From 1d197a283dede92f8f66a319c8740e9f022c326d Mon Sep 17 00:00:00 2001 From: jaimeo Date: Wed, 31 Oct 2018 14:09:26 -0700 Subject: [PATCH 01/23] added relevant build # info to new endpoints --- .../update/windows-analytics-get-started.md | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/windows/deployment/update/windows-analytics-get-started.md b/windows/deployment/update/windows-analytics-get-started.md index d8213abaa1..611dde3d1f 100644 --- a/windows/deployment/update/windows-analytics-get-started.md +++ b/windows/deployment/update/windows-analytics-get-started.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: deploy author: jaimeo ms.author: jaimeo -ms.date: 10/08/2018 +ms.date: 10/31/2018 ms.localizationpriority: medium --- @@ -45,27 +45,27 @@ To enable data sharing, configure your proxy server to whitelist the following e | **Endpoint** | **Function** | |---------------------------------------------------------|-----------| +|`https://ceuswatcab01.blob.core.windows.net` | Windows Error Reporting (WER); required for uploading crash analytics in Windows 10, version 1803, build 17134.320 or later | +| `https://ceuswatcab02.blob.core.windows.net` | Windows Error Reporting (WER); required for uploading crash analytics in Windows 10, version 1803, build 17134.320 or later | +| `https://eaus2watcab01.blob.core.windows.net` | Windows Error Reporting (WER); required for uploading crash analytics in Windows 10, version 1803, build 17134.320 or later | +| `https://eaus2watcab02.blob.core.windows.net` | Windows Error Reporting (WER); required for uploading crash analytics in Windows 10, version 1803, build 17134.320 or later | +| `https://weus2watcab01.blob.core.windows.net` | Windows Error Reporting (WER); required for uploading crash analytics in Windows 10, version 1803, build 17134.320 or later | +| `https://weus2watcab02.blob.core.windows.net` | Windows Error Reporting (WER); required for uploading crash analytics in Windows 10, version 1803, build 17134.320 or later | +| `https://v10c.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for use with Windows 10, version 1803, build 17134.320 or later | | `https://v10.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for use with Windows 10, version 1803| | `https://v10.vortex-win.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1709 or earlier | | `https://vortex-win.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for operating systems older than Windows 10 | -| `https://v10c.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for use with Windows versions that have KB4458469 installed | | `https://settings-win.data.microsoft.com` | Enables the compatibility update to send data to Microsoft. | `http://adl.windows.com` | Allows the compatibility update to receive the latest compatibility data from Microsoft. | | `https://watson.telemetry.microsoft.com` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports. Not used by Upgrade Readiness. | | `https://oca.telemetry.microsoft.com` | Online Crash Analysis; required for Device Health and Update Compliance AV reports. Not used by Upgrade Readiness. | | `https://login.live.com` | This endpoint is required by Device Health to ensure data integrity and provides a more reliable device identity for all of the Windows Analytics solutions on Windows 10. If you want to disable end-user managed service account (MSA) access, you should apply the appropriate [policy](https://docs.microsoft.com/windows/security/identity-protection/access-control/microsoft-accounts#block-all-consumer-microsoft-account-user-authentication) instead of blocking this endpoint. | -| `https://www.msftncsi.com` | Windows Error Reporting (WER); required for Device Health to check connectivity. | -| `https://www.msftconnecttest.com` | Windows Error Reporting (WER); required for Device Health to check connectivity. | -| `https://ceuswatcab01.blob.core.windows.net` | Windows Error Reporting (WER); required for uploading crash analytics. | -| `https://ceuswatcab02.blob.core.windows.net` | Windows Error Reporting (WER); required for uploading crash analytics. | -| `https://eaus2watcab01.blob.core.windows.net` | Windows Error Reporting (WER); required for uploading crash analytics. | -| `https://eaus2watcab02.blob.core.windows.net` | Windows Error Reporting (WER); required for uploading crash analytics. | -| `https://weus2watcab01.blob.core.windows.net` | Windows Error Reporting (WER); required for uploading crash analytics. | -| `https://weus2watcab02.blob.core.windows.net` | Windows Error Reporting (WER); required for uploading crash analytics. | +| `https://www.msftncsi.com` | Windows Error Reporting (WER); required for Device Health to check connectivity | +| `https://www.msftconnecttest.com` | Windows Error Reporting (WER); required for Device Health to check connectivity | >[!NOTE] ->Proxy authentation and SSL inspections are frequent challenges for enterprises. See the following sections for configuration options. +>Proxy authentication and SSL inspections are frequent challenges for enterprises. See the following sections for configuration options. ### Configuring endpoint access with SSL inspection To ensure privacy and data integrity Windows checks for a Microsoft SSL certificate when communicating with the diagnostic data endpoints. Accordingly SSL interception and inspection is not possible. To use Windows Analytics services you should exclude the above endpoints from SSL inspection. From 82502ac335f3fa617b2f2eb1277194e747e9be4c Mon Sep 17 00:00:00 2001 From: Patti Short <35278231+shortpatti@users.noreply.github.com> Date: Wed, 31 Oct 2018 14:47:18 -0700 Subject: [PATCH 02/23] Update passportforwork-csp.md --- windows/client-management/mdm/passportforwork-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/passportforwork-csp.md b/windows/client-management/mdm/passportforwork-csp.md index 4b08386596..dd7d3f6a85 100644 --- a/windows/client-management/mdm/passportforwork-csp.md +++ b/windows/client-management/mdm/passportforwork-csp.md @@ -212,7 +212,7 @@ Node for defining biometric settings. This node was added in Windows 10, versi **Biometrics/UseBiometrics** (only for ./Device/Vendor/MSFT) Boolean value used to enable or disable the use of biometric gestures, such as face and fingerprint, as an alternative to the PIN gesture for Windows Hello for Business. Users must still configure a PIN if they configure biometric gestures to use in case of failures. This node was added in Windows 10, version 1511. -Default value is false. If you set this policy to true, biometric gestures are enabled for use with Windows Hello for Business. If you set this policy to false, biometric gestures are disabled for use with Windows Hello for Business. +Default value is true, enabling the biometric gestures for use with Windows Hello for Business. If you set this policy to false, biometric gestures are disabled for use with Windows Hello for Business. From 230f9150250dae14ba8b8900bae6b341784c3c1a Mon Sep 17 00:00:00 2001 From: Patti Short <35278231+shortpatti@users.noreply.github.com> Date: Wed, 31 Oct 2018 14:47:48 -0700 Subject: [PATCH 03/23] Update passportforwork-csp.md --- windows/client-management/mdm/passportforwork-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/passportforwork-csp.md b/windows/client-management/mdm/passportforwork-csp.md index dd7d3f6a85..7bc515edc2 100644 --- a/windows/client-management/mdm/passportforwork-csp.md +++ b/windows/client-management/mdm/passportforwork-csp.md @@ -7,7 +7,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 07/26/2018 +ms.date: 10/31/2018 --- # PassportForWork CSP From 57a27cea98a6b395894ed9be21bd14d807976f3d Mon Sep 17 00:00:00 2001 From: Patti Short <35278231+shortpatti@users.noreply.github.com> Date: Wed, 31 Oct 2018 15:45:58 -0700 Subject: [PATCH 04/23] Update policy-csp-userrights.md --- .../client-management/mdm/policy-csp-userrights.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index 006ebdea5e..684f7b67e5 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 03/12/2018 +ms.date: 10/31/2018 --- # Policy CSP - UserRights @@ -14,7 +14,7 @@ ms.date: 03/12/2018
-User rights are assigned for user accounts or groups. The name of the policy defines the user right in question, and the values are always users or groups. Values can be represented as SIDs or strings. Here is a list for reference, [Well-Known SID Structures](https://msdn.microsoft.com/library/cc980032.aspx). Even though strings are supported for well-known accounts and groups, it is better to use SIDs because strings are localized for different languages. Some user rights allow things, like AccessFromNetwork, while others disallow things, like DenyAccessFromNetwork. +User rights are assigned for user accounts or groups. The name of the policy defines the user right in question, and the values are always users or groups. Values can be represented as SIDs or strings. Here is a list for reference, [Well-Known SID Structures](https://msdn.microsoft.com/library/cc980032.aspx). Even though strings are supported for well-known accounts and groups, it is better to use SIDs because strings are localized for different languages. Some user rights allow things like AccessFromNetwork, while others disallow things, like DenyAccessFromNetwork. Here is an example syncml for setting the user right BackupFilesAndDirectories for Administrators and Authenticated Users groups. @@ -32,7 +32,7 @@ Here is an example syncml for setting the user right BackupFilesAndDirectories f ./Device/Vendor/MSFT/Policy/Config/UserRights/BackupFilesAndDirectories - Authenticated UsersAdministrators + Authenticated UsersAdministrators @@ -40,7 +40,7 @@ Here is an example syncml for setting the user right BackupFilesAndDirectories f ``` -Here are examples of data fields. The encoded 0xF000 is the standard delimiter/separator +Here are examples of data fields. Code \ which is encoded from \, is the used for the delimiter/separator. - Grant an user right to Administrators group via SID: ``` @@ -49,17 +49,17 @@ Here are examples of data fields. The encoded 0xF000 is the standard delimiter/s - Grant an user right to multiple groups (Administrators, Authenticated Users) via SID ``` - *S-1-5-32-544*S-1-5-11 + *S-1-5-32-544*S-1-5-11 ``` - Grant an user right to multiple groups (Administrators, Authenticated Users) via a mix of SID and Strings ``` - *S-1-5-32-544Authenticated Users + *S-1-5-32-544Authenticated Users ``` - Grant an user right to multiple groups (Authenticated Users, Administrators) via strings ``` - Authenticated UsersAdministrators + Authenticated UsersAdministrators ``` - Empty input indicates that there are no users configured to have that user right From ab8063cd93747fbc207ce7620525404a1b9ee38c Mon Sep 17 00:00:00 2001 From: Patti Short <35278231+shortpatti@users.noreply.github.com> Date: Wed, 31 Oct 2018 15:46:33 -0700 Subject: [PATCH 05/23] Update policy-csp-userrights.md --- windows/client-management/mdm/policy-csp-userrights.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index 684f7b67e5..08286523de 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -40,7 +40,7 @@ Here is an example syncml for setting the user right BackupFilesAndDirectories f ``` -Here are examples of data fields. Code \ which is encoded from \, is the used for the delimiter/separator. +Here are examples of data fields. Code \ which is encoded from \, is used for the delimiter/separator. - Grant an user right to Administrators group via SID: ``` From d3409a7e38ed7ab39428bb01c0bbb975db5a9251 Mon Sep 17 00:00:00 2001 From: Patti Short <35278231+shortpatti@users.noreply.github.com> Date: Wed, 31 Oct 2018 16:00:18 -0700 Subject: [PATCH 06/23] Update policy-csp-userrights.md --- windows/client-management/mdm/policy-csp-userrights.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index 08286523de..09b30b65c0 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -32,7 +32,7 @@ Here is an example syncml for setting the user right BackupFilesAndDirectories f ./Device/Vendor/MSFT/Policy/Config/UserRights/BackupFilesAndDirectories - Authenticated UsersAdministrators + Authenticated UsersAdministrators @@ -40,7 +40,7 @@ Here is an example syncml for setting the user right BackupFilesAndDirectories f ``` -Here are examples of data fields. Code \ which is encoded from \, is used for the delimiter/separator. +Here are examples of data fields. The encoded 0xF000 is the standard delimiter/separator. - Grant an user right to Administrators group via SID: ``` From 01905c91bf31c0e770707275721a0aebf43a6472 Mon Sep 17 00:00:00 2001 From: Patti Short <35278231+shortpatti@users.noreply.github.com> Date: Thu, 1 Nov 2018 06:45:56 -0700 Subject: [PATCH 07/23] Update understanding-admx-backed-policies.md --- .../mdm/understanding-admx-backed-policies.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/understanding-admx-backed-policies.md b/windows/client-management/mdm/understanding-admx-backed-policies.md index 803eba81fb..be981913ce 100644 --- a/windows/client-management/mdm/understanding-admx-backed-policies.md +++ b/windows/client-management/mdm/understanding-admx-backed-policies.md @@ -202,7 +202,8 @@ The following SyncML examples describe how to set a MDM policy that is defined b (None) **Request SyncML** -``` + +```XML @@ -220,7 +221,8 @@ The following SyncML examples describe how to set a MDM policy that is defined b ``` **Response SyncML** -``` + +```XML 2 1 From fca400f6d28a09a94f141294335ebbceb04387e6 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Thu, 1 Nov 2018 10:12:58 -0700 Subject: [PATCH 08/23] editing --- .../update/windows-analytics-get-started.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/deployment/update/windows-analytics-get-started.md b/windows/deployment/update/windows-analytics-get-started.md index 611dde3d1f..ac77caf1ff 100644 --- a/windows/deployment/update/windows-analytics-get-started.md +++ b/windows/deployment/update/windows-analytics-get-started.md @@ -45,12 +45,12 @@ To enable data sharing, configure your proxy server to whitelist the following e | **Endpoint** | **Function** | |---------------------------------------------------------|-----------| -|`https://ceuswatcab01.blob.core.windows.net` | Windows Error Reporting (WER); required for uploading crash analytics in Windows 10, version 1803, build 17134.320 or later | -| `https://ceuswatcab02.blob.core.windows.net` | Windows Error Reporting (WER); required for uploading crash analytics in Windows 10, version 1803, build 17134.320 or later | -| `https://eaus2watcab01.blob.core.windows.net` | Windows Error Reporting (WER); required for uploading crash analytics in Windows 10, version 1803, build 17134.320 or later | -| `https://eaus2watcab02.blob.core.windows.net` | Windows Error Reporting (WER); required for uploading crash analytics in Windows 10, version 1803, build 17134.320 or later | -| `https://weus2watcab01.blob.core.windows.net` | Windows Error Reporting (WER); required for uploading crash analytics in Windows 10, version 1803, build 17134.320 or later | -| `https://weus2watcab02.blob.core.windows.net` | Windows Error Reporting (WER); required for uploading crash analytics in Windows 10, version 1803, build 17134.320 or later | +|`https://ceuswatcab01.blob.core.windows.net` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports in Windows 10, version 1809 or later. | +| `https://ceuswatcab02.blob.core.windows.net` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports in Windows 10, version 1809 or later.| +| `https://eaus2watcab01.blob.core.windows.net` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports in Windows 10, version 1809 or later. | +| `https://eaus2watcab02.blob.core.windows.net` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports in Windows 10, version 1809 or later. | +| `https://weus2watcab01.blob.core.windows.net` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports in Windows 10, version 1809 or later.| +| `https://weus2watcab02.blob.core.windows.net` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports in Windows 10, version 1809 or later. | | `https://v10c.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for use with Windows 10, version 1803, build 17134.320 or later | | `https://v10.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for use with Windows 10, version 1803| | `https://v10.vortex-win.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1709 or earlier | From cb8ae82f6613128fb18a35b1727b823f8f5e04e9 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Thu, 1 Nov 2018 17:13:16 +0000 Subject: [PATCH 09/23] Merged PR 12504: rearranged configuration TOC; removed location (policy csp) --- .openpublishing.redirection.json | 5 + windows/client-management/mdm/TOC.md | 1 - .../policy-configuration-service-provider.md | 7 -- .../mdm/policy-csp-location.md | 105 ------------------ windows/configuration/TOC.md | 58 +++++----- windows/configuration/index.md | 12 +- windows/configuration/wcd/wcd-policies.md | 2 +- 7 files changed, 41 insertions(+), 149 deletions(-) delete mode 100644 windows/client-management/mdm/policy-csp-location.md diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index d70475efaa..97405d2d24 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -5351,6 +5351,11 @@ "redirect_document_id": true }, { +"source_path": "windows/client-management/mdm/policy-csp-location.md", +"redirect_url": "/windows/client-management/mdm/policy-configuration-service-provider", +"redirect_document_id": false +}, +{ "source_path": "windows/keep-secure/add-apps-to-protected-list-using-custom-uri.md", "redirect_url": "/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune", "redirect_document_id": false diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 170d3d38f2..5d145ddd7f 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -225,7 +225,6 @@ #### [LanmanWorkstation](policy-csp-lanmanworkstation.md) #### [Licensing](policy-csp-licensing.md) #### [LocalPoliciesSecurityOptions](policy-csp-localpoliciessecurityoptions.md) -#### [Location](policy-csp-location.md) #### [LockDown](policy-csp-lockdown.md) #### [Maps](policy-csp-maps.md) #### [Messaging](policy-csp-messaging.md) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 04c4a70288..b8eeef6c2d 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -2280,13 +2280,7 @@ The following diagram shows the Policy configuration service provider in tree fo -### Location policies -
