdRun.exe [command] [-options] | \-RemoveDefinitions [-DynamicSignatures] | Removes only the dynamically downloaded Security intelligence | | \-RemoveDefinitions [-Engine] | Restores the previous installed engine | | \-SignatureUpdate [-UNC \| -MMPC] | Checks for new Security intelligence updates | -| \-Restore [-ListAll \| [[-Name ] [-All] \| [-FilePath ]] [-Path ]] | Restores or lists quarantined item(s) | +| \-Restore [-ListAll \| [[-Name \] [-All] \| [-FilePath \]] [-Path \]] | Restores or lists quarantined item(s) | | \-AddDynamicSignature [-Path] | Loads dynamic Security intelligence | | \-ListAllDynamicSignatures | Lists the loaded dynamic Security intelligence | | \-RemoveDynamicSignature [-SignatureSetID] | Removes dynamic Security intelligence | -| \-CheckExclusion -path | Checks whether a path is excluded | +| \-CheckExclusion -path \ | Checks whether a path is excluded | ## Related topics diff --git a/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md index 5d16f8d6e6..6506a13f61 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md @@ -83,7 +83,7 @@ Open the Intune management portal either by searching for Intune on https://port 1. Description: *Optional* 1. OMA-URI: **./Vendor/MSFT/Defender/SharedSignatureRoot** 1. Data type: **String** - 1. Value: **\\\wdav-update\** (see the [Download and unpackage](#download-and-unpackage-the-latest-updates) section for what this will be) + 1. Value: **\\\wdav-update\** (see the [Download and unpackage](#download-and-unpackage-the-latest-updates) section for what this will be) 1. Click **Ok** to close the details blade, then **OK** again to close the **Custom OMA-URI Settings** blade. Click **Create** to save the new profile. The profile details page now appears. 1. Click **Assignments**. The **Include** tab is automatically selected. In the drop-down menu, select **Selected Groups**, then click **Select groups to include**. Click the **VDI test VMs** group and then **Select**. 1. Click **Evaluate** to see how many users/devices will be impacted. If the number makes sense, click **Save**. If the number doesn’t make sense, go back to the groups blade and confirm the group contains the right users or devices. @@ -94,7 +94,7 @@ Open the Intune management portal either by searching for Intune on https://port 1. In the **Group Policy Management Editor** go to **Computer configuration**. 1. Click **Administrative templates**. 1. Expand the tree to **Windows components > Windows Defender Antivirus > Security Intelligence Updates** -1. Double-click Define security intelligence location for VDI clients and set the option to Enabled. A field automatically appears, enter *\\\wdav-update *(see the [Download and unpackage](#download-and-unpackage-the-latest-updates) section for what this will be). Click **OK**. +1. Double-click Define security intelligence location for VDI clients and set the option to Enabled. A field automatically appears, enter *\\\wdav-update *(see the [Download and unpackage](#download-and-unpackage-the-latest-updates) section for what this will be). Click **OK**. 1. Deploy the GPO to the VMs you want to test. #### Use PowerShell to enable the shared security intelligence feature: diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md index 8341a2e601..123a3b333f 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md @@ -64,7 +64,7 @@ If you can reproduce a problem, please increase the logging level, run the syste If an error occurs during installation, the installer will only report a general failure. -The detailed log will be saved to /Library/Logs/Microsoft/wdav.install.log. If you experience issues during installation, send us this file so we can help diagnose the cause. +The detailed log will be saved to /Library/Logs/Microsoft/mdatp/install.log. If you experience issues during installation, send us this file so we can help diagnose the cause. ## Upgrade diff --git a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md index a4c209b5bd..e1e648f1c9 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md @@ -57,8 +57,7 @@ The table in this section lists the main Windows Defender Antivirus event IDs an - - +
    @@ -2716,7 +2715,7 @@ This section provides the following information about Windows Defender Antivirus Use the information in these tables to help troubleshoot Windows Defender Antivirus error codes. -
    Event ID: 1000
    +
    @@ -2916,7 +2915,7 @@ The following error codes are used during internal testing of Windows Defender A If you see these errors, you can try to [update definitions](manage-updates-baselines-windows-defender-antivirus.md) and force a rescan directly on the endpoint. -
    Error code: 0x80508007
    +
    diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md index 6df51f6694..059828dc17 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md @@ -75,5 +75,5 @@ Note that "ResetPolicyId" reverts a supplemental policy to a base policy, and re ### Merging policies -When merging, the policy type and ID of the leftmost/first policy specified is used. If the leftmost is a base policy with ID , then regardless of what the GUIDS and types are for any subsequent policies, the merged policy will be a base policy with ID . +When merging, the policy type and ID of the leftmost/first policy specified is used. If the leftmost is a base policy with ID \, then regardless of what the GUIDS and types are for any subsequent policies, the merged policy will be a base policy with ID \. diff --git a/windows/security/threat-protection/windows-defender-application-control/signing-policies-with-signtool.md b/windows/security/threat-protection/windows-defender-application-control/signing-policies-with-signtool.md index 693cce1792..b00e9c0154 100644 --- a/windows/security/threat-protection/windows-defender-application-control/signing-policies-with-signtool.md +++ b/windows/security/threat-protection/windows-defender-application-control/signing-policies-with-signtool.md @@ -65,7 +65,7 @@ If you do not have a code signing certificate, see the [Optional: Create a code ` Add-SignerRule -FilePath $InitialCIPolicy -CertificatePath -Kernel -User –Update` > [!NOTE] - > should be the full path to the certificate that you exported in step 3. + > \ should be the full path to the certificate that you exported in step 3. Also, adding update signers is crucial to being able to modify or disable this policy in the future. 6. Use [Set-RuleOption](https://docs.microsoft.com/powershell/module/configci/set-ruleoption) to remove the unsigned policy rule option: diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md index 18738ef4ec..8d7885f549 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md @@ -27,7 +27,7 @@ Dynamic Code Security is not enabled by default because existing policies may no Additionally, a small number of .NET loading features, including loading unsigned assemblies built with System.Reflection.Emit, are not currently supported with Dynamic Code Security enabled. Microsoft recommends testing Dynamic Code Security in audit mode before enforcing it to discover whether any new libraries should be included in the policy. -To enable Dynamic Code Security, add the following option to the section of your policy: +To enable Dynamic Code Security, add the following option to the `` section of your policy: ```xml diff --git a/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md b/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md index 5c31e736a7..a0422c4a14 100644 --- a/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md +++ b/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md @@ -33,7 +33,7 @@ The following sample file uses item-level targeting to ensure that the registry >**Note:**  The file shown here is for sample use only. It should be customized to meet the requirements of your organization’s deployment. To customize this file, import it into a test GPO, modify the settings, and then drag the Server and Domain Isolation Settings node to your desktop. The new file will contain all of your customization. -``` syntax +```xml diff --git a/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md b/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md index 7382a66a00..04739b0f9c 100644 --- a/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md @@ -71,4 +71,4 @@ For more information about this design: - For a list of detailed tasks that you can use to deploy your basic firewall policy design, see [Checklist: Implementing a Basic Firewall Policy Design](checklist-implementing-a-basic-firewall-policy-design.md). -**Next: **[Domain Isolation Policy Design](domain-isolation-policy-design.md) +**Next:** [Domain Isolation Policy Design](domain-isolation-policy-design.md) diff --git a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md index accc64084b..efa67c42bc 100644 --- a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md +++ b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md @@ -57,4 +57,4 @@ By using the Active Directory Users and Computers snap-in, Woodgrove Bank create Woodgrove Bank then created a GPO that contains the certificate, and then attached security group filters to the GPO that allow read and apply permissions to only members of the NAG\_COMPUTER\_WGBUNIX group. The GPO places the certificate in the **Local Computer / Personal / Certificates** certificate store. The certificate used must chain back to a certificate that is in the **Trusted Root Certification Authorities** store on the local device. -**Next: **[Designing a Windows Defender Firewall with Advanced Security Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md) +**Next:** [Designing a Windows Defender Firewall with Advanced Security Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md) diff --git a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md index 3bd6236176..1be717ce49 100644 --- a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md @@ -45,4 +45,4 @@ For more info about this design: - For a list of tasks that you can use to deploy your certificate-based policy design, see [Checklist: Implementing a Certificate-based Isolation Policy Design](checklist-implementing-a-certificate-based-isolation-policy-design.md). -**Next: **[Evaluating Windows Defender Firewall with Advanced Security Design Examples](evaluating-windows-firewall-with-advanced-security-design-examples.md) +**Next:** [Evaluating Windows Defender Firewall with Advanced Security Design Examples](evaluating-windows-firewall-with-advanced-security-design-examples.md) diff --git a/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md b/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md index 048a242e05..83f35fe206 100644 --- a/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md +++ b/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md @@ -52,4 +52,4 @@ The information that you gather will help you answer the following questions. Th This guide describes how to plan your groups and GPOs for an environment with a mix of operating systems. Details can be found in the section [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md) later in this guide. -**Next: **[Gathering the Information You Need](gathering-the-information-you-need.md) +**Next:** [Gathering the Information You Need](gathering-the-information-you-need.md) diff --git a/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md b/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md index e5abd70033..d7bed686fa 100644 --- a/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md +++ b/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md @@ -144,4 +144,4 @@ With the other information that you have gathered in this section, this informat The costs identified in this section only capture the projected cost of the device upgrades. Many additional design, support, test, and training costs should be accounted for in the overall project plan. -**Next: **[Planning Your Windows Defender Firewall with Advanced Security Design](planning-your-windows-firewall-with-advanced-security-design.md) +**Next:** [Planning Your Windows Defender Firewall with Advanced Security Design](planning-your-windows-firewall-with-advanced-security-design.md) diff --git a/windows/security/threat-protection/windows-firewall/documenting-the-zones.md b/windows/security/threat-protection/windows-firewall/documenting-the-zones.md index 45577c869a..0fa1893aa6 100644 --- a/windows/security/threat-protection/windows-firewall/documenting-the-zones.md +++ b/windows/security/threat-protection/windows-firewall/documenting-the-zones.md @@ -32,4 +32,4 @@ Generally, the task of determining zone membership is not complex, but it can be | SENSITIVE001 | Yes| Yes| Not required.| Running Windows Server 2012. Ready for inclusion.| $0| Isolated server (in zone by itself)| | PRINTSVR1 | Yes| Yes| Not required.| Running Windows Server 2008 R2. Ready for inclusion.| $0| Boundary| -**Next: **[Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md) +**Next:** [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md) diff --git a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md index 8179db1063..d0e345f2c5 100644 --- a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md +++ b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md @@ -63,4 +63,4 @@ The following groups were created by using the Active Directory Users and Comput >**Note:**  If you are designing GPOs for only Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2, you can design your GPOs in nested groups. For example, you can make the boundary group a member of the isolated domain group, so that it receives the firewall and basic isolated domain settings through that nested membership, with only the changes supplied by the boundary zone GPO. However, devices that are running older versions of Windows can only support a single IPsec policy being active at a time. The policies for each GPO must be complete (and to a great extent redundant with each other), because you cannot layer them as you can in the newer versions of Windows. For simplicity, this guide describes the techniques used to create the independent, non-layered policies. We recommend that you create and periodically run a script that compares the memberships of the groups that must be mutually exclusive and reports any devices that are incorrectly assigned to more than one group. -**Next: **[Server Isolation Policy Design Example](server-isolation-policy-design-example.md) +**Next:** [Server Isolation Policy Design Example](server-isolation-policy-design-example.md) diff --git a/windows/security/threat-protection/windows-firewall/encryption-zone.md b/windows/security/threat-protection/windows-firewall/encryption-zone.md index 2330b6ee32..ced058672b 100644 --- a/windows/security/threat-protection/windows-firewall/encryption-zone.md +++ b/windows/security/threat-protection/windows-firewall/encryption-zone.md @@ -67,4 +67,4 @@ The GPO for devices that are running at least Windows Server 2008 should includ - If domain member devices must communicate with devices in the encryption zone, ensure that you include in the isolated domain GPOs quick mode combinations that are compatible with the requirements of the encryption zone GPOs. -**Next: **[Planning Server Isolation Zones](planning-server-isolation-zones.md) +**Next:** [Planning Server Isolation Zones](planning-server-isolation-zones.md) diff --git a/windows/security/threat-protection/windows-firewall/exemption-list.md b/windows/security/threat-protection/windows-firewall/exemption-list.md index 93dbefc241..5911a0bedc 100644 --- a/windows/security/threat-protection/windows-firewall/exemption-list.md +++ b/windows/security/threat-protection/windows-firewall/exemption-list.md @@ -57,4 +57,4 @@ To keep the number of exemptions as small as possible, you have several options: As with defining the boundary zone, create a formal process to approve hosts being added to the exemption list. For a model of processing requests for exemptions, see the decision flowchart in the [Boundary Zone](boundary-zone.md) section. -**Next: **[Isolated Domain](isolated-domain.md) +**Next:** [Isolated Domain](isolated-domain.md) diff --git a/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md b/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md index fef8bc41e2..5127569bc4 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md +++ b/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md @@ -110,5 +110,5 @@ The following groups were created by using the Active Directory Users and Comput In your own design, create a group for each computer role in your organization that requires different or additional firewall rules. For example, file servers and print servers require additional rules to allow the incoming network traffic for those functions. If a function is ordinarily performed on most devices on the network, you might consider adding devices performing those roles to the common default firewall GPO set, unless there is a security reason not to include it there. -**Next: **[Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md) +**Next:** [Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md) diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md index 5b0c733db4..cd4b6c6d78 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md +++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md @@ -37,4 +37,4 @@ Active