-
- Location/EnableLocation -
-
### LockDown policies @@ -4678,7 +4672,6 @@ The following diagram shows the Policy configuration service provider in tree fo - [LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-switchtothesecuredesktopwhenpromptingforelevation) - [LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-useadminapprovalmode) - [LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-virtualizefileandregistrywritefailurestoperuserlocations) -- [Location/EnableLocation](./policy-csp-location.md#location-enablelocation) - [LockDown/AllowEdgeSwipe](./policy-csp-lockdown.md#lockdown-allowedgeswipe) - [MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes](./policy-csp-msslegacy.md#msslegacy-allowicmpredirectstooverrideospfgeneratedroutes) - [MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers](./policy-csp-msslegacy.md#msslegacy-allowthecomputertoignorenetbiosnamereleaserequestsexceptfromwinsservers) diff --git a/windows/client-management/mdm/policy-csp-location.md b/windows/client-management/mdm/policy-csp-location.md deleted file mode 100644 index 8745836c59..0000000000 --- a/windows/client-management/mdm/policy-csp-location.md +++ /dev/null @@ -1,105 +0,0 @@ ---- -title: Policy CSP - Location -description: Policy CSP - Location -ms.author: maricia -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: MariciaAlforque -ms.date: 08/09/2018 ---- - -# Policy CSP - Location - - - -
- - -## Location policies - -
-
- Location/EnableLocation -
-
- - -
- - -**Location/EnableLocation** - - - - - - - - - - - - - - - - - - - - - -
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
- - - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -Added in Windows 10, version 1703. Optional policy that allows for IT admin to preconfigure whether or not Location Service's Device Switch is enabled or disabled for the device. Setting this policy is not required for Location Services to function. This policy controls a device wide state that affects all users, apps, and services ability to find the device's latitude and longitude on a map. There is a separate user switch that defines whether the location service is allowed to retrieve a position for the current user. In order to retrieve a position for a specific user, both the Device Switch and the User Switch must be enabled. If either is disabled, positions cannot be retrieved for the user. The user can later change both the User Switch and the Device Switch through the user interface on the Settings -> Privacy -> Location page. - -> [!IMPORTANT] -> This policy is not intended to ever be set, pushed, or refreshed more than one time after the first boot of the device because it is meant as initial configuration. Refreshing this policy might result in the Location Service's Device Switch changing state to something the user did not select, which is not an intended use for this policy. - - - -ADMX Info: -- GP English name: *Turn off Windows Location Provider* -- GP name: *DisableWindowsLocationProvider_1* -- GP path: *Windows Components/Location and Sensors/Windows Location Provider* -- GP ADMX file name: *LocationProviderAdm.admx* - - - -The following list shows the supported values: - -- 0 (default) – Disabled. -- 1 – Enabled. - - - -To validate on Desktop, do the following: - -1. Verify that Settings -> Privacy -> Location -> Location for this device is On/Off as expected. -2. Use Windows Maps Application (or similar) to see if a location can or cannot be obtained. - - - -
- -Footnote: - -- 1 - Added in Windows 10, version 1607. -- 2 - Added in Windows 10, version 1703. -- 3 - Added in Windows 10, version 1709. -- 4 - Added in Windows 10, version 1803. - - - diff --git a/windows/configuration/TOC.md b/windows/configuration/TOC.md index af4f71427d..b0498ec09f 100644 --- a/windows/configuration/TOC.md +++ b/windows/configuration/TOC.md @@ -1,5 +1,21 @@ # [Configure Windows 10](index.md) -## [Manage Wi-Fi Sense in your company](manage-wifi-sense-in-enterprise.md) +## [Accessibility information for IT Pros](windows-10-accessibility-for-ITPros.md) +## [Configure access to Microsoft Store](stop-employees-from-using-microsoft-store.md) +## [Cortana integration in your business or enterprise](cortana-at-work/cortana-at-work-overview.md) +### [Testing scenarios using Cortana in your business or organization](cortana-at-work/cortana-at-work-testing-scenarios.md) +#### [Test scenario 1 - Sign-in to Azure AD and use Cortana to manage the notebook](cortana-at-work/cortana-at-work-scenario-1.md) +#### [Test scenario 2 - Perform a quick search with Cortana at work](cortana-at-work/cortana-at-work-scenario-2.md) +#### [Test scenario 3 - Set a reminder for a specific location using Cortana at work](cortana-at-work/cortana-at-work-scenario-3.md) +#### [Test scenario 4 - Use Cortana at work to find your upcoming meetings](cortana-at-work/cortana-at-work-scenario-4.md) +#### [Test scenario 5 - Use Cortana to send email to a co-worker](cortana-at-work/cortana-at-work-scenario-5.md) +#### [Test scenario 6 - Review a reminder suggested by Cortana based on what you’ve promised in email](cortana-at-work/cortana-at-work-scenario-6.md) +#### [Test scenario 7 - Use Cortana and Windows Information Protection (WIP) to help protect your organization’s data on a device](cortana-at-work/cortana-at-work-scenario-7.md) +### [Set up and test Cortana with Office 365 in your organization](cortana-at-work/cortana-at-work-o365.md) +### [Set up and test Cortana with Microsoft Dynamics CRM (Preview feature) in your organization](cortana-at-work/cortana-at-work-crm.md) +### [Set up and test Cortana for Power BI in your organization](cortana-at-work/cortana-at-work-powerbi.md) +### [Set up and test custom voice commands in Cortana for your organization](cortana-at-work/cortana-at-work-voice-commands.md) +### [Use Group Policy and mobile device management (MDM) settings to configure Cortana in your organization](cortana-at-work/cortana-at-work-policy-settings.md) +### [Send feedback about Cortana at work back to Microsoft](cortana-at-work/cortana-at-work-feedback.md) ## [Set up a shared or guest PC with Windows 10](set-up-shared-or-guest-pc.md) ## [Configure kiosks and digital signs on Windows desktop editions](kiosk-methods.md) ### [Prepare a device for kiosk configuration](kiosk-prepare.md) @@ -16,17 +32,6 @@ #### [Use Shell Launcher to create a Windows 10 kiosk](kiosk-shelllauncher.md) #### [Use MDM Bridge WMI Provider to create a Windows 10 kiosk](kiosk-mdm-bridge.md) #### [Troubleshoot multi-app kiosk](multi-app-kiosk-troubleshoot.md) -## [Configure Windows 10 Mobile devices](mobile-devices/configure-mobile.md) -### [Set up a kiosk on Windows 10 Mobile or Windows 10 Mobile Enterprise](mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md) -### [Use Windows Configuration Designer to configure Windows 10 Mobile devices](mobile-devices/provisioning-configure-mobile.md) -#### [NFC-based device provisioning](mobile-devices/provisioning-nfc.md) -#### [Barcode provisioning and the package splitter tool](mobile-devices/provisioning-package-splitter.md) -### [Use the Lockdown Designer app to create a Lockdown XML file](mobile-devices/mobile-lockdown-designer.md) -### [Configure Windows 10 Mobile using Lockdown XML](mobile-devices/lockdown-xml.md) -### [Settings and quick actions that can be locked down in Windows 10 Mobile](mobile-devices/settings-that-can-be-locked-down.md) -### [Product IDs in Windows 10 Mobile](mobile-devices/product-ids-in-windows-10-mobile.md) -### [Start layout XML for mobile editions of Windows 10 (reference)](mobile-devices/start-layout-xml-mobile.md) -## [Configure cellular settings for tablets and PCs](provisioning-apn.md) ## [Configure Windows Spotlight on the lock screen](windows-spotlight.md) ## [Manage Windows 10 and Microsoft Store tips, "fun facts", and suggestions](manage-tips-and-suggestions.md) ## [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md) @@ -38,23 +43,6 @@ ### [Customize Windows 10 Start and taskbar with provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md) ### [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) ### [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md) -## [Cortana integration in your business or enterprise](cortana-at-work/cortana-at-work-overview.md) -### [Testing scenarios using Cortana in your business or organization](cortana-at-work/cortana-at-work-testing-scenarios.md) -#### [Test scenario 1 - Sign-in to Azure AD and use Cortana to manage the notebook](cortana-at-work/cortana-at-work-scenario-1.md) -#### [Test scenario 2 - Perform a quick search with Cortana at work](cortana-at-work/cortana-at-work-scenario-2.md) -#### [Test scenario 3 - Set a reminder for a specific location using Cortana at work](cortana-at-work/cortana-at-work-scenario-3.md) -#### [Test scenario 4 - Use Cortana at work to find your upcoming meetings](cortana-at-work/cortana-at-work-scenario-4.md) -#### [Test scenario 5 - Use Cortana to send email to a co-worker](cortana-at-work/cortana-at-work-scenario-5.md) -#### [Test scenario 6 - Review a reminder suggested by Cortana based on what you’ve promised in email](cortana-at-work/cortana-at-work-scenario-6.md) -#### [Test scenario 7 - Use Cortana and Windows Information Protection (WIP) to help protect your organization’s data on a device](cortana-at-work/cortana-at-work-scenario-7.md) -### [Set up and test Cortana with Office 365 in your organization](cortana-at-work/cortana-at-work-o365.md) -### [Set up and test Cortana with Microsoft Dynamics CRM (Preview feature) in your organization](cortana-at-work/cortana-at-work-crm.md) -### [Set up and test Cortana for Power BI in your organization](cortana-at-work/cortana-at-work-powerbi.md) -### [Set up and test custom voice commands in Cortana for your organization](cortana-at-work/cortana-at-work-voice-commands.md) -### [Use Group Policy and mobile device management (MDM) settings to configure Cortana in your organization](cortana-at-work/cortana-at-work-policy-settings.md) -### [Send feedback about Cortana at work back to Microsoft](cortana-at-work/cortana-at-work-feedback.md) -## [Configure access to Microsoft Store](stop-employees-from-using-microsoft-store.md) -## [Accessibility information for IT Pros](windows-10-accessibility-for-ITPros.md) ## [Provisioning packages for Windows 10](provisioning-packages/provisioning-packages.md) ### [How provisioning works in Windows 10](provisioning-packages/provisioning-how-it-works.md) ### [Introduction to configuration service providers (CSPs)](provisioning-packages/how-it-pros-can-use-configuration-service-providers.md) @@ -135,6 +123,7 @@ #### [WindowsTeamSettings](wcd/wcd-windowsteamsettings.md) #### [WLAN](wcd/wcd-wlan.md) #### [Workplace](wcd/wcd-workplace.md) +## [Configure cellular settings for tablets and PCs](provisioning-apn.md) ## [Lockdown features from Windows Embedded 8.1 Industry](lockdown-features-windows-10.md) ## [User Experience Virtualization (UE-V) for Windows](ue-v/uev-for-windows.md) ### [Get Started with UE-V](ue-v/uev-getting-started.md) @@ -163,4 +152,15 @@ #### [Synchronizing Microsoft Office with UE-V](ue-v/uev-synchronizing-microsoft-office-with-uev.md) #### [Application Template Schema Reference for UE-V](ue-v/uev-application-template-schema-reference.md) #### [Security Considerations for UE-V](ue-v/uev-security-considerations.md) +## [Manage Wi-Fi Sense in your company](manage-wifi-sense-in-enterprise.md) +## [Configure Windows 10 Mobile devices](mobile-devices/configure-mobile.md) +### [Set up a kiosk on Windows 10 Mobile or Windows 10 Mobile Enterprise](mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md) +### [Use Windows Configuration Designer to configure Windows 10 Mobile devices](mobile-devices/provisioning-configure-mobile.md) +#### [NFC-based device provisioning](mobile-devices/provisioning-nfc.md) +#### [Barcode provisioning and the package splitter tool](mobile-devices/provisioning-package-splitter.md) +### [Use the Lockdown Designer app to create a Lockdown XML file](mobile-devices/mobile-lockdown-designer.md) +### [Configure Windows 10 Mobile using Lockdown XML](mobile-devices/lockdown-xml.md) +### [Settings and quick actions that can be locked down in Windows 10 Mobile](mobile-devices/settings-that-can-be-locked-down.md) +### [Product IDs in Windows 10 Mobile](mobile-devices/product-ids-in-windows-10-mobile.md) +### [Start layout XML for mobile editions of Windows 10 (reference)](mobile-devices/start-layout-xml-mobile.md) ## [Change history for Configure Windows 10](change-history-for-configure-windows-10.md) diff --git a/windows/configuration/index.md b/windows/configuration/index.md index b64b47fabf..6517e9e14f 100644 --- a/windows/configuration/index.md +++ b/windows/configuration/index.md @@ -21,19 +21,19 @@ Enterprises often need to apply custom configurations to devices for their users | Topic | Description | | --- | --- | -| [Manage Wi-Fi Sense in your company](manage-wifi-sense-in-enterprise.md) | Wi-Fi Sense automatically connects you to Wi-Fi, so you can get online quickly in more places. It can connect you to open Wi-Fi hotspots it knows about through crowdsourcing, or to Wi-Fi networks your contacts have shared with you by using Wi-Fi Sense. The initial settings for Wi-Fi Sense are determined by the options you chose when you first set up your PC with Windows 10. | +| [Accessibility information for IT Pros](windows-10-accessibility-for-ITPros.md) | Windows 10 includes accessibility features that benefit all users. These features make it easier to customize the computer and give users with different abilities options to improve their experience with Windows. This topic helps IT administrators learn about built-in accessibility features. | +| [Configure access to Microsoft Store](stop-employees-from-using-the-windows-store.md) | IT Pros can configure access to Microsoft Store for client computers in their organization. For some organizations, business policies require blocking access to Microsoft Store. | +| [Cortana integration in your business or enterprise](cortana-at-work/cortana-at-work-overview.md) | The world’s first personal digital assistant helps users get things done, even at work. Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and enterprise environments. | | [Set up a shared or guest PC with Windows 10](set-up-shared-or-guest-pc.md) | Windows 10, version 1607, introduced *shared PC mode*, which optimizes Windows 10 for shared use scenarios, such as touchdown spaces in an enterprise and temporary customer use in retail. | | [Configure kiosk and digital signage devices running Windows 10 desktop editions](kiosk-methods.md) | These topics help you configure Windows 10 devices to run as a kiosk device. | -| [Configure Windows 10 Mobile devices](mobile-devices/configure-mobile.md) | These topics help you configure the features and apps and Start screen for a device running Windows 10 Mobile, as well as how to configure a kiosk device that runs a single app. | -| [Configure cellular settings for tablets and PCs](provisioning-apn.md) | Enterprises can provision cellular settings for tablets and PC with built-in cellular modems or plug-in USB modem dongles. | | [Windows Spotlight on the lock screen](windows-spotlight.md) | Windows Spotlight is an option for the lock screen background that displays different background images and occasionally offers suggestions on the lock screen.

**Note:** You can also use the [Personalization CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/personalization-csp) settings to set lock screen and desktop background images. | | [Manage Windows 10 and Microsoft Store tips, tricks, and suggestions](manage-tips-and-suggestions.md) | Options to manage the tips, tricks, and suggestions offered by Windows and Microsoft Store. | | [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md) | Organizations might want to deploy a customized Start screen and menu to devices running Windows 10 Pro, Enterprise, or Education. A standard Start layout can be useful on devices that are common to multiple users and devices that are locked down for specialized purposes. | -| [Cortana integration in your business or enterprise](cortana-at-work/cortana-at-work-overview.md) | The world’s first personal digital assistant helps users get things done, even at work. Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and enterprise environments. | -| [Configure access to Microsoft Store](stop-employees-from-using-the-windows-store.md) | IT Pros can configure access to Microsoft Store for client computers in their organization. For some organizations, business policies require blocking access to Microsoft Store. | -| [Accessibility information for IT Pros](windows-10-accessibility-for-ITPros.md) | Windows 10 includes accessibility features that benefit all users. These features make it easier to customize the computer and give users with different abilities options to improve their experience with Windows. This topic helps IT administrators learn about built-in accessibility features. | | [Provisioning packages for Windows 10](provisioning-packages/provisioning-packages.md) | Learn how to use the Windows Configuration Designer and provisioning packages to easily configure multiple devices. | +| [Configure cellular settings for tablets and PCs](provisioning-apn.md) | Enterprises can provision cellular settings for tablets and PC with built-in cellular modems or plug-in USB modem dongles. | | [Lockdown features from Windows Embedded 8.1 Industry](lockdown-features-windows-10.md) | Many of the lockdown features available in Windows Embedded 8.1 Industry have been modified in some form for Windows 10. | +| [Manage Wi-Fi Sense in your company](manage-wifi-sense-in-enterprise.md) | Wi-Fi Sense automatically connects you to Wi-Fi, so you can get online quickly in more places. It can connect you to open Wi-Fi hotspots it knows about through crowdsourcing, or to Wi-Fi networks your contacts have shared with you by using Wi-Fi Sense. The initial settings for Wi-Fi Sense are determined by the options you chose when you first set up your PC with Windows 10.| +| [Configure Windows 10 Mobile devices](mobile-devices/configure-mobile.md) | These topics help you configure the features and apps and Start screen for a device running Windows 10 Mobile, as well as how to configure a kiosk device that runs a single app. | | [Change history for Configure Windows 10](change-history-for-configure-windows-10.md) | This topic lists new and updated topics in the Configure Windows 10 documentation for Windows 10 and Windows 10 Mobile. | diff --git a/windows/configuration/wcd/wcd-policies.md b/windows/configuration/wcd/wcd-policies.md index 612721dfdc..5da3446971 100644 --- a/windows/configuration/wcd/wcd-policies.md +++ b/windows/configuration/wcd/wcd-policies.md @@ -341,7 +341,7 @@ To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in | Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | | --- | --- | :---: | :---: | :---: | :---: | :---: | -| [EnableLocation](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#location-enablelocation) | Configure whether the Location Service's Device Switch is enabled or disabled for the device. | X | X | | | | +| [EnableLocation](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#location-enablelocation) | Do not use. | | | | | | ## Privacy From 177dcc14a2d8b15b959a669bad47af9d8f864e07 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Thu, 1 Nov 2018 10:26:46 -0700 Subject: [PATCH 10/23] more edits to endpoint descriptions --- .../update/windows-analytics-get-started.md | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/windows/deployment/update/windows-analytics-get-started.md b/windows/deployment/update/windows-analytics-get-started.md index ac77caf1ff..dc487f2ad7 100644 --- a/windows/deployment/update/windows-analytics-get-started.md +++ b/windows/deployment/update/windows-analytics-get-started.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: deploy author: jaimeo ms.author: jaimeo -ms.date: 10/31/2018 +ms.date: 11/01/2018 ms.localizationpriority: medium --- @@ -45,17 +45,17 @@ To enable data sharing, configure your proxy server to whitelist the following e | **Endpoint** | **Function** | |---------------------------------------------------------|-----------| -|`https://ceuswatcab01.blob.core.windows.net` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports in Windows 10, version 1809 or later. | -| `https://ceuswatcab02.blob.core.windows.net` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports in Windows 10, version 1809 or later.| -| `https://eaus2watcab01.blob.core.windows.net` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports in Windows 10, version 1809 or later. | -| `https://eaus2watcab02.blob.core.windows.net` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports in Windows 10, version 1809 or later. | -| `https://weus2watcab01.blob.core.windows.net` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports in Windows 10, version 1809 or later.| -| `https://weus2watcab02.blob.core.windows.net` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports in Windows 10, version 1809 or later. | -| `https://v10c.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for use with Windows 10, version 1803, build 17134.320 or later | -| `https://v10.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for use with Windows 10, version 1803| +|`https://ceuswatcab01.blob.core.windows.net` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports in Windows 10, version 1809 or later. Not used by Upgrade Readiness. | +| `https://ceuswatcab02.blob.core.windows.net` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports in Windows 10, version 1809 or later. Not used by Upgrade Readiness. | +| `https://eaus2watcab01.blob.core.windows.net` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports in Windows 10, version 1809 or later. Not used by Upgrade Readiness. | +| `https://eaus2watcab02.blob.core.windows.net` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports in Windows 10, version 1809 or later. Not used by Upgrade Readiness. | +| `https://weus2watcab01.blob.core.windows.net` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports in Windows 10, version 1809 or later. Not used by Upgrade Readiness. | +| `https://weus2watcab02.blob.core.windows.net` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports in Windows 10, version 1809 or later. Not used by Upgrade Readiness. | +| `https://v10c.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for use with devices running Windows 10, version 1803 **that also have the 2018-09 Cumulative Update installed (KB4458469, KB4457136, KB4457141, KB4462919, KB4462918, or KB4462937)** | +| `https://v10.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for use with Windows 10, version 1803 *without* the 2018-09 Cumulative Update installed | | `https://v10.vortex-win.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1709 or earlier | | `https://vortex-win.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for operating systems older than Windows 10 | -| `https://settings-win.data.microsoft.com` | Enables the compatibility update to send data to Microsoft. +| `https://settings-win.data.microsoft.com` | Enables the compatibility update to send data to Microsoft. | | `http://adl.windows.com` | Allows the compatibility update to receive the latest compatibility data from Microsoft. | | `https://watson.telemetry.microsoft.com` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports. Not used by Upgrade Readiness. | | `https://oca.telemetry.microsoft.com` | Online Crash Analysis; required for Device Health and Update Compliance AV reports. Not used by Upgrade Readiness. | From 644859ce6f2d531453b389085108f6788984c6e7 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Thu, 1 Nov 2018 11:09:51 -0700 Subject: [PATCH 11/23] more tweaks --- windows/deployment/update/windows-analytics-get-started.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/windows-analytics-get-started.md b/windows/deployment/update/windows-analytics-get-started.md index dc487f2ad7..5a44c118d3 100644 --- a/windows/deployment/update/windows-analytics-get-started.md +++ b/windows/deployment/update/windows-analytics-get-started.md @@ -51,7 +51,7 @@ To enable data sharing, configure your proxy server to whitelist the following e | `https://eaus2watcab02.blob.core.windows.net` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports in Windows 10, version 1809 or later. Not used by Upgrade Readiness. | | `https://weus2watcab01.blob.core.windows.net` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports in Windows 10, version 1809 or later. Not used by Upgrade Readiness. | | `https://weus2watcab02.blob.core.windows.net` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports in Windows 10, version 1809 or later. Not used by Upgrade Readiness. | -| `https://v10c.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for use with devices running Windows 10, version 1803 **that also have the 2018-09 Cumulative Update installed (KB4458469, KB4457136, KB4457141, KB4462919, KB4462918, or KB4462937)** | +| `https://v10c.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for use with devices running any version of Windows **that also has the 2018-09 Cumulative Update (KB4458469, KB4457136, KB4457141) or later installed** | | `https://v10.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for use with Windows 10, version 1803 *without* the 2018-09 Cumulative Update installed | | `https://v10.vortex-win.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1709 or earlier | | `https://vortex-win.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for operating systems older than Windows 10 | From 1599206fb73f827aa67d045544dfe85ef5426847 Mon Sep 17 00:00:00 2001 From: Patti Short <35278231+shortpatti@users.noreply.github.com> Date: Thu, 1 Nov 2018 11:34:39 -0700 Subject: [PATCH 12/23] Update index.yml broken link --- browsers/edge/index.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/browsers/edge/index.yml b/browsers/edge/index.yml index 1f1fbb33ed..7093b21eff 100644 --- a/browsers/edge/index.yml +++ b/browsers/edge/index.yml @@ -124,7 +124,7 @@ sections: html:

Minimum system requirements

-

Supported languages

+

Supported languages

Document change history

From cf8750bcb954221750e159c2bd78a49986d2d64f Mon Sep 17 00:00:00 2001 From: Patti Short <35278231+shortpatti@users.noreply.github.com> Date: Thu, 1 Nov 2018 11:35:49 -0700 Subject: [PATCH 13/23] Update index.yml another broken link --- browsers/edge/index.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/browsers/edge/index.yml b/browsers/edge/index.yml index 7093b21eff..84ba7770e4 100644 --- a/browsers/edge/index.yml +++ b/browsers/edge/index.yml @@ -122,7 +122,7 @@ sections: - title: Microsoft Edge resources - html:

Minimum system requirements

+ html:

Minimum system requirements

Supported languages

From da79ee6bbf2d7259e819d0ba9dc264e8f3f49fe5 Mon Sep 17 00:00:00 2001 From: Patti Short <35278231+shortpatti@users.noreply.github.com> Date: Thu, 1 Nov 2018 11:39:04 -0700 Subject: [PATCH 14/23] Update microsoft-edge-kiosk-mode-deploy.md --- browsers/edge/microsoft-edge-kiosk-mode-deploy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md index 68af8944b4..1085bbeb91 100644 --- a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md +++ b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md @@ -285,6 +285,6 @@ In the following table, we show you the features available in both Microsoft Edg --- **\*Windows Defender Firewall**

-To prevent access to unwanted websites on your kiosk device, use Windows Defender Firewall to configure a list of allowed websites, blocked websites or both. For more details, see [Windows Defender Firewall with Advanced Security Deployment](https://docs.microsoft.com/windows/security/identity-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide). +To prevent access to unwanted websites on your kiosk device, use Windows Defender Firewall to configure a list of allowed websites, blocked websites or both. For more details, see [Windows Defender Firewall with Advanced Security Deployment](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide). --- From 903ee3cb38607285a1081c822ccd243be6f8c711 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 1 Nov 2018 19:20:24 +0000 Subject: [PATCH 15/23] Merged PR 12510: Add FAQ document New doc, and fix some issues on another page --- windows/deployment/windows-autopilot/TOC.md | 1 + .../windows-autopilot/autopilot-faq.md | 136 +++++++++++++++++- .../windows-autopilot/enrollment-status.md | 6 +- 3 files changed, 139 insertions(+), 4 deletions(-) diff --git a/windows/deployment/windows-autopilot/TOC.md b/windows/deployment/windows-autopilot/TOC.md index 47aa443455..315115e706 100644 --- a/windows/deployment/windows-autopilot/TOC.md +++ b/windows/deployment/windows-autopilot/TOC.md @@ -21,4 +21,5 @@ ## Getting started ### [Demonstrate Autopilot deployment on a VM](demonstrate-deployment-on-vm.md) ## [Troubleshooting](troubleshooting.md) +## [FAQ](autopilot-faq.md) ## [Support](autopilot-support.md) \ No newline at end of file diff --git a/windows/deployment/windows-autopilot/autopilot-faq.md b/windows/deployment/windows-autopilot/autopilot-faq.md index 100359aa3a..dfdc2fb014 100644 --- a/windows/deployment/windows-autopilot/autopilot-faq.md +++ b/windows/deployment/windows-autopilot/autopilot-faq.md @@ -16,4 +16,138 @@ ms.date: 10/31/2018 **Applies to: Windows 10** -This document is pending publication. Please check back soon. +This topic provides OEMs, partners, administrators, and end-users with answers to some frequently asked questions about deploying Windows 10 with Windows Autopilot. + +A [glossary](#glossary) of abbreviations used in this topic is provided at the end. + + +## Microsoft Partner Center + +| Question | Answer | +| --- | --- | +| In the Partner Center, does the Tenant ID need to be provided with every device file upload (to then allow the business customer to access their devices in MSfB)? | No. Providing the Tenant ID is a one-time entry in the Partner Center that can be re-used with future device uploads. | +| How does the customer or tenant know that their devices are ready to be claimed in MSfB? | After the device file upload is completed in the Partner Center, the tenant can see the devices available for Windows Autopilot setup in MSfB. The OEM would need to advise the tenant to access MSfB. Auto-notification from MSfB to the tenant is being developed. | +| Are there any restrictions if a business customer has registered devices in MSfB and later wants those devices to be managed by a CSP via the Partner Center? | The devices will need to be deleted in MSfB by the business customer before the CSP can upload and manage them in the Partner Center. | +| Does Windows Autopilot support removing the option to enable a local administrator account? | Windows Autopilot doesn’t support removing the local admin account. However, it does support restricting the user performing AAD domain join in OOBE to a standard account (versus admin account by default).| +| How can I test the Windows Autopilot CSV file in the Partner Center? | Only CSP Partners have access to the Partner Center portal. If you are a CSP, you can create a Sales agent user account which has access to “Devices” for testing the file. This can be done today in the Partner Center.