Directory is another important item about which you must gather informati - **Existing IPsec policy**. Because this project culminates in the implementation of IPsec policy, you must understand how the network currently uses IPsec (if at all). Windows Defender Firewall connection security rules for versions of Windows prior to Windows Vista and Windows Server 2008 are not compatible with earlier versions of Windows. If you already have IPsec policies deployed to devices running Windows XP and Windows Server 2003 in your organization, you must ensure that the new IPsec policies you deploy enable devices using either the old or new IPsec policies to communicate with each other. -**Next: **[Gathering Information about Your Devices](gathering-information-about-your-devices.md) +**Next:** [Gathering Information about Your Devices](gathering-information-about-your-devices.md) diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md index 34b00db3ac..992c8390e8 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md +++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md @@ -118,4 +118,4 @@ Some of the more common applications and protocols are as follows: - **Other traffic**. Windows Defender Firewall can help secure transmissions between devices by providing authentication of the packets in addition to encrypting the data that they contain. The important thing to do is to identify what must be protected, and the threats that must be mitigated. Examine and model other traffic or traffic types that must be secured. -**Next: **[Gathering Information about Your Active Directory Deployment](gathering-information-about-your-active-directory-deployment.md) +**Next:** [Gathering Information about Your Active Directory Deployment](gathering-information-about-your-active-directory-deployment.md) diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md index 79f64faa4e..2feb5a2fd1 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md +++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md @@ -59,4 +59,4 @@ Whether you use an automatic, manual, or hybrid option to gather the information This inventory will be critical for planning and implementing your Windows Defender Firewall design. -**Next: **[Gathering Other Relevant Information](gathering-other-relevant-information.md) +**Next:** [Gathering Other Relevant Information](gathering-other-relevant-information.md) diff --git a/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md b/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md index 7a20dd71a7..5d29784f77 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md +++ b/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md @@ -82,4 +82,4 @@ Network Monitor includes parsers for the ISAKMP (IKE), AH, and ESP protocols. Ne Message Analyzer is available on the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=44226). -**Next: **[Determining the Trusted State of Your Devices](determining-the-trusted-state-of-your-devices.md) +**Next:** [Determining the Trusted State of Your Devices](determining-the-trusted-state-of-your-devices.md) diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md index 65e05e7876..006015b36a 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md @@ -48,4 +48,4 @@ Copy the firewall rules for the boundary zone from the GPO that contains the fir Make sure that the GPO that contains firewall rules for the isolated domain does not also apply to the boundary zone to prevent overlapping, and possibly conflicting rules. -**Next: **[Encryption Zone GPOs](encryption-zone-gpos.md) +**Next:** [Encryption Zone GPOs](encryption-zone-gpos.md) diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md index 0820c4aacb..e16a7ecc32 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md @@ -50,7 +50,7 @@ Change the action for every inbound firewall rule from **Allow the connection** Make sure that the GPO that contains firewall rules for the isolated domain does not also apply to the boundary zone to prevent overlapping, and possibly conflicting rules. -**Next: **[Server Isolation GPOs](server-isolation-gpos.md) +**Next:** [Server Isolation GPOs](server-isolation-gpos.md)   diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md index 81e55a89ac..e44b50dd82 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md @@ -70,4 +70,4 @@ This GPO provides the following rules: - A firewall exception rule to allow required network traffic for the WGBank dashboard program. This inbound rule allows network traffic for the program Dashboard.exe in the %ProgramFiles%\\WGBank folder. The rule is also filtered to only allow traffic on port 1551. This rule is applied only to the domain profile. -**Next: **[Isolated Domain GPOs](isolated-domain-gpos.md) +**Next:** [Isolated Domain GPOs](isolated-domain-gpos.md) diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md index 4701b4565d..eda2c2ccc5 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md @@ -88,4 +88,4 @@ This GPO provides the following rules: - Authentication mode is set to **Do not authenticate**. -**Next: **[GPO\_DOMISO\_IsolatedDomain\_Servers](gpo-domiso-isolateddomain-servers.md) +**Next:** [GPO\_DOMISO\_IsolatedDomain\_Servers](gpo-domiso-isolateddomain-servers.md) diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md index 6e5fc43ced..bfe618f15f 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md @@ -31,5 +31,5 @@ Because so many of the settings and rules for this GPO are common to those in th >**Important:**  Windows Vista and Windows Server 2008 support only one network location profile at a time. The profile for the least secure network type is applied to the device. If you attach a network adapter to a device that is not physically connected to a network, the public network location type is associated with the network