Go [here](https://msdn.microsoft.com/partner-center/createuseraccounts-and-set-permissions) for more information. | +| Must I become a Cloud Solution Provider (CSP) to participate in Windows Autopilot? | Top volume OEMs do not, as they can use the OEM Direct API. All others who choose to use MPC to register devices must become CSPs in order to access MPC. | +| Do the different CSP levels have all the same capabilities when it comes to Windows Autopilot? | For purposes of Windows Autopilot, there are three different types of CSPs, each with different levels of authority an access:

1. Direct CSP: Gets direct authorization from the customer to register devices.

2. Indirect CSP Provider: Gets implicit permission to register devices through the relationship their CSP Reseller partner has with the customer. Indirect CSP Providers register devices through Microsoft Partner Center.

3. Indirect CSP Reseller: Gets direct authorization from the customer to register devices. At the same time, their indirect CSP Provider partner also gets authorization, which mean that either the Indirect Provider or the Indirect Reseller can register devices for the customer. However, the Indirect CSP Reseller must register devices through the MPC UI (manually uploading CSV file), whereas the Indirect CSP Provider has the option to register devices using the MPC APIs. | + +## Manufacturing + +| Question | Answer | +| --- | --- | +| What changes need to be made in the factory OS image for customer configuration settings? |No changes are required on the factory floor to enable Windows Autopilot deployment. | +| What version of the OA3 tool meets Windows Autopilot deployment requirements? | Windows Autopilot can work with any version of the OA3 tool. We recommend using Windows 10, version 1703 and above to generate the 4K Hardware Hash. | +| At the time of placing an order, do customers need to be state whether they want it with or without Windows Autopilot options? | Yes, if they want Windows Autopilot, they will want Windows 10, version 1703 or later versions. Also, they will want to receive the CSV file or have the file upload (i.e., registration) completed on their behalf. | +| Does the OEM need to manage or collect any custom imaging files from customers and perform any image uploads to Microsoft? | No change, OEMs just send the CBRs as usual to Microsoft. No images are sent to Microsoft to enable Windows Autopilot. Windows Autopilot only customizes OOBE and allows policy configurations (disables admin account, for example). | +| Are there any customer impacts to upgrading from Windows 8 to Windows 10? | The devices must have Windows 10, version 1703 or later to enroll in Windows Autopilot deployment, otherwise no impacts. | +| Will there be any change to the existing CBR with 4k Hardware Hash? | No. | +| What new information needs to be sent from the OEM to Microsoft? | Nothing, unless the OEM opts to register the device on the customer’s behalf, in which case they would upload the device ID via a CSV file into Microsoft Partner Center, or use the OEM Direct API. | +| Is there a contract or amendment for an OEM to participate in Windows Autopilot Deployment? | No. | + +## CSV schema + +| Question | Answer | +| --- | --- | +| Can a comma be used in the CSV file? | No. | +| What error messages can a user expect to see in the Partner Center or MSfB when uploading a file? | See the “In Microsoft Store for Business” section of this guide. | +| Is there a limit to the number of devices that can be listed in the CSV file? | Yes, the CSV file can only contain 1,000 devices to apply to a single profile. If more than 1,000 devices need to be applied to a profile, the devices need to be uploaded through multiple CSV files. | +| Does Microsoft have any recommendations on how an OEM should provide the CSV file to their customers? | Microsoft recommends encrypting the CSV file when sending to the business customer to self-register their Windows Autopilot devices (either through MPC, MSfB, or Intune). | + + +## Hardware hash + +| Question | Answer | +| --- | --- | +| Must every Hardware Hash submitted by the OEM contain the SMBIOS UUID (universally unique identifier), MAC (media access control) address and unique disk serial number (if using Windows 10, version 1703 and above OEM Activation 3.0 tool)? | Yes. Since Windows Autopilot is based on the ability to uniquely identify devices applying for cloud configuration, it is critical to submit Hardware Hashes which meet the outlined requirement. | +| What is the reason for needing the SMBIOS UUID, MAC Address and Disk Serial Number in the Hardware Hash details? | For creating the Hardware Hash, these are the fields that are needed to identify a device, as parts of the device are added/removed. Since we don’t have a unique identifier for Windows devices, this is the best logic to identify a device. | +| What is difference between OA3 Hardware Hash, 4K Hardware Hash, and Windows Autopilot Hardware Hash? | None. They’re different names for the same thing. The Windows 10, 1703 version of the OA3 tool output is called the OA3 Hash, which is 4K in size, which is usable for the Windows Autopilot deployment scenario. Note: When using a non-1703 version OA3Tool, you get a different sized Hash, which may not be used for Windows Autopilot deployment. | +| What is the thought around parts replacement and/or repair for the NIC (network interface controller) and/or Disk? Will the Hardware Hash become invalid? | Yes. If you replace parts, you need to gather the new Hardware Hash, though it depends on what is replaced, and the characteristics of the parts. For example, if you replace the TPM or motherboard, it’s a new device – you MUST have new Hardware Hash. If you replace one network card, it’s probably not a new device, and the device will function with the old Hardware Hash. However, as a best practice, you should assume the old Hardware Hash is invalid and get a new Hardware Hash after any hardware changes – this is Microsoft’s strong recommendation any time you replace parts. | + + +## SMBIOS + +| Question | Answer | +| --- | --- | +| Any specific requirement to SMBIOS UUID? | It must be unique as specified in the Windows 10 hardware requirements. | +| What is the requirement on the SMBIOS table to meet the Windows Autopilot Hardware Hash need? | It must meet all the Windows 10 hardware requirements. Additional details may be found [here](https://msdn.microsoft.com/library/jj128256(v=vs.85).aspx). | +| If the SMBIOS supports UUID and Serial Number, is it enough for the OA3 tool to generate the Hardware Hash? | No. At a minimum, the following SMBIOS fields need to be populated with unique values: ProductKeyID SmbiosSystemManufacturer SmbiosSystemProductName SmbiosSystemSerialNumber SmbiosSkuNumber SmbiosSystemFamily MacAddress SmbiosUuid DiskSerialNumber TPM EkPub | + +## Technical interface + +| Question | Answer | +| --- | --- | +| What is the interface to get the MAC Address and Disk Serial Number? How does the OA tool get MAC and Disk Serial #? | Disk serial number is found from IOCTL_STORAGE_QUERY_PROPERTY with StorageDeviceProperty/PropertyStandardQuery. Network MAC address is IOCTL_NDIS_QUERY_GLOBAL_STATS from OID_802_3_PERMANENT_ADDRESS. However the exact mechanisms/”interface” for doing this operation varies depending on the exact scenario being discussed. | +| Follow up clarification: If we have 2-3 MACs on the system, how does OA Tool choose which MAC Address and Disk Serial Number on the system since there are multiple instances of each? If a platform has LAN And WLAN, which MAC is chosen? | In short, all available values are used. In detail, there may be extra specific usage rules. The System disk serial number is more important than any other disks available. Network interfaces that are removable should not be used if detected as they are removable. LAN vs WLAN should not matter, both will be used. | + +## The end user experience + +| Question | Answer | +| --- | --- | +| How do I know that I received Autopilot? | You can tell that you received Windows Autopilot (as in the device received a configuration but has not yet applied it) when you skip the selection page (as seen below), and are immediately taken to a generic or customized sign-in page. | +| Windows Autopilot didn’t work, what do I do now? | Questions and actions to assist in troubleshooting: Did a screen not get skipped? Did a user end up as an admin when configured not to? Remember that AAD Admins will be local admins regardless of whether Windows Autopilot is configured to disable local admin Collection information – run licensingdiag.exe and send the .cab (Cabinet file) file that is generated to AutopilotHelp@microsoft.com. If possible, collect an ETL from WPR. Often in these cases, users are not signing into the right AAD tenant, or are creating local user accounts. For a complete list of support options, refer to [Windows Autopilot support](autopilot-support.md). | +| If an Administrator makes changes to an existing profile, will the changes take effect on devices that have that profile assigned to them that have already been deployed? | No. Windows Autopilot profiles are not resident on the device. They are downloaded during OOBE, the settings defined at the time are applied. Then, the profile is discarded on the device. If the device is re-imaged or reset, the new profile settings will take effect the next time the device goes through OOBE. | +| What is the experience if a device isn’t registered or if an IT Admin doesn’t configure Windows Autopilot prior to an end user attempting to self-deploy? | If the device isn’t registered, it will not receive the Windows Autopilot experience and the end user will go through normal OOBE. The Windows Autopilot configurations will NOT be applied until the user runs through OOBE again, after registration. If a device is started before an MDM profile is created, the device will go through standard OOBE experience. The IT Admin would then have to manually enrol that device into the MDM, after which—the next time that device is “reset”—it will go through the Windows Autopilot OOBE experience. | +| What may be a reason why I did not receive a customized sign-in screen during Autopilot? | Tenant branding must be configured in portal.azure.com to receive a customized sign-in experience. | +| What happens if a device is registered with Azure AD but does not have an Windows Autopilot profile assigned? | The regular AAD OOBE will occur since no Windows Autopilot profile was assigned to the device. | +| How can I collect logs on Autopilot? | The best way to collect logs on Windows Autopilot performance is to collect a Windows Performance Recorder (WPR) trace during OOBE. The XML file (WPRP extension) for this trace may be provided upon request. | + + +## MDM + +| Question | Answer | +| --- | --- | +| Must we use Intune for our MDM? | No. No, any MDM will work with Autopilot, but others probably won’t have the same full suite of Windows Autopilot features as Intune. You’ll get the best experience from Intune. | +| Can Intune support Win32 app preinstalls? | Yes. Starting with the Windows 10 October Update (version 1809), Intune supports Win32 apps using .msi (and .msix) wrappers. | +| What is co-management? | Co-management is when you use a combination of a cloud MDM tool (Intune) and an on-premise configuration tool like System Center Configuration Manager (SCCM). You only need to use SCCM if Intune can’t support what you want to do with your profile. If you choose to co-manage using Intune + SCCM, you do it by including an SCCM agent in your Intune profile. When that profile is pushed to the device, the device will see the SCCM agent and go out to SCCM to pull down any additional profile settings. | +| Must we use System Center Configuration Manager (SCCM) for Windows Autopilot | No. Co-management (described above) is optional. | + + +## Features + +| Question | Answer | +| --- | --- | +| Self-deploying mode | A new version of Windows Autopilot where the user only turns on the device, and nothing else. It’s useful for scenarios where a standard user account isn’t needed (e.g., shared devices, or KIOSK devices). | +| Hybrid Azure Active Directory join | Allows Windows Autopilot devices to connect to an on-premise Active Directory domain controller (in addition to being Azure AD joined). | +| Windows Autopilot reset | Removes user apps and settings from a device, but maintains AAD domain join and MDM enrollment. Useful for when transferring a device from one user to another. | +| Personalization | Adds the following to the OOBE experience: A personalized welcome message can be created A username hint can be added Sign-in page text can be personalized The company’s logo can be included | +| [Autopilot for existing devices](existing-devices.md) | Offers an upgrade path to Windows Autopilot for all existing Win 7/8 devices. | + + + +## General + +| Question | Answer | +| --- | --- | +| If I wipe the machine and restart, will I still receive Windows Autopilot? | Yes, if the device is still registered for Windows Autopilot and is running Windows 10, version 1703 7B and above releases, it will receive the Windows Autopilot experience. | +| Can I harvest the device fingerprint on existing machines? | Yes, if the device is running Windows 10, version 1703 and above, you can harvest device fingerprints for registration. There are no plans to backport the functionality to previous releases and no way to harvest them on pre-Windows 10 Windows 10, version 1703 devices that have not been updated to Windows 10, version 1703. | +| What is Windows 10, version 1703 7B and why does it matter? | Windows 10, version 1703 7B is a Windows 10, version 1703 image bundled with cumulative updates. To receive Autopilot, clients **must** run Windows 10, version 1703 7B or later. These cumulative updates contain a critical fix for Autopilot. Consider the following:

Windows Autopilot will not apply its profiles to the machine unless AAD credentials match the expected AAD tenant. For the Windows 10, version 1703 release, it was assumed that would be determined by the domain name, so the domain name used to register (for example contoso.com) should match the domain name used to sign in (for example user@contoso.com). But what happens if your tenant has multiple domains (for example us.contoso.com, or fr.contoso.com)? Since these domain names do not match, the device will not be configured for Autopilot. However, both domains are part of the same AAD tenant, and as such it was determined the matching scheme was not useful. This was improved upon by making use of the tenant ID. By using the tenant ID, we can determine that if the user signs into a domain with a tenant matching the one they registered with, we can safely consider this to be a match. The fix for this problem already exists in Windows 10, version 1709 and was backported into the Windows 10, version 1703 7B release.

**Key Take-Aways**: When using pre-Windows 10, version 1703 7B clients the user’s domain **must** match the domain they registered with. This functionality is found in Windows 10 version 1709 clients using build >= 16215, and Windows 10, version 1703 clients >= 7B. | +| What is the impact of not updating to 7B? | See the detailed scenario described directly above. | +| Is Windows Autopilot supported on other SKUs, e.g. Surface Hub, HoloLens, Windows Mobile. | No, Windows Autopilot isn’t supported on other SKUs. | +| Does Windows Autopilot work after MBR or image re-installation? | Yes. | +| Can machines that have reimaged a few times go through Autopilot? What does the error message "This user is not authorized to enroll" mean? Error code 801c0003. | There are limits to the number of devices a particular AAD user can enroll in AAD, as well as the number of devices that are supported per user in Intune. (These are somewhat configurable but not “infinite.”) You’ll run into this frequently if you reuse the devices, or even if you roll back to previous virtual machine snapshots. | +| What happens if a device is registered to a malicious agent? | By design, Windows Autopilot does not apply a profile until the user signs in with the matching tenant for the configured profile via the AAD sign-in process. What occurs is illustrated below. If badguys.com registers a device owned by contoso.com, at worst, the user would be directed to sign into badguys.com. When the user enters their email/password, the sign-in information is redirected through AAD to the proper AAD authentication and the user is prompted to then sign into contoso.com. Since contoso.com does not match badguys.com as the tenant, the Windows Autopilot profile will not be applied and the regular AAD OOBE will occur. | +| Where is the Windows Autopilot data stored? | Windows Autopilot data is stored in the United States (US), not in a sovereign cloud, even when the AAD tenant is registered in a sovereign cloud. This is applicable to all Windows Autopilot data, regardless of the portal leveraged to deploy Autopilot. | +| Why is Windows Autopilot data stored in the US and not in a sovereign cloud? | It is not customer data that we store, but business data which enables Microsoft to provide a service, therefore it is okay for the data to reside in the US. Customers can stop subscribing to the service any time, and, in that event, the business data is removed by Microsoft. | +| How many ways are there to register a device for Windows Autopilot | There are six ways to register a device, depending on who is doing the registering:

1. OEM Direct API (only available to TVOs)
2. MPC via the MPC API (must be a CSP)
3. MPC via manual upload of CSV file in the UI (must be a CSP)
4. MSfB via CSV file upload
5. Intune via CSV file upload
6. Microsoft 365 Business portal via CSV file upload | +| How many ways are there to create an Windows Autopilot profile? | There are four ways to create & assign an Windows Autopilot profile:

1. Through MPC (must be a CSP)
2. Through MSfB
3. Through Intune (or another MDM)
4. Microsoft 365 Business portal

Microsoft recommends creation and assignment of profiles through Intune.| +| What are some common causes of registration failures? |
1. Bad or missing Hardware hash entries can lead to faulty registration attempts
2. Hidden special characters in CSV files.

To avoid this issue, after creating your CSV file, open it in Notepad to look for hidden characters or trailing spaces or other corruptions.| + +## Glossary + +| Term | Meaning | +| --- | --- | +| CSV | Comma Separated Values (File type similar to Excel spreadsheet) | +| MPC | Microsoft Partner Center | +| MDM | Mobile Device Management | +| OEM | Original Equipment Manufacturer | +| CSP | Cloud Solution Provider | +| MSfB | Microsoft Store for Business | +| AAD | Azure Active Directory | +| 4K HH | 4K Hardware Hash | +| CBR | Computer Build Report | +| EC | Enterprise Commerce | +| DDS | Device Directory Service | +| OOBE | Out of the Box Experience | +| UUID | Universally Unique Identifier | diff --git a/windows/deployment/windows-autopilot/enrollment-status.md b/windows/deployment/windows-autopilot/enrollment-status.md index 38868084db..b3432a245a 100644 --- a/windows/deployment/windows-autopilot/enrollment-status.md +++ b/windows/deployment/windows-autopilot/enrollment-status.md @@ -10,7 +10,7 @@ ms.pagetype: deploy ms.localizationpriority: medium author: greg-lindsay ms.author: greg-lindsay -ms.date: 10/31/2018 +ms.date: 11/01/2018 --- # Windows Autopilot Enrollment Status page @@ -24,13 +24,13 @@ The Windows Autopilot Enrollment Status page displaying the status of the comple The following settings can be configured to customize behavior of the enrollment status page: -
SettingYesNo +SettingYesNo
Show app and profile installation progressThe enrollment status page is displayed.The enrollment status page is not displayed.
Block device use until all apps and profiles are installedThe settings in this table are made available to customize behavior of the enrollment status page, so that the user can address potential installation issues. The enrollment status page is displayed with no additional options to address installation failures.
Allow users to reset device if installation error occursA Reset device button is displayed if there is an installation failure.The Reset device button is not displayed if there is an installation failure.
Allow users to use device if installation error occursA Continue anyway button is displayed if there is an installation failure.The Continue anyway button is not displayed if there is an installation failure. -
Show error when installation takes longer than specified number of minutesSpecify the number of minutes to wait for installation to complete. A default value of 60 minutes is entered. +
Show error when installation takes longer than specified number of minutesSpecify the number of minutes to wait for installation to complete. A default value of 60 minutes is entered.
Show custom message when an error occursA text box is provided where you can specify a custom message to display in case of an installation error.The default message is displayed:
Oh no! Something didn't do what it was supposed to. Please contact your IT department.
Allow users to collect logs about installation errorsIf there is an installation error, a Collect logs button is displayed.
If the user clicks this button they are asked to choose a location to save the log file MDMDiagReport.cab		The Collect logs button is not displayed if there is an installation error.
From 82ed1d61a206f900e73acca6f819b0c172d860bf Mon Sep 17 00:00:00 2001 From: jaimeo Date: Thu, 1 Nov 2018 13:32:31 -0700 Subject: [PATCH 16/23] still tweaking --- windows/deployment/update/windows-analytics-get-started.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/windows-analytics-get-started.md b/windows/deployment/update/windows-analytics-get-started.md index 5a44c118d3..1ceeae0987 100644 --- a/windows/deployment/update/windows-analytics-get-started.md +++ b/windows/deployment/update/windows-analytics-get-started.md @@ -51,7 +51,7 @@ To enable data sharing, configure your proxy server to whitelist the following e | `https://eaus2watcab02.blob.core.windows.net` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports in Windows 10, version 1809 or later. Not used by Upgrade Readiness. | | `https://weus2watcab01.blob.core.windows.net` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports in Windows 10, version 1809 or later. Not used by Upgrade Readiness. | | `https://weus2watcab02.blob.core.windows.net` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports in Windows 10, version 1809 or later. Not used by Upgrade Readiness. | -| `https://v10c.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for use with devices running any version of Windows **that also has the 2018-09 Cumulative Update (KB4458469, KB4457136, KB4457141) or later installed** | +| `https://v10c.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for use with devices runningrunning Windows 10, version 1703 or later **that also have the 2018-09 Cumulative Update (KB4458469, KB4457136, KB4457141) or later installed** | | `https://v10.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for use with Windows 10, version 1803 *without* the 2018-09 Cumulative Update installed | | `https://v10.vortex-win.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1709 or earlier | | `https://vortex-win.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for operating systems older than Windows 10 | From 82d589c7a2188c352b83daf8a9d39792fe54e4f9 Mon Sep 17 00:00:00 2001 From: miberc <44696251+miberc@users.noreply.github.com> Date: Fri, 2 Nov 2018 10:35:28 +0200 Subject: [PATCH 17/23] Update for the element Enterprise Mode sitelist manager outputs: fabrikam.com /products The above mentioned version is the only version that works. Current version of the documentation (that does not work as expected) is the following: fabrikam.com /products --- .../enterprise-mode-schema-version-1-guidance.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md index a503628344..87de33e7d8 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md +++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md @@ -131,8 +131,8 @@ This table includes the elements used by the Enterprise Mode schema.