adapter and applied to the device. -**Next: **[Boundary Zone GPOs](boundary-zone-gpos.md) +**Next:** [Boundary Zone GPOs](boundary-zone-gpos.md) diff --git a/windows/security/threat-protection/windows-firewall/isolated-domain.md b/windows/security/threat-protection/windows-firewall/isolated-domain.md index 7c2bb196ff..bb06dc1bff 100644 --- a/windows/security/threat-protection/windows-firewall/isolated-domain.md +++ b/windows/security/threat-protection/windows-firewall/isolated-domain.md @@ -64,4 +64,4 @@ GPOs for devices running at least Windows Vista and Windows Server 2008 should >**Note:**  For a sample template for these registry settings, see [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md). -**Next: **[Boundary Zone](boundary-zone.md) +**Next:** [Boundary Zone](boundary-zone.md) diff --git a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md index 8c6362f758..9c73c224b9 100644 --- a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md +++ b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md @@ -38,4 +38,4 @@ Use the following table to determine which Windows Firewall with Advanced Securi To examine details for a specific design, click the design title at the top of the column in the preceding table. -**Next: **[Basic Firewall Policy Design](basic-firewall-policy-design.md) +**Next:** [Basic Firewall Policy Design](basic-firewall-policy-design.md) diff --git a/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md b/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md index 71ef3b2620..100858ecbe 100644 --- a/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md +++ b/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md @@ -59,4 +59,4 @@ When the clients and servers have the certificates available, you can configure Starting in Windows Server 2012,you can configure certificate selection criteria so the desired certificate is selected and/or validated. Enhanced Key Usage (EKU) criteria can be configured, as well as name restrictions and certificate thumbprints. This is configured using the **Advanced** button when choosing certificates for the authentication method in the user interface, or through Windows PowerShell. -**Next: **[Documenting the Zones](documenting-the-zones.md) +**Next:** [Documenting the Zones](documenting-the-zones.md) diff --git a/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md b/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md index 0536c63506..0798ba72d5 100644 --- a/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md +++ b/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md @@ -43,5 +43,5 @@ Multiple GPOs might be delivered to each group. Which one actually becomes appli If multiple GPOs are assigned to a group, and similar rules are applied, the rule that most specifically matches the network traffic is the one that is used by the device. For example, if one IPsec rule says to request authentication for all IP traffic, and a second rule from a different GPO says to require authentication for IP traffic to and from a specific IP address, then the second rule takes precedence because it is more specific. -**Next: **[Planning Network Access Groups](planning-network-access-groups.md) +**Next:** [Planning Network Access Groups](planning-network-access-groups.md) diff --git a/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md b/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md index fb13446ed6..3043878e04 100644 --- a/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md +++ b/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md @@ -38,4 +38,4 @@ For the Woodgrove Bank scenario, access to the devices running SQL Server that s >**Note:**  Membership in a NAG does not control the level of IPsec traffic protection. The IKE negotiation is only aware of whether the device or user passed or failed the Kerberos V5 authentication process. The connection security rules in the applied GPO control the security methods that are used for protecting traffic and are independent of the identity being authenticated by Kerberos V5. -**Next: **[Planning the GPOs](planning-the-gpos.md) +**Next:** [Planning the GPOs](planning-the-gpos.md) diff --git a/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md index f1977f0234..f42eca057b 100644 --- a/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md +++ b/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md @@ -79,4 +79,4 @@ GPOs for devices running at least Windows Server 2008 should include the follow >**Note:**  For a sample template for these registry settings, see [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md). -**Next: **[Planning Certificate-based Authentication](planning-certificate-based-authentication.md) +**Next:** [Planning Certificate-based Authentication](planning-certificate-based-authentication.md) diff --git a/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md b/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md index f75466f965..8138bd8ee1 100644 --- a/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md +++ b/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md @@ -55,4 +55,4 @@ The following is a list of the firewall settings that you might consider for inc - **Outbound rules**. Only create outbound rules to block network traffic that must be prevented in all cases. If your organization prohibits the use of certain network programs, you can support that policy by blocking the known network traffic used by the program. Be sure to test the restrictions before you deploy them to avoid interfering with traffic for needed and authorized programs. -**Next: **[Planning Domain Isolation Zones](planning-domain-isolation-zones.md) +**Next:** [Planning Domain Isolation Zones](planning-domain-isolation-zones.md) diff --git a/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md b/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md index b00682c8e7..6992965186 100644 --- a/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md +++ b/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md @@ -95,4 +95,4 @@ After you have selected a design and assigned your devices to zones, you can beg When you are ready to examine the options for the groups, filters, and GPOs, see the [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md) section. -**Next: **[Planning Settings for a Basic Firewall Policy](planning-settings-for-a-basic-firewall-policy.md) +**Next:** [Planning Settings for a Basic Firewall Policy](planning-settings-for-a-basic-firewall-policy.md) diff --git a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md index 46d4138780..a3ca3c4b6e 100644 --- a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md +++ b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md @@ -47,4 +47,4 @@ The following component is recommended for this deployment goal: Other means of deploying a firewall policy are available, such as creating scripts that use the netsh command-line tool, and then running those scripts on each computer in the organization. This guide uses Active Directory as a recommended means of deployment because of its ability to scale to very large organizations. -**Next: **[Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md) +**Next:** [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md) diff --git a/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md b/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md index d82a578afb..4f5c2b1cb0 100644 --- a/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md +++ b/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md @@ -45,4 +45,4 @@ The following components are required for this deployment goal: - **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more GPOs that can be automatically applied to all relevant devices in the domain. -**Next: **[Restrict Access to Only Specified Users or Devices](restrict-access-to-only-specified-users-or-devices.md) +**Next:** [Restrict Access to Only Specified Users or Devices](restrict-access-to-only-specified-users-or-devices.md) diff --git a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md index 66ddfe63d9..b34c8d48ea 100644 --- a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md +++ b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md @@ -49,4 +49,4 @@ The following components are required for this deployment goal: - **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more GPOs that can be automatically applied to all relevant devices in the domain. -**Next: **[Mapping Your Deployment Goals to a Windows Defender Firewall with Advanced Security Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md) +**Next:** [Mapping Your Deployment Goals to a Windows Defender Firewall with Advanced Security Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md) diff --git a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md index 015a1f0957..cbdd8e51d9 100644 --- a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md +++ b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md @@ -59,4 +59,4 @@ The following components are required for this deployment goal: - **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more GPOs that can be automatically applied to all relevant devices in the domain. -**Next: **[Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md) +**Next:** [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md) diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md b/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md index a22b209144..dbffb1b8f1 100644 --- a/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md +++ b/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md @@ -36,4 +36,4 @@ This GPO is identical to the GPO\_DOMISO\_Encryption GPO with the following chan >**Important:**  Earlier versions of Windows support only device-based authentication. If you specify that user authentication is mandatory, only users on devices that are running at least Windows Vista or Windows Server 2008 can connect. -**Next: **[Planning GPO Deployment](planning-gpo-deployment.md) +**Next:** [Planning GPO Deployment](planning-gpo-deployment.md) diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md index f693d8a70b..b93e884682 100644 --- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md +++ b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md @@ -82,4 +82,4 @@ If Woodgrove Bank wants to implement server isolation without domain isolation, You do not have to include the encryption-capable rules on all devices. Instead, you can create GPOs that are applied only to members of the NAG, in addition to the standard domain isolation GPO, that contain connection security rules to support encryption. -**Next: **[Certificate-based Isolation Policy Design Example](certificate-based-isolation-policy-design-example.md) +**Next:** [Certificate-based Isolation Policy Design Example](certificate-based-isolation-policy-design-example.md) diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md index 8a3e3033be..1eeea3dc76 100644 --- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md @@ -59,4 +59,4 @@ For more info about this design: - For a list of tasks that you can use to deploy your server isolation policy design, see [Checklist: Implementing a Standalone Server Isolation Policy Design](checklist-implementing-a-standalone-server-isolation-policy-design.md). -**Next: **[Certificate-based Isolation Policy Design](certificate-based-isolation-policy-design.md) +**Next:** [Certificate-based Isolation Policy Design](certificate-based-isolation-policy-design.md)
    Internal error codes