Example 

 <emie>
-  <domain exclude="false">fabrikam.com
-    <path exclude="true">/products</path>
+  <domain exclude="true">fabrikam.com
+    <path exclude="false">/products</path>
   </domain>
 </emie>

Where http://fabrikam.com doesn't use IE8 Enterprise Mode, but http://fabrikam.com/products does. From 47dbb7cc289e2ee4aecd097fd98cb6216bc4571b Mon Sep 17 00:00:00 2001 From: Patti Short <35278231+shortpatti@users.noreply.github.com> Date: Fri, 2 Nov 2018 06:41:50 -0700 Subject: [PATCH 18/23] Update policy-csp-update.md --- windows/client-management/mdm/policy-csp-update.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 80185310fd..2ad5b4273d 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -1770,7 +1770,7 @@ For Quality Updates, this policy specifies the timing before transitioning from Value type is integer. Default value is 7 days. -Supported value range: 0 - 30. +Supported value range: 2 - 30. If you disable or do not configure this policy, the default behaviors will be used. From 239ba9ef0d73d315497ae09fa741206df9002404 Mon Sep 17 00:00:00 2001 From: Patti Short <35278231+shortpatti@users.noreply.github.com> Date: Fri, 2 Nov 2018 06:47:32 -0700 Subject: [PATCH 19/23] Update policy-csp-update.md --- windows/client-management/mdm/policy-csp-update.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 2ad5b4273d..17ee63877e 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -1833,7 +1833,7 @@ For Feature Updates, this policy specifies the timing before transitioning from Value type is integer. Default value is 7 days. -Supported value range: 0 - 30. +Supported value range: 2 - 30. If you disable or do not configure this policy, the default behaviors will be used. From 4b7f0b6d5020e250c0d6955fd58605b54683a989 Mon Sep 17 00:00:00 2001 From: Trudy Hakala Date: Fri, 2 Nov 2018 15:52:55 +0000 Subject: [PATCH 20/23] Merged PR 12530: 1810 What's New What's New content for Store for Business --- ...management-microsoft-store-for-business.md | 2 +- ...distribute-apps-from-your-private-store.md | 22 +++++++----------- .../images/security-groups-icon.png | Bin 0 -> 8245 bytes ...tory-microsoft-store-business-education.md | 5 +++- ...-new-microsoft-store-business-education.md | 9 ++++--- ...k-with-partner-microsoft-store-business.md | 2 +- 6 files changed, 20 insertions(+), 20 deletions(-) create mode 100644 store-for-business/images/security-groups-icon.png diff --git a/store-for-business/app-inventory-management-microsoft-store-for-business.md b/store-for-business/app-inventory-management-microsoft-store-for-business.md index e9b6f198d6..e3c4b43dac 100644 --- a/store-for-business/app-inventory-management-microsoft-store-for-business.md +++ b/store-for-business/app-inventory-management-microsoft-store-for-business.md @@ -121,7 +121,7 @@ The app will still be in your inventory, but your employees will not have access ### Private store availability On the details page for each app, you can directly assign an app to a user, or for apps in your private store, you can set **Private store availability**. -Settings **Private store availability** allows you to choose which groups of people can see an app in the private store: +**Private store availability** allows you to choose which groups of people can see an app in the private store: - No one - The app isn't in your private store - Everyone - The app is available to anyone in your organization - Specific groups - The app is available to all users in assigned security groups diff --git a/store-for-business/distribute-apps-from-your-private-store.md b/store-for-business/distribute-apps-from-your-private-store.md index 1806050398..e83245f0e8 100644 --- a/store-for-business/distribute-apps-from-your-private-store.md +++ b/store-for-business/distribute-apps-from-your-private-store.md @@ -10,12 +10,11 @@ author: TrudyHa ms.author: TrudyHa ms.topic: conceptual ms.localizationpriority: medium -ms.date: 3/19/2018 +ms.date: 10/31/2018 --- # Distribute apps using your private store - **Applies to** - Windows 10 @@ -33,12 +32,12 @@ You can make an app available in your private store when you acquire the app, or -Microsoft Store adds the app to **Apps & software**. Click **Manage**, **Apps & software** for app distribution options. +Microsoft Store adds the app to **Products and services**. Click **Manage**, **Apps & software** for app distribution options. **To make an app in Apps & software available in your private store** 1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). -2. Click **Manage**, and then choose **Apps & software**. +2. Click **Manage**, and then choose **Products and services**. @@ -52,6 +51,9 @@ The value under **Private store** for the app will change to pending. It will ta >[!Note] > If you are working with a new Line-of-Business (LOB) app, you have to wait for the app to be avilable in **Products & services** before adding it to your private store. For more information, see [Working with line of business apps](working-with-line-of-business-apps.md). +## Private store availability +You can use security groups to scope which users can install an app from your private store. For more information, see [Private store availability](app-inventory-management-microsoft-store-for-business.md#private-store-availability). + Employees can claim apps that admins added to the private store by doing the following. **To claim an app from the private store** @@ -60,16 +62,8 @@ Employees can claim apps that admins added to the private store by doing the fol 2. Click the **private store** tab. 3. Click the app you want to install, and then click **Install**. + ## Related topics - [Manage access to private store](manage-access-to-private-store.md) - [Manage private store settings](manage-private-store-settings.md) -- [Configure access to Microsoft Store](/windows/configuration/stop-employees-from-using-microsoft-store) - -  - -  - - - - - +- [Configure access to Microsoft Store](/windows/configuration/stop-employees-from-using-microsoft-store) \ No newline at end of file diff --git a/store-for-business/images/security-groups-icon.png b/store-for-business/images/security-groups-icon.png new file mode 100644 index 0000000000000000000000000000000000000000..328a60837df422a5cd276c9627cfdca4c769d01a GIT binary patch literal 8245 zcmdT}Raab1u!WG|76>p5uE7Z&0s|q);6B*k5-hlTaCZw3Ah-UI-Q6{JzWW32 z`+YdlYn|%VRcBZ4-BqEA@?b1K+ z%Knlbzz1(lMdU;f5GtcFo(Z>C{%B|-dm$GP!43-hxnO67PU&9p|x6!;^vl?(9+U=3)qVD%#2m-iWa+e zZw@4&c9AKO`cL*7d+8VfQs0;WS}v(w>D!mp=V0Twlo;U=W8|lodGk2FZsRv@Yi?&R zYq7BcXOZ7=-#aPiU&MwKssMmu#^|E{A+iQ$xUr0wSk#<>St4TjpSVK?J_I4ZPw5(` zr2hZ&5!%G`bcB8(8luw`$_&^EBPjK~^3L@`*Z3d&$>ox7-`;(*GD4`W6?!|pM~D$~ zQb9du61ZgUOUEUeJp597gGfewxwk)^1dkEcD{~xU+gH>}nfRlc&Eu>G0N*DZd}K!z z0|U|aQ+YB%Jcb=GiP8?%`V^9rhMrou&yQk7D*SKp=-36U_{7A-8y|C3;DP-zN`%?D zhn3wh5XnFFv=wgTVW6ReZLbR3bfq=pEjrg|ePJMXbwF`W_Rz0~uIs!0wg&(mwI}n= z3kkc{Gc>=j?2Z9KT3FKT%H3{WabGVt5TES_d5??De#*Q9=Ub$Y7x`w1kj0e+6bJ>_ z`P*NNEZYH8ep@a(TuS4(pHC&%>tBF(Y)v%{VhK^IX-@1Y6AV=hsMLi7b%l3FNkj64 z(|?b5;L^2LSMKkIHaOkl-iyki+QnQa=-bIQJd$rYWPgIVrOh|yud^F{a$ zdq3NS>#N{LO+Qo?REh8bj7z${AKZIMk#kw9D%^m4^U|U_iklcow z3~y7!@2~Fqy3NBW05dm;B`l>q|4Ib{beLF}jyykWQHc32AqTI7Q3bMj8pu-pC7D2K zZRU>@CRlRG(2W*;aloz{&>VDCEV~Jd>4xa`g6~f3MzxO^!s; zIIfBms6}BJXfRBf!oI-61xbH#7rWym%xk4FhpRv&yOo5^2LD2Pr`@<v$mOBb>AMLKL(mvfCVBH(ru%@bNCLOjJFF;&+lCqiscptD6 zDXk$7rN!Y@?M;aFZ4Jcgpj!^XHvRk1MOzKlhP$fw1BzHAH+T$k9NY}jI!35O=}IBY z^w%8H*(WfIo|3heXknHWq%?FCG>nuH0&9Z8=*!GULHqd1_Xp?mke~Ccge|ofsC{cU zY`h6GhkKTm7E&%=QuUn_(})rW!C4~xlIq{STX?(dQbIN&yVSnP$u+#}jA~RjBlEL` zTZoXhKmDPg+Q>R=AL$(!tkQ=zqVR!Q$=iO`C@rQ5JN&VBk|Y8vfbweKxnX21E0Q0m z$6Y+m5bAs+lWDktg0k+MLQh}7L7b3x z{hzhpE4?;nzUjzt?o%HGB*qmyoLYn0zJxL~n2~HGsa&%9a zAbf~Mf0S|wluodS^~8^2@iX{`1|;FjMprSQd~)yGR9=ZQj>WC&dti;2In0`dL-<#5 zW>p4lQkP&exlc^}b5AroH;gcFLen8cWrdqao%3qL$Q#*=EA5D@mpj#u7IeFH;^G(v}e$83yB+RB;){(B| zD`WuOM3Qw;hcB>Q_q)OYoJvw7%s-c;Xeem~cGsSmno0jz_R>USAx^PFkrfa{R^FLa z-0LRO14dDSR{B5_89rxUmtjl^TF<6gM#hA@@-yOYZa0WIw2L$GPaDbVm|!ojuk1O( z?>Xs}_sn~i!;!c0iIE~F&0s>Xo16yoY04T(sQR z1qt69Ncekc9XOF;9j%TcLzJ=b*d}uc)dbX7qjSbuhz1fJe(0&}ZK<;CN zL-$0C$%^5FwbMXif)0})o*ca^==m<4VMQIb7b2;s^tknvp?6!Iph-8dw--)|7dZ5r z$~PPn#yW$?m7v&@sx1m=)Su3^TpW!}R|)s6Uww@9o<9|Xbjg_TON_U4K*(9rCiY3o z)R0p#=FB-Fv5es$)7_|EqJ9G6yusR|3L;^R1~eN_dw~2F0=={XW~55M+klp*qey!{ zk%nrr{nNT5ne3`U89$?b1Dqiyk{ty6L`t>R<^~;}r%}}ot#XPNkM9N>Ef>EyTV4*Q zqEy|G=5nule@_EE>@Z68lrYw|`M zWCqKCiQrzH`na!=difm92E1x{C0O@nJMG+W33yZ(=&@Q@cn%EJi4sOQPd^q~p{_5- zy%7{Xlf7mR@rtqx80pn$h9M72Ggq38iu_oH!kFCXf!~-aRLcfa`I=c(Ow^I-ug~%o zqW(>$hyxb(?$r&*Uzf0-_a8lv#4a{;G(GVK98UKCOBVHq^*Wm=JZ7HIN6*De@$e*H!VDA7 z5zd9aja3twR)G<*}mzd3N(eO%r=I-ND7jcan!TrD!bjKk89 zh9Sw{n97eKRBK}t=o>R>9}R~p?l-P`E?e(+w~i|6i{ER?!>}=l?Xl|Lbg}y0^WFH2 z5;wu91OkfWiPV0;x-5$^oFweXANvo`(?K-?bqO9fS^!W7^Oz`OzZ=k8EcF7*mog)j zi?F@jIzlP+v+{v;DnIJjr~p1T1T8Oc0)V>F#Mt}U$M|>)(A#1Z<5L$K{f{h_i3WSF*vK9>$*MBvsGaz3vr117A6Yb&8v;%F8>OPM}>38Fpy z&LOYIi_2hzbEt}+tt<`Jz#mf`FNC!eeq5iHSIivlIxLe~*UObwSLnOmDEnw~vjhuT z==I>x_-gSJhm$K}o3ompr@3}Neia!|K}+!BWMwxmmavEXT=;;){{d3C@Z&+ro!t2SMrK(F$ zc0Ycc)GK!G6IDO$kJp)peG(&5u$EHJsYXy3&}W*G%?b2+Qt<0Au_NovIyf1VLwXU~ z{KWA6c^A}jz2R-#{NpiwjULJWa<)A6q2Kz@l6W}*hR?6bTe1T6ANF~AuglXoFZ=Cy zuH0sBEakWZHU344wNR;))qJ5RE~iOBk6b;VPhT<^GY?yoCQwU@IPjOQvVMXDw6z*t zZQJy>gX^w+-v(4lM9e4Ew~bEarWXmq<0$a`x|Vz}A2SC7Rdp zRE5Mbb1hE`2k-5BUEP^%Vx{fAVu1o`g;r=k4N^(6U=5HhttGRDnCpPLmZ_o57lxz@etcrfB1WM;RWuV&A9|g7YXw;TYGKA6} zsoX+%I+7T-J{HlW;1Z8pc^K*ElEdAh#Wcp{CM;@6%=p@M7avn_g_2rPx@?pn1}nnJ z=AbOa%=v>M6;jtGr6;BfULwhZ+q{G4K5dDw9ihdE(B#jips&hIVUDucGd0362$ycC*$X{mWzgeVX>~SeHX4^uhz3zjEh^VJ^j@P-!I&`@2Gu;_9a<^ zB$x`<+%*ln8`zxrveYw>tigsTA~eP{zlAtvod@m~^-fgSS=@B+i_UdtEPin}kR<){ z3=_(?n=QOOGSqSb8$We|%gG{V{s|FqfeH83z}1eL*R2WYn2{f1U7r2HGXfr%FCGo! z%yU@(253WRV{l`xRK90U$S8bDTkZ@Je!R3z>-;_O zVt=t)YHD=qhIE}#gh!eH{BKTveEYxsNnTD8QW*RwH-1y-8&@ciaXm3?o%@^G5z%(M zFvmn^wdo_WMm)JUIe$qyo{5nv?t?GXFUg~y(_c24IPPCdMBMi{%o`QwjLdR>wuBDt zC@2`A4%d-$NauJxJ->ea)~y|^7nVrYgFg!EvU^?^6uiDs zk{BF(IN{0RuyXZXo&ME0aRY~|v69nWN}`Ebf`jy8%}qk^(1287xN-^q-hZasMv_Ld}lvj1gyV(aV*9CwqFNL7Q(1+PK{|Q#aHJ_(UOP&FmzE z4$K{jg=nxkhzPwOy?bAt`nw58{G-0C-7yV@@sCX~`;X2*oVMVje>LR7+7*Zn8Ct=b z{~i#_+&t4S3U9+MNgKSiDi1e{I!qjLWH`8$C5sD6W}nB}Pf>|#I4VA2*sQrnopSEO zkm;F&1y{?PK3_&ZpYzH0AKSHdyVO*=>hMcLTpLTs&R8vy$Q=}gx3Tt$%hWJ=m=x)k zo8REDvx&EsYnHPQj@nW7n@=4X5tcD@9|%M93+npqry_hGX?deUo#E(|9*lydXjHx8 zuChk9l8f;oc%MAsD@~7P^?$ua?&-(CajI9OQR;2{Tx#7!F6Fs6q-_DWEN=8_yDkl_vx+-XDDK!w+ ze9Yy4AeP%@On)0Bfi6WB3n{r_!nF4M?#~qZlIF9qpP}J3$L)D?Ec6(HbWk=hgN=r} zQlQTFz@SoQ5|pRTvp}bxpZGz4kkxdf?+OJtHoa=aZq*4Eh(2_q3Z+j&!BQ*D^EHxFN$LNm=aY!*sfz|lLcRx^jeV}hqOxMU^81edS3^Q@KMZmz04CTkne6jI0W z8&%)Atry4sqS!+RH_+jEtFs9&hK!;dD$e1GiKkNp@;iGmI(_ve=?-6hpyH>m;^=3*IptHUz3d&xm0d92?C8P@s7iQ~SAGhfC%{2+G=g+0((vUl;z7)=++W?FYdAKS$c$Z}pvna~IfRah2R?xvKa$UJYP|;O{~b8^}G^bLUuNX-sUE6w*+IocOKoo*fFN!`N7qhGRHQV&*ZviNs|Nm zZpO!Cuv`mPX3Te4iU}l&We^sh>{&Vc)DW9yD6V;z5Zt7^m$uZH41Gi zy$O!<&x)m1o-pwMrJ%n&9rXe7E=reF{KYM?4Ic^;?@O}DQ6RSaE^Cr>$~R>CL*n-PcW)C_!_ z{7fk-2zJcwCLC5XV$lwY?Xd*hOjyvvPdokNMl^Z)(hSNZi@A=}9D`Il~ z6k3HvBy^6L;psv2qnKI}Uz;tS+$M)q^X*5|c4@_d1tu9)Tw)19rdQ^1QL|`sCa$2gYc-`gIgNMl&eN{U!%J7=W2gT8+UL+uH;`6Z7FLo2J>c$ zx|@v_#^_1tCXBW2h{&}gc?4jwTXi2#$e_sj4%)oWYd9Ybw4{!)ywBX7m`|b43wCos zHFQW>E_%9t9+2~zn|lF|^SPT~{fXiA$Zzq+AFKJN!tHi)+a#pIJ%|!Fi4J+1$pp`M zQsB!M>q9kmSTS*t?R2B@0OU=Sy=-X-*4t-Vzo%`E)jPv6lr$hzTje1D8M5fCL6o8$ zd}`5yEls?JF4*6J9X|ktH5-U=THCNHoL?WZ2lPVSU!TfI`~|dFb>sE)8;`6B9Pii{ z@{=F9xZ{FX;@K!!zb}A176<$qd@uHw1TL1VKm&u)-ukHgm2HkbWZpHlG9w~mB20>9 znX?KC&zv9z;NH%X6>$ZOFsjDh_;>HM+zWqUwDrv*RN(exJ7%BlzWGVLe|#U0lMdKm zpml6@#x&Es=WlZwzy)=ZYC0#IOgHJbq@d`4k}&^o-FV->i z>~wt3QlcV#lszT)13V;Ok@v%{(%n(YG+rwl`EE&XyOMgQMh#;-m2Cc?xwL6nB!~%= z+OW}M|5Yi)av&k;4-e?sHbCAsewwA$8^naB*iv zlppLK-+v==V=Z)bJ#R$(Z&@o;nt;?^oQfbfyQtojWeKl2oHJV?3Y|MGLw8lv&Ozi< zvLl+9UAr4c~*U3MBVNMf=`PyePpe9KWT$y3?;_?NG0Y^RjwobrLWFx1g3i-b;G zv$%HpflazaJI0ME6!*++`|Q)Z$XXwM%t+e!RwndjezO)V3ko49Ke>$CBUrPLTk}Owc3_*>7T1m4`Yw1 z7;?dZuOF#p-{Z z)mp$qe_(PiElDG?H%6wv+BB!-UN#z@y!P8qukVkZwYRu0Y2(IGi?CfYt=ST;opYoh zvM}ABgsV?g(yi6yD-NpccrrW-?@Jn*F^s|;Zh$GaM1M5de=TX9cCLoG8y8k>=@6cp z0Ux5eb&rdFd@gclEx)=J;@>aOwG4QEGwiThZN}_f=}N-4A;lRaK@{@ak6ugSb*8ys zD4LC5;!k|;H{Rlokm8xcoiD0)Vm3dFJ~-v(j7ug-nk~OrFrGq{hsGs2ofVpX%H@eh z4Hw%~c~g5<=R@>Sn=K$>v#zAgMdddcX?;eMDG?uo`-AU=e#v5DJub&EZbyV~!`ld5 zDa71z0Rt`$l0FL2LYe3%*(yY${&+Goa|2?Z_z{Mt0ORrV*Wiao4b7!;sLzj^Uxnp4 z6e>%&<9z&-O^uCcZTi*ZC3)MMUm55UM)G2?A~Ecb-K~2okN#3~ej#RzFTW`$4G!*( z4o#?e(GnX<&6RyoVA~neEu7J%IDFw;XHj>%7G*#K026FE_hs$u)HG03bXk{)`bIOI*S$$3p4=z+nIXtG4q0*$+qS_=lvt`SskQXH^5<>PL_g LmlrGhrtkMZ^(Er5 literal 0 HcmV?d00001 diff --git a/store-for-business/release-history-microsoft-store-business-education.md b/store-for-business/release-history-microsoft-store-business-education.md index 43b5a93ec5..0b88f3f051 100644 --- a/store-for-business/release-history-microsoft-store-business-education.md +++ b/store-for-business/release-history-microsoft-store-business-education.md @@ -8,7 +8,7 @@ ms.pagetype: store author: TrudyHa ms.author: TrudyHa ms.topic: conceptual -ms.date: 09/27/2018 +ms.date: 10/31/2018 --- # Microsoft Store for Business and Education release history @@ -17,6 +17,9 @@ Microsoft Store for Business and Education regularly releases new and improved f Looking for info on the latest release? Check out [What's new in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md) +## September 2018 +- **Performance improvements** - With updates and improvements in the private store, most changes, like adding an app, will take fifteen minutes or less. [Get more info](https://https://docs.microsoft.com/microsoft-store/manage-private-store-settings#private-store-performance) + ## August 2018 - **App requests** - People in your organization can make requests for apps that they need. hey can also request them on behalf of other people. Admins review requests and can decide on purchases. [Get more info](https://docs.microsoft.com/microsoft-store/acquire-apps-microsoft-store-for-business#allow-app-requests) diff --git a/store-for-business/whats-new-microsoft-store-business-education.md b/store-for-business/whats-new-microsoft-store-business-education.md index f75698bd74..39896e6c80 100644 --- a/store-for-business/whats-new-microsoft-store-business-education.md +++ b/store-for-business/whats-new-microsoft-store-business-education.md @@ -8,7 +8,7 @@ ms.pagetype: store author: TrudyHa ms.author: TrudyHa ms.topic: conceptual -ms.date: 09/27/2018 +ms.date: 10/31/2018 --- # What's new in Microsoft Store for Business and Education @@ -17,10 +17,10 @@ Microsoft Store for Business and Education regularly releases new and improved f ## Latest updates for Store for Business and Education -**September 2018** +**October 2018** | | | |-----------------------|---------------------------------| -| ![Private store performance icon](images/perf-improvement-icon.png) |**Performance improvements**

With updates and improvements in the private store, most changes, like adding an app, will take fifteen minutes or less. If you make multiple changes at once, they may show at different times within the fifteen minutes. On rare occasions, private store changes might take up to an hour.

[Get more info](https://https://docs.microsoft.com/microsoft-store/manage-private-store-settings#private-store-performance)

**Applies to**:
Microsoft Store for Business
Microsoft Store for Education | +| ![Security groups](images/security-groups-icon.png) |**Use security groups with Private store apps**

On the details page for apps in your private store, you can set **Private store availability**. This allows you to choose which security groups can see an app in the private store.

[Get more info](https://docs.microsoft.com/microsoft-store/app-inventory-management-microsoft-store-for-business#private-store-availability)

**Applies to**:
Microsoft Store for Business
Microsoft Store for Education |